Topic: Windows TBS Error

Hello,

I am running wolfTPM along with IBM Simulator through "--enable-swtpm" flag. But, after some tests and advancing, I decided to run wolfTPM along with Windows TBS, enabling the "--enable-winapi" flag. I followd the "WindowTBS.md" instructions on wolfTPM GitHub Repository, but I'm having troubles with this.

I am running the commands in MSYS2 on Windows 10, and everything appears fine, until the "make" command be executed. Here is the output.

$ make
make -j5  all-am
make[1]: Entering directory '/home/Messias/wolfssl/wolftpm'
  CC       examples/keygen/keygen.o
  CC       examples/keygen/keyimport.o
In file included from ./wolftpm/tpm2_wrap.h:25,
                 from examples/keygen/keygen.c:24:
./wolftpm/tpm2.h:1661:3: error: unknown type name ‘TBS_HCONTEXT’
 1661 |   TBS_HCONTEXT tbs_context;
      |   ^~~~~~~~~~~~
In file included from ./wolftpm/tpm2_wrap.h:25,
                 from examples/keygen/keyimport.c:24:
./wolftpm/tpm2.h:1661:3: error: unknown type name ‘TBS_HCONTEXT’
 1661 |   TBS_HCONTEXT tbs_context;
      |   ^~~~~~~~~~~~
make[1]: *** [Makefile:1883: examples/keygen/keygen.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: *** [Makefile:1883: examples/keygen/keyimport.o] Error 1
make[1]: Leaving directory '/home/Messias/wolfssl/wolftpm'
make: *** [Makefile:1340: all] Error 2

Apparently some recognition issue with the TBS header. Does anyone know why this problem is happening and how to solve it? Thanks in advance.

Share

Re: Windows TBS Error

Hi Messias,

Our support for Windows TBS has been tested on Windows 10. Can you tell us the compiler and exact Windows version? It is possible the toolchain being used doesn't have the tbs.h with TBS_HCONTEXT, but I am not sure why.

You can see our TPM code for windows in src/tpm2_winapi.c where it includes the required headers:

#include <windows.h>
#include <tbs.h>

We will do some additional testing here and see if we can find any issues.

Thanks,
David Garske, wolfSSL

Share

Re: Windows TBS Error

Hi David,

I am working with MSYS2 (https://www.msys2.org/) on Windows 10 x64. I have an update about this issue.

Until now, I was running "msys2.exe" command line. But, after I tested running "mingw64.exe", wich includes the "tbs.h" and "windows.h" in the path "C:\msys64\mingw64\x86_64-w64-mingw32\include". After this, I got a new error and new messages.
Here is the output. Sorry for the large amount of information in the log.

$ make
make -j5  all-am
make[1]: Entering directory '/home/Messias/wolftpm'
  CC       examples/keygen/keyload.o
  CC       examples/tpm_test_keys.o
  CC       examples/tpm_io.o
  CC       src/libwolftpm_la-tpm2.lo
  CC       src/libwolftpm_la-tpm2_packet.lo
  CC       src/libwolftpm_la-tpm2_wrap.lo
  CC       src/libwolftpm_la-tpm2_tis.lo
  CC       src/libwolftpm_la-tpm2_param_enc.lo
src/tpm2_packet.c: In function 'ByteReverseWord64':
src/tpm2_packet.c:91:68: warning: left shift count >= width of type [-Wshift-count-overflow]
   91 |         return (word64)((word64)ByteReverseWord32((word32) value)) << 32 |
      |                                                                    ^~
src/tpm2_packet.c:92:68: warning: right shift count >= width of type [-Wshift-count-overflow]
   92 |                         (word64)ByteReverseWord32((word32)(value   >> 32));
      |                                                                    ^~
  CC       src/libwolftpm_la-tpm2_winapi.lo
  CC       examples/keygen/keygen.o
  CC       examples/keygen/keyimport.o
  CC       examples/nvram/store.o
  CC       examples/nvram/read.o
  CC       examples/native/native_test.o
  CC       examples/wrap/wrap_test.o
  CC       examples/bench/bench.o
  CC       examples/tls/tls_client.o
  CC       examples/tls/tls_client_notpm.o
  CC       examples/tls/tls_server.o
  CC       examples/csr/csr.o
  CC       examples/pkcs7/pkcs7.o
  CC       examples/timestamp/signed_timestamp.o
  CC       examples/timestamp/clock_set.o
  CC       examples/pcr/quote.o
  CC       examples/pcr/extend.o
  CC       examples/pcr/reset.o
  CC       examples/management/flush.o
  CC       examples/gpio/gpio_config.o
  CC       examples/gpio/gpio_read.o
  CC       examples/gpio/gpio_set.o
  CC       examples/seal/seal.o
  CC       examples/seal/unseal.o
  CC       examples/attestation/make_credential.o
  CC       examples/attestation/activate_credential.o
  CC       tests/unit_test-unit_tests.o
  CC       examples/tests_unit_test-tpm_io.o
  CCLD     src/libwolftpm.la

