{"id":19579743,"url":"https://github.com/wolfssl/wolftpm","last_synced_at":"2025-05-16T08:00:20.944Z","repository":{"id":39792696,"uuid":"119579647","full_name":"wolfSSL/wolfTPM","owner":"wolfSSL","description":"wolfTPM is a highly portable TPM 2.0 library, designed for embedded use.","archived":false,"fork":false,"pushed_at":"2025-05-14T21:08:20.000Z","size":3256,"stargazers_count":270,"open_issues_count":4,"forks_count":66,"subscribers_count":32,"default_branch":"master","last_synced_at":"2025-05-14T22:22:16.391Z","etag":null,"topics":["compact","cryptography","ecc","embedded","i2c","low-resource","secure","secure-key-storage","spi","tis","tpm","tpm-interface-specification","tpm2","tpm2-library","trusted-platform-module","wolfssl","wolftpm"],"latest_commit_sha":null,"homepage":"https://www.wolfssl.com","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wolfSSL.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-01-30T18:52:42.000Z","updated_at":"2025-05-14T21:08:25.000Z","dependencies_parsed_at":"2023-02-15T13:15:31.244Z","dependency_job_id":"456d7b27-5e08-4909-9fbc-c3e9ee58e496","html_url":"https://github.com/wolfSSL/wolfTPM","commit_stats":null,"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfTPM","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfTPM/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfTPM/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfTPM/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wolfSSL","download_url":"https://codeload.github.com/wolfSSL/wolfTPM/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254493382,"owners_count":22080126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compact","cryptography","ecc","embedded","i2c","low-resource","secure","secure-key-storage","spi","tis","tpm","tpm-interface-specification","tpm2","tpm2-library","trusted-platform-module","wolfssl","wolftpm"],"created_at":"2024-11-11T07:18:51.758Z","updated_at":"2025-05-16T08:00:20.792Z","avatar_url":"https://github.com/wolfSSL.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# wolfTPM (TPM 2.0)\n\nPortable TPM 2.0 project designed for embedded use.\n\n\n## Project Features\n\n* This implementation provides all TPM 2.0 API's in compliance with the specification.\n* Wrappers provided to simplify Key Generation/Loading, RSA encrypt/decrypt, ECC sign/verify, ECDH, NV, Hashing/HACM, AES, Sealing/Unsealing, Attestation, PCR Extend/Quote and Secure Root of Trust.\n* Testing done using TPM 2.0 modules from STMicro ST33 (SPI/I2C), Infineon OPTIGA SLB9670/SLB9672/SLB9673, Microchip ATTPM20, Nations Tech Z32H330TC/NS350 and Nuvoton NPCT650/NPCT750.\n* wolfTPM uses the TPM Interface Specification (TIS) to communicate either over SPI, or using a memory mapped I/O range.\n* wolfTPM can also use the Linux TPM kernel interface (`/dev/tpmX`) to talk with any physical TPM on SPI, I2C and even LPC bus.\n* Platform support for Raspberry Pi (Linux), MMIO, STM32 with CubeMX, Atmel ASF, Xilinx, QNX Infineon TriCore and Barebox.\n* The design allows for easy portability to different platforms:\n * Native C code designed for embedded use.\n * Single IO callback for hardware SPI interface.\n * No external dependencies.\n * Compact code size and minimal memory use.\n* Includes example code for:\n * Most TPM2 native API's\n * All TPM2 wrapper API's\n * PKCS 7\n * Certificate Signing Request (CSR)\n * TLS Client\n * TLS Server\n * Use of the TPM's Non-volatile memory\n * Attestation (activate and make credential)\n * Benchmarking TPM algorithms and TLS\n * Key Generation (primary, RSA/ECC and symmetric), loading and storing to flash (NV memory)\n * Sealing and Unsealing data with an RSA key or externally signed policy.\n * Time signed or set\n * PCR read/reset\n * GPIO configure, read and write.\n * Endorsement Key/Cert retrieval and validation.\n* Parameter encryption support using AES-CFB or XOR.\n* Support for salted unbound authenticated sessions.\n* Support for HMAC Sessions.\n* Support for reading Endorsement certificates (EK Credential Profile).\n\nNote: See [examples/README.md](examples/README.md) for details on using the examples.\n\n\n## TPM 2.0 Overview\n\n### Hierarchies\n\n```\nPlatform TPM_RH_PLATFORM\nOwner TPM_RH_OWNER\nEndorsement TPM_RH_ENDORSEMENT\n```\n\nEach hierarchy has their own manufacture generated seed.\n\nThe arguments used on `TPM2_Create` or `TPM2_CreatePrimary` create a template, which is fed into a KDF to produce the same key based hierarchy used. The key generated is the same each time; even after reboot. The generation of a new RSA 2048 bit key takes about 15 seconds. Typically these are created and then stored in NV using `TPM2_EvictControl`. Each TPM generates their own keys uniquely based on the seed.\n\nThere is also an Ephemeral hierarchy (`TPM_RH_NULL`), which can be used to create ephemeral keys.\n\n### Platform Configuration Registers (PCRs)\n\nContains hash digests for SHA-1 and SHA-256 with an index 0-23. These hash digests can be extended to prove the integrity of a boot sequence (secure boot).