wolfTPM Release v3.8.0 prep

.gitignore

@@ -64,6 +64,7 @@ examples/keygen/keyload
 examples/keygen/keygen
 examples/keygen/keyimport
 examples/keygen/external_import
+examples/nvram/extend
 examples/nvram/store
 examples/nvram/read
 examples/nvram/counter

CMakeLists.txt

@@ -21,7 +21,7 @@
 
 cmake_minimum_required(VERSION 3.16)
 
-project(wolfTPM VERSION 3.6.0 LANGUAGES C)
+project(wolfTPM VERSION 3.8.0 LANGUAGES C)
 
 set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 set(WOLFTPM_DEFINITIONS)
@@ -296,6 +296,7 @@ if (WOLFTPM_EXAMPLES)
     add_tpm_example(secure_rot boot/secure_rot.c)
     add_tpm_example(csr csr/csr.c)
     add_tpm_example(get_ek_certs endorsement/get_ek_certs.c)
+    add_tpm_example(ifx_fw_update firmware/ifx_fw_update.c)
     add_tpm_example(gpio_config gpio/gpio_config.c)
     add_tpm_example(gpio_read gpio/gpio_read.c)
     add_tpm_example(gpio_set gpio/gpio_set.c)
@@ -305,14 +306,16 @@ if (WOLFTPM_EXAMPLES)
     add_tpm_example(keyimport keygen/keyimport.c)
     add_tpm_example(keyload keygen/keyload.c)
     add_tpm_example(flush management/flush.c)
+    add_tpm_example(tpmclear management/tpmclear.c)
     add_tpm_example(native_test native/native_test.c)
     add_tpm_example(counter nvram/counter.c)
+    add_tpm_example(nvextend nvram/extend.c)
     add_tpm_example(policy_nv nvram/policy_nv.c)
     add_tpm_example(read nvram/read.c)
     add_tpm_example(store nvram/store.c)
     add_tpm_example(extend pcr/extend.c)
-    add_tpm_example(policy pcr/policy.c)
     add_tpm_example(policy_sign pcr/policy_sign.c)
+    add_tpm_example(policy pcr/policy.c)
     add_tpm_example(quote pcr/quote.c)
     add_tpm_example(read_pcr pcr/read_pcr.c)
     add_tpm_example(reset pcr/reset.c)
@@ -321,12 +324,11 @@ if (WOLFTPM_EXAMPLES)
     add_tpm_example(unseal seal/unseal.c)
     add_tpm_example(clock_set timestamp/clock_set.c)
     add_tpm_example(signed_timestamp timestamp/signed_timestamp.c)
-    add_tpm_example(tls_client tls/tls_client.c)
     add_tpm_example(tls_client_notpm tls/tls_client_notpm.c)
+    add_tpm_example(tls_client tls/tls_client.c)
     add_tpm_example(tls_server tls/tls_server.c)
     add_tpm_example(caps wrap/caps.c)
     add_tpm_example(wrap_test wrap/wrap_test.c)
-    add_tpm_example(ifx_fw_update firmware/ifx_fw_update.c)
 endif()
 
 

ChangeLog.md

@@ -1,5 +1,27 @@
 # Release Notes
 
+## wolfTPM Release 3.8.0 (Jan 7, 2025)
+
+**Summary**
+
+Fixes for session auth on key bind and password policy. Added NV extend example used with Bus_Protection_Guidance. New wolfTPM2_NVExtend wrapper and example. Added new NV policy write/read wrapper API's used with policy auth
+
+**Detail**
+
+* Fixed issue with auth session binding. (PR #389)
+* Fixed possible missing `wc_GetPkcs8TraditionalOffset`. (PR #392)
+* Fixed issue with `wolfTPM2_PolicyHash` where input digest could be too large. (PR #389)
+* Added example for NV extend based on the TCG "bus protection guidance". (PR #389)
+* Added support for building wolfTPM against older wolfCrypt (like v4.7.0) including CI test. (PR #390)
+* Added HAL IO support for Microchip I2C bit-bang (PR #340)
+* Created separate tool (./examples/management/tpmclear) for performing the TPM2_Clear (don't use args in wrap_test). (PR #391)
+* Switched `wolfTPM2_LoadSymmetricKey` to default to the `WOLFTPM2_WRAP_DIGEST` for hash algorithm and not default to SHA1 for some sizes. (PR #388)
+* Improved TPM NV write debug logging to show before. (PR #392)
+* Cleanup the `SensitiveToPrivate` function stack variables. (PR #388)
+* Cleanup comments on EK/SRK. (PR #388)
+* Various spellings, tabs, execute bit on .c and formatting. (PR #386, #388, #392)
+
+
 ## wolfTPM Release 3.6.0 (Nov 5, 2024)
 
