wolfssl / wolftpm Goto Github PK

wolfTPM is a highly portable TPM 2.0 library, designed for embedded use.

License: GNU General Public License v2.0

C 76.65% Makefile 0.19% Shell 0.65% M4 13.55% CMake 0.88% C# 7.74% FreeMarker 0.34%

tpm tpm2 trusted-platform-module tpm2-library compact low-resource secure secure-key-storage tis tpm-interface-specification

wolftpm's Introduction

wolfTPM (TPM 2.0)

Portable TPM 2.0 project designed for embedded use.

Project Features

This implementation provides all TPM 2.0 API’s in compliance with the specification.
Wrappers provided to simplify Key Generation/Loading, RSA encrypt/decrypt, ECC sign/verify, ECDH, NV, Hashing/HACM, AES, Sealing/Unsealing, Attestation, PCR Extend/Quote and Secure Root of Trust.
Testing done using TPM 2.0 modules from STMicro ST33 (SPI/I2C), Infineon OPTIGA SLB9670/SLB9672, Microchip ATTPM20, Nations Tech Z32H330TC and Nuvoton NPCT650/NPCT750.
wolfTPM uses the TPM Interface Specification (TIS) to communicate either over SPI, or using a memory mapped I/O range.
wolfTPM can also use the Linux TPM kernel interface (/dev/tpmX) to talk with any physical TPM on SPI, I2C and even LPC bus.
Platform support for Raspberry Pi (Linux), MMIO, STM32 with CubeMX, Atmel ASF, Xilinx, QNX Infineon TriCore and Barebox.
The design allows for easy portability to different platforms:
- Native C code designed for embedded use.
- Single IO callback for hardware SPI interface.
- No external dependencies.
- Compact code size and minimal memory use.
Includes example code for:
- Most TPM2 native API’s
- All TPM2 wrapper API's
- PKCS 7
- Certificate Signing Request (CSR)
- TLS Client
- TLS Server
- Use of the TPM's Non-volatile memory
- Attestation (activate and make credential)
- Benchmarking TPM algorithms and TLS
- Key Generation (primary, RSA/ECC and symmetric), loading and storing to flash (NV memory)
- Sealing and Unsealing data with an RSA key
- Time signed or set
- PCR read/reset
- GPIO configure, read and write.
Parameter encryption support using AES-CFB or XOR.
Support for salted unbound authenticated sessions.
Support for HMAC Sessions.

Note: See examples/README.md for details on using the examples.

TPM 2.0 Overview

Hierarchies

Platform    TPM_RH_PLATFORM
Owner       TPM_RH_OWNER
Endorsement TPM_RH_ENDORSEMENT

Each hierarchy has their own manufacture generated seed.

The arguments used on TPM2_Create or TPM2_CreatePrimary create a template, which is fed into a KDF to produce the same key based hierarchy used. The key generated is the same each time; even after reboot. The generation of a new RSA 2048 bit key takes about 15 seconds. Typically these are created and then stored in NV using TPM2_EvictControl. Each TPM generates their own keys uniquely based on the seed.

There is also an Ephemeral hierarchy (TPM_RH_NULL), which can be used to create ephemeral keys.

Platform Configuration Registers (PCRs)

Contains hash digests for SHA-1 and SHA-256 with an index 0-23. These hash digests can be extended to prove the integrity of a boot sequence (secure boot).

Terminology

This project uses the terms append vs. marshall and parse vs. unmarshall.

Acronyms:

NV: Non-Volatile memory.

Platform

The examples in this library are written for use on a Raspberry Pi and use the spi_dev interface.

IO Callback (HAL)

See the HAL manual in [`hal/README.md] (hal/README.md).

For interfacing to your hardware interface (SPI/I2C) a single HAL callback is used and configuration on initialization when calling TPM2_Init or wolfTPM2_Init.

There are HAL examples in hal directory for Linux, STM32 CubeMX, Atmel ASF, Xilinx, Infineon TriCore and BareBox.

We also support an advanced IO option (--enable-advio/WOLFTPM_ADV_IO), which adds the register and read/write flag as parameter to the IO callback. This is required for I2C support.

Hardware

Tested with:

Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB9670, SLB9672 and SLB9673 (I2C).
- LetsTrust: Vendor for TPM development boards http://letstrust.de.
STMicro STSAFE-TPM, ST33TPHF2XSPI/2XI2C and ST33KTPM2X (SPI and I2C)
Microchip ATTPM20 module
Nuvoton NPCT65X or NPCT75x TPM2.0 module
Nations Technologies Z32H330 TPM 2.0 module

Device Identification

Infineon SLB9670: TPM2: Caps 0x30000697, Did 0x001b, Vid 0x15d1, Rid 0x10 Mfg IFX (1), Vendor SLB9670, Fw 7.85 (4555), FIPS 140-2 1, CC-EAL4 1

Infineon SLB9672: TPM2: Caps 0x30000697, Did 0x001d, Vid 0x15d1, Rid 0x36 Mfg IFX (1), Vendor SLB9672, Fw 16.10 (0x4068), FIPS 140-2 1, CC-EAL4 1

Infineon SLB9673: TPM2: Caps 0x1ae00082, Did 0x001c, Vid 0x15d1, Rid 0x16 Mfg IFX (1), Vendor SLB9673, Fw 26.13 (0x456a), FIPS 140-2 1, CC-EAL4 1

STMicro ST33KTPM2XSPI TPM2: Caps 0x30000415, Did 0x0003, Vid 0x104a, Rid 0x 0 Mfg STM (2), Vendor ST33KTPM2XSPI, Fw 9.256 (0x0), FIPS 140-2 1, CC-EAL4 0

STMicro ST33TPHF2XSPI TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e Mfg STM (2), Vendor , Fw 74.8 (1151341959), FIPS 140-2 1, CC-EAL4 0

STMicro ST33TPHF2XI2C TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e Mfg STM (2), Vendor , Fw 74.9 (1151341959), FIPS 140-2 1, CC-EAL4 0

Microchip ATTPM20 TPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1 Mfg MCHP (3), Vendor , Fw 512.20481 (0), FIPS 140-2 0, CC-EAL4 0

Nations Technologies Inc. TPM 2.0 module Mfg NTZ (0), Vendor Z32H330, Fw 7.51 (419631892), FIPS 140-2 0, CC-EAL4 0

Nuvoton NPCT650 TPM2.0 Mfg NTC (0), Vendor rlsNPCT , Fw 1.3 (65536), FIPS 140-2 0, CC-EAL4 0

Nuvoton NPCT750 TPM2.0 TPM2: Caps 0x30000697, Did 0x00fc, Vid 0x1050, Rid 0x 1 Mfg NTC (0), Vendor NPCT75x"!!4rls, Fw 7.2 (131072), FIPS 140-2 1, CC-EAL4 0

Building

Building wolfSSL

git clone https://github.com/wolfSSL/wolfssl.git
cd wolfssl
./autogen.sh
./configure --enable-wolftpm
make
sudo make install
sudo ldconfig

autogen.sh requires: automake and libtool: sudo apt-get install automake libtool

Build options and defines

--enable-debug          Add debug code/turns off optimizations (yes|no|verbose|io) - DEBUG_WOLFTPM, WOLFTPM_DEBUG_VERBOSE, WOLFTPM_DEBUG_IO
--enable-examples       Enable Examples (default: enabled)
--enable-wrapper        Enable wrapper code (default: enabled) - WOLFTPM2_NO_WRAPPER
--enable-wolfcrypt      Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter encryption (default: enabled) - WOLFTPM2_NO_WOLFCRYPT
--enable-advio          Enable Advanced IO (default: disabled) - WOLFTPM_ADV_IO
--enable-i2c            Enable I2C TPM Support (default: disabled, requires advio) - WOLFTPM_I2C
--enable-checkwaitstate Enable TIS / SPI Check Wait State support (default: depends on chip) - WOLFTPM_CHECK_WAIT_STATE
--enable-smallstack     Enable options to reduce stack usage
--enable-tislock        Enable Linux Named Semaphore for locking access to SPI device for concurrent access between processes - WOLFTPM_TIS_LOCK

--enable-autodetect     Enable Runtime Module Detection (default: enable - when no module specified) - WOLFTPM_AUTODETECT
--enable-infineon       Enable Infineon SLB9670/SLB9672/SLB9673 TPM Support (default: disabled) - WOLFTPM_SLB9670 / WOLFTPM_SLB9672
--enable-st             Enable ST ST33 Support (default: disabled) - WOLFTPM_ST33
--enable-microchip      Enable Microchip ATTPM20 Support (default: disabled) - WOLFTPM_MICROCHIP
--enable-nuvoton        Enable Nuvoton NPCT65x/NPCT75x Support (default: disabled) - WOLFTPM_NUVOTON

--enable-devtpm         Enable using Linux kernel driver for /dev/tpmX (default: disabled) - WOLFTPM_LINUX_DEV
--enable-swtpm          Enable using SWTPM TCP protocol. For use with simulator. (default: disabled) - WOLFTPM_SWTPM
--enable-winapi         Use Windows TBS API. (default: disabled) - WOLFTPM_WINAPI

WOLFTPM_USE_SYMMETRIC   Enables symmetric AES/Hashing/HMAC support for TLS examples.
WOLFTPM2_USE_SW_ECDHE   Disables use of TPM for ECC ephemeral key generation and shared secret for TLS examples.
TLS_BENCH_MODE          Enables TLS benchmarking mode.
NO_TPM_BENCH            Disables the TPM benchmarking example.

Note: For the I2C support on Raspberry Pi you may need to enable I2C. Here are the steps:

Edit sudo vim /boot/config.txt
Uncomment dtparam=i2c_arm=on
Reboot sudo reboot

Building Infineon

Support for SLB9670 or SLB9672 (SPI) / SLB9673 (I2C)

Build wolfTPM:

git clone https://github.com/wolfSSL/wolfTPM.git
cd wolfTPM
./autogen.sh
./configure --enable-infineon [--enable-i2c]
make

Building ST ST33

Build wolfTPM:

./autogen.sh
./configure --enable-st33 [--enable-i2c]
make

Building Microchip ATTPM20

Build wolfTPM:

./autogen.sh
./configure --enable-microchip
make

Building Nuvoton

Build wolfTPM:

./autogen.sh
./configure --enable-nuvoton
make

Building for "/dev/tpmX"

This build option allows you to talk to any TPM vendor supported by the Linux TIS kernel driver

Build wolfTPM:

./autogen.sh
./configure --enable-devtpm
make

Note: When using a TPM device through the Linux kernel driver make sure sufficient permissions are given to the application that uses wolfTPM, because the "/dev/tpmX" typically has read-write permissions only for the "tss" user group. Either run wolfTPM examples and your application using sudo or add your user to the "tss" group like this:

sudo adduser yourusername tss

With QEMU and swtpm

This demonstrates using wolfTPM in QEMU to communicate using the linux kernel device "/dev/tpmX". You will need to install or build swtpm. Below are a short method to build. You may need to consult the instructions for libtpms and swtpm

PREFIX=$PWD/inst
git clone [email protected]:stefanberger/libtpms.git
cd libtpms/
./autogen.sh --with-openssl --with-tpm2 --prefix=$PREFIX && make install
cd ..
git clone [email protected]:stefanberger/swtpm.git
cd swtpm
PKG_CONFIG_PATH=$PREFIX/lib/pkgconfig/ ./autogen.sh --with-openssl --with-tpm2 \
    --prefix=$PREFIX && \
  make install
cd ..

You can setup a basic linux installation. Other installation bases can be used. This step will take some time to install the base linux system.

# download mini install image
curl -O http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/current/images/netboot/mini.iso
# create qemu image file
qemu-img create -f qcow2 lubuntu.qcow2 5G
# create directory for tpm state and socket
mkdir $PREFIX/mytpm
# start swtpm
$PREFIX/bin/swtpm socket --tpm2 --tpmstate dir=$PREFIX/mytpm \
  --ctrl type=unixio,path=$PREFIX/mytpm/swtpm-sock --log level=20 &
# start qemu for installation
qemu-system-x86_64 -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
  -chardev socket,id=chrtpm,path=$PREFIX/mytpm/swtpm-sock \
  -tpmdev emulator,id=tpm0,chardev=chrtpm \
  -device tpm-tis,tpmdev=tpm0 -hda lubuntu.qcow2 -cdrom mini.iso

Once a base system is installed it's ready to start the qemu and build wolfSSL and wolfTPM in the qemu instance.

# start swtpm again
$PREFIX/bin/swtpm socket --tpm2 --tpmstate dir=$PREFIX/mytpm \
  --ctrl type=unixio,path=$PREFIX/mytpm/swtpm-sock --log level=20 &
# start qemu system to install and run wolfTPM
qemu-system-x86_64 -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
  -chardev socket,id=chrtpm,path=$PREFIX/mytpm/swtpm-sock \
  -tpmdev emulator,id=tpm0,chardev=chrtpm \
  -device tpm-tis,tpmdev=tpm0 -hda lubuntu.qcow2

To build checkout and build wolfTPM, in the QEMU terminal

sudo apt install automake libtool gcc git make

# get and build wolfSSL
git clone https://github.com/wolfssl/wolfssl.git
pushd wolfssl
./autogen.sh && \
  ./configure --enable-wolftpm --disable-examples --prefix=$PWD/../inst && \
  make install
popd

# get and build wolfTPM
git clone https://github.com/wolfssl/wolftpm.git
pushd wolftpm
./autogen.sh && \
  ./configure --enable-devtpm --prefix=$PWD/../inst --enable-debug && \
  make install
sudo make check
popd

You can now run the examples such as sudo ./examples/wrap/wrap within QEMU. Using sudo maybe required for access to /dev/tpm0.