\n\n\n### Terminology\n\nThis project uses the terms append vs. marshall and parse vs. unmarshall.\n\nAcronyms:\n* HAL: Hardware Abstraction Layer.\n* NV: Non-Volatile memory.\n* TPM: Trusted Platform Module.\n\n## Platform\n\nThe examples in this library are written for use on a Raspberry Pi and use the `spi_dev` interface.\n\n### IO Callback (HAL)\n\nSee the HAL manual in [hal/README.md](hal/README.md).\n\nFor interfacing to your hardware interface (SPI/I2C) a single HAL callback is used and configuration on initialization when calling `TPM2_Init` or `wolfTPM2_Init`.\n\nThere are HAL examples in `hal` directory for:\n\n* Atmel ASF\n* BareBox\n* Espressif ESP-IDF\n* Infineon TriCore\n* Linux\n* STM32 CubeMX\n* Xilinx\n\nWe also support an advanced IO option (`--enable-advio`/`WOLFTPM_ADV_IO`), which adds the register and read/write flag as parameter to the IO callback. This is required for I2C support.\n\n### Hardware\n\nTested with:\n\n* Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB9670, SLB9672 and SLB9673 (I2C).\n - LetsTrust: Vendor for TPM development boards [http://letstrust.de](http://letstrust.de).\n* STMicro STSAFE-TPM, ST33TPHF2XSPI/2XI2C and ST33KTPM2X (SPI and I2C)\n* Microchip ATTPM20 module\n* Nuvoton NPCT65X or NPCT75x TPM2.0 modules\n* Nations Technologies Z32H330 or NS350 TPM 2.0 modules\n\n#### Device Identification\n\nInfineon SLB9670:\nTPM2: Caps 0x30000697, Did 0x001b, Vid 0x15d1, Rid 0x10\nMfg IFX (1), Vendor SLB9670, Fw 7.85 (4555), FIPS 140-2 1, CC-EAL4 1\n\nInfineon SLB9672:\nTPM2: Caps 0x30000697, Did 0x001d, Vid 0x15d1, Rid 0x36\nMfg IFX (1), Vendor SLB9672, Fw 16.10 (0x4068), FIPS 140-2 1, CC-EAL4 1\n\nInfineon SLB9673:\nTPM2: Caps 0x1ae00082, Did 0x001c, Vid 0x15d1, Rid 0x16\nMfg IFX (1), Vendor SLB9673, Fw 26.13 (0x456a), FIPS 140-2 1, CC-EAL4 1\n\nSTMicro ST33KTPM2XSPI\nTPM2: Caps 0x30000415, Did 0x0003, Vid 0x104a, Rid 0x 0\nMfg STM (2), Vendor ST33KTPM2XSPI, Fw 9.256 (0x0), FIPS 140-2 1, CC-EAL4 0\n\nSTMicro ST33TPHF2XSPI\nTPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e\nMfg STM (2), Vendor , Fw 74.8 (1151341959), FIPS 140-2 1, CC-EAL4 0\n\nSTMicro ST33TPHF2XI2C\nTPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e\nMfg STM (2), Vendor , Fw 74.9 (1151341959), FIPS 140-2 1, CC-EAL4 0\n\nMicrochip ATTPM20\nTPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1\nMfg MCHP (3), Vendor , Fw 512.20481 (0), FIPS 140-2 0, CC-EAL4 0\n\nNations Technologies Inc. Z32H330 TPM 2.0 module\nMfg NTZ (0), Vendor Z32H330, Fw 7.51 (419631892), FIPS 140-2 0, CC-EAL4 0\n\nNations Technologies Inc. NS350 TPM 2.0 module\nTPM2: Caps 0x30000615, Did 0x0701, Vid 0x9999, Rid 0x 1\nMfg NSG (0), Vendor NS350, Fw 30.30 (0x24042510), FIPS 140-2 1, CC-EAL4 0\n\nNuvoton NPCT650 TPM2.0\nMfg NTC (0), Vendor rlsNPCT , Fw 1.3 (65536), FIPS 140-2 0, CC-EAL4 0\n\nNuvoton NPCT750 TPM2.0\nTPM2: Caps 0x30000697, Did 0x00fc, Vid 0x1050, Rid 0x 1\nMfg NTC (0), Vendor NPCT75x\"!!4rls, Fw 7.2 (131072), FIPS 140-2 1, CC-EAL4 0\n\n## Building\n\n### Building wolfSSL\n\n```bash\ngit clone https://github.com/wolfSSL/wolfssl.git\ncd wolfssl\n./autogen.sh\n./configure --enable-wolftpm\nmake\nsudo make install\nsudo ldconfig\n```\n\nautogen.sh requires: automake and libtool: `sudo apt-get install automake libtool`\n\n### Building wolfSSL with an alternate directory\n\n```bash\n# cd /your-wolfssl-repo\n./autogen.h # as necessary\n./configure --prefix=~/workspace/my_wolfssl_bin --enable-all\nmake install\n\n# then for some other library such as wolfTPM:\n\n# cd /your-wolftpm-repo\n./configure --enable-swtpm --with-wolfcrypt=~/workspace/my_wolfssl_bin\n```\n\n### Build options and defines\n\n```text\n--enable-debug Add debug code/turns off optimizations (yes|no|verbose|io) - DEBUG_WOLFTPM, WOLFTPM_DEBUG_VERBOSE, WOLFTPM_DEBUG_IO\n--enable-examples Enable Examples (default: enabled)\n--enable-wrapper Enable wrapper code (default: enabled) - WOLFTPM2_NO_WRAPPER\n--enable-wolfcrypt Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter encryption (default: enabled) - WOLFTPM2_NO_WOLFCRYPT\n--enable-advio Enable Advanced IO (default: disabled) - WOLFTPM_ADV_IO\n--enable-i2c Enable I2C TPM Support (default: disabled, requires advio) - WOLFTPM_I2C\n--enable-checkwaitstate Enable TIS / SPI Check Wait State support (default: depends on chip) - WOLFTPM_CHECK_WAIT_STATE\n--enable-smallstack Enable options to reduce stack usage\n--enable-tislock Enable Linux Named Semaphore for locking access to SPI device for concurrent access between processes - WOLFTPM_TIS_LOCK\n\n--enable-autodetect Enable Runtime Module Detection (default: enable - when no module specified) - WOLFTPM_AUTODETECT\n--enable-infineon Enable Infineon SLB9670/SLB9672/SLB9673 TPM Support (default: disabled) - WOLFTPM_SLB9670 / WOLFTPM_SLB9672\n--enable-st Enable ST ST33 Support (default: disabled) - WOLFTPM_ST33\n--enable-microchip Enable Microchip ATTPM20 Support (default: disabled) - WOLFTPM_MICROCHIP\n--enable-nuvoton Enable Nuvoton NPCT65x/NPCT75x Support (default: disabled) - WOLFTPM_NUVOTON\n\n--enable-devtpm Enable using Linux kernel driver for /dev/tpmX (default: disabled) - WOLFTPM_LINUX_DEV\n--enable-swtpm Enable using SWTPM TCP protocol. For use with simulator. (default: disabled) - WOLFTPM_SWTPM\n--enable-winapi Use Windows TBS API. (default: disabled) - WOLFTPM_WINAPI\n\nWOLFTPM_USE_SYMMETRIC Enables symmetric AES/Hashing/HMAC support for TLS examples.