diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index 1c3415c14..ca8fa35a8 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -137,6 +137,24 @@ jobs: make ./wolfcrypt/test/testwolfcrypt + make_user_wolftpm: + strategy: + matrix: + os: [ ubuntu-latest, macos-latest ] + name: make_user_wolftpm on ${{ matrix.os }} + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v3 + - if: ${{ matrix.os == 'macos-latest' }} + run: brew install automake libtool + - run: ./autogen.sh + - name: user_settings_wolftpm.h + run: | + cp ./examples/configs/user_settings_wolftpm.h user_settings.h + ./configure --enable-usersettings --disable-examples + make + ./wolfcrypt/test/testwolfcrypt + windows_build: name: Windows Build Test runs-on: windows-latest diff --git a/examples/configs/README.md b/examples/configs/README.md index dadfa45ec..e2ae4b037 100644 --- a/examples/configs/README.md +++ b/examples/configs/README.md @@ -11,6 +11,7 @@ Example wolfSSL configuration file templates for use when autoconf is not availa * `user_settings_fipsv2.h`: The FIPS v2 (3389) 140-2 certificate build options. * `user_settings_fipsv5.h`: The FIPS v5 (ready) 140-3 build options. Equivalent to `./configure --enable-fips=v5-dev`. * `user_settings_stm32.h`: Example configuration file generated from the wolfSSL STM32 Cube pack. +* `user_settings_wolftpm.h`: Minimum options for building wolfTPM. See comment at top for ./configure used to generate. ## Usage diff --git a/examples/configs/include.am b/examples/configs/include.am index a74fe24ef..d59776102 100644 --- a/examples/configs/include.am +++ b/examples/configs/include.am @@ -9,3 +9,4 @@ EXTRA_DIST += examples/configs/user_settings_template.h EXTRA_DIST += examples/configs/user_settings_fipsv2.h EXTRA_DIST += examples/configs/user_settings_fipsv5.h EXTRA_DIST += examples/configs/user_settings_stm32.h +EXTRA_DIST += examples/configs/user_settings_wolftpm.h diff --git a/examples/configs/user_settings_wolftpm.h b/examples/configs/user_settings_wolftpm.h new file mode 100644 index 000000000..8c6a3ebf6 --- /dev/null +++ b/examples/configs/user_settings_wolftpm.h @@ -0,0 +1,132 @@ +/* user_settings_wolftpm.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* should be renamed to user_settings.h for customer use + * generated from configure and wolfssl/options.h using: + * ./configure --enable-wolftpm --disable-dh --disable-oldtls \ + * --disable-sha3 --disable-sha512 --disable-sha384 --disable-sha224 \ + * --disable-pkcs12 --disable-chacha --disable-poly1305 \ + * --disable-sys-ca-certs --disable-examples + * + * Cleaned up by David Garske + */ + + +#ifndef WOLF_USER_SETTINGS_TPM_H +#define WOLF_USER_SETTINGS_TPM_H + +#ifdef __cplusplus +extern "C" { +#endif + +#if 1 + /* wolfTPM with TLS example (v1.3 only) */ + #define WOLFSSL_TLS13 + #define WOLFSSL_NO_TLS12 + #define NO_OLD_TLS + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define HAVE_SERVER_RENEGOTIATION_INFO + #define HAVE_ENCRYPT_THEN_MAC + + #define HAVE_HKDF + #define WC_RSA_PSS + #define WOLFSSL_PSS_LONG_SALT +#else + /* wolfCrypt only (no SSL/TLS) */ + #define WOLFCRYPT_ONLY +#endif + +/* No threading or file system */ +#define SINGLE_THREADED +/* File system disable */ +#if 0 + #define NO_FILESYSTEM +#endif + +/* Enable crypto callbacks */ +#define WOLF_CRYPTO_CB + +/* Enable PRNG (SHA2-256) */ +#define HAVE_HASHDRBG + +/* Enable SP math all (sp_int.c) with multi-precision support */ +#define WOLFSSL_SP_MATH_ALL + +/* Enable hardening (timing resistance) */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* Asymmetric */ +#define HAVE_ECC +#undef NO_RSA +#define NO_DH +#ifndef NO_DH + #define HAVE_FFDHE_2048 + #define HAVE_DH_DEFAULT_PARAMS +#endif + +/* Symmetric Hash */ +#undef NO_SHA +#undef NO_SHA256 +#define WOLFSSL_SHA512 +#define WOLFSSL_SHA384 + +/* Symmetric Cipher */ +#define HAVE_AES_KEYWRAP +#define WOLFSSL_AES_DIRECT +#define WOLFSSL_AES_CFB +#define HAVE_AESGCM +#define GCM_TABLE_4BIT + +#if 0 + #define HAVE_POLY1305 + #define HAVE_CHACHA +#endif + +/* Features */ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_EXT + +#define HAVE_PKCS7 +#define HAVE_X963_KDF +#define WOLFSSL_BASE64_ENCODE + + +/* Disables */ +#define NO_DSA +#define NO_DES3 +#define NO_RC4 +#define NO_PSK +#define NO_MD4 +#define WOLFSSL_NO_SHAKE128 +#define WOLFSSL_NO_SHAKE256 + + +#ifdef __cplusplus +} +#endif + +#endif /* WOLF_USER_SETTINGS_TPM_H */ diff --git a/tests/api.c b/tests/api.c index d88fe04fd..8bc987158 100644 --- a/tests/api.c +++ b/tests/api.c @@ -10076,7 +10076,8 @@ static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata) static int test_wolfSSL_PKCS8(void) { int res = TEST_SKIPPED; -#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) +#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + !defined(WOLFCRYPT_ONLY) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) byte buff[FOURK_BUF]; byte der[FOURK_BUF];