Building for SWTPM

See docs/SWTPM.md

Building for Windows TBS API

See docs/WindowTBS.md

Building using CMake

CMake supports compiling in many environments including Visual Studio if CMake support is installed. The commands below can be run in Developer Command Prompt.

mkdir build
cd build
# to use installed wolfSSL location (library and headers)
cmake .. -DWITH_WOLFSSL=/prefix/to/wolfssl/install/
# OR to use a wolfSSL source tree
cmake .. -DWITH_WOLFSSL_TREE=/path/to/wolfssl/
# build
cmake --build .

Running Examples

These examples demonstrate features of a TPM 2.0 module. The examples create RSA and ECC keys in NV for testing using handles defined in ./hal/tpm_io.h. The PKCS #7 and TLS examples require generating CSR's and signing them using a test script. See examples/README.md for details on using the examples. To run the TLS sever and client on same machine you must build with WOLFTPM_TIS_LOCK to enable concurrent access protection.

TPM2 Wrapper Tests

./examples/wrap/wrap_test
TPM2 Demo for Wrapper API's
Mfg STM  (2), Vendor , Fw 74.8 (1151341959), FIPS 140-2 1, CC-EAL4 0
RSA Encrypt/Decrypt Test Passed
RSA Encrypt/Decrypt OAEP Test Passed
RSA Key 0x80000000 Exported to wolf RsaKey
wolf RsaKey loaded into TPM: Handle 0x80000000
RSA Private Key Loaded into TPM: Handle 0x80000000
ECC Sign/Verify Passed
ECC DH Test Passed
ECC Verify Test Passed
ECC Key 0x80000000 Exported to wolf ecc_key
wolf ecc_key loaded into TPM: Handle 0x80000000
ECC Private Key Loaded into TPM: Handle 0x80000000
NV Test on index 0x1800200 with 1024 bytes passed
Hash SHA256 test success
HMAC SHA256 test success
Encrypt/Decrypt (known key) test success
Encrypt/Decrypt test success

TPM2 Benchmarks

Note: Key Generation is using existing template from hierarchy seed.

Run on Infineon OPTIGA SLB9670 at 43MHz:

./examples/bench/bench
TPM2 Benchmark using Wrapper API's
RNG                 16 KB took 1.140 seconds,   14.033 KB/s
Benchmark symmetric AES-128-CBC-enc not supported!
Benchmark symmetric AES-128-CBC-dec not supported!
Benchmark symmetric AES-256-CBC-enc not supported!
Benchmark symmetric AES-256-CBC-dec not supported!
Benchmark symmetric AES-128-CTR-enc not supported!
Benchmark symmetric AES-128-CTR-dec not supported!
Benchmark symmetric AES-256-CTR-enc not supported!
Benchmark symmetric AES-256-CTR-dec not supported!
Benchmark symmetric AES-256-CFB-enc not supported!
Benchmark symmetric AES-256-CFB-dec not supported!
SHA1               138 KB took 1.009 seconds,  136.783 KB/s
SHA256             138 KB took 1.009 seconds,  136.763 KB/s
RSA     2048 key gen        5 ops took 10.981 sec, avg 2196.230 ms, 0.455 ops/sec
RSA     2048 Public       113 ops took 1.005 sec, avg 8.893 ms,   112.449 ops/sec
RSA     2048 Private        7 ops took 1.142 sec, avg 163.207 ms,   6.127 ops/sec
RSA     2048 Pub  OAEP     73 ops took 1.011 sec, avg 13.848 ms,   72.211 ops/sec
RSA     2048 Priv OAEP      6 ops took 1.004 sec, avg 167.399 ms,   5.974 ops/sec
ECC      256 key gen        5 ops took 1.157 sec, avg 231.350 ms,   4.322 ops/sec
ECDSA    256 sign          15 ops took 1.033 sec, avg 68.865 ms,   14.521 ops/sec
ECDSA    256 verify         9 ops took 1.022 sec, avg 113.539 ms,   8.808 ops/sec
ECDHE    256 agree          5 ops took 1.161 sec, avg 232.144 ms,   4.308 ops/sec

Run on Infineon OPTIGA SLB9672 at 43MHz:

./examples/bench/bench
TPM2 Benchmark using Wrapper API's
	Use Parameter Encryption: NULL
Loading SRK: Storage 0x81000200 (282 bytes)
RNG                 24 KB took 1.070 seconds,   22.429 KB/s
Benchmark symmetric AES-128-CBC-enc not supported!
Benchmark symmetric AES-128-CBC-dec not supported!
Benchmark symmetric AES-256-CBC-enc not supported!
Benchmark symmetric AES-256-CBC-dec not supported!
Benchmark symmetric AES-128-CTR-enc not supported!
Benchmark symmetric AES-128-CTR-dec not supported!
Benchmark symmetric AES-256-CTR-enc not supported!
Benchmark symmetric AES-256-CTR-dec not supported!
AES-128-CFB-enc     86 KB took 1.001 seconds,   85.890 KB/s
AES-128-CFB-dec     88 KB took 1.020 seconds,   86.267 KB/s
AES-256-CFB-enc     86 KB took 1.023 seconds,   84.073 KB/s
AES-256-CFB-dec     86 KB took 1.019 seconds,   84.370 KB/s
SHA1                88 KB took 1.021 seconds,   86.155 KB/s
SHA256              86 KB took 1.015 seconds,   84.717 KB/s
SHA384              90 KB took 1.007 seconds,   89.405 KB/s
RSA     2048 key gen       10 ops took 15.677 sec, avg 1567.678 ms, 0.638 ops/sec
RSA     2048 Public       110 ops took 1.000 sec, avg 9.095 ms, 109.951 ops/sec
RSA     2048 Private       14 ops took 1.078 sec, avg 76.996 ms, 12.988 ops/sec
RSA     2048 Pub  OAEP     51 ops took 1.012 sec, avg 19.838 ms, 50.408 ops/sec
RSA     2048 Priv OAEP     12 ops took 1.053 sec, avg 87.738 ms, 11.398 ops/sec
ECC      256 key gen        8 ops took 1.088 sec, avg 135.956 ms, 7.355 ops/sec
ECDSA    256 sign          29 ops took 1.033 sec, avg 35.621 ms, 28.073 ops/sec
ECDSA    256 verify        42 ops took 1.013 sec, avg 24.114 ms, 41.470 ops/sec
ECDHE    256 agree         16 ops took 1.055 sec, avg 65.948 ms, 15.164 ops/sec

Run on Infineon SLB9673 on I2C at 400kHz:

./examples/bench/bench
TPM2 Benchmark using Wrapper API's
	Use Parameter Encryption: NULL
Loading SRK: Storage 0x81000200 (282 bytes)
RNG                  4 KB took 1.429 seconds,    2.799 KB/s
Benchmark symmetric AES-128-CBC-enc not supported!
Benchmark symmetric AES-128-CBC-dec not supported!
Benchmark symmetric AES-256-CBC-enc not supported!
Benchmark symmetric AES-256-CBC-dec not supported!
Benchmark symmetric AES-128-CTR-enc not supported!
Benchmark symmetric AES-128-CTR-dec not supported!
Benchmark symmetric AES-256-CTR-enc not supported!
Benchmark symmetric AES-256-CTR-dec not supported!
AES-128-CFB-enc      4 KB took 1.022 seconds,    3.914 KB/s
AES-128-CFB-dec      4 KB took 1.021 seconds,    3.916 KB/s
AES-256-CFB-enc      4 KB took 1.023 seconds,    3.911 KB/s
AES-256-CFB-dec      4 KB took 1.023 seconds,    3.912 KB/s
SHA1                 8 KB took 1.203 seconds,    6.650 KB/s
SHA256               8 KB took 1.208 seconds,    6.623 KB/s
SHA384               8 KB took 1.209 seconds,    6.617 KB/s
RSA     2048 key gen       10 ops took 19.106 sec, avg 1910.554 ms, 0.523 ops/sec
RSA     2048 Public        14 ops took 1.046 sec, avg 74.740 ms, 13.380 ops/sec
RSA     2048 Private        6 ops took 1.008 sec, avg 168.057 ms, 5.950 ops/sec
RSA     2048 Pub  OAEP     15 ops took 1.008 sec, avg 67.231 ms, 14.874 ops/sec
RSA     2048 Priv OAEP      7 ops took 1.126 sec, avg 160.789 ms, 6.219 ops/sec
ECC      256 key gen        4 ops took 1.244 sec, avg 311.031 ms, 3.215 ops/sec
ECDSA    256 sign          14 ops took 1.009 sec, avg 72.057 ms, 13.878 ops/sec
ECDSA    256 verify        18 ops took 1.043 sec, avg 57.921 ms, 17.265 ops/sec
ECDHE    256 agree          9 ops took 1.025 sec, avg 113.888 ms, 8.781 ops/sec

Run on STMicro ST33KTPM2XSPI at 33MHz:

./examples/bench/bench
TPM2 Benchmark using Wrapper API's
	Use Parameter Encryption: NULL
Loading SRK: Storage 0x81000200 (282 bytes)
RNG                 24 KB took 1.042 seconds,   23.028 KB/s
AES-128-CBC-enc     52 KB took 1.018 seconds,   51.077 KB/s
AES-128-CBC-dec     52 KB took 1.027 seconds,   50.644 KB/s
AES-256-CBC-enc     46 KB took 1.012 seconds,   45.446 KB/s
AES-256-CBC-dec     46 KB took 1.021 seconds,   45.072 KB/s
AES-128-CTR-enc     44 KB took 1.025 seconds,   42.927 KB/s
AES-128-CTR-dec     44 KB took 1.024 seconds,   42.955 KB/s
AES-256-CTR-enc     40 KB took 1.025 seconds,   39.016 KB/s
AES-256-CTR-dec     40 KB took 1.026 seconds,   38.992 KB/s
AES-128-CFB-enc     52 KB took 1.026 seconds,   50.674 KB/s
AES-128-CFB-dec     46 KB took 1.023 seconds,   44.986 KB/s
AES-256-CFB-enc     46 KB took 1.021 seconds,   45.047 KB/s
AES-256-CFB-dec     42 KB took 1.033 seconds,   40.665 KB/s
SHA1               138 KB took 1.009 seconds,  136.727 KB/s
SHA256             128 KB took 1.010 seconds,  126.723 KB/s
SHA384             116 KB took 1.001 seconds,  115.833 KB/s
RSA     2048 key gen        9 ops took 17.497 sec, avg 1944.057 ms, 0.514 ops/sec
RSA     2048 Public       155 ops took 1.003 sec, avg 6.468 ms, 154.601 ops/sec
RSA     2048 Private       12 ops took 1.090 sec, avg 90.806 ms, 11.013 ops/sec
RSA     2048 Pub  OAEP    122 ops took 1.004 sec, avg 8.230 ms, 121.501 ops/sec
RSA     2048 Priv OAEP     11 ops took 1.023 sec, avg 92.964 ms, 10.757 ops/sec
ECC      256 key gen       12 ops took 1.070 sec, avg 89.172 ms, 11.214 ops/sec
ECDSA    256 sign          40 ops took 1.010 sec, avg 25.251 ms, 39.602 ops/sec
ECDSA    256 verify        28 ops took 1.023 sec, avg 36.543 ms, 27.365 ops/sec
ECDHE    256 agree         16 ops took 1.062 sec, avg 66.391 ms, 15.062 ops/sec

Run on STMicro ST33TPHF2XSPI at 33MHz:

./examples/bench/bench
TPM2 Benchmark using Wrapper API's
RNG                 14 KB took 1.017 seconds,   13.763 KB/s
AES-128-CBC-enc     40 KB took 1.008 seconds,   39.666 KB/s
AES-128-CBC-dec     42 KB took 1.032 seconds,   40.711 KB/s
AES-256-CBC-enc     40 KB took 1.013 seconds,   39.496 KB/s
AES-256-CBC-dec     40 KB took 1.011 seconds,   39.563 KB/s
AES-128-CTR-enc     26 KB took 1.055 seconds,   24.646 KB/s
AES-128-CTR-dec     26 KB took 1.035 seconds,   25.117 KB/s
AES-256-CTR-enc     26 KB took 1.028 seconds,   25.302 KB/s
AES-256-CTR-dec     26 KB took 1.030 seconds,   25.252 KB/s
AES-128-CFB-enc     42 KB took 1.045 seconds,   40.201 KB/s
AES-128-CFB-dec     40 KB took 1.008 seconds,   39.699 KB/s
AES-256-CFB-enc     40 KB took 1.022 seconds,   39.151 KB/s
AES-256-CFB-dec     42 KB took 1.041 seconds,   40.362 KB/s
SHA1                86 KB took 1.005 seconds,   85.559 KB/s
SHA256              84 KB took 1.019 seconds,   82.467 KB/s
RSA     2048 key gen        1 ops took 7.455 sec, avg 7455.036 ms, 0.134 ops/sec
RSA     2048 Public       110 ops took 1.003 sec, avg 9.122 ms,  109.624 ops/sec
RSA     2048 Private        5 ops took 1.239 sec, avg 247.752 ms,  4.036 ops/sec
RSA     2048 Pub  OAEP     81 ops took 1.001 sec, avg 12.364 ms,  80.880 ops/sec
RSA     2048 Priv OAEP      4 ops took 1.007 sec, avg 251.780 ms,  3.972 ops/sec
ECC      256 key gen        5 ops took 1.099 sec, avg 219.770 ms,  4.550 ops/sec
ECDSA    256 sign          24 ops took 1.016 sec, avg 42.338 ms,  23.619 ops/sec
ECDSA    256 verify        14 ops took 1.036 sec, avg 74.026 ms,  13.509 ops/sec
ECDHE    256 agree          5 ops took 1.235 sec, avg 247.085 ms,  4.047 ops/sec