\nWOLFTPM2_USE_SW_ECDHE Disables use of TPM for ECC ephemeral key generation and shared secret for TLS examples.\nTLS_BENCH_MODE Enables TLS benchmarking mode.\nNO_TPM_BENCH Disables the TPM benchmarking example.\n```\n\nNote: For the I2C support on Raspberry Pi you may need to enable I2C. Here are the steps:\n1. Edit `sudo vim /boot/config.txt`\n2. Uncomment `dtparam=i2c_arm=on`\n3. Reboot `sudo reboot`\n\n\n### Building Infineon\n\nSupport for SLB9670 or SLB9672 (SPI) / SLB9673 (I2C)\n\nBuild wolfTPM:\n\n```bash\ngit clone https://github.com/wolfSSL/wolfTPM.git\ncd wolfTPM\n./autogen.sh\n./configure --enable-infineon [--enable-i2c]\nmake\n```\n\nThe default is SLB9672/SLB9673 (if I2C). To specify SLB9670 use `--enable-infineon=slb9670`.\n\n### Building ST ST33\n\nBuild wolfTPM:\n\n```bash\n./autogen.sh\n./configure --enable-st33 [--enable-i2c]\nmake\n```\n\n### Building Microchip ATTPM20\n\nBuild wolfTPM:\n\n```bash\n./autogen.sh\n./configure --enable-microchip\nmake\n```\n\n### Building Nuvoton\n\nBuild wolfTPM:\n\n```bash\n./autogen.sh\n./configure --enable-nuvoton\nmake\n```\n\n### Building Nations Tech\n\nUse `./configure` with defaults. All TPM 2.0 modules are compatible.\nThe Nations NS350 Raspberry Pi TPM 2.0 module uses `/dev/spidev0.0`. The TPM wait states are required (on by default with WOLFTPM_CHECK_WAIT_STATE).\n\n### Building Espressif ESP-IDF\n\nSee the wolfTPM-specific settings in the wolfSSL `user_settings.h` file, typically found in `[project]/components/wolfssl/include`.\n\n```bash\ngit clone https://github.com/wolfSSL/wolfTPM.git\ncd wolfTPM/IDE/Espressif\n\n# set your path to ESP-IDF, shown here for VisualGDB using v5.2\nWRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2\n\n. ${WRK_IDF_PATH}/export.sh\nidf.py build\n```\n\n### Building for \"/dev/tpmX\"\n\nThe `--enable-devtpm` or `WOLFTPM_LINUX_DEV` build option allows you to use the Linux supplied TPM (TIS) driver.\n\nTo specify a different `/dev/tpmX` device use `CFLAGS=\"-DTPM2_LINUX_DEV=/dev/tpm1\"`\n\n```bash\n./autogen.sh\n./configure --enable-devtpm\nmake\n```\n\nThe `TPM2_Init` or `wolfTPM2_Init` calls should use NULL for the HAL IO callback argument. The default HAL IO `TPM2_IoCb` maps to a macro specifying NULL (`#define TPM2_IoCb NULL`) in tpm_io.h for the devtpm option.\n\nBy default the `/dev/tpmX` requires sudo permissions to use it. If using the tpm2-tss it will install a \"tss\" group that you can add permissions to `sudo adduser [username] tss`.\n\nTo add your own custom wolfTPM rule for /dev/tpm0 do the following:\n\n1) Create new group and add your user to it (replace \"[username]\" with yours):\n\n```bash\nsudo addgroup wolftpm\nsudo adduser [username] wolftpm\nsudo chgrp wolftpm /dev/tpm0\n```\n\n2) Create new rule file: `sudo vim /etc/udev/rules.d/wolftpm-udev.rules`\n\n3) Add the following rule to file:\n\n```\nKERNEL==\"tpm[0-9]*\", TAG+=\"systemd\", MODE=\"0660\", GROUP=\"wolftpm\"\n```\n\n4) Reboot or reload rules: `sudo udevadm control -R`\n\n\n### Building for SWTPM\n\nSee `docs/SWTPM.md`\n\n### Building for Windows TBS API\n\nSee `docs/WindowTBS.md`\n\n## Building using CMake\n\nCMake supports compiling in many environments including Visual Studio\nif CMake support is installed. The commands below can be run in\n`Developer Command Prompt`.\n\n```bash\nmkdir build\ncd build\n# to use installed wolfSSL location (library and headers)\ncmake .. -DWITH_WOLFSSL=/prefix/to/wolfssl/install/\n# OR to use a wolfSSL source tree\ncmake .. -DWITH_WOLFSSL_TREE=/path/to/wolfssl/\n# build\ncmake --build .\n```\n\n## Running Examples\n\nThese examples demonstrate features of a TPM 2.0 module. The examples create RSA and ECC keys in NV for testing using handles defined in `./hal/tpm_io.h`. The PKCS #7 and TLS examples require generating CSR's and signing them using a test script. See `examples/README.md` for details on using the examples. To run the TLS sever and client on same machine you must build with `WOLFTPM_TIS_LOCK` to enable concurrent access protection.\n\n### TPM2 Capabilities\n\nSimple test that gets TPM capabilities and search for any persistent handles.