diff --git a/CMakeLists.txt b/CMakeLists.txt
index 27206f3b..d11f2ba3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -21,7 +21,7 @@
cmake_minimum_required(VERSION 3.16)
-project(wolfTPM VERSION 3.2.0 LANGUAGES C)
+project(wolfTPM VERSION 3.4.0 LANGUAGES C)
set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
set(WOLFTPM_DEFINITIONS)
diff --git a/ChangeLog.md b/ChangeLog.md
index 59d1ac59..b8eb75d3 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,5 +1,32 @@
# Release Notes
+## wolfTPM Release 3.4.0 (July 30, 2024)
+
+**Summary**
+
+Added Endorsement Key Certificate support. Added support for NV read/write with policy. Added policy password support. Refactor of the session authentication structures.
+
+**Detail**
+
+* Added EK Certificate Support (PR #360)
+ - Added new API's `wolfTPM2_GetKeyTemplate_EK` and `wolfTPM2_GetKeyTemplate_EK` for getting EK public templates used for generating the EK primary key.
+ - Added `examples/endorsement/get_ek_certs` for showing how to retrieve and validate the manufacturers endorsement key certificates.
+* Improvements to auth handling to support Policy Password and Policy Auth Value (PR #350)
+ - Refactor to eliminate confusing cast between TPMS_AUTH_COMMAND and TPM2_AUTH_SESSION.
+ - Support for policy auth value and policy password.
+ - Add new NV policy write/read API's `wolfTPM2_NVWriteAuthPolicy` and `wolfTPM2_NVReadAuthPolicy`.
+* Fixed ST33KTPM IAK/IDevID provisioning NV indexes. (PR #361)
+* Fixed TLS example build issues with wolfSSL not having crypto callback or PK callback enabled. (PR #360)
+* Fixed CSR version (use version 0) (PR #359)
+* Fixed issue with Doxygen generation of wolfTPM due to doxybook2 crashing on unnamed enum. (PR #357)
+* Fixed HMAC session save last (not typically used) (PR #355)
+* Fixed Infineon I2C HAL gating logic (PR #347)
+* Added documentation for IAK/IDevID build options. (PR #361)
+* Added support for Espressif IDE (see IDE/Espressif) (PR #321)
+* Added tests for create_primary (PR #345)
+* Improved software TPM (docs/SWTPM.md) documentation (PR #348)
+
+
## wolfTPM Release 3.2.0 (Apr 24, 2024)
**Summary**
diff --git a/IDE/VisualStudio/user_settings.h b/IDE/VisualStudio/user_settings.h
index aacdc0a3..b222c5a9 100644
--- a/IDE/VisualStudio/user_settings.h
+++ b/IDE/VisualStudio/user_settings.h
@@ -46,6 +46,7 @@ extern "C" {
/* TPM */
#define WOLFSSL_AES_CFB /* required for parameter encryption */
#define WOLFSSL_PUBLIC_MP /* expose mp_ math functions - required for tpm ECC secret encrypt */
+#define WOLFTPM_AUTODETECT /* support any TPM model (unknown/safe options) */
/* Callbacks */
#define WOLF_CRYPTO_CB
diff --git a/IDE/VisualStudio/wolftpm.vcxproj b/IDE/VisualStudio/wolftpm.vcxproj
index 4fae99a4..7428a921 100644
--- a/IDE/VisualStudio/wolftpm.vcxproj
+++ b/IDE/VisualStudio/wolftpm.vcxproj
@@ -212,6 +212,7 @@
true
+ tbs.lib;%(AdditionalDependencies)
@@ -254,6 +255,7 @@
true
true
true
+ tbs.lib;%(AdditionalDependencies)
@@ -289,6 +291,7 @@
true
+ tbs.lib;%(AdditionalDependencies)
@@ -329,6 +332,7 @@
true
true
DebugFull
+ tbs.lib;%(AdditionalDependencies)
diff --git a/configure.ac b/configure.ac
index 72e410bf..803c1d2d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,9 +1,9 @@
# wolftpm
-# Copyright (C) 2021 wolfSSL Inc.
+# Copyright (C) 2024 wolfSSL Inc.
# All right reserved.
-AC_COPYRIGHT([Copyright (C) 2014-2021 wolfSSL Inc.])
-AC_INIT([wolftpm],[3.2.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
+AC_COPYRIGHT([Copyright (C) 2014-2024 wolfSSL Inc.])
