Merge pull request #385 from dgarske/rel_v3.6.0

wolfTPM Release v3.6.0

CMakeLists.txt

@@ -21,7 +21,7 @@
 
 cmake_minimum_required(VERSION 3.16)
 
-project(wolfTPM VERSION 3.4.0 LANGUAGES C)
+project(wolfTPM VERSION 3.6.0 LANGUAGES C)
 
 set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 set(WOLFTPM_DEFINITIONS)
@@ -288,12 +288,14 @@ endif()
 
 if (WOLFTPM_EXAMPLES)
     add_tpm_example(activate_credential attestation/activate_credential.c)
+    add_tpm_example(certify attestation/certify.c)
     add_tpm_example(make_credential attestation/make_credential.c)
     add_tpm_example(bench bench/bench.c)
+    add_tpm_example(secret_seal boot/secret_seal.c)
+    add_tpm_example(secret_unseal boot/secret_unseal.c)
+    add_tpm_example(secure_rot boot/secure_rot.c)
     add_tpm_example(csr csr/csr.c)
     add_tpm_example(get_ek_certs endorsement/get_ek_certs.c)
-    add_tpm_example(ifx_fw_extract firmware/ifx_fw_extract.c)
-    add_tpm_example(ifx_fw_update firmware/ifx_fw_update.c)
     add_tpm_example(gpio_config gpio/gpio_config.c)
     add_tpm_example(gpio_read gpio/gpio_read.c)
     add_tpm_example(gpio_set gpio/gpio_set.c)
@@ -309,6 +311,7 @@ if (WOLFTPM_EXAMPLES)
     add_tpm_example(read nvram/read.c)
     add_tpm_example(store nvram/store.c)
     add_tpm_example(extend pcr/extend.c)
+    add_tpm_example(policy pcr/policy.c)
     add_tpm_example(policy_sign pcr/policy_sign.c)
     add_tpm_example(quote pcr/quote.c)
     add_tpm_example(read_pcr pcr/read_pcr.c)
@@ -321,7 +324,9 @@ if (WOLFTPM_EXAMPLES)
     add_tpm_example(tls_client tls/tls_client.c)
     add_tpm_example(tls_client_notpm tls/tls_client_notpm.c)
     add_tpm_example(tls_server tls/tls_server.c)
+    add_tpm_example(caps wrap/caps.c)
     add_tpm_example(wrap_test wrap/wrap_test.c)
+    add_tpm_example(ifx_fw_update firmware/ifx_fw_update.c)
 endif()
 
 

ChangeLog.md

@@ -1,5 +1,41 @@
 # Release Notes
 
+## wolfTPM Release 3.6.0 (Nov 5, 2024)
+
+**Summary**
+
+Release includes minor bug fixes and new features such as TPM provisioning of IDevID/IAK, improved capabilities parsing, new TPM2_Certify example, new wolfTPM2_CreatePrimaryKey_ex API for creation ticket and tested support with Nations NS350 TPM.
+
+**Detail**
+
+* Fixed issue with `TPM2_SetupPCRSel` and added test cases. (PR #372)
+* Fixed `RC_WARN` error codes (broken in commit f983525f56c245a8bc998bb20f1f6a8cc7ec748f). (PR #378)
+* Fixed issue with RSA/ECC symmetric field (should only be populated with restricted/decrypt) (PR #375)
+* Fixed examples/keygen/keygen `-sym=` argument. (PR #372)
+* Fixed building wolfCrypt/wolfTPM without ECC or RSA and added tests. (PR #371)
+* Fixed file descriptor check for `/dev/tpm0` (PR #366)
+* Fixed STM32 GPIO SPI CS control to use pin number as bit offset, not direct value (PR #380)
+* Fixed issues building with no filesystem. (PR #374)
+* Added support for parsing all capabilities from (TPM2_GetCapability) (PR #383)
+* Added support for creation of IDevID or IAK with `examples/keygen/create_primary`. (PR #369)
+* Added support for Nations NS350. (PR #382)
+* Added example for `TPM2_Certify` (see examples/attestation/certify) (PR #369)
+* Added new `wolfTPM2_CreatePrimaryKey_ex` and `WOLFTPM2_PKEY` that supports returning creation ticket/hash. (PR #369)
+* Added key templates for initial device (IDevID) and attestation keys (IAK). (PR #369)
+* Added new build option for TPM provisioning (`--enable-provisioning` on by default). (PR #369)
+* Added simple capabilities example (`examples/wrap/caps`) (PR #382)
+* Added example to manual verify quote with ECC signature. (PR #379)
+* Added tests for policy seal/unseal with multiple PCR's. (PR #377)
+* Added `-alg` argument for PCR extend (PR #383)
+* Added helper to get wolfCrypt hash type `TPM2_GetTpmHashType` (PR #384)
+* Added new policy hash helper API `wolfTPM2_PolicyHash` (PR #369)
+* Added documentation for `/dev/tpm0` permissions (PR #366)
+* Improved the TPM TLS examples for use with `WOLFTPM_MFG_IDENTITY` (PR #376)
+* Moved PTHREAD definition from options.h to config.h (avoids possible re-declaration issue) PR (#381)
+* Switched `handle`/`nvIndex` string parsing to use `strtoul`.	(PR #369)
+* Various spelling and documentation cleanups. (PR #366 / PR #373)
+
+
 ## wolfTPM Release 3.4.0 (July 30, 2024)
 
 **Summary**

configure.ac

@@ -3,7 +3,7 @@
 # All right reserved.
 