\n\n```\n./examples/wrap/caps\nTPM2 Get Capabilities\nwolfSSL Entering wolfCrypt_Init\nMfg NSG (0), Vendor NS350, Fw 30.30 (0x24042510), FIPS 140-2 1, CC-EAL4 0\nFound 2 persistent handles\n```\n\n### TPM2 Wrapper Tests\n\n```\n./examples/wrap/wrap_test\nTPM2 Demo for Wrapper API's\nMfg STM (2), Vendor , Fw 74.8 (1151341959), FIPS 140-2 1, CC-EAL4 0\nRSA Encrypt/Decrypt Test Passed\nRSA Encrypt/Decrypt OAEP Test Passed\nRSA Key 0x80000000 Exported to wolf RsaKey\nwolf RsaKey loaded into TPM: Handle 0x80000000\nRSA Private Key Loaded into TPM: Handle 0x80000000\nECC Sign/Verify Passed\nECC DH Test Passed\nECC Verify Test Passed\nECC Key 0x80000000 Exported to wolf ecc_key\nwolf ecc_key loaded into TPM: Handle 0x80000000\nECC Private Key Loaded into TPM: Handle 0x80000000\nNV Test on index 0x1800200 with 1024 bytes passed\nHash SHA256 test success\nHMAC SHA256 test success\nEncrypt/Decrypt (known key) test success\nEncrypt/Decrypt test success\n```\n\n### TPM2 Benchmarks\n\nNote: Key Generation is using existing template from hierarchy seed.\n\nRun on Infineon OPTIGA SLB9670 at 43MHz:\n\n```\n./examples/bench/bench\nTPM2 Benchmark using Wrapper API's\nRNG 16 KB took 1.140 seconds, 14.033 KB/s\nBenchmark symmetric AES-128-CBC-enc not supported!\nBenchmark symmetric AES-128-CBC-dec not supported!\nBenchmark symmetric AES-256-CBC-enc not supported!\nBenchmark symmetric AES-256-CBC-dec not supported!\nBenchmark symmetric AES-128-CTR-enc not supported!\nBenchmark symmetric AES-128-CTR-dec not supported!\nBenchmark symmetric AES-256-CTR-enc not supported!\nBenchmark symmetric AES-256-CTR-dec not supported!\nBenchmark symmetric AES-256-CFB-enc not supported!\nBenchmark symmetric AES-256-CFB-dec not supported!\nSHA1 138 KB took 1.009 seconds, 136.783 KB/s\nSHA256 138 KB took 1.009 seconds, 136.763 KB/s\nRSA 2048 key gen 5 ops took 10.981 sec, avg 2196.230 ms, 0.455 ops/sec\nRSA 2048 Public 113 ops took 1.005 sec, avg 8.893 ms, 112.449 ops/sec\nRSA 2048 Private 7 ops took 1.142 sec, avg 163.207 ms, 6.127 ops/sec\nRSA 2048 Pub OAEP 73 ops took 1.011 sec, avg 13.848 ms, 72.211 ops/sec\nRSA 2048 Priv OAEP 6 ops took 1.004 sec, avg 167.399 ms, 5.974 ops/sec\nECC 256 key gen 5 ops took 1.157 sec, avg 231.350 ms, 4.322 ops/sec\nECDSA 256 sign 15 ops took 1.033 sec, avg 68.865 ms, 14.521 ops/sec\nECDSA 256 verify 9 ops took 1.022 sec, avg 113.539 ms, 8.808 ops/sec\nECDHE 256 agree 5 ops took 1.161 sec, avg 232.144 ms, 4.308 ops/sec\n```\n\nRun on Infineon OPTIGA SLB9672 at 43MHz:\n\n```\n./examples/bench/bench\nTPM2 Benchmark using Wrapper API's\n\tUse Parameter Encryption: NULL\nLoading SRK: Storage 0x81000200 (282 bytes)\nRNG 24 KB took 1.070 seconds, 22.429 KB/s\nBenchmark symmetric AES-128-CBC-enc not supported!\nBenchmark symmetric AES-128-CBC-dec not supported!\nBenchmark symmetric AES-256-CBC-enc not supported!\nBenchmark symmetric AES-256-CBC-dec not supported!\nBenchmark symmetric AES-128-CTR-enc not supported!\nBenchmark symmetric AES-128-CTR-dec not supported!\nBenchmark symmetric AES-256-CTR-enc not supported!\nBenchmark symmetric AES-256-CTR-dec not supported!\nAES-128-CFB-enc 86 KB took 1.001 seconds, 85.890 KB/s\nAES-128-CFB-dec 88 KB took 1.020 seconds, 86.267 KB/s\nAES-256-CFB-enc 86 KB took 1.023 seconds, 84.073 KB/s\nAES-256-CFB-dec 86 KB took 1.019 seconds, 84.370 KB/s\nSHA1 88 KB took 1.021 seconds, 86.155 KB/s\nSHA256 86 KB took 1.015 seconds, 84.717 KB/s\nSHA384 90 KB took 1.007 seconds, 89.405 KB/s\nRSA 2048 key gen 10 ops took 15.677 sec, avg 1567.678 ms, 0.638 ops/sec\nRSA 2048 Public 110 ops took 1.000 sec, avg 9.095 ms, 109.951 ops/sec\nRSA 2048 Private 14 ops took 1.078 sec, avg 76.996 ms, 12.988 ops/sec\nRSA 2048 Pub OAEP 51 ops took 1.012 sec, avg 19.838 ms, 50.408 ops/sec\nRSA 2048 Priv OAEP 12 ops took 1.053 sec, avg 87.738 ms, 11.398 ops/sec\nECC 256 key gen 8 ops took 1.088 sec, avg 135.956 ms, 7.355 ops/sec\nECDSA 256 sign 29 ops took 1.033 sec, avg 35.621 ms, 28.073 ops/sec\nECDSA 256 verify 42 ops took 1.013 sec, avg 24.114 ms, 41.470 ops/sec\nECDHE 256 agree 16 ops took 1.055 sec, avg 65.948 ms, 15.164 ops/sec\n```\n\nRun on Infineon SLB9673 on I2C at 400kHz:\n\n```\n./examples/bench/bench\nTPM2 Benchmark using Wrapper API's\n\tUse Parameter Encryption: NULL\nLoading SRK: Storage 0x81000200 (282 bytes)\nRNG 4 KB took 1.429 seconds, 2.799 KB/s\nBenchmark symmetric AES-128-CBC-enc not supported!\nBenchmark symmetric AES-128-CBC-dec not supported!\nBenchmark symmetric AES-256-CBC-enc not supported!\nBenchmark symmetric AES-256-CBC-dec not supported!\nBenchmark symmetric AES-128-CTR-enc not supported!\nBenchmark symmetric AES-128-CTR-dec not supported!\nBenchmark symmetric AES-256-CTR-enc not supported!\nBenchmark symmetric AES-256-CTR-dec not supported!\nAES-128-CFB-enc 4 KB took 1.022 seconds, 3.914 KB/s\nAES-128-CFB-dec 4 KB took 1.021 seconds, 3.916 KB/s\nAES-256-CFB-enc 4 KB took 1.023 seconds, 3.911 KB/s\nAES-256-CFB-dec 4 KB took 1.023 seconds, 3.912 KB/s\nSHA1 8 KB took 1.203 seconds, 6.650 KB/s\nSHA256 8 KB took 1.208 seconds, 6.623 KB/s\nSHA384 8 KB took 1.209 seconds, 6.617 KB/s\nRSA 2048 key gen 10 ops took 19.106 sec, avg 1910.554 ms, 0.523 ops/sec\nRSA 2048 Public 14 ops took 1.046 sec, avg 74.740 ms, 13.380 ops/sec\nRSA 2048 Private 6 ops took 1.008 sec, avg 168.057 ms, 5.950 ops/sec\nRSA 2048 Pub OAEP 15 ops took 1.008 sec, avg 67.231 ms, 14.874 ops/sec\nRSA 2048 Priv OAEP 7 ops took 1.126 sec, avg 160.789 ms, 6.219 ops/sec\nECC 256 key gen 4 ops took 1.244 sec, avg 311.031 ms, 3.215 ops/sec\nECDSA 256 sign 14 ops took 