Infineon SLB9672 support

README.md

@@ -7,7 +7,7 @@ Portable TPM 2.0 project designed for embedded use.
 
 * This implementation provides all TPM 2.0 API’s in compliance with the specification.
 * Wrappers provided to simplify Key Generation/Loading, RSA encrypt/decrypt, ECC sign/verify, ECDH, NV, Hashing/Hmac and AES.
-* Testing done using the STM ST33TP* SPI/I2C, Infineon OPTIGA SLB9670, Microchip ATTPM20 TPM 2.0 modules and Nuvoton NPCT650.
+* Testing done using the STM ST33TP* SPI/I2C, Infineon OPTIGA SLB9670/SLB9672, Microchip ATTPM20 TPM 2.0 modules and Nuvoton NPCT650.
 * wolfTPM uses the TPM Interface Specification (TIS) to communicate over SPI.
 * wolfTPM can also use the Linux TPM kernel interface (/dev/tpmX) to talk with any physical TPM on SPI, I2C and even LPC bus.
 * Platform support for Raspberry Pi, STM32 with CubeMX, Atmel ASF and Barebox.
@@ -74,7 +74,7 @@ There are examples here for Linux, STM32 CubeMX, Atmel ASF and BareBox. The adva
 
 Tested with:
 
-* Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB 9670.
+* Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB 9670 and SLB9672.
     - LetsTrust: [http://letstrust.de] (<https://buyzero.de/collections/andere-platinen/products/letstrust-hardware-tpm-trusted-platform-module).> Compact Raspberry Pi TPM 2.0 board based on Infineon SLB 9670.
 * ST ST33TP* TPM 2.0 module (SPI and I2C)
 * Microchip ATTPM20 module
@@ -83,9 +83,13 @@ Tested with:
 #### Device Identification
 
 Infineon SLB9670:
-TIS: TPM2: Caps 0x30000697, Did 0x001b, Vid 0x15d1, Rid 0x10
+TPM2: Caps 0x30000697, Did 0x001b, Vid 0x15d1, Rid 0x10
 Mfg IFX (1), Vendor SLB9670, Fw 7.85 (4555), FIPS 140-2 1, CC-EAL4 1
 
+Infineon SLB9672:
+TPM2: Caps 0x30000697, Did 0x001d, Vid 0x15d1, Rid 0x36
+Mfg IFX (1), Vendor SLB9672, Fw 16.10 (0x4068), FIPS 140-2 1, CC-EAL4 1
+
 ST ST33TP SPI
 TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e
 Mfg STM  (2), Vendor , Fw 74.8 (1151341959), FIPS 140-2 1, CC-EAL4 0
@@ -138,7 +142,7 @@ autogen.sh requires: automake and libtool: `sudo apt-get install automake libtoo
 --enable-tislock        Enable Linux Named Semaphore for locking access to SPI device for concurrent access between processes - WOLFTPM_TIS_LOCK
 
 --enable-autodetect     Enable Runtime Module Detection (default: enable - when no module specified) - WOLFTPM_AUTODETECT
---enable-infineon       Enable Infineon SLB9670 TPM Support (default: disabled)
+--enable-infineon       Enable Infineon SLB9670/SLB9672 TPM Support (default: disabled)
 --enable-st             Enable ST ST33TPM Support (default: disabled) - WOLFTPM_ST33
 --enable-microchip      Enable Microchip ATTPM20 Support (default: disabled) - WOLFTPM_MCHP
 --enable-nuvoton        Enable Nuvoton NPCT65x/NPCT75x Support (default: disabled) - WOLFTPM_NUVOTON
@@ -153,15 +157,15 @@ TLS_BENCH_MODE          Enables TLS benchmarking mode.
 NO_TPM_BENCH            Disables the TPM benchmarking example.
 ```
 
-### Building Infineon SLB9670
+### Building Infineon SLB9670/SLB9672
 
 Build wolfTPM:
 
 ```
 git clone https://github.com/wolfSSL/wolfTPM.git
 cd wolfTPM
 ./autogen.sh
-./configure
+./configure --enable-infineon
 make
 ```
 
@@ -389,6 +393,40 @@ ECDSA    256 verify         9 ops took 1.022 sec, avg 113.539 ms,   8.808 ops/se
 ECDHE    256 agree          5 ops took 1.161 sec, avg 232.144 ms,   4.308 ops/sec
 ```
 
