wolfTPM v3.1 release prep

CMakeLists.txt

@@ -21,7 +21,7 @@
 
 cmake_minimum_required(VERSION 3.16)
 
-project(wolfTPM VERSION 3.0.0 LANGUAGES C)
+project(wolfTPM VERSION 3.1.0 LANGUAGES C)
 
 set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 set(WOLFTPM_DEFINITIONS)

ChangeLog.md

@@ -1,5 +1,60 @@
 # Release Notes
 
+## wolfTPM Release 3.1.0 (Dec 29, 2023)
+
+**Summary**
+
+Support for using TLS PK callbacks with TPM for ECC and RSA. Improved the crypto callback support and added RSA Key generation. Fixed issues with endorsement hierarchy. Added Windows Visual Studio solution and project for wolfTPM. Improved the STM32 HAL IO callback options and logging.
+
+**Detail**
+
+* Removed use of `error-ssl.h` in library proper. (PR #308)
+* Fixed CSR crypto callback to use a different (not default) `devId` to avoid conflict. (PR #310)
+* Added TPM crypto callback support for RSA key generation (PR #311)
+* Fixed and improved for ECC crypto callbacks (PR #311)
+  - Allow import of wolf ECC marked as private only (`ECC_PRIVATEKEY_ONLY`).
+  - Improve the ECC key import scheme for signing.
+  - Improve logic for finding TPM curve in ECC key generation. A call to wc_ecc_make_key can use curve_id 0 (to detect), but we can get it from the "dp".
+  - Properly translate a TPM ECC signature verify error for compatibility.
+  - Support ECC KeyGen for signing or derive based on callback context `eccKey` or `ecdhKey` population.
+  - Fix to make sure leading ECC sign leading zeros are removed when not required.
+  - Fix leading zero issue on ECC verify.
+* Cleanup KDF function return code checking to avoid scan-build warning. (PR #311)
+* Fixed ECC encrypt secret integrity check failed due to zero pad issue. (PR #311)
+* Fixed `wolfTPM2_GetRng` possibly not returning an initialized WC_RNG. (PR #311)
+* Fixed TLS bidirectional shutdown socket issue to to port collision with SWTPM. (PR #311)
+* Fixed `policy_sign` issue when `r` or `s` is less than key size (needs zero padding). (PR #311)
+* Fixed building wolfCrypt without PEM to DER support. (PR #311)
+* Added support for TLS PK callbacks with ECC and RSA Sign using PKCSv1.5 and PSS padding (PR #312)
+  - Fixed building wolfTPM without crypto callbacks.
+  - Fixed building/running with FIPS.
+  - Cleanup TLS PK callback RSA PSS padding.
+  - Cleanup TLS server/client.
+  - Added server `-i` option to keep running unless failure.
+  - Added TLS server option `-self` to use the self signed certs.
+  - Added tests for the TLS PK with TPM.
+* Added `CMakeList.txt` to autoconf, so its in the "make dist" commercial bundles. (PR #313)
+* Fixed HAL IO prototype to match (`TPM2HalIoCb` and `TPM2_IoCb`) and cast warnings. (PR #313)
+* Added support for getting the keyblob sizes if buffer is NULL. (PR #315)
+* Added tests for keyblob buffer export/import. (PR #315)
+* Added Windows Visual Studio project for wolfTPM. Added GitHub Actions to test it. (PR #316)
+* Added support for overriding the PORT/PIN for the STM32 Cube HAL. (PR #314)
+* Fixed ECC sign with key that is marked for sign and decrypt detect the ECDSA hash algorithm. (PR #317)
+* Fixes for compiler type warnings. (PR #318)
+* Added `WOLFTPM_NO_LOCK`. (PR #318)
+* Improved STM IO options/logging. (PR #318)
+* Fixed attestation with endorsement key (PR #320)
+  - Enabled the broken endorsement tests.
+  - Improved `TPM2_GetRCString` error rendering to correctly resolve `RC_WARN`.
+    - Added error debug for parameter, session and handle number.
+    - Refactor line length / alignment.
+    - Removed duplicate "success".
+  - Removed the `WOLFTPM2_KEYBLOB.name` (deprecated). It is/has been moved to `handle.name`.
+  - Fixed native test `TPM2_PolicyPCR`.
+  - Fixed CMake build broken, since cryptocb refactor in PR #304.
+  - Added CI tests for CMake.
+
+
 ## wolfTPM Release 3.0.0 (Oct 31, 2023)
 
 **Summary**

configure.ac

@@ -3,7 +3,7 @@
 # All right reserved.
 
 AC_COPYRIGHT([Copyright (C) 2014-2021 wolfSSL Inc.])
-AC_INIT([wolftpm],[3.0.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
+AC_INIT([wolftpm],[3.1.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
 
 AC_PREREQ([2.63])
 AC_CONFIG_AUX_DIR([build-aux])
@@ -28,7 +28,7 @@ AC_ARG_PROGRAM
 
 AC_CONFIG_HEADERS([src/config.h])
 
-WOLFTPM_LIBRARY_VERSION=16:0:0
+WOLFTPM_LIBRARY_VERSION=16:1:0
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |

wolftpm/tpm2_wrap.h

@@ -55,6 +55,8 @@ typedef struct WOLFTPM2_DEV {
     TPM2_AUTH_SESSION session[MAX_SESSION_NUM];
 } WOLFTPM2_DEV;
 
+/* WOLFTPM2_KEYBLOB can be cast to WOLFTPM2_KEY.
+ *   Both structures must have "handle" and "pub" as first members */
 typedef struct WOLFTPM2_KEY {
     WOLFTPM2_HANDLE   handle;
     TPM2B_PUBLIC      pub;
@@ -64,6 +66,7 @@ typedef struct WOLFTPM2_KEYBLOB {
     WOLFTPM2_HANDLE   handle;
     TPM2B_PUBLIC      pub;
     TPM2B_PRIVATE     priv;
+    /* Note: Member "name" moved to "handle.name" */
 } WOLFTPM2_KEYBLOB;
 
 typedef struct WOLFTPM2_HASH {

wolftpm/version.h

@@ -34,8 +34,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFTPM_VERSION_STRING "3.0.0"
-#define LIBWOLFTPM_VERSION_HEX 0x03000000
+#define LIBWOLFTPM_VERSION_STRING "3.1.0"
+#define LIBWOLFTPM_VERSION_HEX 0x03001000
 
 #ifdef __cplusplus
 }