Run on Microchip ATTPM20 at 33MHz:

./examples/bench/bench
TPM2 Benchmark using Wrapper API's
RNG                  2 KB took 1.867 seconds,    1.071 KB/s
Benchmark symmetric AES-128-CBC-enc not supported!
Benchmark symmetric AES-128-CBC-dec not supported!
Benchmark symmetric AES-256-CBC-enc not supported!
Benchmark symmetric AES-256-CBC-dec not supported!
Benchmark symmetric AES-128-CTR-enc not supported!
Benchmark symmetric AES-128-CTR-dec not supported!
Benchmark symmetric AES-256-CTR-enc not supported!
Benchmark symmetric AES-256-CTR-dec not supported!
AES-128-CFB-enc     16 KB took 1.112 seconds,   14.383 KB/s
AES-128-CFB-dec     16 KB took 1.129 seconds,   14.166 KB/s
AES-256-CFB-enc     12 KB took 1.013 seconds,   11.845 KB/s
AES-256-CFB-dec     12 KB took 1.008 seconds,   11.909 KB/s
SHA1                22 KB took 1.009 seconds,   21.797 KB/s
SHA256              22 KB took 1.034 seconds,   21.270 KB/s
RSA     2048 key gen        3 ops took 15.828 sec, avg 5275.861 ms, 0.190 ops/sec
RSA     2048 Public        22 ops took 1.034 sec, avg 47.021 ms, 21.267 ops/sec
RSA     2048 Private        9 ops took 1.059 sec, avg 117.677 ms, 8.498 ops/sec
RSA     2048 Pub  OAEP     21 ops took 1.007 sec, avg 47.959 ms, 20.851 ops/sec
RSA     2048 Priv OAEP      9 ops took 1.066 sec, avg 118.423 ms, 8.444 ops/sec
ECC      256 key gen        7 ops took 1.072 sec, avg 153.140 ms, 6.530 ops/sec
ECDSA    256 sign          18 ops took 1.056 sec, avg 58.674 ms, 17.043 ops/sec
ECDSA    256 verify        24 ops took 1.031 sec, avg 42.970 ms, 23.272 ops/sec
ECDHE    256 agree         16 ops took 1.023 sec, avg 63.934 ms, 15.641 ops/sec

Run on Nations Technologies Inc. TPM 2.0 module at 33MHz:

./examples/bench/bench
TPM2 Benchmark using Wrapper API's
RNG                 12 KB took 1.065 seconds,   11.270 KB/s
AES-128-CBC-enc     48 KB took 1.026 seconds,   46.780 KB/s
AES-128-CBC-dec     48 KB took 1.039 seconds,   46.212 KB/s
AES-256-CBC-enc     48 KB took 1.035 seconds,   46.370 KB/s
AES-256-CBC-dec     48 KB took 1.025 seconds,   46.852 KB/s
Benchmark symmetric AES-128-CTR-enc not supported!
Benchmark symmetric AES-128-CTR-dec not supported!
Benchmark symmetric AES-256-CTR-enc not supported!
Benchmark symmetric AES-256-CTR-dec not supported!
AES-128-CFB-enc     50 KB took 1.029 seconds,   48.591 KB/s
AES-128-CFB-dec     50 KB took 1.035 seconds,   48.294 KB/s
AES-256-CFB-enc     48 KB took 1.000 seconds,   47.982 KB/s
AES-256-CFB-dec     48 KB took 1.003 seconds,   47.855 KB/s
SHA1                80 KB took 1.009 seconds,   79.248 KB/s
SHA256              80 KB took 1.004 seconds,   79.702 KB/s
SHA384              78 KB took 1.018 seconds,   76.639 KB/s
RSA     2048 key gen        8 ops took 17.471 sec, avg 2183.823 ms, 0.458 ops/sec
RSA     2048 Public        52 ops took 1.004 sec, avg 19.303 ms, 51.805 ops/sec
RSA     2048 Private        8 ops took 1.066 sec, avg 133.243 ms, 7.505 ops/sec
RSA     2048 Pub  OAEP     51 ops took 1.001 sec, avg 19.621 ms, 50.966 ops/sec
RSA     2048 Priv OAEP      8 ops took 1.073 sec, avg 134.182 ms, 7.453 ops/sec
ECC      256 key gen       20 ops took 1.037 sec, avg 51.871 ms, 19.279 ops/sec
ECDSA    256 sign          43 ops took 1.006 sec, avg 23.399 ms, 42.736 ops/sec
ECDSA    256 verify        28 ops took 1.030 sec, avg 36.785 ms, 27.185 ops/sec
ECDHE    256 agree         26 ops took 1.010 sec, avg 38.847 ms, 25.742 ops/sec

Run on Nuvoton NPCT650:

./examples/bench/bench
TPM2 Benchmark using Wrapper API's
RNG                  8 KB took 1.291 seconds,    6.197 KB/s
Benchmark symmetric AES-128-CBC-enc not supported!
Benchmark symmetric AES-128-CBC-dec not supported!
Benchmark symmetric AES-256-CBC-enc not supported!
Benchmark symmetric AES-256-CBC-dec not supported!
Benchmark symmetric AES-256-CTR-enc not supported!
Benchmark symmetric AES-256-CTR-dec not supported!
Benchmark symmetric AES-256-CFB-enc not supported!
Benchmark symmetric AES-256-CFB-dec not supported!
SHA1                90 KB took 1.005 seconds,   89.530 KB/s
SHA256              90 KB took 1.010 seconds,   89.139 KB/s
RSA     2048 key gen        8 ops took 35.833 sec, avg 4479.152 ms, 0.223 ops/sec
RSA     2048 Public        77 ops took 1.007 sec, avg 13.078 ms, 76.463 ops/sec
RSA     2048 Private        2 ops took 1.082 sec, avg 540.926 ms, 1.849 ops/sec
RSA     2048 Pub  OAEP     53 ops took 1.005 sec, avg 18.961 ms, 52.739 ops/sec
RSA     2048 Priv OAEP      2 ops took 1.088 sec, avg 544.075 ms, 1.838 ops/sec
ECC      256 key gen        7 ops took 1.033 sec, avg 147.608 ms, 6.775 ops/sec
ECDSA    256 sign           6 ops took 1.141 sec, avg 190.149 ms, 5.259 ops/sec
ECDSA    256 verify         4 ops took 1.061 sec, avg 265.216 ms, 3.771 ops/sec
ECDHE    256 agree          6 ops took 1.055 sec, avg 175.915 ms, 5.685 ops/sec

Run on Nuvoton NPCT750 at 43MHz:

RNG                 16 KB took 1.114 seconds,   14.368 KB/s
Benchmark symmetric AES-128-CBC-enc not supported!
Benchmark symmetric AES-128-CBC-dec not supported!
Benchmark symmetric AES-256-CBC-enc not supported!
Benchmark symmetric AES-256-CBC-dec not supported!
SHA1               120 KB took 1.012 seconds,  118.618 KB/s
SHA256             122 KB took 1.012 seconds,  120.551 KB/s
SHA384             120 KB took 1.003 seconds,  119.608 KB/s
RSA     2048 key gen        5 ops took 17.043 sec, avg 3408.678 ms, 0.293 ops/sec
RSA     2048 Public       134 ops took 1.004 sec, avg 7.490 ms, 133.517 ops/sec
RSA     2048 Private       15 ops took 1.054 sec, avg 70.261 ms, 14.233 ops/sec
RSA     2048 Pub  OAEP    116 ops took 1.002 sec, avg 8.636 ms, 115.797 ops/sec
RSA     2048 Priv OAEP     15 ops took 1.061 sec, avg 70.716 ms, 14.141 ops/sec
ECC      256 key gen       12 ops took 1.008 sec, avg 84.020 ms, 11.902 ops/sec
ECDSA    256 sign          18 ops took 1.015 sec, avg 56.399 ms, 17.731 ops/sec
ECDSA    256 verify        26 ops took 1.018 sec, avg 39.164 ms, 25.533 ops/sec
ECDHE    256 agree         35 ops took 1.029 sec, avg 29.402 ms, 34.011 ops/sec

TPM2 Native Tests

./examples/native/native_test
TPM2 Demo using Native API's
TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e
TPM2_Startup pass
TPM2_SelfTest pass
TPM2_GetTestResult: Size 12, Rc 0x0
TPM2_IncrementalSelfTest: Rc 0x0, Alg 0x1 (Todo 0)
TPM2_GetCapability: Property FamilyIndicator 0x322e3000
TPM2_GetCapability: Property PCR Count 24
TPM2_GetCapability: Property FIRMWARE_VERSION_1 0x004a0008
TPM2_GetCapability: Property FIRMWARE_VERSION_2 0x44a01587
TPM2_GetRandom: Got 32 bytes
TPM2_StirRandom: success
TPM2_PCR_Read: Index 0, Count 1
TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 1, Count 1
TPM2_PCR_Read: Index 1, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 2, Count 1
TPM2_PCR_Read: Index 2, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 3, Count 1
TPM2_PCR_Read: Index 3, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 4, Count 1
TPM2_PCR_Read: Index 4, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 5, Count 1
TPM2_PCR_Read: Index 5, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 6, Count 1
TPM2_PCR_Read: Index 6, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 7, Count 1
TPM2_PCR_Read: Index 7, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 8, Count 1
TPM2_PCR_Read: Index 8, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 9, Count 1
TPM2_PCR_Read: Index 9, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 10, Count 1
TPM2_PCR_Read: Index 10, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 11, Count 1
TPM2_PCR_Read: Index 11, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 12, Count 1
TPM2_PCR_Read: Index 12, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 13, Count 1
TPM2_PCR_Read: Index 13, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 14, Count 1
TPM2_PCR_Read: Index 14, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 15, Count 1
TPM2_PCR_Read: Index 15, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 16, Count 1
TPM2_PCR_Read: Index 16, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 17, Count 1
TPM2_PCR_Read: Index 17, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 18, Count 1
TPM2_PCR_Read: Index 18, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 19, Count 1
TPM2_PCR_Read: Index 19, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 20, Count 1
TPM2_PCR_Read: Index 20, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 21, Count 1
TPM2_PCR_Read: Index 21, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 22, Count 1
TPM2_PCR_Read: Index 22, Digest Sz 32, Update Counter 20
TPM2_PCR_Read: Index 23, Count 1
TPM2_PCR_Read: Index 23, Digest Sz 32, Update Counter 20
TPM2_PCR_Extend success
TPM2_PCR_Read: Index 0, Count 1
TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 21
TPM2_StartAuthSession: sessionHandle 0x3000000
TPM2_PolicyGetDigest: size 32
TPM2_PCR_Read: Index 0, Digest Sz 20, Update Counter 21
wc_Hash of PCR[0]: size 32
TPM2_PolicyPCR failed 0x1c4: TPM_RC_AUTHSIZE
TPM2_PolicyRestart: Done
TPM2_HashSequenceStart: sequenceHandle 0x80000000
Hash SHA256 test success
TPM2_CreatePrimary: Endorsement 0x80000000 (314 bytes)
TPM2_CreatePrimary: Storage 0x80000002 (282 bytes)
TPM2_LoadExternal: 0x80000004
TPM2_MakeCredential: credentialBlob 68, secret 256
TPM2_ReadPublic Handle 0x80000004: pub 314, name 34, qualifiedName 34
Create HMAC-SHA256 Key success, public 48, Private 137
TPM2_Load New HMAC Key Handle 0x80000004
TPM2_PolicyCommandCode: success
TPM2_ObjectChangeAuth: private 137
TPM2_ECC_Parameters: CurveID 3, sz 256, p 32, a 32, b 32, gX 32, gY 32, n 32, h 1
TPM2_Create: New ECDSA Key: pub 88, priv 126
TPM2_Load ECDSA Key Handle 0x80000004
TPM2_Sign: ECC S 32, R 32
TPM2_VerifySignature: Tag 32802
TPM2_Create: New ECDH Key: pub 88, priv 126
TPM2_Load ECDH Key Handle 0x80000004
TPM2_ECDH_KeyGen: zPt 68, pubPt 68
TPM2_ECDH_ZGen: zPt 68
TPM2 ECC Shared Secret Pass
TPM2_Create: New RSA Key: pub 278, priv 222
TPM2_Load RSA Key Handle 0x80000004
TPM2_RSA_Encrypt: 256
TPM2_RSA_Decrypt: 68
RSA Encrypt/Decrypt test passed
TPM2_NV_DefineSpace: 0x1bfffff
TPM2_NV_ReadPublic: Sz 14, Idx 0x1bfffff, nameAlg 11, Attr 0x2020002, authPol 0, dataSz 32, name 34
Create AES128 CFB Key success, public 50, Private 142
TPM2_Load New AES Key Handle 0x80000004
Encrypt/Decrypt test success