+Run on Infineon OPTIGA SLB9672 at 43MHz:
+
+```
+./examples/bench/bench
+TPM2 Benchmark using Wrapper API's
+	Use Parameter Encryption: NULL
+Loading SRK: Storage 0x81000200 (282 bytes)
+RNG                 24 KB took 1.070 seconds,   22.429 KB/s
+Benchmark symmetric AES-128-CBC-enc not supported!
+Benchmark symmetric AES-128-CBC-dec not supported!
+Benchmark symmetric AES-256-CBC-enc not supported!
+Benchmark symmetric AES-256-CBC-dec not supported!
+Benchmark symmetric AES-128-CTR-enc not supported!
+Benchmark symmetric AES-128-CTR-dec not supported!
+Benchmark symmetric AES-256-CTR-enc not supported!
+Benchmark symmetric AES-256-CTR-dec not supported!
+AES-128-CFB-enc     86 KB took 1.001 seconds,   85.890 KB/s
+AES-128-CFB-dec     88 KB took 1.020 seconds,   86.267 KB/s
+AES-256-CFB-enc     86 KB took 1.023 seconds,   84.073 KB/s
+AES-256-CFB-dec     86 KB took 1.019 seconds,   84.370 KB/s
+SHA1                88 KB took 1.021 seconds,   86.155 KB/s
+SHA256              86 KB took 1.015 seconds,   84.717 KB/s
+SHA384              90 KB took 1.007 seconds,   89.405 KB/s
+RSA     2048 key gen       10 ops took 15.677 sec, avg 1567.678 ms, 0.638 ops/sec
+RSA     2048 Public       110 ops took 1.000 sec, avg 9.095 ms, 109.951 ops/sec
+RSA     2048 Private       14 ops took 1.078 sec, avg 76.996 ms, 12.988 ops/sec
+RSA     2048 Pub  OAEP     51 ops took 1.012 sec, avg 19.838 ms, 50.408 ops/sec
+RSA     2048 Priv OAEP     12 ops took 1.053 sec, avg 87.738 ms, 11.398 ops/sec
+ECC      256 key gen        8 ops took 1.088 sec, avg 135.956 ms, 7.355 ops/sec
+ECDSA    256 sign          29 ops took 1.033 sec, avg 35.621 ms, 28.073 ops/sec
+ECDSA    256 verify        42 ops took 1.013 sec, avg 24.114 ms, 41.470 ops/sec
+ECDHE    256 agree         16 ops took 1.055 sec, avg 65.948 ms, 15.164 ops/sec
+```
+
 Run on ST ST33TP SPI at 33MHz:
 
 ```

configure.ac

@@ -304,15 +304,15 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_NUVOTON"
 fi
 
-# Infineon SLB9670
+# Infineon SLB9670/SLB9672
 AC_ARG_ENABLE([infineon],
-    [AS_HELP_STRING([--enable-infineon],[Enable Infineon SLB9670 TPM Support (default: disabled)])],
+    [AS_HELP_STRING([--enable-infineon],[Enable Infineon SLB9670/SLB9672 TPM Support (default: disabled)])],
     [ ENABLED_INFINEON=$enableval ],
     [ ENABLED_INFINEON=no ]
     )
 if test "x$ENABLED_INFINEON" = "xyes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_SLB9670"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_SLB9670 -DWOLFTPM_SLB9672"
 fi
 
 
@@ -400,7 +400,7 @@ AM_CONDITIONAL([BUILD_WRAPPER], [test "x$ENABLED_WRAPPER" = "xyes"])
 AM_CONDITIONAL([HAVE_LIBWOLFSSL], [test "x$ENABLED_WOLFCRYPT" = "xyes"])
 AM_CONDITIONAL([BUILD_I2C], [test "x$ENABLED_I2C" = "xyes"])
 AM_CONDITIONAL([BUILD_ADVIO], [test "x$ENABLED_ADVIO" = "xyes"])
-AM_CONDITIONAL([BUILD_ST], [test "x$ENABLED_ST33" = "xyes"])
+AM_CONDITIONAL([BUILD_ST], [test "x$ENABLED_ST" = "xyes"])
 AM_CONDITIONAL([BUILD_MICROCHIP], [test "x$ENABLED_MICROCHIP" = "xyes"])
 AM_CONDITIONAL([BUILD_INFINEON], [test "x$ENABLED_INFINEON" = "xyes"])
 AM_CONDITIONAL([BUILD_DEVTPM], [test "x$ENABLED_DEVTPM" = "xyes"])
@@ -528,8 +528,8 @@ echo "   * SWTPM:                     $ENABLED_SWTPM"
 echo "   * WINAPI:                    $ENABLED_WINAPI"
 echo "   * TIS/SPI Check Wait State:  $ENABLED_CHECKWAITSTATE"
 
-echo "   * Infineon SLB9670           $ENABLED_INFINEON"
-echo "   * STM ST33:                  $ENABLED_ST33"
+echo "   * Infineon SLB967X           $ENABLED_INFINEON"
+echo "   * STM ST33:                  $ENABLED_ST"
 echo "   * Microchip ATTPM20:         $ENABLED_MICROCHIP"
 echo "   * Nuvoton NPCT75x:           $ENABLED_NUVOTON"
 

examples/tpm_io_linux.c

@@ -78,7 +78,7 @@
             /* Nuvoton NPCT75x uses CE0 */
             #define TPM2_SPI_DEV_CS "0"
         #else
-            /* OPTIGA SLB9670 and LetsTrust TPM use CE1 */
+            /* OPTIGA SLB9670/SLB9762 and LetsTrust TPM use CE1 */
             #define TPM2_SPI_DEV_CS "1"
         #endif
 

wolftpm/tpm2_types.h

@@ -202,14 +202,14 @@ typedef int64_t  INT64;
 
 /* Infineon SLB9670 TPM 2.0 (default) */
 /* #define WOLFTPM_SLB9670 */
+/* #define WOLFTPM_SLB9672 */
 
 /* Define a default chip */
 #if !defined(WOLFTPM_ST33) && !defined(WOLFTPM_MCHP) && \
     !defined(WOLFTPM_NUVOTON) && !defined(WOLFTPM_SLB9670)
     #define WOLFTPM_SLB9670
 #endif
 
-
 /* Chip Specific Settings */
 #ifdef WOLFTPM_MCHP
     /* Microchip ATTPM20 */
@@ -245,7 +245,7 @@ typedef int64_t  INT64;
         #define TPM2_SPI_MAX_HZ TPM2_SPI_MAX_HZ_NUVOTON
     #endif
 #else
-    /* Infineon OPTIGA SLB9670 */
+    /* Infineon OPTIGA SLB9670/SLB9672 */
     /* Max: 43MHz */
     #define TPM2_SPI_MAX_HZ_INFINEON 43000000
     #ifndef TPM2_SPI_MAX_HZ