Merge pull request #130 from elms/mingw/tls

minGW support for TLS example

Author: dgarske

.gitignore

@@ -60,8 +60,15 @@ certs/*.par
 certs/crlnumber*
 certs/serial
 certs/index*
-
+certs/tpm-*.csr
+certs/server-*.der
+certs/server-*.pem
+certs/client-*.der
+certs/client-*.pem
+certs/serial.old
 *.dep
 IDE/IAR-EWARM/settings
 quote.blob
 keyblob.bin
+ecc_test_blob.raw
+rsa_test_blob.raw

certs/certreq.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 echo Run from wolftpm root
-echo Run ./examples/crl/crl first to generate the CSR
+echo Run ./examples/csr/csr first to generate the CSR
 
 
 # Make sure required CA files exist and are populated
@@ -23,7 +23,7 @@ if [ "$1" == "clean" ]; then
 	rm -f ./certs/server-*.der
 	rm -f ./certs/*.old
 
-	# cleanup the ./examples/crl/crl generated
+	# cleanup the ./examples/csr/csr generated
 	rm -f ./certs/tpm-*-cert.csr
 
 	exit 0

configure.ac

@@ -210,7 +210,7 @@ then
         AC_MSG_ERROR([Cannot enable swtpm or devtpm with windows API])
     fi
 
-    AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_WINAPI -DNO_WOLFSSL_SERVER -DNO_WOLFSSL_CLIENT"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_WINAPI"
 fi
 
 

docs/WindowTBS.md

@@ -11,7 +11,7 @@ export PREFIX=$PWD/tmp_install
 
 cd wolfssl
 ./autogen.sh
-./configure --prefix="$PREFIX"
+./configure --prefix="$PREFIX" --enable-certgen --enable-certreq --enable-certext --enable-pkcs7 --enable-cryptocb
 make
 make install
 
@@ -42,7 +42,7 @@ export PREFIX=$PWD/tmp_install
 
 cd wolfssl
 ./autogen.sh
-./configure --host=i686 CC=i686-w64-mingw32-gcc CFLAGS="-DWIN32 -DMINGW -D_WIN32_WINNT=0x0600" LIBS="-lws2_32" --prefix="$PREFIX"
+./configure --host=i686 CC=i686-w64-mingw32-gcc CFLAGS="-DWIN32 -DMINGW -D_WIN32_WINNT=0x0600" LIBS="-lws2_32" --prefix="$PREFIX" --enable-certgen --enable-certreq --enable-certext --enable-pkcs7 --enable-cryptocb
 make
 make install
 

examples/README.md

@@ -108,9 +108,13 @@ To force ECC use with wolfSSL when RSA is enabled define `TLS_USE_ECC`.
 To use symmetric AES/Hashing/HMAC with the TPM define `WOLFTPM_USE_SYMMETRIC`.
 
 Generation of the Client and Server Certificates requires running:
-1. `./examples/csr/csr`
-2. `./certs/certreq.sh`
-3. Copy the CA files from wolfTPM to wolfSSL certs directory.
+
+
+1. `./examples/keygen/keygen rsa_test_blob.raw RSA T`
+2. `./examples/keygen/keygen ecc_test_blob.raw ECC T`
+3. `./examples/csr/csr`
+4. `./certs/certreq.sh`
+5. Copy the CA files from wolfTPM to wolfSSL certs directory.
     a. `cp ./certs/ca-ecc-cert.pem ../wolfssl/certs/tpm-ca-ecc-cert.pem`
     b. `cp ./certs/ca-rsa-cert.pem ../wolfssl/certs/tpm-ca-rsa-cert.pem`
 
@@ -122,15 +126,17 @@ Examples show using a TPM key and certificate for TLS mutual authentication (cli
 This example client connects to localhost on on port 11111 by default. These can be overridden using `TLS_HOST` and `TLS_PORT`.
 
 You can validate using the wolfSSL example server this like:
-`./examples/server/server -b -p 11111 -g -d`
+`./examples/server/server -b -p 11111 -g -d -i -V`
 
 To validate client certificate use the following wolfSSL example server command:
-`./examples/server/server -b -p 11111 -g -A ./certs/tpm-ca-rsa-cert.pem`
+`./examples/server/server -b -p 11111 -g -A ./certs/tpm-ca-rsa-cert.pem -i -V`
 or
-`./examples/server/server -b -p 11111 -g -A ./certs/tpm-ca-ecc-cert.pem`
+`./examples/server/server -b -p 11111 -g -A ./certs/tpm-ca-ecc-cert.pem -i -V`
 
 Then run the wolfTPM TLS client example:
-`./examples/tls/tls_client`
+`./examples/tls/tls_client RSA`
+or
+`./examples/tls/tls_client ECC`
 
 
 ### TLS Server
@@ -140,7 +146,9 @@ This example shows using a TPM key and certificate for a TLS server.
 By default it listens on port 11111 and can be overridden at build-time using the `TLS_PORT` macro.
 