TPM2 CSR Example

./examples/csr/csr
TPM2 CSR Example
Generated/Signed Cert (DER 860, PEM 1236)
-----BEGIN CERTIFICATE REQUEST-----
MIIDWDCCAkACAQIwgZsxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAP
BgNVBAcMCFBvcnRsYW5kMQ0wCwYDVQQEDARUZXN0MRAwDgYDVQQKDAd3b2xmU1NM
MQwwCgYDVQQLDANSU0ExGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANtFRTX9CIW489vdmfy0qoffKtXBIfEGo07XgbvHPqk/KLx9NpK4
fDLRdh5Kh7mDIGQI0hKDQMQ4GRTzRlE+wXlTqGQaQohac1LRxe21RCCKn0ZXvbCJ
Wd1cIAGQyDyOb8WYCquQB79r2pIAKnVbedu+G1jx3tVrwB8ZCosKF86au7cEDxvD
sdmt2vcEIlMcgfWQNo8TkWEKW33qu/rOOfJAUkVOUKENvj8zz/Iw4pX9nImiclMC
/pMcgjpnFUlG5a0Jwg2PR7pXyRYUCciMq20UF5LDZG3NmFirVqigOmBIFsrpVCjt
wf/Ep6DxFgmy7KNJ/0kzQByySvjKrIOqynsCAwEAAaB3MHUGCSqGSIb3DQEJDjFo
MGYwHQYDVR0OBBYEFBHIhJ44Ide+SKGpL2neKuusXBZxMEUGA1UdJQQ+MDwGCCsG
AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYI
KwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggEBACGHTZE5BVonf9OM3bYZvl2SiKdj
fo+f8a5COgBgCiNK8DPXCr+RMfp7jy8+3NP0bUPppi46F6Eq80YIZuQJgoyd0l8l
F+0KXq/FuoHtTLH7joHCKcYta1yPpnvKAG9195aIruAHesXwDxklqTvlVx3/e9No
YtmWUMdrLvTZrI1L1/0OuHbPgCGmdyHOXEh0xY0VTE1I0ff0b8UC3dQCsf8uROhO
fXXYwZz9LLSdO/QuDSxXThEe4m1/AUJkiaQ/T2zNEiR5Imk+jluXLz8bVM7w+HMt
l/076ekjTI+7PwzBZIG2F3nOIDUmHwe0lAWdU8h9IoAlM6kS22fh6gZZqQg=
-----END CERTIFICATE REQUEST-----

Generated/Signed Cert (DER 467, PEM 704)
-----BEGIN CERTIFICATE REQUEST-----
MIIBzzCCAXUCAQIwgZsxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAP
BgNVBAcMCFBvcnRsYW5kMQ0wCwYDVQQEDARUZXN0MRAwDgYDVQQKDAd3b2xmU1NM
MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABIokJgsrMSW8f6si4S1saUXABXbqWKWVQn+D6z9LQe/wkPqozP/hV/3qTtpE
I/E3HjcHqRY+nsosjlEz36mzrRagdzB1BgkqhkiG9w0BCQ4xaDBmMB0GA1UdDgQW
BBRyZJhX+sHZEE117OKL0/CPVGbAKzBFBgNVHSUEPjA8BggrBgEFBQcDAQYIKwYB
BQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJMAoG
CCqGSM49BAMCA0gAMEUCIQCR9cbyRt3cbEZUIOBa4GNSRTlgFdB3X1EOwm+cA5/k
6AIgBm+EU6m5SDsk7BYmxTQAhgJFrelwymOa7m16kAXnFuU=
-----END CERTIFICATE REQUEST-----

TPM2 PKCS 7 Example

./examples/pkcs7/pkcs7
TPM2 PKCS7 Example
PKCS7 Signed Container 1625
PKCS7 Container Verified (using TPM)
PKCS7 Container Verified (using software)

TPM TLS Client Example

The wolfSSL TLS client requires loading a public key to indicate mutual authentication is used. The crypto callback uses the TPM for the private key signing.

./examples/tls/tls_client
TPM2 TLS Client Example
Write (29): GET /index.html HTTP/1.0


Read (193): HTTP/1.1 200 OK
Content-Type: text/html
Connection: close

<html>
<head>
<title>Welcome to wolfSSL!</title>
</head>
<body>
<p>wolfSSL has successfully performed handshake!</p>
</body>
</html>

TPM TLS Server Example

The wolfSSL TLS server loads the TPM public key and the crypto callback uses the TPM for the private key signing.

./examples/tls/tls_server
TPM2 TLS Server Example
Loading RSA certificate and public key
Read (29): GET /index.html HTTP/1.0


Write (193): HTTP/1.1 200 OK
Content-Type: text/html
Connection: close

<html>
<head>
<title>Welcome to wolfSSL!</title>
</head>
<body>
<p>wolfSSL has successfully performed handshake!</p>
</body>
</html>

Todo

Add support for Endorsement certificates (EK Credential Profile).
Update to v1.59 of specification (adding CertifyX509).
Inner wrap support for SensitiveToPrivate.
Add support for IRQ (interrupt line)

Support

Email us at [email protected].

wolftpm's People

Contributors

Stargazers

Watchers

Forkers

dgarske paulkissinger jacobbarthelmeh ejohnstown kojo1 abrahamsonn tes001 embhorn lightsp33d cconlon lupalabs sylar94444 vishalwins scuzz3y tomoveu designfirstee alexzielenski elms ripvwinkle uart-aplex stanisbouts1 ertos12 pci-bdo abdkama anhu useful-stuff paulwratt zhichao-h tatowicz mre-fog mzdn skyn9ne jpbland1 billphipps fengjixuchui rizlik ivoes lealem47 jingshui1037 hibigyao nelly556 tmael night1rider gmh5225 s3ck ekm01 philljj ionuttbara tassiosantos pakal

wolftpm's Issues

Expired wolfSSL CA certificate used in examples

Both wolfSSL CA certificates (wolf-ca-[rsa|ecc]-cert.pem) used in the TLS examples have recently expired, resulting in an error when trying to execute these examples.

Snippet:

Validity
    Not Before: Apr 13 15:23:10 2018 GMT
    Not After : Jan  7 15:23:10 2021 GMT

Reproduction:

Run the TLS example as described in the README
Observe error -151 (ASN_AFTER_DATE_E) is returned when trying to load wolf-ca-[rsa|ecc]-cert.pem
https://github.com/wolfSSL/wolfTPM/blob/master/examples/tls/tls_server.c#L285

Endianness not accounted in AppendBytesand ParseBytes

I stumbled upon a marshalling/unmarshalling(append/parse) issue, when fixing the print for the signed_timestamp example #103

TPM2_Packet_AppendBytes and TPM2_Packet_ParseBytes do only a memory copy, when the response buffers from the TPM come in Big Endian format. Without proper Endianness handling, we can not parse the data correctly. For example, the TPM_GENERATE_VALUE test fails and the attested time print does not show meaningful data.

wolfTPM2_GetTime: success
	Error, attested data not generated by the TPM = 0x474354FF

when expected value is

wolftpm/tpm2.h: TPM_GENERATED_VALUE = 0xff544347
How this problem remained hidden, since AppendBytes and ParseBytes are used for other TPM2 commands?

Because both AppendBytes and ParseBytes do not convert endianness and we just ask the TPM to do stuff for us, the data was just consumed by the TPM.

For example, TPM2_Create spits key in Big Endian format that we do not convert, but then we also TPM2_Load without data manipulations, so it remains in BigEndian, so the result is as if the data is already parsed(marshalled) and the TPM just consumes it.

@dgarske please check this finding and let me know if more information is needed

No output with examples and benchmark

Hello, wolfSSL team.

I am using wolfTPM project for my thesis research. Unfortunately, I could not have any valid output after launching examples and benchmark files. The following is the output of running bench:

pi@raspi-fx:~/Software/wolfTPM/examples/bench $ ./bench
TPM2 Benchmark using Wrapper API's

This is the output of running wrap test:

pi@raspi-fx:~/Software/wolfTPM $ ./examples/wrap/wrap_test
TPM2 Demo for Wrapper API's

I am using a Raspberry Pi 3, with Infineon SLB9670 attached. The OS is the latest stable version of Raspbian. I followed exactly the official wolfTPM tutorial, a.k.a README.md of this project, with the same commands. I tried two combinations of different versions: wolfTPM 1.4 with wolfSSL 3.15.7, and wolfTPM master branch with wolfSSL master branch. I enabled my TPM module with this instruction https://letstrust.de/archives/19-Success!.html.

Thank you in advance and have a nice day.

Xiao.

How to go through wolfTPM2_Init with gdb

Background, I have an RPi hat with an RFID reader (NXP PN7150), an RTC (Maxim DS3232), a number of connectors for attaching spi and i2c mini boards (2 spi, 3 i2c0, and an Infineon SLB 9670. The spi is configured to use software chip select, as the spi is not just for the 9670, but also for the two off-board spis. The last thing I need to check is the 9670. My gpio setup is (SCK: GPIO11, MOSI: GPIO10, MISO: GPIO9, CSN: GPIO14). I'm trying to figure out how to connect with gdb to see if the spi is working correctly with the 9670. The examples directory have bash scripts but don't seem to have executables. Could someone suggest a good entry point to be able set a break point in wolfTPM2_Init(). I have seen that tpm_io_st.c uses software chip select, and I'm hoping to do something similar but using spidev and ioctl(SPIfd, SPI_IOC_MESSAGE(1), &xfer). Any suggestion(s) on how to get started are appreciated. Thank you.

wolftpm C# wrapper needs to implement IDisposable instead of using Finalizer.

In the wolfTPM.cs, when cleaning up resources, the C# Finalizer are used instead of following the IDisposable. This can be dangerous as the resources are only cleaned up when the finalizers are run by the GC (hopefully). In many cases, the finalizer may never run as such resource leak will ensure.

The following classes should implement IDisposable:

KeyBlob
Key
Template
Session
Device.

Can't read from NV memory

Hello,

I want to store 32-bytes of data in TPM's NV memory, then read it back (using an SLB9670). I used your example in wrap_test.c with success. After refactoring my code, I got an error when reading from the NV memory. I tried to restore the changes, and I tried the example code too, but couldn't get it to work.

Testing code:

void test(WOLFTPM2_DEV *dev)
{
    int rc = -1;
    WOLFTPM2_HANDLE parent;
    WOLFTPM2_NV nv;
    word32 nvAttributes = 0;
    WOLFTPM2_BUFFER message, plain;

    XMEMSET(&parent, 0, sizeof(parent));
    parent.hndl = TPM_RH_OWNER;

    rc = wolfTPM2_GetNvAttributesTemplate(parent.hndl, &nvAttributes);
    if (rc != 0) return;

    rc = wolfTPM2_NVCreateAuth(dev, &parent, &nv, 0x01800000,
        nvAttributes, 32, (byte*)gNvAuth, sizeof(gNvAuth)-1);
    if (rc != 0 && rc != TPM_RC_NV_DEFINED) return;
   
   if (rc != TPM_RC_NV_DEFINED) {
        message.size = 32; 
        XMEMSET(message.buffer, 0x42, message.size);
        rc = wolfTPM2_NVWriteAuth(dev, &nv, 0x01800000,
            message.buffer, message.size, 0);
        if (rc != 0) return;
    }

    plain.size = 32;
    rc = wolfTPM2_NVReadAuth(dev, &nv, 0x01800000,
        plain.buffer, (word32*)&plain.size, 0);
    if (rc != 0) return;
}

The output it produces:

TPM2_NV_DefineSpace failed 332: TPM_RC_NV_DEFINED: NV Index or persistent object already defined
TPM2_NV_Read failed 388: TPM_RC_VALUE: Value is out of range or is not correct for the context

However, after clearing the chip, its seems to work once:

TPM2_NV_DefineSpace: Auth 0x40000001, Idx 0x1800000, Attribs 0x33947654, Size 64
TPM2_NV_Write: Auth 0x1800000, Idx 0x1800000, Offset 0, Size 32
TPM2_NV_Read: Auth 0x1800000, Idx 0x1800000, Offset 0, Size 32

But after I ran my test code again, it will still produces the TPM_RC_VALUE error.

I compiled wolfTPM with v1.7;v1.8 and the latest commit.

What could be the problem?

wolfTPM is not thread-safe (`gActiveTPM` ought to be a thread-local)

static TPM2_CTX* gActiveTPM;

TPM2_CTX* TPM2_GetActiveCtx(void)
{
    return gActiveTPM;
}

void TPM2_SetActiveCtx(TPM2_CTX* ctx)
{
    gActiveTPM = ctx;
}

This is not thread-safe.

There's probably other thread-safety issues, and I'm not looking for them. I just wanted to know what the wolfTPM APIs look like, and noticed the lack of any context arguments, and then this, and that's as far as I want to look.

I think it would be totally fine to have a single explicit context argument to all TPM2 functions, but at the very least any hidden context should be thread-local.

Not that anyone is likely to need wolfTPM to be usable with multiple active threads in one process, but that it's easier to build a library to be usable that way than to fix it to be that way later.

Thinking of it, I can imagine scenarios where I'd want to support threads. Without a high-performance TPM with lots of resources, those scenarios are contrived. Perhaps one might build applications or libraries that use remote software TPMs running on physically secure, fast, HSM-like hardware, and then thread-safety might really matter.

One use case where thread-safety is not that important would be PAM. PAM can be used in threaded applications, but generally such applications a) use the same thread for all PAM calls, b) only maintain one active PAM handle, so wolfTPM not being exactly thread-safe wouldn't preclude using it in a PAM.

At any rate, I highly recommend designing libraries to be thread-safe by design.