 **Summary**

configure.ac

@@ -3,7 +3,7 @@
 # All right reserved.
 
 AC_COPYRIGHT([Copyright (C) 2014-2024 wolfSSL Inc.])
-AC_INIT([wolftpm],[3.6.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
+AC_INIT([wolftpm],[3.8.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
 
 AC_PREREQ([2.63])
 AC_CONFIG_AUX_DIR([build-aux])
@@ -28,7 +28,7 @@ AC_ARG_PROGRAM
 
 AC_CONFIG_HEADERS([src/config.h])
 
-WOLFTPM_LIBRARY_VERSION=16:4:0
+WOLFTPM_LIBRARY_VERSION=16:5:0
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |

examples/nvram/extend.c

@@ -187,6 +187,10 @@ int TPM2_NVRAM_Extend_Example(void* userCtx, int argc, char *argv[])
     XMEMSET(policyOr, 0, sizeof(policyOr));
     rc = wolfTPM2_PolicyHash(hashAlg, policyOr, &nvSize,
         TPM_CC_PolicyOR, policyDigest, policyDigestSz);
+    if (rc != TPM_RC_SUCCESS) {
+        printf("wolfTPM2_PolicyHash failed!\n");
+        goto exit;
+    }
     printf("PolicyOR A/B/C: %d\n", nvSize);
     TPM2_PrintBin(policyOr, nvSize);
 
@@ -247,6 +251,10 @@ int TPM2_NVRAM_Extend_Example(void* userCtx, int argc, char *argv[])
             policyOr, nvSize
         );
     }
+    if (rc != 0) {
+        printf("NV Create failed!\n");
+        goto exit;
+    }
 
     /* Close session and unload endorsement */
     wolfTPM2_UnsetAuth(&dev, 0);

examples/tls/tls_client.c

@@ -439,7 +439,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
     #else
         void* pkey = NULL;
     #endif
-        rc = wolfTPM2_ExportPublicKeyBuffer(&dev, pkey,
+        rc = wolfTPM2_ExportPublicKeyBuffer(&dev, (WOLFTPM2_KEY*)pkey,
             ENCODING_TYPE_ASN1, der, &derSz);
         if (rc < 0) {
             printf("Failed to export TPM public key!\n");

examples/tls/tls_server.c

@@ -432,7 +432,7 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
     #else
         void* pkey = NULL;
     #endif
-        rc = wolfTPM2_ExportPublicKeyBuffer(&dev, pkey,
+        rc = wolfTPM2_ExportPublicKeyBuffer(&dev, (WOLFTPM2_KEY*)pkey,
             ENCODING_TYPE_ASN1, der, &derSz);
         if (rc < 0) {
             printf("Failed to export TPM public key!\n");

src/tpm2_wrap.c

@@ -7891,7 +7891,6 @@ static int tpm2_ifx_firmware_data(WOLFTPM2_DEV* dev,
         rc = cb(&cmd[2], IFX_FW_MAX_CHUNK_SZ, offset, cb_ctx);
         if (rc > 0 && rc <= IFX_FW_MAX_CHUNK_SZ) {
             chunk_sz = rc;
-            rc = 0;
         }
         else if (rc == 0) {
         #ifdef DEBUG_WOLFTPM

wolftpm/version.h

@@ -34,8 +34,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFTPM_VERSION_STRING "3.6.0"
-#define LIBWOLFTPM_VERSION_HEX 0x03006000
+#define LIBWOLFTPM_VERSION_STRING "3.8.0"
+#define LIBWOLFTPM_VERSION_HEX 0x03008000
 
 #ifdef __cplusplus
 }