*** Warning: linker path does not have real file for library -ltbs.
*** I have the capability to make that library automatically link in when
*** you link to this library.  But I can only do this if you have a
*** shared version of the library, which you do not appear to have
*** because I did check the linker path looking for a file starting
*** with libtbs and none of the candidates passed a file format test
*** using a file magic. Last file checked: /usr/lib/w32api/libtbs.a

*** Warning: linker path does not have real file for library -lpthread.
*** I have the capability to make that library automatically link in when
*** you link to this library.  But I can only do this if you have a
*** shared version of the library, which you do not appear to have
*** because I did check the linker path looking for a file starting
*** with libpthread and none of the candidates passed a file format test
*** using a file magic. Last file checked: /usr/lib/libpthread.a
*** The inter-library dependencies that have been dropped here will be
*** automatically added whenever a program is linked with this library
*** or is declared to -dlopen it.

*** Since this library must not contain undefined symbols,
*** because either the platform does not support them or
*** it was explicitly requested with -no-undefined,
*** libtool will only create a static version of it.
  CCLD     examples/keygen/keyload.exe
  CCLD     examples/keygen/keygen.exe
  CCLD     examples/keygen/keyimport.exe
  CCLD     examples/nvram/store.exe
  CCLD     examples/nvram/read.exe
  CCLD     examples/native/native_test.exe
  CCLD     examples/wrap/wrap_test.exe
  CCLD     examples/bench/bench.exe
  CCLD     examples/tls/tls_client.exe
  CCLD     examples/tls/tls_client_notpm.exe
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client_notpm.o:tls_client_notpm.c:(.text+0xdf): undefined reference to `__imp_send'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client_notpm.o:tls_client_notpm.c:(.text+0x1f4): undefined reference to `__imp_recv'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client_notpm.o:tls_client_notpm.c:(.text+0x44b): undefined reference to `__imp_closesocket'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client_notpm.o:tls_client_notpm.c:(.text+0x463): undefined reference to `__imp_closesocket'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client_notpm.o:tls_client_notpm.c:(.text+0x52f): undefined reference to `__imp_WSAStartup'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client_notpm.o:tls_client_notpm.c:(.text+0x556): undefined reference to `__imp_htons'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client_notpm.o:tls_client_notpm.c:(.text+0x568): undefined reference to `__imp_gethostbyname'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client_notpm.o:tls_client_notpm.c:(.text+0x59a): undefined reference to `__imp_socket'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client_notpm.o:tls_client_notpm.c:(.text+0x5be): undefined reference to `__imp_connect'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client_notpm.o:tls_client_notpm.c:(.text+0x709): undefined reference to `__imp_inet_addr'
collect2.exe: error: ld returned 1 exit status
make[1]: *** [Makefile:1778: examples/tls/tls_client_notpm.exe] Error 1
make[1]: *** Waiting for unfinished jobs....
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client.o:tls_client.c:(.text+0xdf): undefined reference to `__imp_send'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client.o:tls_client.c:(.text+0x1f4): undefined reference to `__imp_recv'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client.o:tls_client.c:(.text+0x9aa): undefined reference to `__imp_closesocket'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client.o:tls_client.c:(.text+0x9c2): undefined reference to `__imp_closesocket'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client.o:tls_client.c:(.text+0xd5c): undefined reference to `__imp_WSAStartup'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client.o:tls_client.c:(.text+0xd8c): undefined reference to `__imp_htons'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client.o:tls_client.c:(.text+0xda1): undefined reference to `__imp_gethostbyname'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client.o:tls_client.c:(.text+0xdd6): undefined reference to `__imp_socket'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client.o:tls_client.c:(.text+0xdfa): undefined reference to `__imp_connect'
C:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.3.0/../../../../x86_64-w64-mingw32/bin/ld.exe: examples/tls/tls_client.o:tls_client.c:(.text+0x100e): undefined reference to `__imp_inet_addr'
collect2.exe: error: ld returned 1 exit status
make[1]: *** [Makefile:1772: examples/tls/tls_client.exe] Error 1
make[1]: Leaving directory '/home/Messias/wolftpm'
make: *** [Makefile:1340: all] Error 2

Share

Re: Windows TBS Error

Hi Messias,

I was able to reproduce the errors and have created a PR to address the initial error you reported. Thanks for the report.

