Merge pull request #343 from dgarske/v3.2.0-relprep

wolfTPM release v3.2.0 prep

Author: JacobBarthelmeh

CMakeLists.txt

@@ -21,7 +21,7 @@
 
 cmake_minimum_required(VERSION 3.16)
 
-project(wolfTPM VERSION 3.1.0 LANGUAGES C)
+project(wolfTPM VERSION 3.2.0 LANGUAGES C)
 
 set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 set(WOLFTPM_DEFINITIONS)

ChangeLog.md

@@ -1,5 +1,68 @@
 # Release Notes
 
+## wolfTPM Release 3.2.0 (Apr 24, 2024)
+
+**Summary**
+
+Added TPM Firmware update support (Infineon SLB9672/SLB9673). Added support for pre-provisioned device identity keys/certificates (STMicro ST33). Fixed issue with sealing secret to prevent `userWithAuth` by default. Expanded the TPM get capabilities support.
+
+**Detail**
+
+* Added new API `wolfTPM2_NVCreateAuthPolicy` for allowing NV creation with policy (PR #344)
+* Added Infineon firmware update recovery support (PR #342)
+* Added support for Infineon Firmware upgrade (PR #339)
+  - Added support for Infineon SLB9672/SLB9673 Firmware upgrade (see examples/firmware/README.md)
+  - Added Infineon Modus Toolbox support. See `wolfssl/IDE/Infineon/README.md` for setup instructions.
+  - Added support for Infineon CyHal I2C support.
+  - Added Firmware extraction tool
+  - Added Firmware update example application `examples/firmware/ifx_fw_update`.
+  - Added support for vendor capabilities `TPM_CAP_VENDOR_PROPERTY`.
+  - Added `XSLEEP_MS` macro for firmware update delay.
+  - Added support for getting key group id, operational mode and update counts.
+  - Added support for abandoning an update.
+  - Added support for firmware update done, but not finalized
+  - Added Infineon CyHal SPI support.
+  - Fixed auto-detect to not define SLB9672/SLB9673.
+* Fixed TLS examples to not use openssl compatibility macros (PR #341)
+* Added ST33 support for pre-provisioned device identity key and certificate (PR #336)
+  - Added support for pre-provisioned TPM using the "TPM 2.0 Keys for Device Identity and Attestation" specification. See build macro: `WOLFTPM_MFG_IDENTITY`.
+  - Added example for using TPM pre-provisioned device identity to TLS client example.
+  - Fixed ST33 vendor command to enable command codes (TPM2_SetCommandSet) (it requires platform auth to be set).
+  - Added benchmarks for new ST33KTPM2XI2C.
+  - Fixed 0x1XX error code parsing.
+  - Fixed ST33 part descriptions.
+  - Updated example certificates.
+* Fixes for building wolfTPM examples with `NO_FILESYSTEM` (PR #338)
+* Fixed crypto callback hashing return code initialization (PR #334)
+* Updated documentation for Infineon SLB9673 (I2C) (PR #337)
+* Fixed Documentation references for generated user manual (PR #335)
+* Fixed netdb.h include (PR #333)
+* Fixes for building with "-Wpedantic" (PR #332)
+* Added new API `wolfTPM2_GetHandles` to get list of handles from the TPM capabilities. (PR #328)
+* Fixed config.h, which should only be included from .c files, not headers. (PR #330/#331)
+* Fixed CMake tests (PR #329)
+* Fixed and improved secret sealing/unsealing (PR #327)
+  - Do not set userWithAuth by default when creating sealed objects. That flag allows password auth for the sealed object. Without the flag it only allows policy auth.
+  - Allow setting policy auth with flags.
+  - Fix secret_unseal to use policy session and valid sealed name.
+  - Added expected failure test cases for seal/unseal with policy.
+  - Improve the run_examples.sh script
+* Improved types for htons and byte swap (PR #326)
+  - Match byte swap logic with wolfSSL (use WOLF_ALLOW_BUILTIN).
+  - Remove unused `XHTONS` and `arpa/inet.h`.
+* Improved STMicro product naming (PR #325)
+* Improved the STM32Cube template (PR #324)
+  - Setup so next pack can add small stack and transport options: `WOLFTPM_CONF_SMALL_STACK` and `WOLFTPM_CONF_TRANSPORT` (0=SPI, 1=I2C).
+* Fixed build error with missing `wc_RsaKeyToPublicDer_ex` (PR #323)
+* Improved the ECC macro checks for `wc_EccPublicKeyToDer` (PR #323)
+* Added PKCS7 ECC support to example (PR #322)
+  - Added wrapper function to export TPM public key as DER/ASN.1 or PEM.
+  - Fixed for crypto callback ECC sign to handle getting keySz for unknown cases (like PKCS7 without privateKey set).
+* Added expanded key template and cleanups (PR #321)
+  - Fixed mixed variable declaration.
+  - Added _ex version for GetKeyTemplate RSA/ECC to allow setting all template parameters.
+
+
 ## wolfTPM Release 3.1.0 (Dec 29, 2023)
 