 AC_COPYRIGHT([Copyright (C) 2014-2024 wolfSSL Inc.])
-AC_INIT([wolftpm],[3.4.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
+AC_INIT([wolftpm],[3.6.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
 
 AC_PREREQ([2.63])
 AC_CONFIG_AUX_DIR([build-aux])
@@ -28,7 +28,7 @@ AC_ARG_PROGRAM
 
 AC_CONFIG_HEADERS([src/config.h])
 
-WOLFTPM_LIBRARY_VERSION=16:3:0
+WOLFTPM_LIBRARY_VERSION=16:4:0
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |

examples/bench/bench.c

@@ -269,7 +269,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
     if (rc != 0) goto exit;
 
     if (paramEncAlg != TPM_ALG_NULL) {
-        void* bindKey = &storageKey;
+        WOLFTPM2_KEY* bindKey = &storageKey;
     #ifdef NO_RSA
         bindKey = NULL; /* cannot bind to key without RSA enabled */
     #endif

examples/keygen/keygen.c

@@ -235,7 +235,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
     if (rc != 0) goto exit;
 
     if (paramEncAlg != TPM_ALG_NULL) {
-        void* bindKey = primary;
+        WOLFTPM2_KEY* bindKey = primary;
     #ifndef HAVE_ECC
         if (srkAlg == TPM_ALG_ECC)
             bindKey = NULL; /* cannot bind to key without ECC enabled */

examples/keygen/keyimport.c

@@ -162,7 +162,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
     if (rc != 0) goto exit;
 
     if (paramEncAlg != TPM_ALG_NULL) {
-        void* bindKey = &storage;
+        WOLFTPM2_KEY* bindKey = &storage;
     #ifndef HAVE_ECC
         if (srkAlg == TPM_ALG_ECC)
             bindKey = NULL; /* cannot bind to key without ECC enabled */

examples/keygen/keyload.c

@@ -159,7 +159,7 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
         if (rc != 0) goto exit;
     }
     else if (paramEncAlg != TPM_ALG_NULL) {
-        void* bindKey = &storage;
+        WOLFTPM2_KEY* bindKey = &storage;
     #ifndef HAVE_ECC
         if (srkAlg == TPM_ALG_ECC)
             bindKey = NULL; /* cannot bind to key without ECC enabled */

examples/pcr/extend.c

@@ -155,7 +155,6 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[])
     if (filename && fp != XBADFILE) {
         rc = TPM2_GetHashType(alg);
         hashType = (enum wc_HashType)rc;
-        rc = 0;
         wc_HashInit(&dig, hashType);
         while (!XFEOF(fp)) {
             len = XFREAD(dataBuffer, 1, sizeof(dataBuffer), fp);

examples/pcr/quote.c

@@ -184,7 +184,7 @@ int TPM2_PCR_Quote_Test(void* userCtx, int argc, char *argv[])
 #endif
 
     if (paramEncAlg != TPM_ALG_NULL) {
-        void* bindKey = &storage;
+        WOLFTPM2_KEY* bindKey = &storage;
     #ifndef HAVE_ECC
         if (alg == TPM_ALG_ECC)
             bindKey = NULL; /* cannot bind to key without ECC enabled */

examples/wrap/wrap_test.c

@@ -267,7 +267,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
 
     /* Start an authenticated session (salted / unbound) with parameter encryption */
     if (paramEncAlg != TPM_ALG_NULL) {
-        void* bindKey = &storageKey;
+        WOLFTPM2_KEY* bindKey = &storageKey;
     #ifdef NO_RSA
         bindKey = NULL; /* cannot bind to key without RSA enabled */
     #endif
@@ -547,7 +547,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
 
     /* Start an authenticated session (salted / unbound) with parameter encryption */
     if (paramEncAlg != TPM_ALG_NULL) {
-        void* bindKey = &storageKey;
+        WOLFTPM2_KEY* bindKey = &storageKey;
     #ifndef HAVE_ECC
         bindKey = NULL; /* cannot bind to key without ECC enabled */
     #endif

src/tpm2_wrap.c

@@ -2216,7 +2216,8 @@ static int SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv,
                 ivField.size == 0 ? NULL : ivField.buffer, AES_ENCRYPTION);
             if (rc == 0) {
                 /* use inline encryption for both IV and sensitive */
-                rc = wc_AesCfbEncrypt(&enc, sensitiveData, sensitiveData, sensSz);
+                rc = wc_AesCfbEncrypt(&enc, sensitiveData, sensitiveData,
+                    sensSz);
             }
             wc_AesFree(&enc);
         }
@@ -2272,6 +2273,7 @@ static int SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv,
         (void)sensitiveData;
         (void)name;
         (void)symKey;
+        (void)sensSz;
         rc = NOT_COMPILED_IN;
     #endif
     }

wolftpm/version.h

@@ -34,8 +34,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFTPM_VERSION_STRING "3.4.0"
-#define LIBWOLFTPM_VERSION_HEX 0x03004000
+#define LIBWOLFTPM_VERSION_STRING "3.6.0"
+#define LIBWOLFTPM_VERSION_HEX 0x03006000
 
 #ifdef __cplusplus
 }