Merge pull request #134 from dgarske/release_v2.0

Preparation for wolfTPM v2.0 release

ChangeLog.md

@@ -1,5 +1,33 @@
 ## Release Notes
 
+### wolfTPM Release 2.0 (12/07/2020)
+
+**Summary**
+
+Added AES CFB parameter encryption, HMAC sessions, TPM simulator, Windows TPM (TBSI) support and more examples for time/keys.
+
+**Detail**
+
+* Refactor of the session authentication. New struct `TPM2_AUTH_SESSION`  and `wolfTPM2_SetAuth_*` API's. (PR #129 and #133)
+* Added Windows TPM TBSI support (PR #127)
+* Added TPM simulator support using TPM TCP protocol (PR #121)
+* Added minGW support (PR #127)
+* Added AES CFB parameter encryption support (PR #129)
+* Added XOR parameter encryption support (PR #122)
+* Added "-aes" or "-xor" option to some examples to enable parameter encryption. (PR #129)
+* Added HMAC session support (PR #129)
+* Added support for encrypted RSA salt for salted-unbounded session (PR #129)
+* Added innerWrap and outerWrap support for sensitive to private. (PR #129)
+* Improvements to the KDFa (PR #129)
+* Improved the param encryption to use buffers inline (PR #129)
+* Added Key generation and loading examples using disk to store the key (PR #131)
+* Added support for importing external private key to get a key blob for easy re-loading. (PR #132)
+* Add TPM clock increment example (PR #117)
+* Add test vectors for AES CFB and make it the default for tests (PR #125)
+* Improved documentation and code comments (PR #126)
+* Add script to run unit tests with software TPM (PR #124)
+
+
 ### wolfTPM Release 1.9 (08/24/2020)
 
 **Summary**

README.md

@@ -91,7 +91,7 @@ TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e
 Mfg STM  (2), Vendor , Fw 74.9 (1151341959), FIPS 140-2 1, CC-EAL4 0
 
 Microchip ATTPM20
-TPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1 
+TPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1
 Mfg MCHP (3), Vendor , Fw 512.20481 (0), FIPS 140-2 0, CC-EAL4 0
 
 Nations Technologies Inc. TPM 2.0 module
@@ -432,7 +432,7 @@ ECDHE    256 agree         35 ops took 1.029 sec, avg 29.402 ms, 34.011 ops/sec
 ```
 ./examples/native/native_test
 TPM2 Demo using Native API's
-TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e 
+TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e
 TPM2_Startup pass
 TPM2_SelfTest pass
 TPM2_GetTestResult: Size 12, Rc 0x0
@@ -578,7 +578,7 @@ CCqGSM49BAMCA0gAMEUCIQCR9cbyRt3cbEZUIOBa4GNSRTlgFdB3X1EOwm+cA5/k
 ### TPM2 PKCS 7 Example
 
 ```
-./examples/pkcs7/pkcs7 
+./examples/pkcs7/pkcs7
 TPM2 PKCS7 Example
 PKCS7 Signed Container 1625
 PKCS7 Container Verified (using TPM)

autogen.sh

@@ -42,4 +42,4 @@ else
   WARNINGS="all"
 fi
 
-autoreconf --install --force --verbose 
+autoreconf --install --force --verbose

configure.ac

@@ -3,7 +3,7 @@
 # All right reserved.
 
 AC_COPYRIGHT([Copyright (C) 2014-2020 wolfSSL Inc.])
-AC_INIT([wolftpm],[1.9.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
+AC_INIT([wolftpm],[2.0.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
 
 AC_PREREQ([2.63])
 AC_CONFIG_AUX_DIR([build-aux])
@@ -23,7 +23,7 @@ AC_ARG_PROGRAM
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([src/config.h])
 
-WOLFTPM_LIBRARY_VERSION=9:0:0
+WOLFTPM_LIBRARY_VERSION=10:0:0
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |
@@ -328,7 +328,7 @@ fi
 
 # TIS / SPI Check Wait State support
 # Required for all but Infineon only
-if test "x$ENABLED_CHECKWAITSTATE" = "xyes" || test "x$ENABLED_AUTODETECT" = "xyes" || test "x$ENABLED_INFINEON" = "xno" 
+if test "x$ENABLED_CHECKWAITSTATE" = "xyes" || test "x$ENABLED_AUTODETECT" = "xyes" || test "x$ENABLED_INFINEON" = "xno"
 then
     ENABLED_CHECKWAITSTATE=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_CHECK_WAIT_STATE"

examples/README.md

@@ -129,7 +129,7 @@ This example client connects to localhost on on port 11111 by default. These can
 
 You can validate using the wolfSSL example server this like:
 `./examples/server/server -b -p 11111 -g -d -i -V`
- 
+
 To validate client certificate use the following wolfSSL example server command:
 `./examples/server/server -b -p 11111 -g -A ./certs/tpm-ca-rsa-cert.pem -i -V`
 or

examples/bench/bench.c

@@ -129,6 +129,7 @@ static int bench_sym_hash(WOLFTPM2_DEV* dev, const char* desc, int algo,
     double start;
     WOLFTPM2_HASH hash;
 