1.009 sec, avg 72.057 ms, 13.878 ops/sec\nECDSA 256 verify 18 ops took 1.043 sec, avg 57.921 ms, 17.265 ops/sec\nECDHE 256 agree 9 ops took 1.025 sec, avg 113.888 ms, 8.781 ops/sec\n```\n\nRun on STMicro ST33KTPM2XSPI at 33MHz:\n\n```\n./examples/bench/bench\nTPM2 Benchmark using Wrapper API's\n\tUse Parameter Encryption: NULL\nLoading SRK: Storage 0x81000200 (282 bytes)\nRNG 24 KB took 1.042 seconds, 23.028 KB/s\nAES-128-CBC-enc 52 KB took 1.018 seconds, 51.077 KB/s\nAES-128-CBC-dec 52 KB took 1.027 seconds, 50.644 KB/s\nAES-256-CBC-enc 46 KB took 1.012 seconds, 45.446 KB/s\nAES-256-CBC-dec 46 KB took 1.021 seconds, 45.072 KB/s\nAES-128-CTR-enc 44 KB took 1.025 seconds, 42.927 KB/s\nAES-128-CTR-dec 44 KB took 1.024 seconds, 42.955 KB/s\nAES-256-CTR-enc 40 KB took 1.025 seconds, 39.016 KB/s\nAES-256-CTR-dec 40 KB took 1.026 seconds, 38.992 KB/s\nAES-128-CFB-enc 52 KB took 1.026 seconds, 50.674 KB/s\nAES-128-CFB-dec 46 KB took 1.023 seconds, 44.986 KB/s\nAES-256-CFB-enc 46 KB took 1.021 seconds, 45.047 KB/s\nAES-256-CFB-dec 42 KB took 1.033 seconds, 40.665 KB/s\nSHA1 138 KB took 1.009 seconds, 136.727 KB/s\nSHA256 128 KB took 1.010 seconds, 126.723 KB/s\nSHA384 116 KB took 1.001 seconds, 115.833 KB/s\nRSA 2048 key gen 9 ops took 17.497 sec, avg 1944.057 ms, 0.514 ops/sec\nRSA 2048 Public 155 ops took 1.003 sec, avg 6.468 ms, 154.601 ops/sec\nRSA 2048 Private 12 ops took 1.090 sec, avg 90.806 ms, 11.013 ops/sec\nRSA 2048 Pub OAEP 122 ops took 1.004 sec, avg 8.230 ms, 121.501 ops/sec\nRSA 2048 Priv OAEP 11 ops took 1.023 sec, avg 92.964 ms, 10.757 ops/sec\nECC 256 key gen 12 ops took 1.070 sec, avg 89.172 ms, 11.214 ops/sec\nECDSA 256 sign 40 ops took 1.010 sec, avg 25.251 ms, 39.602 ops/sec\nECDSA 256 verify 28 ops took 1.023 sec, avg 36.543 ms, 27.365 ops/sec\nECDHE 256 agree 16 ops took 1.062 sec, avg 66.391 ms, 15.062 ops/sec\n```\n\nRun on STMicro ST33TPHF2XSPI at 33MHz:\n\n```\n./examples/bench/bench\nTPM2 Benchmark using Wrapper API's\nRNG 14 KB took 1.017 seconds, 13.763 KB/s\nAES-128-CBC-enc 40 KB took 1.008 seconds, 39.666 KB/s\nAES-128-CBC-dec 42 KB took 1.032 seconds, 40.711 KB/s\nAES-256-CBC-enc 40 KB took 1.013 seconds, 39.496 KB/s\nAES-256-CBC-dec 40 KB took 1.011 seconds, 39.563 KB/s\nAES-128-CTR-enc 26 KB took 1.055 seconds, 24.646 KB/s\nAES-128-CTR-dec 26 KB took 1.035 seconds, 25.117 KB/s\nAES-256-CTR-enc 26 KB took 1.028 seconds, 25.302 KB/s\nAES-256-CTR-dec 26 KB took 1.030 seconds, 25.252 KB/s\nAES-128-CFB-enc 42 KB took 1.045 seconds, 40.201 KB/s\nAES-128-CFB-dec 40 KB took 1.008 seconds, 39.699 KB/s\nAES-256-CFB-enc 40 KB took 1.022 seconds, 39.151 KB/s\nAES-256-CFB-dec 42 KB took 1.041 seconds, 40.362 KB/s\nSHA1 86 KB took 1.005 seconds, 85.559 KB/s\nSHA256 84 KB took 1.019 seconds, 82.467 KB/s\nRSA 2048 key gen 1 ops took 7.455 sec, avg 7455.036 ms, 0.134 ops/sec\nRSA 2048 Public 110 ops took 1.003 sec, avg 9.122 ms, 109.624 ops/sec\nRSA 2048 Private 5 ops took 1.239 sec, avg 247.752 ms, 4.036 ops/sec\nRSA 2048 Pub OAEP 81 ops took 1.001 sec, avg 12.364 ms, 80.880 ops/sec\nRSA 2048 Priv OAEP 4 ops took 1.007 sec, avg 251.780 ms, 3.972 ops/sec\nECC 256 key gen 5 ops took 1.099 sec, avg 219.770 ms, 4.550 ops/sec\nECDSA 256 sign 24 ops took 1.016 sec, avg 42.338 ms, 23.619 ops/sec\nECDSA 256 verify 14 ops took 1.036 sec, avg 74.026 ms, 13.509 ops/sec\nECDHE 256 agree 5 ops took 1.235 sec, avg 247.085 ms, 4.047 ops/sec\n\n```\n\nRun on Microchip ATTPM20 at 33MHz:\n\n```\n./examples/bench/bench\nTPM2 Benchmark using Wrapper API's\nRNG 2 KB took 1.867 seconds, 1.071 KB/s\nBenchmark symmetric AES-128-CBC-enc not supported!\nBenchmark symmetric AES-128-CBC-dec not supported!\nBenchmark symmetric AES-256-CBC-enc not supported!\nBenchmark symmetric AES-256-CBC-dec not supported!\nBenchmark symmetric AES-128-CTR-enc not supported!\nBenchmark symmetric AES-128-CTR-dec not supported!\nBenchmark symmetric AES-256-CTR-enc not supported!\nBenchmark symmetric AES-256-CTR-dec not supported!\nAES-128-CFB-enc 16 KB took 1.112 seconds, 14.383 KB/s\nAES-128-CFB-dec 16 KB took 1.129 seconds, 14.166 KB/s\nAES-256-CFB-enc 12 KB took 1.013 seconds, 11.845 KB/s\nAES-256-CFB-dec 12 KB took 1.008 seconds, 11.909 KB/s\nSHA1 22 KB took 1.009 seconds, 21.797 KB/s\nSHA256 22 KB took 1.034 seconds, 21.270 KB/s\nRSA 2048 key gen 3 ops took 15.828 sec, avg 5275.861 ms, 0.190 ops/sec\nRSA 2048 Public 22 ops took 1.034 sec, avg 47.021 ms, 21.267 ops/sec\nRSA 2048 Private 9 ops took 1.059 sec, avg 117.677 ms, 8.498 ops/sec\nRSA 2048 Pub OAEP 21 ops took 1.007 sec, avg 47.959 ms, 20.851 ops/sec\nRSA 2048 Priv OAEP 9 ops took 1.066 sec, avg 118.423 ms, 8.444 ops/sec\nECC 256 key gen 7 ops took 1.072 sec, avg 153.140 ms, 6.530 ops/sec\nECDSA 256 sign 18 ops took 1.056 sec, avg 58.674 ms, 17.043 ops/sec\nECDSA 256 verify 24 ops took 1.031 sec, avg 42.970 ms, 23.272 ops/sec\nECDHE 256 agree 16 ops took 1.023 sec, avg 63.934 ms, 15.641 ops/sec\n```\n\nRun on Nations Technologies Inc. Z32H330 TPM 2.0 module at 33MHz:\n\n```\n./examples/bench/bench\nTPM2 Benchmark using Wrapper API's\nRNG 12 KB took 1.065 seconds, 11.270 KB/s\nAES-128-CBC-enc 48 KB took 1.026 seconds, 46.780 KB/s\nAES-128-CBC-dec 48 KB took 1.039 seconds, 46.212 KB/s\nAES-256-CBC-enc 48 KB took 1.035 seconds, 46.370 KB/s\nAES-256-CBC-dec 48 KB took 1.025 seconds, 46.852 KB/s\nBenchmark symmetric AES-128-CTR-enc not supported!