Unable to compile both latest release and git version

Hello, wolfSSL Team!
I am a master student and a beginner of this wolfTPM project. I am trying to compile the latest release version of this project. However, my GCC compiler yields the following error.

pi@raspi-fx:~/Software/wolfTPM-1.5 $ make
make -j5  all-am
make[1]: Entering directory '/home/pi/Software/wolfTPM-1.5'
  CC       src/src_libwolftpm_la-tpm2_wrap.lo
  CC       examples/csr/csr.o
src/tpm2_wrap.c: In function ‘wolfTPM2_CryptoDevCb’:
src/tpm2_wrap.c:2887:28: error: ‘WC_ALGO_TYPE_RNG’ undeclared (first use in this function)
     if (info->algo_type == WC_ALGO_TYPE_RNG) {
                            ^~~~~~~~~~~~~~~~
src/tpm2_wrap.c:2887:28: note: each undeclared identifier is reported only once for each function it appears in
src/tpm2_wrap.c:2892:50: error: ‘wc_CryptoInfo {aka struct wc_CryptoInfo}’ has no member named ‘rng’
         rc = wolfTPM2_GetRandom(tlsCtx->dev, info->rng.out, info->rng.sz);
                                                  ^~
src/tpm2_wrap.c:2892:65: error: ‘wc_CryptoInfo {aka struct wc_CryptoInfo}’ has no member named ‘rng’
         rc = wolfTPM2_GetRandom(tlsCtx->dev, info->rng.out, info->rng.sz);
                                                                 ^~
src/tpm2_wrap.c:3132:17: error: ‘wc_CryptoInfo {aka struct wc_CryptoInfo}’ has no member named ‘hash’
         if (info->hash.type != WC_HASH_TYPE_SHA &&
                 ^~
src/tpm2_wrap.c:3133:17: error: ‘wc_CryptoInfo {aka struct wc_CryptoInfo}’ has no member named ‘hash’
             info->hash.type != WC_HASH_TYPE_SHA256) {
                 ^~
src/tpm2_wrap.c:3249:33: error: ‘WC_ALGO_TYPE_HMAC’ undeclared (first use in this function)
     else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
                                 ^~~~~~~~~~~~~~~~~
src/tpm2_wrap.c:3258:17: error: ‘wc_CryptoInfo {aka struct wc_CryptoInfo}’ has no member named ‘hmac’
         if (info->hmac.macType != WC_HASH_TYPE_SHA &&
                 ^~
src/tpm2_wrap.c:3259:17: error: ‘wc_CryptoInfo {aka struct wc_CryptoInfo}’ has no member named ‘hmac’
             info->hmac.macType != WC_HASH_TYPE_SHA256) {
                 ^~
src/tpm2_wrap.c:3262:17: error: ‘wc_CryptoInfo {aka struct wc_CryptoInfo}’ has no member named ‘hmac’
         if (info->hmac.hmac == NULL) {
                 ^~
src/tpm2_wrap.c: In function ‘wolfTPM2_ClearCryptoDevCb’:
src/tpm2_wrap.c:3383:9: warning: implicit declaration of function ‘wc_CryptoCb_UnRegisterDevice’ [-Wimplicit-function-declaration]
         wc_CryptoCb_UnRegisterDevice(devId);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/tpm2_wrap.c:3383:9: warning: nested extern declaration of ‘wc_CryptoCb_UnRegisterDevice’ [-Wnested-externs]
Makefile:1197: recipe for target 'src/src_libwolftpm_la-tpm2_wrap.lo' failed
make[1]: *** [src/src_libwolftpm_la-tpm2_wrap.lo] Error 1
make[1]: Leaving directory '/home/pi/Software/wolfTPM-1.5'
Makefile:841: recipe for target 'all' failed
make: *** [all] Error 2

I am running these codes on a Raspberry Pi 3, with the latest stable Raspbian installed. An SLB9670 module is attached to GPIO. The latest stable WolfSSL has been successfully installed. I am just following the official tutorial https://github.com/wolfSSL/wolfTPM with exactly the same bash commands. My GCC version is (Raspbian 6.3.0-18+rpi1+deb9u1) 6.3.0 20170516.

Thank you in advance and have a nice day.

Support for SLB 9645SLB ? (I2C)

Does this work for the Infineon SLB9645 I2C TPM?

https://www.rutronik24.com/search-result/qs:SLB9645/reset:0

www.infineon.com/dgdl/Infineon-+SLB+9645_SLB+9670+TPM+1.2+-AN-v06_16-EN.zip?fileId=5546d46255a50e820155b535d44d754f

git commit fails even though no change was made

Running git commit -s without making any changes, the test will fail even if the make test succeeds.

$ git commit -s


Saving current config




Stashing any modified files not part of commit




Running commit tests...


-e 

Testing current config...


 rm -f examples/keygen/keyload examples/keygen/keygen examples/keygen/keyimport examples/nvram/store examples/nvram/read
 rm -f tests/unit.test
test -z "" || rm -f 
test -z "src/libwolftpm.la" || rm -f src/libwolftpm.la
rm -f src/so_locations
rm -rf .libs _libs
rm -rf examples/attestation/.libs examples/attestation/_libs
rm -rf examples/bench/.libs examples/bench/_libs
rm -rf examples/csr/.libs examples/csr/_libs
rm -rf examples/gpio/.libs examples/gpio/_libs
rm -rf examples/keygen/.libs examples/keygen/_libs
rm -rf examples/management/.libs examples/management/_libs
rm -rf examples/native/.libs examples/native/_libs
rm -rf examples/nvram/.libs examples/nvram/_libs
rm -rf examples/pcr/.libs examples/pcr/_libs
rm -rf examples/pkcs7/.libs examples/pkcs7/_libs
rm -rf examples/seal/.libs examples/seal/_libs
rm -rf examples/timestamp/.libs examples/timestamp/_libs
rm -rf examples/tls/.libs examples/tls/_libs
rm -rf examples/wrap/.libs examples/wrap/_libs
rm -rf src/.libs src/_libs
rm -rf tests/.libs tests/_libs
rm -rf docs/html/
test -z "" || rm -f 
 rm -f examples/native/native_test examples/wrap/wrap_test examples/bench/bench examples/tls/tls_client examples/tls/tls_client_notpm examples/tls/tls_server examples/csr/csr examples/pkcs7/pkcs7 examples/timestamp/signed_timestamp examples/timestamp/clock_set examples/pcr/quote examples/pcr/read examples/pcr/extend examples/pcr/reset examples/management/flush examples/gpio/gpio_config examples/gpio/gpio_read examples/gpio/gpio_set examples/seal/seal examples/seal/unseal examples/attestation/make_credential examples/attestation/activate_credential tests/unit.test
rm -f *.o
rm -f examples/*.o
rm -f examples/attestation/*.o
rm -f examples/bench/*.o
rm -f examples/csr/*.o
rm -f examples/gpio/*.o
rm -f examples/keygen/*.o
rm -f examples/management/*.o
rm -f examples/native/*.o
rm -f examples/nvram/*.o
rm -f examples/pcr/*.o
rm -f examples/pkcs7/*.o
rm -f examples/seal/*.o
rm -f examples/timestamp/*.o
rm -f examples/tls/*.o
rm -f examples/wrap/*.o
rm -f src/*.o
rm -f src/*.lo
rm -f tests/*.o
test -z "tests/unit.log" || rm -f tests/unit.log
test -z "tests/unit.trs" || rm -f tests/unit.trs
test -z "test-suite.log" || rm -f test-suite.log
rm -f *.lo
make -j13  check-am
make[1]: warning: -j13 forced in submake: resetting jobserver mode.
make[1]: Entering directory '/home/honma/git/wolfTPM'
  CC       examples/tpm_test_keys.o
  CC       examples/keygen/keyload.o
  CC       src/libwolftpm_la-tpm2_packet.lo
  CC       examples/tpm_io.o
  CC       src/libwolftpm_la-tpm2.lo
  CC       src/libwolftpm_la-tpm2_param_enc.lo
  CC       src/libwolftpm_la-tpm2_wrap.lo
  CC       src/libwolftpm_la-tpm2_tis.lo
  CC       src/libwolftpm_la-tpm2_swtpm.lo
  CC       examples/keygen/keyimport.o
  CC       examples/keygen/keygen.o
  CC       examples/nvram/store.o
  CC       examples/nvram/read.o
  CC       examples/native/native_test.o
  CC       examples/wrap/wrap_test.o
  CC       examples/bench/bench.o
  CC       examples/tls/tls_client.o
  CC       examples/tls/tls_client_notpm.o
  CC       examples/tls/tls_server.o
  CC       examples/csr/csr.o
  CC       examples/pkcs7/pkcs7.o
  CC       examples/timestamp/signed_timestamp.o
  CC       examples/timestamp/clock_set.o
  CC       examples/pcr/quote.o
  CC       examples/pcr/read.o
  CC       examples/pcr/extend.o
  CC       examples/pcr/reset.o
  CC       examples/management/flush.o
  CC       examples/gpio/gpio_config.o
  CC       examples/gpio/gpio_read.o
  CC       examples/gpio/gpio_set.o
  CC       examples/seal/seal.o
  CC       examples/seal/unseal.o
  CC       examples/attestation/make_credential.o
  CC       examples/attestation/activate_credential.o
  CC       tests/unit_test-unit_tests.o
  CC       examples/tests_unit_test-tpm_io.o
  CCLD     src/libwolftpm.la
  CCLD     examples/keygen/keyimport
  CCLD     examples/keygen/keyload
  CCLD     examples/keygen/keygen
  CCLD     examples/nvram/store
  CCLD     examples/nvram/read
  CCLD     examples/wrap/wrap_test
  CCLD     examples/native/native_test
  CCLD     examples/bench/bench
  CCLD     examples/tls/tls_client
  CCLD     examples/tls/tls_client_notpm
  CCLD     examples/tls/tls_server
  CCLD     examples/csr/csr
  CCLD     examples/pkcs7/pkcs7
  CCLD     examples/timestamp/signed_timestamp
  CCLD     examples/timestamp/clock_set
  CCLD     examples/pcr/quote
  CCLD     examples/pcr/read
  CCLD     examples/pcr/extend
  CCLD     examples/pcr/reset
  CCLD     examples/management/flush
  CCLD     examples/gpio/gpio_config
  CCLD     examples/gpio/gpio_read
  CCLD     examples/gpio/gpio_set
  CCLD     examples/seal/seal
  CCLD     examples/seal/unseal
  CCLD     examples/attestation/make_credential
  CCLD     tests/unit.test
  CCLD     examples/attestation/activate_credential
make -j13  tests/unit.test 
make[2]: Entering directory '/home/honma/git/wolfTPM'
make[2]: warning: -j13 forced in submake: resetting jobserver mode.
make[2]: Leaving directory '/home/honma/git/wolfTPM'
make -j13  check-TESTS
make[2]: Entering directory '/home/honma/git/wolfTPM'
make[2]: warning: -j13 forced in submake: resetting jobserver mode.
make[3]: Entering directory '/home/honma/git/wolfTPM'
make[3]: warning: -j13 forced in submake: resetting jobserver mode.
PASS: tests/unit.test
============================================================================
Testsuite summary for wolftpm 2.2.0
============================================================================
# TOTAL: 1
# PASS:  1
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
make[3]: Leaving directory '/home/honma/git/wolfTPM'
make[2]: Leaving directory '/home/honma/git/wolfTPM'
make[1]: Leaving directory '/home/honma/git/wolfTPM'
-e 

Testing no TLS config too...


checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether UID '1000' is supported by ustar format... yes
checking whether GID '1000' is supported by ustar format... yes
checking how to create a ustar tar archive... gnutar
checking how to print strings... printf
checking whether make supports the include directive... yes (GNU style)
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking whether the -Werror option is usable... yes
checking for simple visibility declarations... yes
checking whether make supports nested variables... (cached) yes
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking for ANSI C header files... (cached) yes
checking size of long long... 8
checking size of long... 8
checking for gethostbyname... yes
checking for getaddrinfo... yes
checking for gettimeofday... yes
checking for inet_ntoa... yes
checking for memset... yes
checking for socket... yes
checking for socket in -lnetwork... no
checking for debug... no
checking whether gcc is Clang... no
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking whether more special flags are required for pthreads... no
checking for PTHREAD_PRIO_INHERIT... yes
checking for wolfSSL/wolfCrypt
... configure: prefix NONE
checking for ld used by GCC... /usr/bin/ld -m elf_x86_64
checking if the linker (/usr/bin/ld -m elf_x86_64) is GNU ld... yes
checking for shared library run path origin... done
checking for libwolfssl... yes
checking how to link with libwolfssl... -lwolfssl
checking for wolfCrypt_Cleanup... yes
configure: wolfCrypt path: /usr/local
checking for vcs system... git
checking for vcs checkout... yes
checking whether the linker accepts -Werror... yes
checking whether the linker accepts -z relro -z now... yes
checking whether the linker accepts -pie... yes
checking whether C compiler accepts -Werror... yes
checking whether C compiler accepts -Wno-pragmas... yes
checking whether C compiler accepts -Wall... yes
checking whether C compiler accepts -Wno-strict-aliasing... yes
checking whether C compiler accepts -Wextra... yes
checking whether C compiler accepts -Wunknown-pragmas... yes
checking whether C compiler accepts -Wthis-test-should-fail... no
checking whether C compiler accepts --param=ssp-buffer-size=1... yes
checking whether C compiler accepts -Waddress... yes
checking whether C compiler accepts -Warray-bounds... yes
checking whether C compiler accepts -Wbad-function-cast... yes
checking whether C compiler accepts -Wchar-subscripts... yes
checking whether C compiler accepts -Wcomment... yes
checking whether C compiler accepts -Wfloat-equal... yes
checking whether C compiler accepts -Wformat-security... yes
checking whether C compiler accepts -Wformat=2... yes
checking whether C compiler accepts -Wmaybe-uninitialized... yes
checking whether C compiler accepts -Wmissing-field-initializers... yes
checking whether C compiler accepts -Wmissing-noreturn... yes
checking whether C compiler accepts -Wmissing-prototypes... yes
checking whether C compiler accepts -Wnested-externs... yes
checking whether C compiler accepts -Wnormalized=id... yes
checking whether C compiler accepts -Woverride-init... yes
checking whether C compiler accepts -Wpointer-arith... yes
checking whether C compiler accepts -Wpointer-sign... yes
checking whether C compiler accepts -Wredundant-decls... yes
checking whether C compiler accepts -Wshadow... yes
checking whether C compiler accepts -Wshorten-64-to-32... no
checking whether C compiler accepts -Wsign-compare... yes
checking whether C compiler accepts -Wstrict-overflow=1... yes
checking whether C compiler accepts -Wstrict-prototypes... no
checking whether C compiler accepts -Wswitch-enum... yes
checking whether C compiler accepts -Wundef... yes
checking whether C compiler accepts -Wunused... yes
checking whether C compiler accepts -Wunused-result... yes
checking whether C compiler accepts -Wunused-variable... yes
checking whether C compiler accepts -Wwrite-strings... yes
checking whether C compiler accepts -fwrapv... yes
creating wolftpm-config - generic 2.2.0 for -lwolftpm -lwolfssl
checking the number of available CPUs... 12
configure: adding automake macro support
configure: creating aminclude.am
configure: added jobserver support to make for 13 jobs
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating wolftpm/version.h
config.status: creating wolftpm/options.h
config.status: creating src/config.h
config.status: executing depfiles commands
config.status: executing libtool commands
---
Running make clean...

