From 272eb68340d5d7dae00360f795bd5cd8a1acf7fb Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 3 Jan 2025 14:41:00 -0800 Subject: [PATCH 1/3] Update CMake examples. --- CMakeLists.txt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index edb54e29..1ed35a9a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -296,6 +296,7 @@ if (WOLFTPM_EXAMPLES) add_tpm_example(secure_rot boot/secure_rot.c) add_tpm_example(csr csr/csr.c) add_tpm_example(get_ek_certs endorsement/get_ek_certs.c) + add_tpm_example(ifx_fw_update firmware/ifx_fw_update.c) add_tpm_example(gpio_config gpio/gpio_config.c) add_tpm_example(gpio_read gpio/gpio_read.c) add_tpm_example(gpio_set gpio/gpio_set.c) @@ -305,14 +306,16 @@ if (WOLFTPM_EXAMPLES) add_tpm_example(keyimport keygen/keyimport.c) add_tpm_example(keyload keygen/keyload.c) add_tpm_example(flush management/flush.c) + add_tpm_example(tpmclear management/tpmclear.c) add_tpm_example(native_test native/native_test.c) add_tpm_example(counter nvram/counter.c) + add_tpm_example(nvextend nvram/extend.c) add_tpm_example(policy_nv nvram/policy_nv.c) add_tpm_example(read nvram/read.c) add_tpm_example(store nvram/store.c) add_tpm_example(extend pcr/extend.c) - add_tpm_example(policy pcr/policy.c) add_tpm_example(policy_sign pcr/policy_sign.c) + add_tpm_example(policy pcr/policy.c) add_tpm_example(quote pcr/quote.c) add_tpm_example(read_pcr pcr/read_pcr.c) add_tpm_example(reset pcr/reset.c) @@ -321,12 +324,11 @@ if (WOLFTPM_EXAMPLES) add_tpm_example(unseal seal/unseal.c) add_tpm_example(clock_set timestamp/clock_set.c) add_tpm_example(signed_timestamp timestamp/signed_timestamp.c) - add_tpm_example(tls_client tls/tls_client.c) add_tpm_example(tls_client_notpm tls/tls_client_notpm.c) + add_tpm_example(tls_client tls/tls_client.c) add_tpm_example(tls_server tls/tls_server.c) add_tpm_example(caps wrap/caps.c) add_tpm_example(wrap_test wrap/wrap_test.c) - add_tpm_example(ifx_fw_update firmware/ifx_fw_update.c) endif() From 5bd553a6a3217dbd6fe1ef287809cc3b58e24b87 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 6 Jan 2025 08:23:48 -0800 Subject: [PATCH 2/3] wolfTPM v3.8.0 release. --- .gitignore | 1 + CMakeLists.txt | 2 +- ChangeLog.md | 22 ++++++++++++++++++++++ configure.ac | 4 ++-- wolftpm/version.h | 4 ++-- 5 files changed, 28 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index fb9cf761..a65ce026 100644 --- a/.gitignore +++ b/.gitignore @@ -64,6 +64,7 @@ examples/keygen/keyload examples/keygen/keygen examples/keygen/keyimport examples/keygen/external_import +examples/nvram/extend examples/nvram/store examples/nvram/read examples/nvram/counter diff --git a/CMakeLists.txt b/CMakeLists.txt index 1ed35a9a..32ec82a7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -21,7 +21,7 @@ cmake_minimum_required(VERSION 3.16) -project(wolfTPM VERSION 3.6.0 LANGUAGES C) +project(wolfTPM VERSION 3.8.0 LANGUAGES C) set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) set(WOLFTPM_DEFINITIONS) diff --git a/ChangeLog.md b/ChangeLog.md index 548e58b1..9822b464 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,5 +1,27 @@ # Release Notes +## wolfTPM Release 3.8.0 (Jan 7, 2025) + +**Summary** + +Fixes for session auth on key bind and password policy. Added NV extend example used with Bus_Protection_Guidance. New wolfTPM2_NVExtend wrapper and example. Added new NV policy write/read wrapper API's used with policy auth + +**Detail** + +* Fixed issue with auth session binding. (PR #389) +* Fixed possible missing `wc_GetPkcs8TraditionalOffset`. (PR #392) +* Fixed issue with `wolfTPM2_PolicyHash` where input digest could be too large. (PR #389) +* Added example for NV extend based on the TCG "bus protection guidance". (PR #389) +* Added support for building wolfTPM against older wolfCrypt (like v4.7.0) including CI test. (PR #390) +* Added HAL IO support for Microchip I2C bit-bang (PR #340) +* Created separate tool (./examples/management/tpmclear) for performing