+AC_INIT([wolftpm],[3.4.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
AC_PREREQ([2.63])
AC_CONFIG_AUX_DIR([build-aux])
@@ -28,7 +28,7 @@ AC_ARG_PROGRAM
AC_CONFIG_HEADERS([src/config.h])
-WOLFTPM_LIBRARY_VERSION=16:2:0
+WOLFTPM_LIBRARY_VERSION=16:3:0
# | | |
# +------+ | +---+
# | | |
diff --git a/examples/endorsement/get_ek_certs.c b/examples/endorsement/get_ek_certs.c
index cf38716c..ae9475f8 100644
--- a/examples/endorsement/get_ek_certs.c
+++ b/examples/endorsement/get_ek_certs.c
@@ -38,7 +38,9 @@
#ifndef WOLFTPM2_NO_WOLFCRYPT
#include
+ #if !defined(WOLFCRYPT_ONLY)
#include "trusted_certs.h"
+ #endif
#endif
/******************************************************************************/
@@ -89,7 +91,7 @@ static void show_ek_public(const TPM2B_PUBLIC* pub)
}
else if (pub->publicArea.type == TPM_ALG_ECC) {
const char* curveName = "NULL";
- #ifndef WOLFTPM2_NO_WOLFCRYPT
+ #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
curveName = wc_ecc_get_name(
TPM2_GetWolfCurve(pub->publicArea.parameters.eccDetail.curveID));
#endif
@@ -153,8 +155,8 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
TPMT_PUBLIC publicTemplate;
word32 nvIndex;
#ifndef WOLFTPM2_NO_WOLFCRYPT
- int i;
#ifndef WOLFCRYPT_ONLY
+ int i;
WOLFSSL_CERT_MANAGER* cm = NULL;
#endif
DecodedCert cert;
@@ -351,9 +353,10 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
rc = wc_DerToPem(certBuf, certSz, NULL, 0, CERT_TYPE);
if (rc > 0) { /* returns actual PEM size */
pemSz = (word32)rc;
- rc = 0;
-
pemSz++; /* for '\0'*/
+ rc = 0;
+ }
+ if (rc == 0) {
pem = (char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
rc = MEMORY_E;
diff --git a/examples/keygen/external_import.c b/examples/keygen/external_import.c
index 7aeee4cd..c60cfda1 100644
--- a/examples/keygen/external_import.c
+++ b/examples/keygen/external_import.c
@@ -88,8 +88,13 @@ int TPM2_ExternalImport_Example(void* userCtx, int argc, char *argv[])
WOLFTPM2_DEV dev;
WOLFTPM2_KEY storage; /* SRK */
WOLFTPM2_KEY *primary;
+#ifndef WOLFTPM2_NO_HEAP
WOLFTPM2_KEYBLOB* key2;
WOLFTPM2_KEYBLOB* rsaKey3;
+#else
+ WOLFTPM2_KEYBLOB key2[1];
+ WOLFTPM2_KEYBLOB rsaKey3[1];
+#endif
TPM2B_DIGEST seedValue;
TPMT_PUBLIC publicTemplate3;
TPMA_OBJECT attributes;
@@ -122,8 +127,10 @@ int TPM2_ExternalImport_Example(void* userCtx, int argc, char *argv[])
argc--;
}
+#ifndef WOLFTPM2_NO_HEAP
key2 = wolfTPM2_NewKeyBlob();
rsaKey3 = wolfTPM2_NewKeyBlob();
+#endif
primary = &storage;
rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL);
@@ -229,8 +236,10 @@ int TPM2_ExternalImport_Example(void* userCtx, int argc, char *argv[])
wolfTPM2_UnloadHandle(&dev, &key2->handle);
wolfTPM2_UnloadHandle(&dev, &primary->handle);
+#ifndef WOLFTPM2_NO_HEAP
wolfTPM2_FreeKeyBlob(key2);
wolfTPM2_FreeKeyBlob(rsaKey3);
+#endif
wolfTPM2_Cleanup(&dev);
diff --git a/examples/tls/tls_common.h b/examples/tls/tls_common.h
index a8d71803..6055d6d8 100644
--- a/examples/tls/tls_common.h
+++ b/examples/tls/tls_common.h
@@ -89,8 +89,8 @@
/******************************************************************************/
typedef struct SockIoCbCtx {
- int listenFd;
- int fd;
+ SOCKET_T listenFd;
+ SOCKET_T fd;
} SockIoCbCtx;
#ifndef WOLFSSL_USER_IO
@@ -266,7 +266,7 @@ static inline int SetupSocketAndListen(SockIoCbCtx* sockIoCtx, word32 port)
