Skip to content

Commit

Permalink
wolfPKCS11 support for using TPM 2.0 module as backend. Uses wolfTPM …
Browse files Browse the repository at this point in the history 
…and supports RSA and ECC.
  • Loading branch information
@dgarske
dgarske committed Nov 14, 2023
1 parent d6f8c0c commit 643dd33
Show file tree
Hide file tree
Showing 6 changed files with 345 additions and 108 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/unit-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ jobs:
defaults_all:
uses: ./.github/workflows/build-workflow.yml

single_theaded:
uses: ./.github/workflows/build-workflow.yml
with:
config: --enable-singlethreaded

no_rsa:
uses: ./.github/workflows/build-workflow.yml
with:
Expand Down
15 changes: 14 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Build wolfSSL:
git clone https://github.com/wolfSSL/wolfssl.git
cd wolfssl
./autogen.sh
./configure --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT"
./configure -enable-aescfb --enable-cryptocb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT"
make
make check
sudo make install
Expand All @@ -35,6 +35,18 @@ make check

### Build options and defines

#### TPM support with wolfTPM

Enables using a TPM for cryptography and keystore.
Tested using `./configure --enable-singlethreaded --enable-wolftpm --disable-dh CFLAGS="-DWOLFPKCS11_TPM_STORE" && make`.

Note: The TPM does not support DH, so only RSA and ECC are supported.

##### Define WOLFPKCS11_TPM_STORE

Use `WOLFPKCS11_TPM_STORE` storing objects in TPM NV.


#### Define WOLFPKCS11_NO_STORE

Disables storage of tokens.
Expand All @@ -48,6 +60,7 @@ See wolfpkcs11/store.h for prototypes of functions to implement.

Sets the private key's label against the public key when generating key pairs.


## Environment variables

### WOLFPKCS11_TOKEN_PATH
Expand Down
14 changes: 14 additions & 0 deletions configure.ac
View file
Original file line number Diff line number Diff line change
Expand Up @@ -324,6 +324,20 @@ if test "$enable_shared" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11_STATIC"
fi


AC_ARG_ENABLE([wolftpm],
[AS_HELP_STRING([--enable-wolftpm],[Enable wolfTPM keystore support (default: disabled)])],
[ ENABLED_TPM=$enableval ],
[ ENABLED_TPM=no ]
)
if test "$ENABLED_TPM" = "yes"
then
LIBS="$LIBS -lwolftpm"
AM_CFLAGS="$AM_CFLAGS -DWOLFPKCS11_TPM"
fi



AM_CONDITIONAL([BUILD_STATIC],[test "x$enable_shared" = "xno"])


Expand Down

0 comments on commit 643dd33

Please sign in to comment.