Fix for ST33 vendor command to enable command codes (TPM2_SetCommandS…

…et). It requires platform auth to be set. Add benchmarks for new ST33KTPM2XI2C. Fix 0x1XX error code parsing.
wolfSSL · Mar 20, 2024 · f983525 · f983525
1 parent 551d7da
commit f983525
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -86,7 +86,7 @@ Tested with:
 
 * Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB9670, SLB9672 and SLB9673 (I2C).
     - LetsTrust: Vendor for TPM development boards [http://letstrust.de](http://letstrust.de).
-* STMicro STSAFE-TPM, ST33TPHF2XSPI/2XI2C and ST33KTPM2X
+* STMicro STSAFE-TPM, ST33TPHF2XSPI/2XI2C and ST33KTPM2X (SPI and I2C)
 * Microchip ATTPM20 module
 * Nuvoton NPCT65X or NPCT75x TPM2.0 module
 * Nations Technologies Z32H330 TPM 2.0 module
@@ -105,6 +105,10 @@ Infineon SLB9673:
 TPM2: Caps 0x1ae00082, Did 0x001c, Vid 0x15d1, Rid 0x16
 Mfg IFX (1), Vendor SLB9673, Fw 26.13 (0x456a), FIPS 140-2 1, CC-EAL4 1
 
+STMicro ST33KTPM2XI2C
+TPM2: Caps 0x30000415, Did 0x0003, Vid 0x104a, Rid 0x 0
+Mfg STM  (2), Vendor ST33KTPM2XI2C, Fw 9.256 (0x0), FIPS 140-2 1, CC-EAL4 0
+
 STMicro ST33TPHF2XSPI
 TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e
 Mfg STM  (2), Vendor , Fw 74.8 (1151341959), FIPS 140-2 1, CC-EAL4 0
@@ -479,6 +483,40 @@ ECDSA    256 verify        18 ops took 1.043 sec, avg 57.921 ms, 17.265 ops/sec
 ECDHE    256 agree          9 ops took 1.025 sec, avg 113.888 ms, 8.781 ops/sec
 ```
 
+Run on STMicro ST33KTPM2XI2C at 33MHz:
+
+```
+./examples/bench/bench
+TPM2 Benchmark using Wrapper API's
+	Use Parameter Encryption: NULL
+Loading SRK: Storage 0x81000200 (282 bytes)
+RNG                 24 KB took 1.042 seconds,   23.028 KB/s
+AES-128-CBC-enc     52 KB took 1.018 seconds,   51.077 KB/s
+AES-128-CBC-dec     52 KB took 1.027 seconds,   50.644 KB/s
+AES-256-CBC-enc     46 KB took 1.012 seconds,   45.446 KB/s
+AES-256-CBC-dec     46 KB took 1.021 seconds,   45.072 KB/s
+AES-128-CTR-enc     44 KB took 1.025 seconds,   42.927 KB/s
+AES-128-CTR-dec     44 KB took 1.024 seconds,   42.955 KB/s
+AES-256-CTR-enc     40 KB took 1.025 seconds,   39.016 KB/s
+AES-256-CTR-dec     40 KB took 1.026 seconds,   38.992 KB/s
+AES-128-CFB-enc     52 KB took 1.026 seconds,   50.674 KB/s
+AES-128-CFB-dec     46 KB took 1.023 seconds,   44.986 KB/s
+AES-256-CFB-enc     46 KB took 1.021 seconds,   45.047 KB/s
+AES-256-CFB-dec     42 KB took 1.033 seconds,   40.665 KB/s
+SHA1               138 KB took 1.009 seconds,  136.727 KB/s
+SHA256             128 KB took 1.010 seconds,  126.723 KB/s
+SHA384             116 KB took 1.001 seconds,  115.833 KB/s
+RSA     2048 key gen        9 ops took 17.497 sec, avg 1944.057 ms, 0.514 ops/sec
+RSA     2048 Public       155 ops took 1.003 sec, avg 6.468 ms, 154.601 ops/sec
+RSA     2048 Private       12 ops took 1.090 sec, avg 90.806 ms, 11.013 ops/sec
+RSA     2048 Pub  OAEP    122 ops took 1.004 sec, avg 8.230 ms, 121.501 ops/sec
+RSA     2048 Priv OAEP     11 ops took 1.023 sec, avg 92.964 ms, 10.757 ops/sec
+ECC      256 key gen       12 ops took 1.070 sec, avg 89.172 ms, 11.214 ops/sec
+ECDSA    256 sign          40 ops took 1.010 sec, avg 25.251 ms, 39.602 ops/sec
+ECDSA    256 verify        28 ops took 1.023 sec, avg 36.543 ms, 27.365 ops/sec
+ECDHE    256 agree         16 ops took 1.062 sec, avg 66.391 ms, 15.062 ops/sec
+```
+
 Run on STMicro ST33TPHF2XSPI at 33MHz:
 
 ```

diff --git a/src/tpm2.c b/src/tpm2.c
@@ -5177,6 +5177,7 @@ int TPM2_SetCommandSet(SetCommandSet_In* in)
         TPM2_Packet packet;
         CmdInfo_t info = {0,0,0,0};
         info.inHandleCnt = 1;
+        info.flags = (CMD_FLAG_AUTH_USER1);
 
         TPM2_Packet_Init(ctx, &packet);
 
@@ -5209,6 +5210,7 @@ int TPM2_SetMode(SetMode_In* in)
         TPM2_Packet packet;
         CmdInfo_t info = {0,0,0,0};
         info.inHandleCnt = 1;
+        info.flags = (CMD_FLAG_AUTH_USER1);
 
         TPM2_Packet_Init(ctx, &packet);
 
@@ -5625,7 +5627,7 @@ const char* TPM2_GetRCString(int rc)
         return "Success";
     }
 
-    if ((rc & RC_WARN) && (rc & RC_FMT1) == 0) {
+    if ((rc & RC_WARN) && (rc & RC_FMT1) == 0 && (rc & RC_VER1) == 0) {
         int rc_warn = rc & RC_MAX_WARN;
 
         switch (rc_warn) {

diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -5089,6 +5089,9 @@ int wolfTPM2_EncryptDecryptBlock(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
         /* try to enable support */
         rc = wolfTPM2_SetCommand(dev, TPM_CC_EncryptDecrypt2, YES);
         if (rc == TPM_RC_SUCCESS) {
+            /* reset session auth for key */
+            wolfTPM2_SetAuthHandle(dev, 0, &key->handle);
+
             /* try command again */
             rc = TPM2_EncryptDecrypt2(&encDecIn, &encDecOut);
         }
@@ -5153,6 +5156,9 @@ int wolfTPM2_SetCommand(WOLFTPM2_DEV* dev, TPM_CC commandCode, int enableFlag)
     if (TPM2_GetVendorID() == TPM_VENDOR_STM) {
         SetCommandSet_In in;
 
+        /* set blank platform auth */
+        wolfTPM2_SetAuthPassword(dev, 0, NULL);
+
         /* Enable commands (like TPM2_EncryptDecrypt2) */
         XMEMSET(&in, 0, sizeof(in));
         in.authHandle = TPM_RH_PLATFORM;