PKCS11 TPM support #23

dgarske · 2023-11-13T17:38:05Z

wolfPKCS11 support for using TPM 2.0 module as backend. Uses wolfTPM and supports RSA and ECC.
Requires Add TPM crypto callback support for RSA key generation wolfTPM#311
Added PKCS11 TPM NV store (enabled with WOLFPKCS11_TPM_STORE).
Added CI testing for wolfPKCS11 with wolfTPM backend and single threaded.

…and supports RSA and ECC. Requires wolfSSL/wolfTPM#311 Added CI testing for wolfPKCS11 with wolfTPM backend and single threaded.

…O_ENV` when setenv/getenv is not available. Only require `-ldl` for non-static builds.

dgarske · 2023-12-05T18:36:03Z

@SparkiDev this is ready for your review and finalization. I'll followup with any portability issues in a new PR.

SparkiDev · 2023-12-05T21:21:07Z

src/internal.c

+        case WOLFPKCS11_STORE_DHKEY_PRIV:
+        case WOLFPKCS11_STORE_DHKEY_PUB:
+        default:
+            maxSz = -1;


BAD_FUNC_ARG?

SparkiDev · 2023-12-05T21:23:50Z

src/internal.c

 /**
 * Free dynamic memory associated with the slot.
 *
 * @param  slot  [in]  Slot object.
 */
 static void wp11_Slot_Final(WP11_Slot* slot)
 {
+    if (slot == NULL) return;


return on next line

SparkiDev · 2023-12-05T21:24:39Z

src/internal.c

@@ -3001,6 +3271,11 @@ static int wp11_Slot_Init(WP11_Slot* slot, int id)

    ret = WP11_Lock_Init(&slot->lock);
    if (ret == 0) {
+    #ifdef WOLFPKCS11_TPM
+        if (ret == 0) {


'ret == 0' checks look wrong

dgarske self-assigned this Nov 13, 2023

dgarske mentioned this pull request Nov 13, 2023

Add TPM crypto callback support for RSA key generation wolfSSL/wolfTPM#311

Merged

dgarske force-pushed the pkcs11_tpm branch from 34105cf to db291fe Compare November 13, 2023 22:19

dgarske changed the title ~~PKCS11 TPM support (RSA only)~~ PKCS11 TPM support Nov 13, 2023

dgarske force-pushed the pkcs11_tpm branch 5 times, most recently from 643dd33 to 8a2eae2 Compare November 14, 2023 16:21

dgarske force-pushed the pkcs11_tpm branch 2 times, most recently from 1fd117e to 9de6d53 Compare November 28, 2023 23:47

dgarske marked this pull request as ready for review November 28, 2023 23:47

wolfPKCS11 support for using TPM 2.0 module as backend. Uses wolfTPM …

9510dc7

…and supports RSA and ECC. Requires wolfSSL/wolfTPM#311 Added CI testing for wolfPKCS11 with wolfTPM backend and single threaded.

dgarske force-pushed the pkcs11_tpm branch from 9de6d53 to 9510dc7 Compare November 29, 2023 21:38

dgarske added 2 commits November 29, 2023 15:59

Added PKCS11 TPM NV store (enabled with WOLFPKCS11_TPM_STORE).

424decb

Allow WOLFPKCS11_NO_STORE for TPM use case.

8cabca7

dgarske requested a review from SparkiDev November 30, 2023 00:07

SparkiDev previously approved these changes Nov 30, 2023

View reviewed changes

dgarske dismissed SparkiDev’s stale review via 89c85a8 December 4, 2023 20:58

dgarske force-pushed the pkcs11_tpm branch 3 times, most recently from f61e105 to 52711af Compare December 4, 2023 23:19

Fix compiler warnings from mingw. Add portability macro `WOLFPKCS11_N…

2eecc1d

…O_ENV` when setenv/getenv is not available. Only require `-ldl` for non-static builds.

dgarske force-pushed the pkcs11_tpm branch from 52711af to 2eecc1d Compare December 4, 2023 23:25

dgarske assigned SparkiDev and unassigned dgarske Dec 5, 2023

SparkiDev requested changes Dec 5, 2023

View reviewed changes

Peer review cleanups.

a7782fc

dgarske requested a review from SparkiDev December 5, 2023 21:33

SparkiDev approved these changes Dec 5, 2023

View reviewed changes

SparkiDev merged commit ffb7f06 into wolfSSL:master Dec 5, 2023
17 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PKCS11 TPM support #23

PKCS11 TPM support #23

dgarske commented Nov 13, 2023 •

edited

dgarske commented Dec 5, 2023

SparkiDev Dec 5, 2023

SparkiDev Dec 5, 2023

SparkiDev Dec 5, 2023

PKCS11 TPM support #23

PKCS11 TPM support #23

Conversation

dgarske commented Nov 13, 2023 • edited

dgarske commented Dec 5, 2023

SparkiDev Dec 5, 2023

Choose a reason for hiding this comment

SparkiDev Dec 5, 2023

Choose a reason for hiding this comment

SparkiDev Dec 5, 2023

Choose a reason for hiding this comment

dgarske commented Nov 13, 2023 •

edited