From b1ac646b841056d73c4b36aa44721fe27a6ef060 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 20 Mar 2024 14:13:37 -0700 Subject: [PATCH] Fix for ST33 vendor command to enable command codes (TPM2_SetCommandSet). It requires platform auth to be set. Add benchmarks for new ST33KTPM2XI2C. Fix 0x1XX error code parsing. --- README.md | 39 +++++++++++++++++++++++++++++++++++++++ src/tpm2.c | 4 +++- src/tpm2_wrap.c | 6 ++++++ 3 files changed, 48 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 72896c31..b8b76bf1 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,7 @@ Tested with: * Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB 9670 and SLB9672. - LetsTrust: [http://letstrust.de] ( Compact Raspberry Pi TPM 2.0 board based on Infineon SLB 9670. * STMicro STSAFE-TPM, ST33TPHF2XSPI/2XI2C and ST33KTPM2X +* STMicro STSAFE-TPM, ST33TPHF2XSPI/2XI2C and ST33KTPM2X (SPI and I2C) * Microchip ATTPM20 module * Nuvoton NPCT65X or NPCT75x TPM2.0 module @@ -100,6 +101,10 @@ Infineon SLB9672: TPM2: Caps 0x30000697, Did 0x001d, Vid 0x15d1, Rid 0x36 Mfg IFX (1), Vendor SLB9672, Fw 16.10 (0x4068), FIPS 140-2 1, CC-EAL4 1 +STMicro ST33KTPM2XI2C +TPM2: Caps 0x30000415, Did 0x0003, Vid 0x104a, Rid 0x 0 +Mfg STM (2), Vendor ST33KTPM2XI2C, Fw 9.256 (0x0), FIPS 140-2 1, CC-EAL4 0 + STMicro ST33TPHF2XSPI TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e Mfg STM (2), Vendor , Fw 74.8 (1151341959), FIPS 140-2 1, CC-EAL4 0 @@ -437,6 +442,40 @@ ECDSA 256 verify 42 ops took 1.013 sec, avg 24.114 ms, 41.470 ops/sec ECDHE 256 agree 16 ops took 1.055 sec, avg 65.948 ms, 15.164 ops/sec ``` +Run on STMicro ST33KTPM2XI2C at 33MHz: + +``` +./examples/bench/bench +TPM2 Benchmark using Wrapper API's + Use Parameter Encryption: NULL +Loading SRK: Storage 0x81000200 (282 bytes) +RNG 24 KB took 1.042 seconds, 23.028 KB/s +AES-128-CBC-enc 52 KB took 1.018 seconds, 51.077 KB/s +AES-128-CBC-dec 52 KB took 1.027 seconds, 50.644 KB/s +AES-256-CBC-enc 46 KB took 1.012 seconds, 45.446 KB/s +AES-256-CBC-dec 46 KB took 1.021 seconds, 45.072 KB/s +AES-128-CTR-enc 44 KB took 1.025 seconds, 42.927 KB/s +AES-128-CTR-dec 44 KB took 1.024 seconds, 42.955 KB/s +AES-256-CTR-enc 40 KB took 1.025 seconds, 39.016 KB/s +AES-256-CTR-dec 40 KB took 1.026 seconds, 38.992 KB/s +AES-128-CFB-enc 52 KB took 1.026 seconds, 50.674 KB/s +AES-128-CFB-dec 46 KB took 1.023 seconds, 44.986 KB/s +AES-256-CFB-enc 46 KB took 1.021 seconds, 45.047 KB/s +AES-256-CFB-dec 42 KB took 1.033 seconds, 40.665 KB/s +SHA1 138 KB took 1.009 seconds, 136.727 KB/s +SHA256 128 KB took 1.010 seconds, 126.723 KB/s +SHA384 116 KB took 1.001 seconds, 115.833 KB/s +RSA 2048 key gen 9 ops took 17.497 sec, avg 1944.057 ms, 0.514 ops/sec +RSA 2048 Public 155 ops took 1.003 sec, avg 6.468 ms, 154.601 ops/sec +RSA 2048 Private 12 ops took 1.090 sec, avg 90.806 ms, 11.013 ops/sec +RSA 2048 Pub OAEP 122 ops took 1.004 sec, avg 8.230 ms, 121.501 ops/sec +RSA 2048 Priv OAEP 11 ops took 1.023 sec, avg 92.964 ms, 10.757 ops/sec +ECC 256 key gen 12 ops took 1.070 sec, avg 89.172 ms, 11.214 ops/sec +ECDSA 256 sign 40 ops took 1.010 sec, avg 25.251 ms, 39.602 ops/sec +ECDSA 256 verify 28 ops took 1.023 sec, avg 36.543 ms, 27.365 ops/sec +ECDHE 256 agree 16 ops took 1.062 sec, avg 66.391 ms, 15.062 ops/sec +``` + Run on STMicro ST33TPHF2XSPI at 33MHz: ``` diff --git a/src/tpm2.c b/src/tpm2.c index f6f5c05e..883fea70 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -5177,6 +5177,7 @@ int TPM2_SetCommandSet(SetCommandSet_In* in) TPM2_Packet packet; CmdInfo_t info = {0,0,0,0}; info.inHandleCnt = 1; + info.flags = (CMD_FLAG_AUTH_USER1); TPM2_Packet_Init(ctx, &packet); @@ -5209,6 +5210,7 @@ int TPM2_SetMode(SetMode_In* in) TPM2_Packet packet; CmdInfo_t info = {0,0,0,0}; info.inHandleCnt = 1; + info.flags = (CMD_FLAG_AUTH_USER1); TPM2_Packet_Init(ctx, &packet); @@ -5625,7 +5627,7 @@ const char* TPM2_GetRCString(int rc) return "Success"; } - if ((rc & RC_WARN) && (rc & RC_FMT1) == 0) { + if ((rc & RC_WARN) && (rc & RC_FMT1) == 0 && (rc & RC_VER1) == 0) { int rc_warn = rc & RC_MAX_WARN; switch (rc_warn) { diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 6921d298..ecdb5a18 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -5089,6 +5089,9 @@ int wolfTPM2_EncryptDecryptBlock(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, /* try to enable support */ rc = wolfTPM2_SetCommand(dev, TPM_CC_EncryptDecrypt2, YES); if (rc == TPM_RC_SUCCESS) { + /* reset session auth for key */ + wolfTPM2_SetAuthHandle(dev, 0, &key->handle); + /* try command again */ rc = TPM2_EncryptDecrypt2(&encDecIn, &encDecOut); } @@ -5153,6 +5156,9 @@ int wolfTPM2_SetCommand(WOLFTPM2_DEV* dev, TPM_CC commandCode, int enableFlag) if (TPM2_GetVendorID() == TPM_VENDOR_STM) { SetCommandSet_In in; + /* set blank platform auth */ + wolfTPM2_SetAuthPassword(dev, 0, NULL); + /* Enable commands (like TPM2_EncryptDecrypt2) */ XMEMSET(&in, 0, sizeof(in)); in.authHandle = TPM_RH_PLATFORM;