I believe the new errors you are seeing may require you to rebuild and install wolfSSL if you wish to use `mingw64.exe`

Let me know if those address your build issues. Feel free to reach out to support@wolfssl.com if you have any questions or to discuss specific use-cases.

Cheers,
Jeff

Share

5 (edited by messias.filho Yesterday 07:20:58)

Re: Windows TBS Error

Hi Jeff,

thanks for your answer and solution. After the updates I could build wolfTPM with "winapi" and worked fine. Thank you!

Just some details aren't working, for example, in my use case I'm working with wolfTPM and libcurl and after these changes, I think there is a conflict between wolfTPM build for Windows and curl.

$ gcc curl_wolftpm_winapi_test.c tpm_io.c tpm_test_keys.c -lcurl -lwolfssl -lwolftpm -lcjson -lz -o curl_wolftpm_winapi_test
In file included from curl_wolftpm_winapi_test.c:13:
/usr/include/curl/curl.h:135:9: error: unknown type name ‘SOCKET’
  135 | typedef SOCKET curl_socket_t;

I don't know if this is the right post to discuss this error or I need to create another one.

Share

Re: Windows TBS Error

Hi Messias,

Happy to discuss here, or if you want to share anything private feel free to email support@wolfssl.com and reference this post and we can continue there.

Can you share the version of curl and the source for curl_wolftpm_winap_test.c?

Thanks,
Jeff

Share

7 (edited by messias.filho Yesterday 12:09:24)

Re: Windows TBS Error

Hi Jeff,

Currently, I am working with curl version 7.78.0 (https://curl.se/download.html) configured with wolfSSL. wolfTPM is configured to use Windows TBS. Here is the simplified code just for test purposes and better understanding. In this simple use case the TPM Properties need to be obtained, specifically in this example only the amount of PCRs is returned.

#include <wolftpm/tpm2.h>
#include <wolftpm/tpm2_wrap.h>

#include <stdio.h>
#include <stdlib.h>

#include <curl/curl.h>

#include "tpm_io.h"
#include "tpm_test.h"
#include "tpm_test_keys.h"

int sendPcrsQuantity(int pcrQuantity) {
    CURL* curl;
    CURLcode res;

    curl_global_init(CURL_GLOBAL_ALL);
    curl = curl_easy_init();

    char postBuffer[12];
    snprintf(postBuffer, 12, "pcrCount=%d", pcrQuantity);
    
    if (curl) {

        curl_easy_setopt(curl, CURLOPT_URL, "http://localhost:8080/pcrs");
        curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
        curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postBuffer);
        curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcrp/0.1");

        res = curl_easy_perform(curl);

        if (res != CURLE_OK){
            fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
            return -1;
        }

        curl_easy_cleanup(curl);
    }
    curl_global_cleanup();

    return 0;
}

int getTpmProperties(){
    WOLFTPM2_DEV dev;
    WOLFTPM2_CAPS caps;
    
    int rc = -1;
    
    int pcrCount = 0;

    void* userCtx = NULL;
    
    union {
        GetCapability_In cap;
        byte maxInput[MAX_COMMAND_SIZE];
    } cmdIn;

    union {
        GetCapability_Out cap;
        byte maxOutput[MAX_RESPONSE_SIZE];
    } cmdOut;
    
    TPML_TAGGED_TPM_PROPERTY* tpmProp;
    
    rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
    if (rc != TPM_RC_SUCCESS) {
        printf("wolfTPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
        return 0;
    }
    printf("wolfTPM2_Init: success\n");
    
    cmdIn.cap.capability = TPM_CAP_TPM_PROPERTIES;
    cmdIn.cap.property = TPM_PT_PCR_COUNT;
    cmdIn.cap.propertyCount = 1;
    rc = TPM2_GetCapability(&cmdIn.cap, &cmdOut.cap);
    if (rc != TPM_RC_SUCCESS) {
        printf("TPM2_GetCapability failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
        return -1;
    }
    tpmProp = &cmdOut.cap.capabilityData.data.tpmProperties;
    pcrCount = tpmProp->tpmProperty[0].value;
    printf("TPM2_GetCapability: success\n");
    printf("There are %d PCRs\n", pcrCount);
    
    rc = sendPcrsQuantity(pcrCount);
    if (rc != 0){
        printf("Error sending pcrs\n");
        return -1;
    }
    
    wolfTPM2_Shutdown(&dev, 0);
    wolfTPM2_Cleanup(&dev);
    
    return 0;
}

int main(void) {
    int rc = -1;
    
    rc = getTpmProperties();
    
    return rc;
}

Apparently, the problem happens after wolfTPM and curl header definitions. Even if I remove all the working code, leaving just the wolfTPM and curl headers, it doesn't compile. Or if I remove one of them and the associated code, the test works fine.

Thanks,
Messias

Share