Merge pull request #6015 from dgarske/wolf_products

Add user_settings.h template for wolfTPM

.github/workflows/os-check.yml

@@ -137,6 +137,24 @@ jobs:
         make
         ./wolfcrypt/test/testwolfcrypt
 
+  make_user_wolftpm:
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, macos-latest ]
+    name: make_user_wolftpm on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v3
+    - if: ${{ matrix.os == 'macos-latest' }}
+      run: brew install automake libtool
+    - run: ./autogen.sh
+    - name: user_settings_wolftpm.h
+      run: |
+        cp ./examples/configs/user_settings_wolftpm.h user_settings.h
+        ./configure --enable-usersettings --disable-examples
+        make
+        ./wolfcrypt/test/testwolfcrypt
+
   windows_build:
     name: Windows Build Test
     runs-on: windows-latest

examples/configs/README.md

@@ -11,6 +11,7 @@ Example wolfSSL configuration file templates for use when autoconf is not availa
 * `user_settings_fipsv2.h`: The FIPS v2 (3389) 140-2 certificate build options.
 * `user_settings_fipsv5.h`: The FIPS v5 (ready) 140-3 build options. Equivalent to `./configure --enable-fips=v5-dev`.
 * `user_settings_stm32.h`: Example configuration file generated from the wolfSSL STM32 Cube pack.
+* `user_settings_wolftpm.h`: Minimum options for building wolfTPM. See comment at top for ./configure used to generate.
 
 ## Usage
 

examples/configs/include.am

@@ -9,3 +9,4 @@ EXTRA_DIST += examples/configs/user_settings_template.h
 EXTRA_DIST += examples/configs/user_settings_fipsv2.h
 EXTRA_DIST += examples/configs/user_settings_fipsv5.h
 EXTRA_DIST += examples/configs/user_settings_stm32.h
+EXTRA_DIST += examples/configs/user_settings_wolftpm.h

examples/configs/user_settings_wolftpm.h

@@ -0,0 +1,132 @@
+/* user_settings_wolftpm.h
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* should be renamed to user_settings.h for customer use
+ * generated from configure and wolfssl/options.h using:
+ * ./configure --enable-wolftpm --disable-dh --disable-oldtls \
+ *    --disable-sha3 --disable-sha512 --disable-sha384 --disable-sha224 \
+ *    --disable-pkcs12 --disable-chacha --disable-poly1305 \
+ *    --disable-sys-ca-certs --disable-examples
+ *
+ * Cleaned up by David Garske
+ */
+
+
+#ifndef WOLF_USER_SETTINGS_TPM_H
+#define WOLF_USER_SETTINGS_TPM_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if 1
+    /* wolfTPM with TLS example (v1.3 only) */
+    #define WOLFSSL_TLS13
+    #define WOLFSSL_NO_TLS12
+    #define NO_OLD_TLS
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define HAVE_SERVER_RENEGOTIATION_INFO
+    #define HAVE_ENCRYPT_THEN_MAC
+
+    #define HAVE_HKDF
+    #define WC_RSA_PSS
+    #define WOLFSSL_PSS_LONG_SALT
+#else
+    /* wolfCrypt only (no SSL/TLS) */
+    #define WOLFCRYPT_ONLY
+#endif
+
+/* No threading or file system */
+#define SINGLE_THREADED
+/* File system disable */
+#if 0
+    #define NO_FILESYSTEM
+#endif
+
+/* Enable crypto callbacks */
+#define WOLF_CRYPTO_CB
+
+/* Enable PRNG (SHA2-256) */
+#define HAVE_HASHDRBG
+
+/* Enable SP math all (sp_int.c) with multi-precision support */
+#define WOLFSSL_SP_MATH_ALL
+
+/* Enable hardening (timing resistance) */
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+/* Asymmetric */
+#define HAVE_ECC
+#undef NO_RSA
+#define NO_DH
+#ifndef NO_DH
+    #define HAVE_FFDHE_2048
+    #define HAVE_DH_DEFAULT_PARAMS
+#endif
+
+/* Symmetric Hash */
+#undef NO_SHA
+#undef NO_SHA256
+#define WOLFSSL_SHA512
+#define WOLFSSL_SHA384
+
+/* Symmetric Cipher */
+#define HAVE_AES_KEYWRAP
+#define WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_CFB
+#define HAVE_AESGCM
+#define GCM_TABLE_4BIT
+
+#if 0
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+#endif
+
+/* Features */
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_EXT
+
+#define HAVE_PKCS7
+#define HAVE_X963_KDF
+#define WOLFSSL_BASE64_ENCODE
+
+
+/* Disables */
+#define NO_DSA
+#define NO_DES3
+#define NO_RC4
+#define NO_PSK
+#define NO_MD4
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLF_USER_SETTINGS_TPM_H */

tests/api.c

@@ -10076,7 +10076,8 @@ static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
 static int test_wolfSSL_PKCS8(void)
 {
     int res = TEST_SKIPPED;
-#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8)
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
+    !defined(WOLFCRYPT_ONLY)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     byte buff[FOURK_BUF];
     byte der[FOURK_BUF];