+    XMEMSET(&hash, 0, sizeof(hash));
     bench_stats_start(&count, &start);
     do {
         rc = wolfTPM2_HashStart(dev, &hash, algo,
@@ -185,7 +186,7 @@ static void usage(void)
 {
     printf("Expected usage:\n");
     printf("./examples/bench/bench [-aes/xor]\n");
-    printf("* -aes/xor: Use Parameter Encryption\n");   
+    printf("* -aes/xor: Use Parameter Encryption\n");
 }
 
 /******************************************************************************/
@@ -257,7 +258,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
             (word32)tpmSession.handle.hndl);
 
         /* set session for authorization of the storage key */
-        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, 
+        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
             (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
         if (rc != 0) goto exit;
     }
@@ -494,6 +495,8 @@ int main(int argc, char *argv[])
     rc = TPM2_Wrapper_BenchArgs(NULL, argc, argv);
 #else
     printf("Wrapper code not compiled in\n");
+    (void)argc;
+    (void)argv;
 #endif
 
     return rc;

examples/csr/csr.c

@@ -202,7 +202,7 @@ int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[])
                     &storageKey,
                     &eccKey,
                     &wolfEccKey,
-                    tpmDevId, 
+                    tpmDevId,
                     (byte*)gKeyAuth, sizeof(gKeyAuth)-1);
     if (rc != 0) goto exit;
 

examples/keygen/keygen.c

@@ -30,6 +30,7 @@
 
 #include <stdio.h>
 
+#ifndef WOLFTPM2_NO_WRAPPER
 
 /******************************************************************************/
 /* --- BEGIN TPM Keygen Example -- */
@@ -117,7 +118,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
             (word32)tpmSession.handle.hndl);
 
         /* set session for authorization of the storage key */
-        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, 
+        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
             (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
         if (rc != 0) goto exit;
     }
@@ -139,7 +140,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
         /* set session for authorization key */
         auth.size = (int)sizeof(gAiKeyAuth)-1;
         XMEMCPY(auth.buffer, gAiKeyAuth, auth.size);
-        
+
     }
     else {
         if (alg == TPM_ALG_RSA) {
@@ -208,16 +209,22 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
 }
 
 /******************************************************************************/
-/* --- END TPM Timestamp Test -- */
+/* --- END TPM Keygen Example -- */
 /******************************************************************************/
-
+#endif /* !WOLFTPM2_NO_WRAPPER */
 
 #ifndef NO_MAIN_DRIVER
 int main(int argc, char *argv[])
 {
-    int rc;
+    int rc = NOT_COMPILED_IN;
 
+#ifndef WOLFTPM2_NO_WRAPPER
     rc = TPM2_Keygen_Example(NULL, argc, argv);
+#else
+    printf("KeyGen code not compiled in\n");
+    (void)argc;
+    (void)argv;
+#endif
 
     return rc;
 }

examples/keygen/keyimport.c

@@ -31,6 +31,8 @@
 #include <stdio.h>
 
 
+#ifndef WOLFTPM2_NO_WRAPPER
+
 /******************************************************************************/
 /* --- BEGIN TPM Key Import / Blob Example -- */
 /******************************************************************************/
@@ -57,7 +59,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
     size_t fileSz = 0;
 #endif
     const char* outputFile = "keyblob.bin";
-    
+
     if (argc >= 2) {
         if (XSTRNCMP(argv[1], "-?", 2) == 0 ||
             XSTRNCMP(argv[1], "-h", 2) == 0 ||
@@ -110,7 +112,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
             (word32)tpmSession.handle.hndl);
 
         /* set session for authorization of the storage key */
-        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, 
+        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
             (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
         if (rc != 0) goto exit;
     }
@@ -173,16 +175,23 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
 }
 
 /******************************************************************************/
-/* --- END TPM Timestamp Test -- */
+/* --- END TPM Key Import / Blob Example -- */
 /******************************************************************************/
+#endif /* !WOLFTPM2_NO_WRAPPER */
 
 
 #ifndef NO_MAIN_DRIVER
 int main(int argc, char *argv[])
 {
-    int rc;
+    int rc = NOT_COMPILED_IN;
 
+#ifndef WOLFTPM2_NO_WRAPPER
     rc = TPM2_Keyimport_Example(NULL, argc, argv);
+#else
+    printf("KeyImport code not compiled in\n");
+    (void)argc;
+    (void)argv;
+#endif
 
     return rc;
 }

examples/keygen/keyload.c

@@ -39,6 +39,7 @@
 #include <stdio.h>
 
 
+#ifndef WOLFTPM2_NO_WRAPPER
 /******************************************************************************/
 /* --- BEGIN TPM Key Load Example -- */
 /******************************************************************************/
@@ -111,7 +112,7 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
             (word32)tpmSession.handle.hndl);
 
         /* set session for authorization of the storage key */
-        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, 
+        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
             (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
         if (rc != 0) goto exit;
     }
@@ -191,16 +192,22 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
 }
 
 /******************************************************************************/
-/* --- END TPM Timestamp Test -- */
+/* --- END TPM Key Load Example -- */
 /******************************************************************************/
-
+#endif /* !WOLFTPM2_NO_WRAPPER */
 