---
Generating user options header...
option w/o begin -D is -Werror, not saving to wolftpm/options.h
option w/o begin -D is -Wno-pragmas, not saving to wolftpm/options.h
option w/o begin -D is -Wall, not saving to wolftpm/options.h
option w/o begin -D is -Wno-strict-aliasing, not saving to wolftpm/options.h
option w/o begin -D is -Wextra, not saving to wolftpm/options.h
option w/o begin -D is -Wunknown-pragmas, not saving to wolftpm/options.h
option w/o begin -D is --param=ssp-buffer-size=1, not saving to wolftpm/options.h
option w/o begin -D is -Waddress, not saving to wolftpm/options.h
option w/o begin -D is -Warray-bounds, not saving to wolftpm/options.h
option w/o begin -D is -Wbad-function-cast, not saving to wolftpm/options.h
option w/o begin -D is -Wchar-subscripts, not saving to wolftpm/options.h
option w/o begin -D is -Wcomment, not saving to wolftpm/options.h
option w/o begin -D is -Wfloat-equal, not saving to wolftpm/options.h
option w/o begin -D is -Wformat-security, not saving to wolftpm/options.h
option w/o begin -D is -Wformat=2, not saving to wolftpm/options.h
option w/o begin -D is -Wmaybe-uninitialized, not saving to wolftpm/options.h
option w/o begin -D is -Wmissing-field-initializers, not saving to wolftpm/options.h
option w/o begin -D is -Wmissing-noreturn, not saving to wolftpm/options.h
option w/o begin -D is -Wmissing-prototypes, not saving to wolftpm/options.h
option w/o begin -D is -Wnested-externs, not saving to wolftpm/options.h
option w/o begin -D is -Wnormalized=id, not saving to wolftpm/options.h
option w/o begin -D is -Woverride-init, not saving to wolftpm/options.h
option w/o begin -D is -Wpointer-arith, not saving to wolftpm/options.h
option w/o begin -D is -Wpointer-sign, not saving to wolftpm/options.h
option w/o begin -D is -Wredundant-decls, not saving to wolftpm/options.h
option w/o begin -D is -Wshadow, not saving to wolftpm/options.h
option w/o begin -D is -Wsign-compare, not saving to wolftpm/options.h
option w/o begin -D is -Wstrict-overflow=1, not saving to wolftpm/options.h
option w/o begin -D is -Wswitch-enum, not saving to wolftpm/options.h
option w/o begin -D is -Wundef, not saving to wolftpm/options.h
option w/o begin -D is -Wunused, not saving to wolftpm/options.h
option w/o begin -D is -Wunused-result, not saving to wolftpm/options.h
option w/o begin -D is -Wunused-variable, not saving to wolftpm/options.h
option w/o begin -D is -Wwrite-strings, not saving to wolftpm/options.h
option w/o begin -D is -fwrapv, not saving to wolftpm/options.h
option w/o begin -D is -fvisibility=hidden, not saving to wolftpm/options.h
option w/o begin -D is -I/usr/local/include, not saving to wolftpm/options.h
option w/o begin -D is -O2, not saving to wolftpm/options.h
not outputting (N)DEBUG to wolftpm/options.h
option w/o begin -D is -pthread, not saving to wolftpm/options.h

---
Configuration summary for wolftpm version 2.2.0

   * Installation prefix:       /usr/local
   * System type:               pc-linux-gnu
   * Host CPU:                  x86_64
   * C Compiler:                gcc
   * C Flags:                    -Werror -Wno-pragmas -Wall -Wno-strict-aliasing -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -Wfloat-equal -Wformat-security -Wformat=2 -Wmaybe-uninitialized -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wnormalized=id -Woverride-init -Wpointer-arith -Wpointer-sign -Wredundant-decls -Wshadow -Wsign-compare -Wstrict-overflow=1 -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv
   * CPP Flags:                  -fvisibility=hidden -I/usr/local/include
   * Linker Flags:               -L/usr/local/lib
   * LIB Flags:                  -pie -z relro -z now -Werror 
   * Wrappers:                  yes
   * Examples:                  yes
   * wolfCrypt:                 yes
   * Advanced IO:               no
   * I2C:                       no
   * Linux kernel TPM device:   no
   * SWTPM:                     no
   * WINAPI:                    no
   * TIS/SPI Check Wait State:  yes
   * Infineon SLB9670           no
   * STM ST33:                  no
   * Microchip ATTPM20:         no
   * Nuvoton NPCT75x:           no
   * Runtime Module Detection:  yes
make -j13  check-am
make[1]: warning: -j13 forced in submake: resetting jobserver mode.
make[1]: Entering directory '/home/honma/git/wolfTPM'
  CC       examples/keygen/keyload.o
  CC       src/libwolftpm_la-tpm2.lo
  CC       examples/tpm_test_keys.o
  CC       examples/tpm_io.o
  CC       src/libwolftpm_la-tpm2_tis.lo
  CC       src/libwolftpm_la-tpm2_packet.lo
  CC       src/libwolftpm_la-tpm2_wrap.lo
  CC       examples/keygen/keygen.o
  CC       src/libwolftpm_la-tpm2_param_enc.lo
  CC       examples/nvram/store.o
  CC       examples/keygen/keyimport.o
  CC       examples/nvram/read.o
  CC       examples/native/native_test.o
  CC       examples/wrap/wrap_test.o
  CC       examples/bench/bench.o
  CC       examples/tls/tls_client.o
  CC       examples/tls/tls_client_notpm.o
  CC       examples/tls/tls_server.o
  CC       examples/csr/csr.o
  CC       examples/pkcs7/pkcs7.o
  CC       examples/timestamp/signed_timestamp.o
  CC       examples/timestamp/clock_set.o
  CC       examples/pcr/quote.o
  CC       examples/pcr/read.o
  CC       examples/pcr/extend.o
  CC       examples/pcr/reset.o
  CC       examples/management/flush.o
  CC       examples/gpio/gpio_config.o
  CC       examples/gpio/gpio_read.o
  CC       examples/gpio/gpio_set.o
  CC       examples/seal/seal.o
  CC       examples/seal/unseal.o
  CC       examples/attestation/make_credential.o
  CC       examples/attestation/activate_credential.o
  CC       tests/unit_test-unit_tests.o
  CC       examples/tests_unit_test-tpm_io.o
  CCLD     src/libwolftpm.la
  CCLD     examples/keygen/keygen
  CCLD     examples/keygen/keyimport
  CCLD     examples/nvram/store
  CCLD     examples/nvram/read
  CCLD     examples/keygen/keyload
  CCLD     examples/wrap/wrap_test
  CCLD     examples/native/native_test
  CCLD     examples/bench/bench
  CCLD     examples/tls/tls_client_notpm
  CCLD     examples/tls/tls_server
  CCLD     examples/tls/tls_client
  CCLD     examples/pkcs7/pkcs7
  CCLD     examples/csr/csr
  CCLD     examples/timestamp/signed_timestamp
  CCLD     examples/timestamp/clock_set
  CCLD     examples/pcr/quote
  CCLD     examples/pcr/read
  CCLD     examples/pcr/extend
  CCLD     examples/management/flush
  CCLD     examples/pcr/reset
  CCLD     examples/gpio/gpio_config
  CCLD     examples/gpio/gpio_read
  CCLD     examples/gpio/gpio_set
  CCLD     examples/seal/seal
  CCLD     examples/seal/unseal
  CCLD     examples/attestation/make_credential
  CCLD     examples/attestation/activate_credential
  CCLD     tests/unit.test
make -j13  tests/unit.test 
make[2]: Entering directory '/home/honma/git/wolfTPM'
make[2]: warning: -j13 forced in submake: resetting jobserver mode.
make[2]: Leaving directory '/home/honma/git/wolfTPM'
make -j13  check-TESTS
make[2]: Entering directory '/home/honma/git/wolfTPM'
make[2]: warning: -j13 forced in submake: resetting jobserver mode.
make[3]: Entering directory '/home/honma/git/wolfTPM'
make[3]: warning: -j13 forced in submake: resetting jobserver mode.
./build-aux/test-driver: line 107: 186533 Aborted                 (core dumped) "$@" > $log_file 2>&1
FAIL: tests/unit.test
============================================================================
Testsuite summary for wolftpm 2.2.0
============================================================================
# TOTAL: 1
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0
============================================================================
See ./test-suite.log
Please report to https://github.com/wolfssl/wolfTPM/issues
============================================================================
make[3]: *** [Makefile:2190: test-suite.log] Error 1
make[3]: Leaving directory '/home/honma/git/wolfTPM'
make[2]: *** [Makefile:2298: check-TESTS] Error 2
make[2]: Leaving directory '/home/honma/git/wolfTPM'
make[1]: *** [Makefile:2498: check-am] Error 2
make[1]: Leaving directory '/home/honma/git/wolfTPM'
make: *** [Makefile:2500: check] Error 2
-e 

Test './configure' make test failed 


Popping any stashed modified files not part of commit


Restoring current config


Oops, your commit failed

swtpm is running with this command.

$ swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init

SLB9670 I/O Not Working for General Purpose MCU?

Hi, could you please include more cues on how to get the SLB9670 working with SPI on a general-purpose MCU with wolfTPM? I have tried to implement a SLB9670 VQ2.0 with my MCU via SPI. I cannot reveal the MCU used (school rules, sorry). I understand that this problem seems platform-specific, but I believe it has significance with respect to the wolfTPM library GitHub repo as your documentation suggests that you support the SLB9670: So, I'm just wondering if there are any specific ways I should setup my IoCb specifically for SLB9670 use and if there is a best example of how to do this. Attached are the output of the logic analyzer for the MISO, MOSI, and reset lines:

SPI Config:
1MHz
Hardware-controlled Chip Select (CS)
CPOL = 0, CPHA = 0, most-significant bit first

/* IO Callback */
static int TPM2_IoCb(TPM2_CTX* ctx, const BYTE* txBuf, BYTE* rxBuf, UINT16 xferSz,
    void* userCtx)
{
    int ret = TPM_RC_FAILURE;
    unsigned long i;
    int64_t timeout = 250;
    uint8_t spi_ret;   
    taskENTER_CRITICAL();
    tpm_spi_send_recv(txBuf, rxBuf, xferSz, &spi_ret);
    taskEXIT_CRITICAL();
    ret = TPM_RC_SUCCESS;
        
    printf("TPM2_IoCb: Ret %d, Sz %d\n", ret, xferSz);
    TPM2_PrintBin(txBuf, xferSz);
    TPM2_PrintBin(rxBuf, xferSz);
    
    return ret;
}

The SPI seems to just repeat this same sequence:
MOSI: 0x80, 0xD4, 0x00, 0x18
MISO: 0x00, 0x00, 0x00, 0x01
and it is never able to go beyond TPM2_TIS_WaitForStatus() in tpm2_tis.c when calling TPM2_SendCommand() which is within TPM2_Startup() which is in the wolfTPM2_Init().

