From da5b73817edb598246b2a24fe66e51d66bde15f2 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 16 Apr 2024 16:24:31 +0200 Subject: [PATCH] Update wolfPKCS11 to v1.3.0. Fixed doc --- docs/STM32-TZ.md | 4 ++-- include/user_settings.h | 21 +++++++++++---------- lib/wolfPKCS11 | 2 +- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/docs/STM32-TZ.md b/docs/STM32-TZ.md index 73fff2e79..4ed1b8306 100644 --- a/docs/STM32-TZ.md +++ b/docs/STM32-TZ.md @@ -10,7 +10,7 @@ are accessible from any software staged in non-secure domain. ### Compiling wolfBoot with wolfCrypt in TrustZone-M secure domain -When wolfBoot is compiled with the options `TZEN=1` and `WOLFCRYPT_TZ_ENGINE=1`, +When wolfBoot is compiled with the options `TZEN=1` and `WOLFCRYPT_TZ=1`, a more complete set of components of the wolfCrypt crypto library are built-in the bootloader, and they can be accessed by applications or OSs running in non-secure domain through non-secure callable APIs. @@ -19,7 +19,7 @@ This feature is used to isolate the core crypto operations from the applications ### PKCS11 API in non-secure world -The `WOLFCRYPT_TZ_PKCS11` provides a standard PKCS11 interface, +The `WOLFCRYPT_TZ_PKCS11` option provides a standard PKCS11 interface, including a storage for PKCS11 objects in a dedicated flash area in secure mode. This means that applications, TLS libraries and operating systems running in diff --git a/include/user_settings.h b/include/user_settings.h index 420df28d6..f7cd618be 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -255,19 +255,20 @@ extern int tolower(int c); #if defined(SECURE_PKCS11) # define HAVE_PWDBASED -# define HAVE_PBKDF2 -# define WOLFPKCS11_CUSTOM_STORE -# define WOLFBOOT_SECURE_PKCS11 -# define WOLFPKCS11_USER_SETTINGS -# define WOLFPKCS11_NO_TIME -# define WOLFSSL_AES_COUNTER +# define HAVE_PBKDF2 +# define WOLFPKCS11_CUSTOM_STORE +# define WOLFBOOT_SECURE_PKCS11 +# define WOLFPKCS11_USER_SETTINGS +# define WOLFPKCS11_NO_TIME +# define WOLFSSL_AES_COUNTER # define WOLFSSL_AES_DIRECT # define WOLFSSL_AES_GCM -# define ENCRYPT_WITH_AES128 +# define ENCRYPT_WITH_AES128 # define WOLFSSL_AES_128 -# define HAVE_SCRYPT -# define HAVE_AESGCM - typedef unsigned long time_t; +# define HAVE_SCRYPT +# define HAVE_AESGCM +# define HAVE_PKCS8 + typedef unsigned long time_t; #endif #ifndef HAVE_PWDBASED diff --git a/lib/wolfPKCS11 b/lib/wolfPKCS11 index 97a219889..b94a98742 160000 --- a/lib/wolfPKCS11 +++ b/lib/wolfPKCS11 @@ -1 +1 @@ -Subproject commit 97a21988946187e4a3587d2fc20de59ae268117c +Subproject commit b94a9874204274a0d33c6f8d4b26a18c2bc3b8c0