the TPM2_Clear (don't use args in wrap_test). (PR #391) +* Switched `wolfTPM2_LoadSymmetricKey` to default to the `WOLFTPM2_WRAP_DIGEST` for hash algorithm and not default to SHA1 for some sizes. (PR #388) +* Improved TPM NV write debug logging to show before. (PR #392) +* Cleanup the `SensitiveToPrivate` function stack variables. (PR #388) +* Cleanup comments on EK/SRK. (PR #388) +* Various spellings, tabs, execute bit on .c and formatting. (PR #386, #388, #392) + + ## wolfTPM Release 3.6.0 (Nov 5, 2024) **Summary** diff --git a/configure.ac b/configure.ac index c4ca4aa6..fc8c192a 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ # All right reserved. AC_COPYRIGHT([Copyright (C) 2014-2024 wolfSSL Inc.]) -AC_INIT([wolftpm],[3.6.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com]) +AC_INIT([wolftpm],[3.8.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com]) AC_PREREQ([2.63]) AC_CONFIG_AUX_DIR([build-aux]) @@ -28,7 +28,7 @@ AC_ARG_PROGRAM AC_CONFIG_HEADERS([src/config.h]) -WOLFTPM_LIBRARY_VERSION=16:4:0 +WOLFTPM_LIBRARY_VERSION=16:5:0 # | | | # +------+ | +---+ # | | | diff --git a/wolftpm/version.h b/wolftpm/version.h index b8a30408..d8738272 100644 --- a/wolftpm/version.h +++ b/wolftpm/version.h @@ -34,8 +34,8 @@ extern "C" { #endif -#define LIBWOLFTPM_VERSION_STRING "3.6.0" -#define LIBWOLFTPM_VERSION_HEX 0x03006000 +#define LIBWOLFTPM_VERSION_STRING "3.8.0" +#define LIBWOLFTPM_VERSION_HEX 0x03008000 #ifdef __cplusplus } From 2069ed79764afd7377c54c521e9a76ebadb3aacc Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 7 Jan 2025 10:47:26 -0800 Subject: [PATCH 3/3] Fixes for scan-build and g++ warnings. --- examples/nvram/extend.c | 8 ++++++++ examples/tls/tls_client.c | 2 +- examples/tls/tls_server.c | 2 +- src/tpm2_wrap.c | 1 - 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/examples/nvram/extend.c b/examples/nvram/extend.c index a0adb8da..11820fc5 100644 --- a/examples/nvram/extend.c +++ b/examples/nvram/extend.c @@ -187,6 +187,10 @@ int TPM2_NVRAM_Extend_Example(void* userCtx, int argc, char *argv[]) XMEMSET(policyOr, 0, sizeof(policyOr)); rc = wolfTPM2_PolicyHash(hashAlg, policyOr, &nvSize, TPM_CC_PolicyOR, policyDigest, policyDigestSz); + if (rc != TPM_RC_SUCCESS) { + printf("wolfTPM2_PolicyHash failed!\n"); + goto exit; + } printf("PolicyOR A/B/C: %d\n", nvSize); TPM2_PrintBin(policyOr, nvSize); @@ -247,6 +251,10 @@ int TPM2_NVRAM_Extend_Example(void* userCtx, int argc, char *argv[]) policyOr, nvSize ); } + if (rc != 0) { + printf("NV Create failed!\n"); + goto exit; + } /* Close session and unload endorsement */ wolfTPM2_UnsetAuth(&dev, 0); diff --git a/examples/tls/tls_client.c b/examples/tls/tls_client.c index b589ab7c..3ecbebf1 100644 --- a/examples/tls/tls_client.c +++ b/examples/tls/tls_client.c @@ -439,7 +439,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[]) #else void* pkey = NULL; #endif - rc = wolfTPM2_ExportPublicKeyBuffer(&dev, pkey, + rc = wolfTPM2_ExportPublicKeyBuffer(&dev, (WOLFTPM2_KEY*)pkey, ENCODING_TYPE_ASN1, der, &derSz); if (rc < 0) { printf("Failed to export TPM public key!\n"); diff --git a/examples/tls/tls_server.c b/examples/tls/tls_server.c index 1b65d204..70dcaeec 100644 --- a/examples/tls/tls_server.c +++ b/examples/tls/tls_server.c @@ -432,7 +432,7 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[]) #else void* pkey = NULL; #endif - rc = wolfTPM2_ExportPublicKeyBuffer(&dev, pkey, + rc = wolfTPM2_ExportPublicKeyBuffer(&dev, (WOLFTPM2_KEY*)pkey, ENCODING_TYPE_ASN1, der, &derSz); if (rc < 0) { printf("Failed to export TPM public key!\n"); diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index e4d64026..426fb136 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -7891,7 +7891,6 @@ static int tpm2_ifx_firmware_data(WOLFTPM2_DEV* dev, rc = cb(&cmd[2], IFX_FW_MAX_CHUNK_SZ, offset, cb_ctx); if (rc > 0 && rc <= IFX_FW_MAX_CHUNK_SZ) { chunk_sz = rc; - rc = 0; } else if (rc == 0) { #ifdef DEBUG_WOLFTPM