Merge pull request #26 from dgarske/rel_v1.2_prep

wolfPKCS11 release v1.2 prep

Author: douzzer

README.md

@@ -77,8 +77,44 @@ When not set, defaults to: /tmp
 
 Set to any value to stop storage of token data.
 
+
 ## Release Notes
 
+### wolfPKCS11 Release 1.2 (Dec 26, 2023)
+
+**Summary**
+
+Adds backend support for TPM 2.0 using wolfTPM. Adds AES CBC key wrap / unwrap support. Portability improvements. Improved testing with GitHub Actions.
+
+**Detail**
+
+* Cleanups for minor cast warning, spelling and ignore for generated test files (PR #14)
+* Added support for wrap/unwrap RSA with aes_cbc_pad. (PR #15)
+* Fixed setting of label for public key after creation (init ECC objects before decoding) (PR #16)
+* Flush writes in key store. (PR #17)
+* Added build options for embedded use (PR #18)
+  - `WOLFSSL_USER_SETTINGS` to avoid including `wolfssl/options.h`
+  - `WOLFPKCS11_USER_SETTINGS` to avoid including `wolfPKCS11/options.h`
+  - `WOLFPKCS11_NO_TIME` to make wc_GetTime() optional (it disables brute-force protections on token login)
+* Reset failed login counter only with `WOLFPKCS11_NO_TIME` (PR #18)
+* Fixed argument passing in `SetMPI`/`GetMPIData` (PR #19)
+* Fixed `NO_DH` ifdef gate when freeing PKCS11 object (PR #20)
+* Added GitHub CI action (PR #21)
+* Fixed warnings from `./autogen.sh`. Updated m4 macros. (PR #21)
+* Added additional GitHub CI action tests. (PR #22)
+* Added wolfPKCS11 support for using TPM 2.0 module as backend. Uses wolfTPM and supports RSA and ECC. Requires https://github.com/wolfSSL/wolfTPM/pull/311 (PR #23)
+* Added CI testing for wolfPKCS11 with wolfTPM backend and single threaded. (PR #23)
+* Added PKCS11 TPM NV store (enabled with `WOLFPKCS11_TPM_STORE`). Allow `WOLFPKCS11_NO_STORE` for TPM use case. (PR #23)
+* Fixed compiler warnings from mingw. (PR #23)
+* Added portability macro `WOLFPKCS11_NO_ENV` when setenv/getenv are not available. (PR #23)
+* Fix to only require `-ldl` for non-static builds. (PR #23)
+* Portability fixes. Added `NO_MAIN_DRIVER`. Support for `SINGLE_THREADED`. Add `static` to some globals. (PR #24)
+* Fixes for portability where `XREALLOC` is not available. (PR #25)
+* Added support for custom setenv/get env using `WOLFPKCS11_USER_ENV`. (PR #25)
+* Fix for final not being called after init in edge case pin failure. (PR #25)
+* Added support for hashing PIN with SHA2-256.
+  - PKS11 uses scrypt, which uses multiple MB of memory and is not practical for embedded systems. (PR #25)
+
 ### wolfPKCS11 Release 1.1 (May 6, 2022)
 
 * Added support for CKM_AES_CBC_PAD

configure.ac

@@ -7,7 +7,7 @@
 #
 AC_COPYRIGHT([Copyright (C) 2014-2023 wolfSSL Inc.])
 AC_PREREQ([2.63])
-AC_INIT([wolfpkcs11],[1.1.0],[https://github.com/wolfssl/wolfpkcs11/issues],[wolfpkcs11],[http://www.wolfssl.com])
+AC_INIT([wolfpkcs11],[1.2.0],[https://github.com/wolfssl/wolfpkcs11/issues],[wolfpkcs11],[http://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
 
 # The following sets CFLAGS to empty if unset on command line.
@@ -32,7 +32,7 @@ AC_ARG_PROGRAM
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([wolfpkcs11/config.h])
 
-WOLFPKCS11_LIBRARY_VERSION=2:0:0
+WOLFPKCS11_LIBRARY_VERSION=3:0:0
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |

src/internal.c

@@ -6953,7 +6953,7 @@ int WP11_Ec_GenerateKeyPair(WP11_Object* pub, WP11_Object* priv,
         CK_BBOOL isSign = CK_FALSE;
         CK_ULONG len = sizeof(isSign);
         ret = WP11_Object_GetAttr(priv, CKA_SIGN, &isSign, &len);
-        if (isSign)
+        if (ret == 0 && isSign)
             priv->slot->tpmCtx.eccKey = (WOLFTPM2_KEY*)&priv->tpmKey;
         else
             priv->slot->tpmCtx.ecdhKey = (WOLFTPM2_KEY*)&priv->tpmKey;

tests/pkcs11mtt.c

@@ -6527,6 +6527,12 @@ int pkcs11test_mtt(int argc, char* argv[])
                 return 1;
             }
             testCase = atoi(*argv);
+            if (testCase <= 0 || testCase > testFuncCnt) {
+                fprintf(stderr, "Test case out of range: %s\n", *argv);
+                return 1;
+            }
+            testFunc[testCase - 1].run = 1;
+            onlySet = 1;
         }
         else if (string_matches(*argv, "-token")) {
             argc--;

tests/pkcs11test.c

@@ -699,6 +699,7 @@ static CK_RV test_open_close_session(void* args)
                     funcList->C_CloseSession(session);
 
                 ret = funcList->C_Logout(soSession);
+                CHECK_CKR(ret, "Session Logout failed");
             }
             ret = funcList->C_CloseSession(soSession);
         }
@@ -2646,6 +2647,7 @@ static CK_RV test_wrap_unwrap_key(void* args)
 
     memset(wrappingKeyData, 9, sizeof(wrappingKeyData));
     memset(keyData, 7, sizeof(keyData));
+    memset(&mech, 0, sizeof(mech));
     wrappedKeyLen = sizeof(wrappedKey);
 
     ret = get_generic_key(session, wrappingKeyData, sizeof(wrappingKeyData),
@@ -7942,6 +7944,12 @@ int pkcs11test_test(int argc, char* argv[])
                 return 1;
             }
             testCase = atoi(*argv);
+            if (testCase <= 0 || testCase > testFuncCnt) {
+                fprintf(stderr, "Test case out of range: %s\n", *argv);
+                return 1;
+            }
+            testFunc[testCase - 1].run = 1;
+            onlySet = 1;
         }
         else if (string_matches(*argv, "-token")) {
             argc--;

wolfpkcs11/version.h

@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFPKCS11_VERSION_STRING "1.1.0"
-#define LIBWOLFPKCS11_VERSION_HEX 0x01001000
+#define LIBWOLFPKCS11_VERSION_STRING "1.2.0"
+#define LIBWOLFPKCS11_VERSION_HEX 0x01002000
 
 #ifdef __cplusplus
 }