Stuck in TPM2_Startup(&startupIn) function

hardware environment: STM32F4297 + TPM module
issues: before sending a TPM2_Startup cmd to TPM, there is a function named TPM2_TIS_WaitForStatus(ctx,TPM_STS_COMMAND_READY,TPM_STS_COMMAND_READY) to check the TPM chip whether ready to receive this command or not, but the status returned in TPM_RC_Status() is always 0x00 but not 0x40(TPM_STS_COMMAND_READY), so the procedure is stuck in TPM2_TIS_WaitForStatus() function.
The command&response stream in SPI channel captured with logic analyzer tool is as bellow:

80D40000
<<00000001A0
80D40000
<<00000001A0
83D40014
<<0000000197060030
83D40F00
<<00000001D1151D00
80D40F04
<<0000000126
80D40018
<<0000000100
00D4001840
<<00000001C0
80D40018
<<0000000100
80D40018
<<0000000100
80D40018
<<0000000100
...
Can you help me find out what's wrong？

Building in MSYS2: undefined reference to `__imp_wolfSSL.._

I followed the instructions to build wolfSSL and wolfTPM as described in the manual:

export PREFIX=$PWD/tmp_install
cd wolfssl
./autogen.sh
./configure --prefix="$PREFIX" --enable-wolftpm
make

After calling make I am getting undefined references. Any ideas? Thanks for a feedback.

root1@.... UCRT64 ~/wolfssl
$ make
make -j7 all-recursive
make[1]: Entering directory '/home/root1/wolfssl'
make[2]: Entering directory '/home/root1/wolfssl'
make[2]: warning: -j7 forced in submake: resetting jobserver mode.
CC wolfcrypt/benchmark/benchmark.o
CC wolfcrypt/src/src_libwolfssl_la-hmac.lo
CC wolfcrypt/src/src_libwolfssl_la-hash.lo
CC wolfcrypt/src/src_libwolfssl_la-cpuid.lo
..
..
CC tests/unit_test-w64wrapper.o
CC tests/unit_test-srp.o
CC tests/unit_test-quic.o
CC examples/client/tests_unit_test-client.o
CC examples/server/tests_unit_test-server.o
CCLD src/libwolfssl.la

*** Warning: linker path does not have real file for library -lws2_32.
*** I have the capability to make that library automatically link in when
*** you link to this library. But I can only do this if you have a
*** shared version of the library, which you do not appear to have
*** because I did check the linker path looking for a file starting
*** with libws2_32 but no candidates were found. (...for file magic test)

*** Warning: linker path does not have real file for library -lcrypt32.
*** I have the capability to make that library automatically link in when
*** you link to this library. But I can only do this if you have a
*** shared version of the library, which you do not appear to have
*** because I did check the linker path looking for a file starting
*** with libcrypt32 but no candidates were found. (...for file magic test)
*** The inter-library dependencies that have been dropped here will be
*** automatically added whenever a program is linked with this library
*** or is declared to -dlopen it.

*** Since this library must not contain undefined symbols,
*** because either the platform does not support them or
*** it was explicitly requested with -no-undefined,
*** libtool will only create a static version of it.
CCLD wolfcrypt/benchmark/benchmark.exe
CCLD wolfcrypt/test/testwolfcrypt.exe
CCLD examples/benchmark/tls_bench.exe
CCLD examples/echoclient/echoclient.exe
CCLD examples/client/client.exe
CCLD examples/echoserver/echoserver.exe
CCLD examples/server/server.exe
/usr/lib/gcc/x86_64-pc-msys/11.3.0/../../../../x86_64-pc-msys/bin/ld: wolfcrypt/test/test.o:test.c:(.text+0xf9): undefined reference to __imp_wc_GetErrorString' /usr/lib/gcc/x86_64-pc-msys/11.3.0/../../../../x86_64-pc-msys/bin/ld: wolfcrypt/test/test.o:test.c:(.text+0x285): undefined reference to __imp_wc_InitSha3_224'
/usr/lib/gcc/x86_64-pc-msys/11.3.0/../../../../x86_64-pc-msys/bin/ld: wolfcrypt/test/test.o:test.c:(.text+0x296): undefined reference to __imp_wc_Sha3_224_Update' /usr/lib/gcc/x86_64-pc-msys/11.3.0/../../../../x86_64-pc-msys/bin/ld: wolfcrypt/test/test.o:test.c:(.text+0x29d): undefined reference to __imp_wc_Sha3_224_GetHash'
....

Software-only implementations of TPM2_Duplicate() and TPM2_MakeCredential()

One can point to a software TPM to implement these, naturally, but then one really needs to start, set up and tear down connections to the software TPM, and stop the software TPM, then set up a connection to an actual dTPM/fTPM. A software implementation of TPM2_Duplicate() and TPM2_MakeCredential() would avoid all that.

We use software TPM2_Duplicate() and TPM2_MakeCredential() in Safeboot, for example.

Another thing that would be useful to have in software is a function to construct the cryptographic name of a public key object given its raw public key (e.g., in a PEM file or a PEM string) and its attributes and policy digest and so on. After all, a software TPM2_MakeCredential() needs the cryptographic name of the activation object!

TPM_ST_SESSIONS does not imply parameter encryption

While working on #93 I found that the TPM_SendCommandAuth() makes a check on whether the TPM_ST_SESSION tag is set or not. If set the function assumes parameter encryption is needed. And treats all commands with TPM_ST_SESSION as if they always must have encrypted parameters before sending.

However, parameter encryption depends on the existing(current) Authorization Sessions. Later, based on TPMA_SESSION sessionAttributes the TPM and the Stack determine if parameter encryption took place (for the command or the response).

According to the spec:

TPM_ST_SESSIONS 0x8002 tag value for a command/response for a command
defined in this specification; indicating that the
command/response has one or more attached
sessions and the authorizationSize/parameterSize
field is present

Also, everywhere "parameter encryption" is mentioned for a command it is specified as optional like this

The dataparameter in the response may be encrypted using parameter encryption.

I think TPM_SendCommandAuth should examine the Authorization Session before assuming parameter encryption. Currently, I am not sure there is an impact, but trying to solve the Authorization Session for GetTime I spotted this issue. We may want to remove partial parameter encryption code before it is fully implemented.

Overall, the authorization problem is one that the TPM Stack is meant to relieve from the User, so it is the right place to tackle. It is a complex topic and we could expect more issues around authorization. I have been reading the spec for the past hours and gets pretty confusion with all the terminology.

Add more examples: TPM2_ActivateCredential()

Add TPM 2.0 Parameter Encryption support

XOR then AES CFB
@tomoveu

Add TPM 2.0 example for seal and unseal (using PCR)

TODO: Add example for sealing / unsealing data with TPM based on PCR value.

I2C driver for Nuvoton NPCT75x TPM2.0 module

Hi,
Can I use the Nuvoton NPCT75x TPM2.0 module with I2c interface? Where can I get the I2C driver software if it can be used? I wrote to ask Nuvoton, but Nuvoton said that they do not have a driver of 75x for LINUX yet.

Add a TPM signature verifier example

This is a good first issue for someone who wants to get into OSS/TPM development.

We need a simple example to show TPM signature verification.

We already have examples for TPM2_Quote and TPM2_GetTime that can be used to generate signed TPM blob(data).

Details:

Both TPM2_Quote and TPM2_GetTime produce similar output using TPM2B_ATTEST and TPMT_SIGNATURE structures.
The TPMT_SIGNATURE holds the TPM generated signature over the data in TPM2B_ATTEST.

Error handling in C# wrapper

The wolftpm.cs bridges the native calls and transparently returns the error codes. This forces the high level code must research the different error returns. This can be hard to use or abuse.

I recommend raise C# Exceptions such as WolfTpmException("message", error_code) when the return code indicates error.
So the following code:

[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetRandom")]
        private static extern int wolfTPM2_GetRandom(IntPtr dev,
                                                     byte[] buf,
                                                     int len);
        public int GetRandom(byte[] buf)
        {
            return wolfTPM2_GetRandom(device, buf, buf.Length);
        }

should better be implemented as

[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetRandom")]
        private static extern int wolfTPM2_GetRandom(IntPtr dev,
                                                     byte[] buf,
                                                     int len);
        public void GetRandom(byte[] buf)
        {
            int ret = wolfTPM2_GetRandom(device, buf, buf.Length);
            if ( ret != TPM_RC_SUCCESS)
            {
                 throw new wolfTpm2Exception("wolfTPM2_GetRandom failed", ret);
            }
        }

With this modification, the high level code will not need to get into the details of understanding the error codes from native side.

Can't clear TPM chip

Hello,

I would like to ask a question about clearing the SLB9670 TPM chip.
After updating wolfTPM to v2.2.0, I had changed the handle authorization password and then I wanted to reset the chip using wolfTPM2_Clear. However the clear fails with:

TPM2_Clear failed 2337: TPM_RC_EXCLUSIVE: Command failed because audit sequence required exclusivity

Unfortunately, I didn't found any information about this error.

Can you please help, what commands can I use to fix the reset?

Tell us more!

What's up with this repo? I am super curious :D

Quote example (PCR attestation)

Now that we have a signed timestamp example, we also need to have and a TPM2.0 Quote example using wolfTPM, my structure currently looks like this

./examples/pcr

quote (attestation of PCR values / signing PCRs in a TPM2.0 Quote)
extend* (have a generic wolfTPM tool to extend PCRs with arbitrary values, so the quotes can differ)
verify_quote*

I think I can have this ready by EoW and I will try to push something before the weekend for review.

@dgarske are you OK with one folder for more than one example, as long as they are on the same tech topic(PCR)?

ps: initially, I named the folder attestation, but then people may confuse with the timestamp folder which is also form of attestation, although by TCG spec attestation is signing PCRs and GetTime is just another Attestation operation AFAIK.

ps2: Please mark this issue as enhancement (Github label), thanks :)

future work, focus now is on the quote

Fix the maximum clock speed for SLB9672

Thanks @PaulKissinger for this report.

SPI CLK Max is for the SLB9672 FW 15/16 is only 33MHz

Datasheet reference table 14:
Datasheet: SLB9672 FW15
Datasheet: SLB9672 FW16

Build errors

With default build options from install section, Ubuntu reports the following error:

  CC       examples/tests_unit_test-tpm_io.o
In file included from /usr/include/stdio.h:867,
                 from /usr/local/include/wolfssl/wolfcrypt/wc_port.h:572,
                 from /usr/local/include/wolfssl/wolfcrypt/types.h:35,
                 from ./wolftpm/tpm2_types.h:85,
                 from ./wolftpm/tpm2.h:25,
                 from ./wolftpm/tpm2_wrap.h:25,
                 from examples/keygen/create_primary.c:24:
In function ‘printf’,
    inlined from ‘TPM2_CreatePrimaryKey_Example.part.0’ at examples/keygen/create_primary.c:137:5:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:107:10: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
  107 |   return __printf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ());
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘printf’,
    inlined from ‘TPM2_CreatePrimaryKey_Example.part.0’ at examples/keygen/create_primary.c:138:5:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:107:10: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
  107 |   return __printf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ());
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

TPM2_GetTag does not return TPM_ST_SESSIONS when required

While working on #110 I came across the "TPM2_GetTag" helper function. It is used for about 20 TPM2 commands that can be executed with or without Authorization Session. "TPM2_GetTag" checks for an indication whether the Authorization Area is present. This would then reqiure the TPM_ST_SESSIONS tag. Otherwise, we will get the TPM_ST_NO_SESSIONS tag.

The issue here is that "TPM2_GetTag" will not return TPM_ST_SESSIONS, even when the TPM context(user) has set it. Because there are extra checks for parameter encryption attributes that are not actually needed for Authorization Session check.

"TPM2_GetTag" is always used like this:

  st = TPM2_GetTag(ctx);
        if (st == TPM_ST_SESSIONS) {
            TPM2_Packet_AppendAuth(&packet, ctx->authCmd, 1);
        }

This is the helper in its current form "TPM2_GetTag"

static TPM_ST TPM2_GetTag(TPM2_CTX* ctx)
{
    TPM_ST st = TPM_ST_NO_SESSIONS;
    if (ctx && ctx->authCmd &&
        (ctx->authCmd->sessionAttributes &
            (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt))) {
        st = TPM_ST_SESSIONS;
    }
    return st;
}

The fix is straightforward, making the if rule "if (ctx && ctx->authCmd)". However, when the proper check is made, the native tests break. Therefore, I do not submit a patch with this fix. Right now, this bug makes no user impact, because none of the 20 TPM2 commands has been used with Auth Session in our examples and AFAIK no user has reported the issue. So, we are catching this on time.

@dgarske After #110 is done, I would like to fix this. Currently, I think we can put it as low to medium priority. Just marking it as found :)

Response to TCG TPM2.0 Errata ID: TCGVRT0007 and CVE-2023-1017 and CVE-2023-1018

Hello WolfSSL TPM Crew,

Can you please consider a response to these two vulnerabilities disclosed by @CERTCC https://kb.cert.org/vuls/id/782720

We have tried to reach your PSIRT but so far not been able to get a response. Your response is appreciated. @JacobBarthelmeh is the only contact we have reached out to.