 Run the wolfTPM TLS server example:
-`./examples/tls/tls_server`. 
+`./examples/tls/tls_server RSA`
+or
+`./examples/tls/tls_server ECC`
 
 Then run the wolfSSL example client this like:
 `./examples/client/client -h localhost -p 11111 -g -d`

examples/bench/bench.c

@@ -29,6 +29,7 @@
 
 #include <examples/tpm_io.h>
 #include <examples/tpm_test.h>
+#include <examples/tpm_test_keys.h>
 #include <examples/bench/bench.h>
 
 #include <stdio.h>
@@ -207,30 +208,10 @@ int TPM2_Wrapper_Bench(void* userCtx)
     if (rc != 0) return rc;
 
     /* See if primary storage key already exists */
-    rc = wolfTPM2_ReadPublicKey(&dev, &storageKey,
-        TPM2_DEMO_STORAGE_KEY_HANDLE);
-    if (rc != 0) {
-        /* Create primary storage key */
-        rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
-            TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent |
-            TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
-            TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA);
-        if (rc != 0) goto exit;
-        rc = wolfTPM2_CreatePrimaryKey(&dev, &storageKey, TPM_RH_OWNER,
-            &publicTemplate, (byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1);
-        if (rc != 0) goto exit;
-
-        /* Move this key into persistent storage */
-        rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &storageKey,
-            TPM2_DEMO_STORAGE_KEY_HANDLE);
-        if (rc != 0) goto exit;
-    }
-    else {
-        /* specify auth password for storage key */
-        storageKey.handle.auth.size = sizeof(gStorageKeyAuth)-1;
-        XMEMCPY(storageKey.handle.auth.buffer, gStorageKeyAuth,
-            storageKey.handle.auth.size);
-    }
+    rc = getPrimaryStoragekey(&dev,
+                              &storageKey,
+                              &publicTemplate);
+    if (rc != 0) goto exit;
 
     /* RNG Benchmark */
     bench_stats_start(&count, &start);

examples/bench/include.am

@@ -5,6 +5,7 @@ if BUILD_EXAMPLES
 noinst_PROGRAMS += examples/bench/bench
 noinst_HEADERS  += examples/bench/bench.h
 examples_bench_bench_SOURCES      = examples/bench/bench.c \
+                                    examples/tpm_test_keys.c \
                                     examples/tpm_io.c
 examples_bench_bench_LDADD        = src/libwolftpm.la $(LIB_STATIC_ADD)
 examples_bench_bench_DEPENDENCIES = src/libwolftpm.la

examples/csr/csr.c

@@ -29,6 +29,7 @@
 
 #include <examples/tpm_io.h>
 #include <examples/tpm_test.h>
+#include <examples/tpm_test_keys.h>
 #include <examples/csr/csr.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
 
@@ -173,59 +174,21 @@ int TPM2_CSR_Example(void* userCtx)
     if (rc != 0) goto exit;
 
     /* See if primary storage key already exists */
-    rc = wolfTPM2_ReadPublicKey(&dev, &storageKey,
-        TPM2_DEMO_STORAGE_KEY_HANDLE);
-    if (rc != 0) {
-        /* Create primary storage key */
-        rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
-            TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent |
-            TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
-            TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA);
-        if (rc != 0) goto exit;
-        rc = wolfTPM2_CreatePrimaryKey(&dev, &storageKey, TPM_RH_OWNER,
-            &publicTemplate, (byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1);
-        if (rc != 0) goto exit;
-
-        /* Move this key into persistent storage */
-        rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &storageKey,
-            TPM2_DEMO_STORAGE_KEY_HANDLE);
-        if (rc != 0) goto exit;
-    }
-    else {
-        /* specify auth password for storage key */
-        storageKey.handle.auth.size = sizeof(gStorageKeyAuth)-1;
-        XMEMCPY(storageKey.handle.auth.buffer, gStorageKeyAuth,
+    rc = getPrimaryStoragekey(&dev,
+                              &storageKey,
+                              &publicTemplate);
+    if (rc != 0) goto exit;
+
+    storageKey.handle.auth.size = sizeof(gStorageKeyAuth)-1;
+    XMEMCPY(storageKey.handle.auth.buffer, gStorageKeyAuth,
             storageKey.handle.auth.size);
-    }
 