 #ifndef NO_MAIN_DRIVER
 int main(int argc, char *argv[])
 {
-    int rc;
+    int rc = NOT_COMPILED_IN;
 
+#ifndef WOLFTPM2_NO_WRAPPER
     rc = TPM2_Keyload_Example(NULL, argc, argv);
+#else
+    printf("KeyImport code not compiled in\n");
+    (void)argc;
+    (void)argv;
+#endif
 
     return rc;
 }

examples/management/flush.c

@@ -30,7 +30,7 @@
 #include <stdio.h>
 #include <stdlib.h> /* atoi */
 
-
+#ifndef WOLFTPM2_NO_WRAPPER
 /******************************************************************************/
 /* --- BEGIN TPM2.0 Flush tool  -- */
 /******************************************************************************/
@@ -104,14 +104,20 @@ int TPM2_Flush_Tool(void* userCtx, int argc, char *argv[])
 /******************************************************************************/
 /* --- END TPM2.0 PCR Reset example tool -- */
 /******************************************************************************/
-
+#endif /* !WOLFTPM2_NO_WRAPPER */
 
 #ifndef NO_MAIN_DRIVER
 int main(int argc, char *argv[])
 {
-    int rc;
+    int rc = NOT_COMPILED_IN;
 
+#ifndef WOLFTPM2_NO_WRAPPER
     rc = TPM2_Flush_Tool(NULL, argc, argv);
+#else
+    printf("Flush tool not compiled in\n");
+    (void)argc;
+    (void)argv;
+#endif
 
     return rc;
 }

examples/native/native_test.c

@@ -486,15 +486,14 @@ int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[])
 #ifndef WOLFTPM2_NO_WOLFCRYPT
     /* calculate session key */
     sessionAuth.size = TPM2_GetHashDigestSize(cmdIn.authSes.authHash);
-    rc = TPM2_KDFa(cmdIn.authSes.authHash, NULL, "ATH", 
+    rc = TPM2_KDFa(cmdIn.authSes.authHash, NULL, "ATH",
             &cmdOut.authSes.nonceTPM, &cmdIn.authSes.nonceCaller,
             sessionAuth.buffer, sessionAuth.size);
     if (rc != sessionAuth.size) {
         printf("KDFa ATH Gen Error %d\n", rc);
         rc = TPM_RC_FAILURE;
         goto exit;
     }
-    rc = TPM_RC_SUCCESS;
 #endif
     printf("TPM2_StartAuthSession: sessionHandle 0x%x\n", (word32)sessionHandle);
 
@@ -1389,9 +1388,8 @@ int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[])
 
     /* Shutdown */
     cmdIn.shutdown.shutdownType = TPM_SU_CLEAR;
-    rc = TPM2_Shutdown(&cmdIn.shutdown);
-    if (rc != TPM_RC_SUCCESS) {
-        printf("TPM2_Shutdown failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
+    if (TPM2_Shutdown(&cmdIn.shutdown) != TPM_RC_SUCCESS) {
+        printf("TPM2_Shutdown failed\n");
     }
 
     TPM2_Cleanup(&tpm2Ctx);

examples/pcr/quote.c

@@ -162,7 +162,7 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
             (word32)tpmSession.handle.hndl);
 
         /* set session for authorization of the storage key */
-        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, 
+        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
             (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
         if (rc != 0) goto exit;
     }

examples/pkcs7/pkcs7.c

@@ -329,7 +329,7 @@ int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[])
 #endif
     rc = wolfTPM2_SetCryptoDevCb(&dev, wolfTPM2_CryptoDevCb, &tpmCtx, &tpmDevId);
     if (rc < 0) goto exit;
-    
+
     /* get SRK */
     rc = getPrimaryStoragekey(&dev, &storageKey, TPM_ALG_RSA);
     if (rc != 0) goto exit;

examples/timestamp/clock_set.c

@@ -138,7 +138,7 @@ int TPM2_ClockSet_Test(void* userCtx, int argc, char *argv[])
 #endif
     newClock = cmdOut.readClock.currentTime.clockInfo.clock;
 
-    printf("\n\t oldClock=%lu \n\t newClock=%lu \n\n", 
+    printf("\n\t oldClock=%lu \n\t newClock=%lu \n\n",
         (long unsigned int)oldClock, (long unsigned int)newClock);
 
 exit:

examples/timestamp/signed_timestamp.c

@@ -272,12 +272,14 @@ int TPM2_Timestamp_TestArgs(void* userCtx, int argc, char *argv[])
 #ifndef NO_MAIN_DRIVER
 int main(int argc, char *argv[])
 {
-    int rc = -1;
+    int rc = NOT_COMPILED_IN;
 
 #ifndef WOLFTPM2_NO_WRAPPER
     rc = TPM2_Timestamp_TestArgs(NULL, argc, argv);
 #else
     printf("Wrapper code not compiled in\n");
+    (void)argc;
+    (void)argv;
 #endif /* !WOLFTPM2_NO_WRAPPER */
 
     return rc;