static inline int SocketWaitClient(SockIoCbCtx* sockIoCtx)
{
- int connd;
+ SOCKET_T connd;
struct sockaddr_in clientAddr;
XSOCKLENT size = sizeof(clientAddr);
diff --git a/src/tpm2.c b/src/tpm2.c
index 79e7b505..d3492214 100644
--- a/src/tpm2.c
+++ b/src/tpm2.c
@@ -642,7 +642,7 @@ TPM_RC TPM2_Init_ex(TPM2_CTX* ctx, TPM2HalIoCb ioCb, void* userCtx,
/* Setup HAL IO Callback */
rc = TPM2_SetHalIoCb(ctx, ioCb, userCtx);
if (rc != TPM_RC_SUCCESS)
- return rc;
+ return rc;
#endif
/* Set the active TPM global */
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
index 9001529a..852b35fa 100644
--- a/src/tpm2_wrap.c
+++ b/src/tpm2_wrap.c
@@ -30,7 +30,7 @@
/* For some struct to buffer conversions */
#include
-
+#include /* for default IO callback */
/* Local Functions */
static int wolfTPM2_GetCapabilities_NoDev(WOLFTPM2_CAPS* cap);
@@ -182,7 +182,7 @@ WOLFTPM2_DEV* wolfTPM2_New(void)
WOLFTPM2_DEV *dev = (WOLFTPM2_DEV*)XMALLOC(
sizeof(WOLFTPM2_DEV), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (dev != NULL) {
- if (wolfTPM2_Init(dev, NULL, NULL) != TPM_RC_SUCCESS) {
+ if (wolfTPM2_Init(dev, TPM2_IoCb, NULL) != TPM_RC_SUCCESS) {
XFREE(dev, NULL, DYNAMIC_TYPE_TMP_BUFFER);
dev = NULL;
}
@@ -797,20 +797,27 @@ static int wolfTPM2_GetCapabilities_NoDev(WOLFTPM2_CAPS* cap)
#if defined(WOLFTPM_SLB9672) || defined(WOLFTPM_SLB9673)
/* Get vendor specific information */
if (rc == 0) {
- rc = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_OPERATION_MODE,
+ int rc_ifx;
+ rc_ifx = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_OPERATION_MODE,
&cap->opMode, sizeof(cap->opMode));
- }
- if (rc == 0) {
- rc = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_KEYGROUP_ID,
- (uint8_t*)&cap->keyGroupId, sizeof(cap->keyGroupId));
- }
- if (rc == 0) {
- rc = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_COUNTER,
- (uint8_t*)&cap->fwCounter, sizeof(cap->fwCounter));
- }
- if (rc == 0) {
- rc = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_COUNTER_SAME,
- (uint8_t*)&cap->fwCounterSame, sizeof(cap->fwCounterSame));
+ if (rc_ifx == 0) {
+ rc_ifx = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_KEYGROUP_ID,
+ (uint8_t*)&cap->keyGroupId, sizeof(cap->keyGroupId));
+ }
+ if (rc_ifx == 0) {
+ rc_ifx = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_COUNTER,
+ (uint8_t*)&cap->fwCounter, sizeof(cap->fwCounter));
+ }
+ if (rc_ifx == 0) {
+ rc_ifx = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_COUNTER_SAME,
+ (uint8_t*)&cap->fwCounterSame, sizeof(cap->fwCounterSame));
+ }
+ if (rc_ifx != 0) {
+ #ifdef DEBUG_WOLFTPM
+ printf("Error getting Infineon vendor capabilities 0x%x: %s\n",
+ rc_ifx, TPM2_GetRCString(rc_ifx));
+ #endif
+ }
}
#endif
@@ -1142,7 +1149,7 @@ int wolfTPM2_Cleanup_ex(WOLFTPM2_DEV* dev, int doShutdown)
return rc;
#endif
- if (doShutdown) {
+ if (doShutdown && TPM2_GetActiveCtx() != NULL) {
Shutdown_In shutdownIn;
XMEMSET(&shutdownIn, 0, sizeof(shutdownIn));
shutdownIn.shutdownType = TPM_SU_CLEAR;
diff --git a/wolftpm/version.h b/wolftpm/version.h
index 3a424a76..54ba950f 100644
--- a/wolftpm/version.h
+++ b/wolftpm/version.h
@@ -34,8 +34,8 @@
extern "C" {
#endif
-#define LIBWOLFTPM_VERSION_STRING "3.2.0"
-#define LIBWOLFTPM_VERSION_HEX 0x03002000
+#define LIBWOLFTPM_VERSION_STRING "3.4.0"
+#define LIBWOLFTPM_VERSION_HEX 0x03004000
#ifdef __cplusplus
}