 **Summary**

IDE/OPENSTM32/Inc/wolftpm_example.h

@@ -1,6 +1,6 @@
 /* wolftpm_example.h
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfTPM.
  *

IDE/OPENSTM32/Src/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfTPM.
  *
@@ -18,7 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-
+
 
 #include "wolftpm_example.h"
 

IDE/OPENSTM32/Src/wolftpm_example.c

@@ -1,6 +1,6 @@
 /* wolftpm_example.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfTPM.
  *

IDE/VisualStudio/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfTPM.
  *

configure.ac

@@ -3,7 +3,7 @@
 # All right reserved.
 
 AC_COPYRIGHT([Copyright (C) 2014-2021 wolfSSL Inc.])
-AC_INIT([wolftpm],[3.1.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
+AC_INIT([wolftpm],[3.2.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
 
 AC_PREREQ([2.63])
 AC_CONFIG_AUX_DIR([build-aux])
@@ -28,18 +28,17 @@ AC_ARG_PROGRAM
 
 AC_CONFIG_HEADERS([src/config.h])
 
-WOLFTPM_LIBRARY_VERSION=16:1:0
+WOLFTPM_LIBRARY_VERSION=16:2:0
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |
 #                current:revision:age
 #                 |        |     |
-#                 |        |     +- increment if interfaces have been added
-#                 |        |        set to zero if interfaces have been removed
-#                 |        |        or changed
-#                 |        +- increment if source code has changed
-#                 |           set to zero if current is incremented
-#                 +- increment if interfaces have been added, removed or changed
+#                 |        |     +- increment if source code has changed
+#                 |        |        set to zero if [current] or [revision] is incremented
+#                 |        +- increment if interfaces have been added
+#                 |           set to zero if [current] is incremented
+#                 +- increment if interfaces have been removed or changed
 AC_SUBST([WOLFTPM_LIBRARY_VERSION])
 
 
@@ -479,7 +478,7 @@ rm -f $OPTION_FILE
 echo "/* wolftpm options.h" > $OPTION_FILE
 echo " * generated from configure options" >> $OPTION_FILE
 echo " *" >> $OPTION_FILE
-echo " * Copyright (C) 2006-2021 wolfSSL Inc." >> $OPTION_FILE
+echo " * Copyright (C) 2006-2024 wolfSSL Inc." >> $OPTION_FILE
 echo " *" >> $OPTION_FILE
 echo " * * This file is part of wolfTPM." >> $OPTION_FILE
 echo " *" >> $OPTION_FILE

examples/attestation/activate_credential.c

@@ -1,6 +1,6 @@
 /* activate_credential.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfTPM.
  *

examples/attestation/credential.h

@@ -1,6 +1,6 @@
 /* credential.h
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfTPM.
  *

examples/attestation/make_credential.c

@@ -1,6 +1,6 @@
 /* make_credential.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfTPM.
  *