 #ifndef NO_RSA
-    /* Create/Load RSA key for CSR */
-    rc = wolfTPM2_ReadPublicKey(&dev, &rsaKey, TPM2_DEMO_RSA_KEY_HANDLE);
-    if (rc != 0) {
-        rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
-            TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
-            TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA);
-        if (rc != 0) goto exit;
-        rc = wolfTPM2_CreateAndLoadKey(&dev, &rsaKey, &storageKey.handle,
-            &publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1);
-        if (rc != 0) goto exit;
-
-        /* Move this key into persistent storage */
-        rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &rsaKey,
-            TPM2_DEMO_RSA_KEY_HANDLE);
-        if (rc != 0) goto exit;
-    }
-    else {
-        /* specify auth password for RSA key */
-        rsaKey.handle.auth.size = sizeof(gKeyAuth)-1;
-        XMEMCPY(rsaKey.handle.auth.buffer, gKeyAuth, rsaKey.handle.auth.size);
-    }
-
-    /* setup wolf RSA key with TPM deviceID, so crypto callbacks are used */
-    rc = wc_InitRsaKey_ex(&wolfRsaKey, NULL, tpmDevId);
-    if (rc != 0) goto exit;
-    /* load public portion of key into wolf RSA Key */
-    rc = wolfTPM2_RsaKey_TpmToWolf(&dev, &rsaKey, &wolfRsaKey);
+    rc = getRSAkey(&dev,
+                   &storageKey,
+                   &rsaKey,
+                   &wolfRsaKey,
+                   tpmDevId);
     if (rc != 0) goto exit;
 
     rc = TPM2_CSR_Generate(&dev, RSA_TYPE, &wolfRsaKey, gClientCertRsaFile);
@@ -234,34 +197,11 @@ int TPM2_CSR_Example(void* userCtx)
 
 
 #ifdef HAVE_ECC
-    /* Create/Load ECC key for CSR */
-    rc = wolfTPM2_ReadPublicKey(&dev, &eccKey, TPM2_DEMO_ECC_KEY_HANDLE);
-    if (rc != 0) {
-        rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
-            TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
-            TPMA_OBJECT_sign | TPMA_OBJECT_noDA,
-            TPM_ECC_NIST_P256, TPM_ALG_ECDSA);
-        if (rc != 0) goto exit;
-        rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
-            &publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1);
-        if (rc != 0) goto exit;
-
-        /* Move this key into persistent storage */
-        rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &eccKey,
-            TPM2_DEMO_ECC_KEY_HANDLE);
-        if (rc != 0) goto exit;
-    }
-    else {
-        /* specify auth password for ECC key */
-        eccKey.handle.auth.size = sizeof(gKeyAuth)-1;
-        XMEMCPY(eccKey.handle.auth.buffer, gKeyAuth, eccKey.handle.auth.size);
-    }
-
-    /* setup wolf ECC key with TPM deviceID, so crypto callbacks are used */
-    rc = wc_ecc_init_ex(&wolfEccKey, NULL, tpmDevId);
-    if (rc != 0) goto exit;
-    /* load public portion of key into wolf ECC Key */
-    rc = wolfTPM2_EccKey_TpmToWolf(&dev, &eccKey, &wolfEccKey);
+    rc =  getECCkey(&dev,
+                    &storageKey,
+                    &eccKey,
+                    &wolfEccKey,
+                    tpmDevId);
     if (rc != 0) goto exit;
 
     rc = TPM2_CSR_Generate(&dev, ECC_TYPE, &wolfEccKey, gClientCertEccFile);
@@ -274,6 +214,9 @@ int TPM2_CSR_Example(void* userCtx)
         printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
     }
 
+
+    wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
+
 #ifndef NO_RSA
     wc_FreeRsaKey(&wolfRsaKey);
     wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);

examples/csr/include.am

@@ -5,6 +5,7 @@ if BUILD_EXAMPLES
 noinst_PROGRAMS += examples/csr/csr
 noinst_HEADERS  += examples/csr/csr.h
 examples_csr_csr_SOURCES      = examples/csr/csr.c \
+                                examples/tpm_test_keys.c \
                                 examples/tpm_io.c
 examples_csr_csr_LDADD        = src/libwolftpm.la $(LIB_STATIC_ADD)
 examples_csr_csr_DEPENDENCIES = src/libwolftpm.la

examples/include.am

@@ -15,4 +15,6 @@ include examples/keygen/include.am
 dist_example_DATA+= examples/README.md \
                     examples/tpm_io.c \
                     examples/tpm_io.h \
+                    examples/tpm_test_keys.c \
+                    examples/tpm_test_keys.h \
                     examples/tpm_test.h