\nBenchmark symmetric AES-128-CTR-dec not supported!\nBenchmark symmetric AES-256-CTR-enc not supported!\nBenchmark symmetric AES-256-CTR-dec not supported!\nAES-128-CFB-enc 50 KB took 1.029 seconds, 48.591 KB/s\nAES-128-CFB-dec 50 KB took 1.035 seconds, 48.294 KB/s\nAES-256-CFB-enc 48 KB took 1.000 seconds, 47.982 KB/s\nAES-256-CFB-dec 48 KB took 1.003 seconds, 47.855 KB/s\nSHA1 80 KB took 1.009 seconds, 79.248 KB/s\nSHA256 80 KB took 1.004 seconds, 79.702 KB/s\nSHA384 78 KB took 1.018 seconds, 76.639 KB/s\nRSA 2048 key gen 8 ops took 17.471 sec, avg 2183.823 ms, 0.458 ops/sec\nRSA 2048 Public 52 ops took 1.004 sec, avg 19.303 ms, 51.805 ops/sec\nRSA 2048 Private 8 ops took 1.066 sec, avg 133.243 ms, 7.505 ops/sec\nRSA 2048 Pub OAEP 51 ops took 1.001 sec, avg 19.621 ms, 50.966 ops/sec\nRSA 2048 Priv OAEP 8 ops took 1.073 sec, avg 134.182 ms, 7.453 ops/sec\nECC 256 key gen 20 ops took 1.037 sec, avg 51.871 ms, 19.279 ops/sec\nECDSA 256 sign 43 ops took 1.006 sec, avg 23.399 ms, 42.736 ops/sec\nECDSA 256 verify 28 ops took 1.030 sec, avg 36.785 ms, 27.185 ops/sec\nECDHE 256 agree 26 ops took 1.010 sec, avg 38.847 ms, 25.742 ops/sec\n```\n\nRun on Nations Technologies Inc. NS350 TPM 2.0 module at 33MHz:\n\n```\n./examples/bench/bench\nTPM2 Benchmark using Wrapper API's\n Use Parameter Encryption: NULL\nRNG 6 KB took 1.052 seconds, 5.703 KB/s\nBenchmark symmetric AES-128-CBC-enc not supported!\nBenchmark symmetric AES-128-CBC-dec not supported!\nBenchmark symmetric AES-256-CBC-enc not supported!\nBenchmark symmetric AES-256-CBC-dec not supported!\nBenchmark symmetric AES-128-CTR-enc not supported!\nBenchmark symmetric AES-128-CTR-dec not supported!\nBenchmark symmetric AES-256-CTR-enc not supported!\nBenchmark symmetric AES-256-CTR-dec not supported!\nEncrypt/Decrypt unavailable\nAES-128-CFB-enc 0 bytes took 0.005 seconds, 0.000 bytes/s\nEncrypt/Decrypt unavailable\nAES-128-CFB-dec 0 bytes took 0.006 seconds, 0.000 bytes/s\nEncrypt/Decrypt unavailable\nAES-256-CFB-enc 0 bytes took 0.006 seconds, 0.000 bytes/s\nEncrypt/Decrypt unavailable\nAES-256-CFB-dec 0 bytes took 0.005 seconds, 0.000 bytes/s\nSHA1 68 KB took 1.003 seconds, 67.772 KB/s\nSHA256 68 KB took 1.002 seconds, 67.871 KB/s\nSHA384 66 KB took 1.007 seconds, 65.548 KB/s\nRSA 2048 key gen 7 ops took 16.652 sec, avg 2378.893 ms, 0.420 ops/sec\nRSA 2048 Public 126 ops took 1.005 sec, avg 7.980 ms, 125.321 ops/sec\nRSA 2048 Private 20 ops took 1.035 sec, avg 51.735 ms, 19.329 ops/sec\nRSA 2048 Pub OAEP 81 ops took 1.008 sec, avg 12.443 ms, 80.366 ops/sec\nRSA 2048 Priv OAEP 19 ops took 1.027 sec, avg 54.033 ms, 18.507 ops/sec\nECC 256 key gen 20 ops took 1.042 sec, avg 52.095 ms, 19.196 ops/sec\nECDSA 256 sign 60 ops took 1.009 sec, avg 16.816 ms, 59.466 ops/sec\nECDSA 256 verify 46 ops took 1.008 sec, avg 21.921 ms, 45.618 ops/sec\nECDHE 256 agree 38 ops took 1.008 sec, avg 26.532 ms, 37.691 ops/sec\n```\n\nRun on Nuvoton NPCT650:\n\n```\n./examples/bench/bench\nTPM2 Benchmark using Wrapper API's\nRNG 8 KB took 1.291 seconds, 6.197 KB/s\nBenchmark symmetric AES-128-CBC-enc not supported!\nBenchmark symmetric AES-128-CBC-dec not supported!\nBenchmark symmetric AES-256-CBC-enc not supported!\nBenchmark symmetric AES-256-CBC-dec not supported!\nBenchmark symmetric AES-256-CTR-enc not supported!\nBenchmark symmetric AES-256-CTR-dec not supported!\nBenchmark symmetric AES-256-CFB-enc not supported!\nBenchmark symmetric AES-256-CFB-dec not supported!\nSHA1 90 KB took 1.005 seconds, 89.530 KB/s\nSHA256 90 KB took 1.010 seconds, 89.139 KB/s\nRSA 2048 key gen 8 ops took 35.833 sec, avg 4479.152 ms, 0.223 ops/sec\nRSA 2048 Public 77 ops took 1.007 sec, avg 13.078 ms, 76.463 ops/sec\nRSA 2048 Private 2 ops took 1.082 sec, avg 540.926 ms, 1.849 ops/sec\nRSA 2048 Pub OAEP 53 ops took 1.005 sec, avg 18.961 ms, 52.739 ops/sec\nRSA 2048 Priv OAEP 2 ops took 1.088 sec, avg 544.075 ms, 1.838 ops/sec\nECC 256 key gen 7 ops took 1.033 sec, avg 147.608 ms, 6.775 ops/sec\nECDSA 256 sign 6 ops took 1.141 sec, avg 190.149 ms, 5.259 ops/sec\nECDSA 256 verify 4 ops took 1.061 sec, avg 265.216 ms, 3.771 ops/sec\nECDHE 256 agree 6 ops took 1.055 sec, avg 175.915 ms, 5.685 ops/sec\n```\n\nRun on Nuvoton NPCT750 at 43MHz:\n\n```\nRNG 16 KB took 1.114 seconds, 14.368 KB/s\nBenchmark symmetric AES-128-CBC-enc not supported!\nBenchmark symmetric AES-128-CBC-dec not supported!\nBenchmark symmetric AES-256-CBC-enc not supported!\nBenchmark symmetric AES-256-CBC-dec not supported!