Thanks

https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf

keygen -rsa -eh failed with TPM_RC_BAD_AUTH

I try to test wolftpm with ftpm (ms-tpm-20-ref)， while keygen - rsa it works fine, but add parameter-eh, as keygen - rsa -eh , get erros Failure 0x9a2: TPM_RC_BAD_AUTH: Authorization failure without DA implications:

TPM2.0 Key generation example
	Key Blob: keyblob.bin
	Algorithm: RSA
	Template: AIK
	Use Parameter Encryption: NULL
TPM2: Caps 0x00000000, Did 0x0000, Vid 0x0000, Rid 0x 0 
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x00
hmacSize=0 hmacBuffer:
Found 1 auth sessions
CommandProcess: Handles (Auth 1, In 1), CmdSz 355, AuthSz 9, ParamSz 328, EncSz 4
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x01
hmacSize=0 hmacBuffer:
D/TA:  TPM2_LINUX_SendCommand:106 TPM2_LINUX_SendCommand with pos 355, size 4096
D/TC:? 0 tee_ta_init_pseudo_ta_session:299 Lookup pseudo TA bc50d971-d4c9-42c4-82cb-343fb7f37896
D/TC:? 0 ldelf_load_ldelf:91 ldelf load address 0x40006000
D/LD:  ldelf:134 Loading TA bc50d971-d4c9-42c4-82cb-343fb7f37896
D/TC:? 0 ldelf_syscall_open_bin:140 Lookup user TA ELF bc50d971-d4c9-42c4-82cb-343fb7f37896 (Secure Storage TA)
D/TC:? 0 ldelf_syscall_open_bin:144 res=0xffff0008
D/TC:? 0 ldelf_syscall_open_bin:140 Lookup user TA ELF bc50d971-d4c9-42c4-82cb-343fb7f37896 (REE)
D/TC:? 0 ldelf_syscall_open_bin:144 res=0
D/LD:  ldelf:168 ELF (bc50d971-d4c9-42c4-82cb-343fb7f37896) at 0x4006d000
D/TA:  TA_CreateEntryPoint:129 Entry Point
D/TA:  _plat__NVEnable:377 _plat__NVEnable()
D/TA:  _plat__NvInitFromStorage:132 _plat__NvInitFromStorage()
I/TA: Created fTPM storage object, i: 0x0, s: 0x200, id: 0x54504d00, h:0x240cf0
I/TA: Created fTPM storage object, i: 0x1, s: 0x200, id: 0x54504d01, h:0x2408c0
I/TA: Created fTPM storage object, i: 0x2, s: 0x200, id: 0x54504d02, h:0x240660
I/TA: Created fTPM storage object, i: 0x3, s: 0x200, id: 0x54504d03, h:0x240400
I/TA: Created fTPM storage object, i: 0x4, s: 0x200, id: 0x54504d04, h:0x2401a0
I/TA: Created fTPM storage object, i: 0x5, s: 0x200, id: 0x54504d05, h:0x23ff40
I/TA: Created fTPM storage object, i: 0x6, s: 0x200, id: 0x54504d06, h:0x23fce0
I/TA: Created fTPM storage object, i: 0x7, s: 0x200, id: 0x54504d07, h:0x23fa80
I/TA: Created fTPM storage object, i: 0x8, s: 0x200, id: 0x54504d08, h:0x23f820
I/TA: Created fTPM storage object, i: 0x9, s: 0x200, id: 0x54504d09, h:0x23f5c0
I/TA: Created fTPM storage object, i: 0xa, s: 0x200, id: 0x54504d0a, h:0x23f360
I/TA: Created fTPM storage object, i: 0xb, s: 0x200, id: 0x54504d0b, h:0x23f100
I/TA: Created fTPM storage object, i: 0xc, s: 0x200, id: 0x54504d0c, h:0x23eea0
I/TA: Created fTPM storage object, i: 0xd, s: 0x200, id: 0x54504d0d, h:0x23ec40
I/TA: Created fTPM storage object, i: 0xe, s: 0x200, id: 0x54504d0e, h:0x23e9e0
I/TA: Created fTPM storage object, i: 0xf, s: 0x200, id: 0x54504d0f, h:0x23e780
I/TA: Created fTPM storage object, i: 0x10, s: 0x200, id: 0x54504d10, h:0x23e520
I/TA: Created fTPM storage object, i: 0x11, s: 0x200, id: 0x54504d11, h:0x23e2c0
I/TA: Created fTPM storage object, i: 0x12, s: 0x200, id: 0x54504d12, h:0x23e060
I/TA: Created fTPM storage object, i: 0x13, s: 0x200, id: 0x54504d13, h:0x23de00
I/TA: Created fTPM storage object, i: 0x14, s: 0x200, id: 0x54504d14, h:0x23dba0
I/TA: Created fTPM storage object, i: 0x15, s: 0x200, id: 0x54504d15, h:0x23d940
I/TA: Created fTPM storage object, i: 0x16, s: 0x200, id: 0x54504d16, h:0x23d6e0
I/TA: Created fTPM storage object, i: 0x17, s: 0x200, id: 0x54504d17, h:0x23d480
I/TA: Created fTPM storage object, i: 0x18, s: 0x200, id: 0x54504d18, h:0x23d220
I/TA: Created fTPM storage object, i: 0x19, s: 0x200, id: 0x54504d19, h:0x23cfc0
I/TA: Created fTPM storage object, i: 0x1a, s: 0x200, id: 0x54504d1a, h:0x23cd60
I/TA: Created fTPM storage object, i: 0x1b, s: 0x200, id: 0x54504d1b, h:0x23cb00
I/TA: Created fTPM storage object, i: 0x1c, s: 0x200, id: 0x54504d1c, h:0x23c8a0
I/TA: Created fTPM storage object, i: 0x1d, s: 0x200, id: 0x54504d1d, h:0x23c640
I/TA: Created fTPM storage object, i: 0x1e, s: 0x200, id: 0x54504d1e, h:0x23c3e0
I/TA: Created fTPM storage object, i: 0x1f, s: 0x200, id: 0x54504d1f, h:0x23c180
I/TA: Created fTPM storage object, i: 0x20, s: 0x200, id: 0x54504d20, h:0x23bf20
D/TA:  TA_CreateEntryPoint:151 NVEnable Complete
D/TA:  TA_CreateEntryPoint:158 TPM_Manufacture
D/TA:  _plat__NvWriteBack:288 bMap: 0xffffffff
D/TA:  _plat__NVEnable:377 _plat__NVEnable()
D/TA:  TA_CreateEntryPoint:170 Init Complete
D/TA:  TA_CreateEntryPoint:193 No TPM state present
D/TA:  _plat__NvWriteBack:288 bMap: 0x6
D/TC:? 0 tee_ta_init_pseudo_ta_session:299 Lookup pseudo TA 3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc
D/TC:? 0 tee_ta_init_pseudo_ta_session:312 Open system.pta
D/TC:? 0 tee_ta_init_pseudo_ta_session:329 system.pta : 3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc
D/TA:  fTPM_Submit_Command:342 Success, RS: 0x21a
D/TC:? 0 tee_ta_close_session:512 csess 0x37507370 id 1
D/TC:? 0 tee_ta_close_session:531 Destroy session
ResponseProcess: Handles (Out 1), RespSz 538, ParamSz 515, DecSz 314, AuthSz 5
TPM2_CreatePrimary: 0x80000000 (314 bytes)
TPM2_GetNonce (32 bytes)
D/TA:  TPM2_LINUX_SendCommand:106 TPM2_LINUX_SendCommand with pos 59, size 4096
D/TC:? 0 tee_ta_init_session_with_context:607 Re-open TA bc50d971-d4c9-42c4-82cb-343fb7f37896
D/TA:  _plat__NvWriteBack:288 bMap: 0x100
D/TA:  fTPM_Submit_Command:342 Success, RS: 0x30
D/TC:? 0 tee_ta_close_session:512 csess 0x374fbad0 id 3
D/TC:? 0 tee_ta_close_session:531 Destroy session
Session Key 0
TPM2_StartAuthSession: handle 0x3000000, algorithm NULL
TPM2_StartAuthSession: sessionHandle 0x3000000
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x00
hmacSize=0 hmacBuffer:
Found 1 auth sessions
CommandProcess: Handles (Auth 1, In 2), CmdSz 41, AuthSz 9, ParamSz 10, EncSz 0
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x01
hmacSize=0 hmacBuffer:
D/TA:  TPM2_LINUX_SendCommand:106 TPM2_LINUX_SendCommand with pos 41, size 4096
D/TC:? 0 tee_ta_init_session_with_context:607 Re-open TA bc50d971-d4c9-42c4-82cb-343fb7f37896
D/TA:  fTPM_Submit_Command:342 Success, RS: 0x1d
D/TC:? 0 tee_ta_close_session:512 csess 0x374fb390 id 3
D/TC:? 0 tee_ta_close_session:531 Destroy session
ResponseProcess: Handles (Out 0), RespSz 29, ParamSz 10, DecSz 0, AuthSz 5
policySecret applied on session
RSA AIK template
Creating new RSA key...
authCmd:
sessionHandle=0x03000000
nonceSize=32 nonceBuffer:
	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
sessionAttributes=0x00
hmacSize=0 hmacBuffer:
Found 1 auth sessions
CommandProcess: Handles (Auth 1, In 1), CmdSz 370, AuthSz 41, ParamSz 311, EncSz 21
TPM2_GetNonce (32 bytes)
Name 0: 0
cpHash: cmd 153, size 32
	7c 15 94 5f 4a 43 c1 a4 6f 8c 7b 0a 28 e7 24 29 | |.._JC..o.{.(.$)
	a3 d0 05 f1 a4 e8 ea 47 f0 ab 13 5c 22 95 4f 44 | .......G...\".OD
HMAC Key: 0
HMAC Auth: attrib 0, size 32
	85 d4 1a 14 43 d5 41 54 b7 0c 4b 40 56 7e 60 e6 | ....C.AT..K@V~`.
	9b b7 3b d6 2e 42 df 35 5d 46 5d b3 73 e3 d9 60 | ..;..B.5]F].s..`
authCmd:
sessionHandle=0x03000000
nonceSize=32 nonceBuffer:
	d3 36 d0 d5 ad 62 fb 39 57 db 06 81 81 28 0b f7 | .6...b.9W....(..
	a3 cd b6 73 d5 bd c5 76 18 4f 06 c5 59 4d a2 8e | ...s...v.O..YM..
sessionAttributes=0x00
hmacSize=32 hmacBuffer:
	85 d4 1a 14 43 d5 41 54 b7 0c 4b 40 56 7e 60 e6 | ....C.AT..K@V~`.
	9b b7 3b d6 2e 42 df 35 5d 46 5d b3 73 e3 d9 60 | ..;..B.5]F].s..`
D/TA:  TPM2_LINUX_SendCommand:106 TPM2_LINUX_SendCommand with pos 370, size 4096
D/TC:? 0 tee_ta_init_session_with_context:607 Re-open TA bc50d971-d4c9-42c4-82cb-343fb7f37896
D/TA:  fTPM_Submit_Command:342 Success, RS: 0xa
D/TC:? 0 tee_ta_close_session:512 csess 0x374fb390 id 3
D/TC:? 0 tee_ta_close_session:531 Destroy session
TPM2_Create key failed 2466: TPM_RC_BAD_AUTH: Authorization failure without DA implications
wolfTPM2_CreateKey failed

Failure 0x9a2: TPM_RC_BAD_AUTH: Authorization failure without DA implications

D/TA:  TPM2_LINUX_SendCommand:106 TPM2_LINUX_SendCommand with pos 14, size 4096
D/TC:? 0 tee_ta_init_session_with_context:607 Re-open TA bc50d971-d4c9-42c4-82cb-343fb7f37896
D/TA:  fTPM_Submit_Command:342 Success, RS: 0xa
D/TC:? 0 tee_ta_close_session:512 csess 0x374fb390 id 3
D/TC:? 0 tee_ta_close_session:531 Destroy session
TPM2_FlushContext: Closed handle 0x80000000
D/TA:  TPM2_LINUX_SendCommand:106 TPM2_LINUX_SendCommand with pos 12, size 4096
D/TC:? 0 tee_ta_init_session_with_context:607 Re-open TA bc50d971-d4c9-42c4-82cb-343fb7f37896
D/TA:  _plat__NvWriteBack:288 bMap: 0x306
D/TA:  fTPM_Submit_Command:342 Success, RS: 0xa
D/TC:? 0 tee_ta_close_session:512 csess 0x374fb390 id 3
D/TC:? 0 tee_ta_close_session:531 Destroy session
tpcm/basic/wolftpm/test_wolftpm.c:122::FAIL: Expected 0x00000000 Was 0x000009A2

Thanks!

enhacements for the signed_timestamp example

Talking with @dgarske about further improvements on the signed_timestamp example, I will summarize here, (1.) is the main focus, 2-5 are for the future.

Be able to persist the EK & SRK using a parameter to speed up the example

Check on launch without parameter, if persistent EK & SRK exists - evict and create new ones, do not persist

would be nice to have in general evict tool from wolfTPM

probably this should be another enhancement issue as it is not related only to the signed_timestamp example

Look into using makeCredential to link AIKs to CA

this also is probably separate enhancement issue

Save the generated signed timestamp?
would be nice to have in general tool from wolfTPM to verify the output produced in (4.) , i.e versifier of signed timestamp.

@dgarske please make sure to mark this issue with the enhancement label, i dont have the permissions to put labels

wolfssl / wolftpm Goto Github PK

wolftpm's Introduction

wolfTPM (TPM 2.0)

Project Features

TPM 2.0 Overview

Hierarchies

Platform Configuration Registers (PCRs)

Terminology

Platform

IO Callback (HAL)

Hardware

Device Identification

Building

Building wolfSSL

Build options and defines

Building Infineon

Building ST ST33

Building Microchip ATTPM20

Building Nuvoton

Building for "/dev/tpmX"

With QEMU and swtpm

Building for SWTPM

Building for Windows TBS API

Building using CMake

Running Examples

TPM2 Wrapper Tests

TPM2 Benchmarks

TPM2 Native Tests

TPM2 CSR Example

TPM2 PKCS 7 Example

TPM TLS Client Example

TPM TLS Server Example

Todo

Support

wolftpm's People

Contributors

Stargazers

Watchers

Forkers

wolftpm's Issues

Recommend Projects

Recommend Topics

Recommend Org