\nSHA1 120 KB took 1.012 seconds, 118.618 KB/s\nSHA256 122 KB took 1.012 seconds, 120.551 KB/s\nSHA384 120 KB took 1.003 seconds, 119.608 KB/s\nRSA 2048 key gen 5 ops took 17.043 sec, avg 3408.678 ms, 0.293 ops/sec\nRSA 2048 Public 134 ops took 1.004 sec, avg 7.490 ms, 133.517 ops/sec\nRSA 2048 Private 15 ops took 1.054 sec, avg 70.261 ms, 14.233 ops/sec\nRSA 2048 Pub OAEP 116 ops took 1.002 sec, avg 8.636 ms, 115.797 ops/sec\nRSA 2048 Priv OAEP 15 ops took 1.061 sec, avg 70.716 ms, 14.141 ops/sec\nECC 256 key gen 12 ops took 1.008 sec, avg 84.020 ms, 11.902 ops/sec\nECDSA 256 sign 18 ops took 1.015 sec, avg 56.399 ms, 17.731 ops/sec\nECDSA 256 verify 26 ops took 1.018 sec, avg 39.164 ms, 25.533 ops/sec\nECDHE 256 agree 35 ops took 1.029 sec, avg 29.402 ms, 34.011 ops/sec\n```\n\n### TPM2 Native Tests\n\n```\n./examples/native/native_test\nTPM2 Demo using Native API's\nTPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e\nTPM2_Startup pass\nTPM2_SelfTest pass\nTPM2_GetTestResult: Size 12, Rc 0x0\nTPM2_IncrementalSelfTest: Rc 0x0, Alg 0x1 (Todo 0)\nTPM2_GetCapability: Property FamilyIndicator 0x322e3000\nTPM2_GetCapability: Property PCR Count 24\nTPM2_GetCapability: Property FIRMWARE_VERSION_1 0x004a0008\nTPM2_GetCapability: Property FIRMWARE_VERSION_2 0x44a01587\nTPM2_GetRandom: Got 32 bytes\nTPM2_StirRandom: success\nTPM2_PCR_Read: Index 0, Count 1\nTPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 1, Count 1\nTPM2_PCR_Read: Index 1, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 2, Count 1\nTPM2_PCR_Read: Index 2, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 3, Count 1\nTPM2_PCR_Read: Index 3, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 4, Count 1\nTPM2_PCR_Read: Index 4, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 5, Count 1\nTPM2_PCR_Read: Index 5, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 6, Count 1\nTPM2_PCR_Read: Index 6, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 7, Count 1\nTPM2_PCR_Read: Index 7, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 8, Count 1\nTPM2_PCR_Read: Index 8, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 9, Count 1\nTPM2_PCR_Read: Index 9, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 10, Count 1\nTPM2_PCR_Read: Index 10, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 11, Count 1\nTPM2_PCR_Read: Index 11, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 12, Count 1\nTPM2_PCR_Read: Index 12, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 13, Count 1\nTPM2_PCR_Read: Index 13, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 14, Count 1\nTPM2_PCR_Read: Index 14, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 15, Count 1\nTPM2_PCR_Read: Index 15, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 16, Count 1\nTPM2_PCR_Read: Index 16, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 17, Count 1\nTPM2_PCR_Read: Index 17, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 18, Count 1\nTPM2_PCR_Read: Index 18, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 19, Count 1\nTPM2_PCR_Read: Index 19, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 20, Count 1\nTPM2_PCR_Read: Index 20, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 21, Count 1\nTPM2_PCR_Read: Index 21, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 22, Count 1\nTPM2_PCR_Read: Index 22, Digest Sz 32, Update Counter 20\nTPM2_PCR_Read: Index 23, Count 1\nTPM2_PCR_Read: Index 23, Digest Sz 32, Update Counter 20\nTPM2_PCR_Extend success\nTPM2_PCR_Read: Index 0, Count 1\nTPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 21\nTPM2_StartAuthSession: sessionHandle 0x3000000\nTPM2_PolicyGetDigest: size 32\nTPM2_PCR_Read: Index 0, Digest Sz 20, Update Counter 21\nwc_Hash of PCR[0]: size 32\nTPM2_PolicyPCR failed 0x1c4: TPM_RC_AUTHSIZE\nTPM2_PolicyRestart: Done\nTPM2_HashSequenceStart: sequenceHandle 0x80000000\nHash SHA256 test success\nTPM2_CreatePrimary: Endorsement 0x80000000 (314 bytes)\nTPM2_CreatePrimary: Storage 0x80000002 (282 bytes)\nTPM2_LoadExternal: 0x80000004\nTPM2_MakeCredential: credentialBlob 68, secret 256\nTPM2_ReadPublic Handle 0x80000004: pub 314, name 34, qualifiedName 34\nCreate HMAC-SHA256 Key success, public 48, Private 137\nTPM2_Load New HMAC Key Handle 0x80000004\nTPM2_PolicyCommandCode: success\nTPM2_ObjectChangeAuth: private 137\nTPM2_ECC_Parameters: CurveID 3, sz 256, p 32, a 32, b 32, gX 32, gY 32, n 32, h 1\nTPM2_Create: New ECDSA Key: pub 88, priv 126\nTPM2_Load ECDSA Key Handle 0x80000004\nTPM2_Sign: ECC S 32, R 32\nTPM2_VerifySignature: Tag 32802\nTPM2_Create: New ECDH Key: pub 88, priv 126\nTPM2_Load ECDH Key Handle 0x80000004\nTPM2_ECDH_KeyGen: zPt 68, pubPt 68\nTPM2_ECDH_ZGen: zPt 68\nTPM2 ECC Shared Secret Pass\nTPM2_Create: New RSA Key: pub 278, priv 222\nTPM2_Load RSA Key Handle 0x80000004\nTPM2_RSA_Encrypt: 256\nTPM2_RSA_Decrypt: 68\nRSA Encrypt/Decrypt test passed\nTPM2_NV_DefineSpace: 0x1bfffff\nTPM2_NV_ReadPublic: Sz 14, Idx 0x1bfffff, nameAlg 11, Attr 0x2020002, authPol 0, dataSz 32, name 34\nCreate AES128 CFB Key success, public 50, Private 142\nTPM2_Load New AES Key Handle 0x80000004\nEncrypt/Decrypt test success\n```\n\n### TPM2 CSR Example\n\n```\n./examples/csr/csr\nTPM2 CSR Example\nGenerated/Signed Cert (DER 860, PEM 1236)\n-----BEGIN CERTIFICATE REQUEST-----\nMIIDWDCCAkACAQIwgZsxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAP\nBgNVBAcMCFBvcnRsYW5kMQ0wCwYDVQQEDARUZXN0MRAwDgYDVQQKDAd3b2xmU1NM\nMQwwCgYDVQQLDANSU0ExGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG\nSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBANtFRTX9CIW489vdmfy0qoffKtXBIfEGo07XgbvHPqk/KLx9NpK4\nfDLRdh5Kh7mDIGQI0hKDQMQ4GRTzRlE+wXlTqGQaQohac1LRxe21RCCKn0ZXvbCJ\nWd1cIAGQyDyOb8WYCquQB79r2pIAKnVbedu+G1jx3tVrwB8ZCosKF86au7cEDxvD\nsdmt2vcEIlMcgfWQNo8TkWEKW33qu/rOOfJAUkVOUKENvj8zz/Iw4pX9nImiclMC\n/pMcgjpnFUlG5a0Jwg2PR7pXyRYUCciMq20UF5LDZG3NmFirVqigOmBIFsrpVCjt\nwf/Ep6DxFgmy7KNJ/0kzQByySvjKrIOqynsCAwEAAaB3MHUGCSqGSIb3DQEJDjFo\nMGYwHQYDVR0OBBYEFBHIhJ44Ide+SKGpL2neKuusXBZxMEUGA1UdJQQ+MDwGCCsG\nAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYI\nKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggEBACGHTZE5BVonf9OM3bYZvl2SiKdj\nfo+f8a5COgBgCiNK8DPXCr+RMfp7jy8+3NP0bUPppi46F6Eq80YIZuQJgoyd0l8l\nF+0KXq/FuoHtTLH7joHCKcYta1yPpnvKAG9195aIruAHesXwDxklqTvlVx3/e9No\nYtmWUMdrLvTZrI1L1/0OuHbPgCGmdyHOXEh0xY0VTE1I0ff0b8UC3dQCsf8uROhO\nfXXYwZz9LLSdO/QuDSxXThEe4m1/AUJkiaQ/T2zNEiR5Imk+jluXLz8bVM7w+HMt\nl/076ekjTI+7PwzBZIG2F3nOIDUmHwe0lAWdU8h9IoAlM6kS22fh6gZZqQg=\n-----END CERTIFICATE REQUEST-----\n\nGenerated/Signed Cert (DER 467, PEM 704)\n-----BEGIN CERTIFICATE REQUEST-----\nMIIBzzCCAXUCAQIwgZsxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAP\nBgNVBAcMCFBvcnRsYW5kMQ0wCwYDVQQEDARUZXN0MRAwDgYDVQQKDAd3b2xmU1NM\nMQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG\nSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABIokJgsrMSW8f6si4S1saUXABXbqWKWVQn+D6z9LQe/wkPqozP/hV/3qTtpE\nI/E3HjcHqRY+nsosjlEz36mzrRagdzB1BgkqhkiG9w0BCQ4xaDBmMB0GA1UdDgQW\nBBRyZJhX+sHZEE117OKL0/CPVGbAKzBFBgNVHSUEPjA8BggrBgEFBQcDAQYIKwYB\nBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJMAoG\nCCqGSM49BAMCA0gAMEUCIQCR9cbyRt3cbEZUIOBa4GNSRTlgFdB3X1EOwm+cA5/k\n6AIgBm+EU6m5SDsk7BYmxTQAhgJFrelwymOa7m16kAXnFuU=\n-----END CERTIFICATE REQUEST-----\n```\n\n### TPM2 PKCS 7 Example\n\n```\n./examples/pkcs7/pkcs7\nTPM2 PKCS7 Example\nPKCS7 Signed Container 1625\nPKCS7 Container Verified (using TPM)\nPKCS7 Container Verified (using software)\n```\n\n### TPM TLS Client Example\n\nThe wolfSSL TLS client requires loading a public key to indicate mutual authentication is used. The crypto callback uses the TPM for the private key signing.\n\n```\n./examples/tls/tls_client\nTPM2 TLS Client Example\nWrite (29): GET /index.html HTTP/1.0\n\n\nRead (193): HTTP/1.1 200 OK\nContent-Type: text/html\nConnection: close\n\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eWelcome to wolfSSL!\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody\u003e\n\u003cp\u003ewolfSSL has successfully performed handshake!\u003c/p\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n```\n\n### TPM TLS Server Example\n\nThe wolfSSL TLS server loads the TPM public key and the crypto callback uses the TPM for the private key signing.\n\n```\n./examples/tls/tls_server\nTPM2 TLS Server Example\nLoading RSA certificate and public key\nRead (29): GET /index.html HTTP/1.0\n\n\nWrite (193): HTTP/1.1 200 OK\nContent-Type: text/html\nConnection: close\n\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eWelcome to wolfSSL!\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody\u003e\n\u003cp\u003ewolfSSL has successfully performed handshake!\u003c/p\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n```\n\n## Device Identity and Attestation Keys\n\nThe TCG published a specification for TPM manufacture guidance on setting up keys that can be used for device identiy and attestation.\n\nThis feature has been tested with the ST33KTPM and is enabled with `WOLFTPM_MFG_IDENTITY`. The ST33KTPM samples are provisioned with a default master password enabled with `TEST_SAMPLE`. To define your own master password use `TPM2_IAK_SAMPLE_MASTER_PASSWORD`. The master password is hashed along with the device serial number to produce authentication for accessing these keys.\n\nThe default keys are ECDSA SECP384R1 with SHA2-384 and stored in NV Index defined by `TPM2_IAK_KEY_HANDLE`, `TPM2_IAK_CERT_HANDLE`, `TPM2_IDEVID_KEY_HANDLE` and `TPM2_IDEVID_CERT_HANDLE`.\n\n\n### TPM Endorsement Key Certificates\n\nThe TCG EK Credential Profile defines how manufacturers provision endorsement certificates in the TCG NV index range (see TPM_20_TCG_NV_SPACE).\nThe `get_ek_certs` example shows how to retrieve those EK cerificates, validate them and create a primary EK handle for signing.\nSee `./examples/endorsement/get_ek_certs`.\n\n\n## Todo\n\n* Update to v1.59 of specification (adding CertifyX509).\n* Inner wrap support for SensitiveToPrivate.\n* Add support for IRQ (interrupt line)\n\n## Support\n\nEmail us at [support@wolfssl.com](mailto:support@wolfssl.com).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fwolftpm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwolfssl%2Fwolftpm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fwolftpm/lists"}