File Reorginization and review feedback

  - Moved spdm/src/*.c src/spdm/*.c (11 source files)
  - Moved spdm/wolfspdm/*.h wolftpm/spdm/*.h (7 public headers)
  - Moved spdm/src/spdm_internal.h src/spdm/spdm_internal.h
  - Moved spdm/test/unit_test.c src/spdm/unit_test.c
  - Moved spdm/README.md src/spdm/README.md
  - Deleted spdm/include.am, created src/spdm/include.am
  - Renamed all #include <wolfspdm/...> #include <wolftpm/spdm/...> across all files
  - Added SPDM headers to wolftpm/include.am (as nobase_include_HEADERS)
  - Updated Makefile.am: include spdm/include.am include src/spdm/include.am
  - Removed -I/spdm from configure.ac and examples/spdm/include.am (no longer needed

Author: aidangarske

.github/workflows/make-test-swtpm.yml

@@ -80,10 +80,10 @@ jobs:
             wolfssl_config: --enable-wolftpm --enable-ecc --enable-sha384 --enable-aesgcm --enable-hkdf --enable-sp
             wolftpm_config: --enable-spdm --enable-nuvoton
             needs_swtpm: false
-          # SPDM dynamic memory
-          - name: spdm-dynamic-mem
+          # SPDM small stack (heap-allocated SPDM context)
+          - name: spdm-smallstack
             wolfssl_config: --enable-wolftpm --enable-ecc --enable-sha384 --enable-aesgcm --enable-hkdf --enable-sp
-            wolftpm_config: --enable-spdm --enable-nuvoton --enable-spdm-dynamic-mem
+            wolftpm_config: --enable-spdm --enable-nuvoton --enable-smallstack
             needs_swtpm: false
           # SPDM debug
           - name: spdm-debug
@@ -100,10 +100,10 @@ jobs:
             wolfssl_config: --enable-wolftpm --enable-ecc --enable-sha384 --enable-aesgcm --enable-hkdf --enable-sp
             wolftpm_config: --enable-spdm --enable-nations --enable-debug
             needs_swtpm: false
-          # SPDM + Nations dynamic memory
-          - name: spdm-nations-dynamic-mem
+          # SPDM + Nations small stack (heap-allocated SPDM context)
+          - name: spdm-nations-smallstack
             wolfssl_config: --enable-wolftpm --enable-ecc --enable-sha384 --enable-aesgcm --enable-hkdf --enable-sp
-            wolftpm_config: --enable-spdm --enable-nations --enable-spdm-dynamic-mem
+            wolftpm_config: --enable-spdm --enable-nations --enable-smallstack
             needs_swtpm: false
           # Microchip
           - name: microchip

configure.ac

@@ -486,13 +486,6 @@ AC_ARG_WITH([wolfspdm],
     [AS_HELP_STRING([--with-wolfspdm=PATH],[DEPRECATED: Use --enable-spdm instead.])],
     [AC_MSG_ERROR([--with-wolfspdm is no longer needed. Use --enable-spdm instead.])])
 
-# SPDM dynamic memory (default: static/zero-malloc)
-AC_ARG_ENABLE([spdm-dynamic-mem],
-    [AS_HELP_STRING([--enable-spdm-dynamic-mem],[SPDM: Use heap allocation for context (default: static)])],
-    [ ENABLED_SPDM_DYNMEM=$enableval ],
-    [ ENABLED_SPDM_DYNMEM=no ]
-    )
-
 if test "x$ENABLED_SPDM" = "xyes"
 then
     AC_DEFINE([WOLFTPM_SPDM], [1], [Enable SPDM support])
@@ -511,11 +504,6 @@ then
         AC_MSG_NOTICE([Nations Technology SPDM vendor commands enabled])
     fi
 
-    if test "x$ENABLED_SPDM_DYNMEM" = "xyes"
-    then
-        AC_DEFINE([WOLFSPDM_DYNAMIC_MEMORY], [1], [SPDM: Enable dynamic memory allocation])
-    fi
-
     if test "x$ax_enable_debug" != "xno"
     then
         AC_DEFINE([WOLFSPDM_DEBUG], [1], [SPDM: Enable debug output])
@@ -689,6 +677,3 @@ echo "   * Nations Tech NS350:        $ENABLED_NATIONS"
 echo "   * Runtime Module Detection:  $ENABLED_AUTODETECT"
 echo "   * Firmware Upgrade Support:  $ENABLED_FIRMWARE"
 echo "   * SPDM Support:              $ENABLED_SPDM"
-if test "x$ENABLED_SPDM" = "xyes"; then
-    echo "   * SPDM Dynamic Mem:          $ENABLED_SPDM_DYNMEM"
-fi

src/spdm/README.md

@@ -184,7 +184,7 @@ make
 | `--enable-nuvoton`          | Enable Nuvoton TPM hardware support |
 | `--enable-nations`          | Enable Nations NS350 hardware support |
 | `--enable-debug`            | Debug output with verbose SPDM tracing |
-| `--enable-spdm-dynamic-mem` | Heap-allocated SPDM context (default: static ~32 KB) |
+| `--enable-smallstack`       | Heap-allocated SPDM context (default: static ~32 KB) |
 
 ## Usage
 
@@ -418,7 +418,7 @@ intercepted and routed through SPDM when a session is active.
 **Static (default):** Zero heap allocation. SPDM context uses ~32 KB of
 static memory, ideal for embedded environments.
 
-**Dynamic (`--enable-spdm-dynamic-mem`):** Context is heap-allocated.
+**Small stack (`--enable-smallstack`):** Context is heap-allocated.
 Useful on platforms with small stacks.
 
 ## wolfSPDM API

src/spdm/spdm_context.c

@@ -19,6 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifdef WOLFTPM_SPDM
+
 #include "spdm_internal.h"
 #include <stdarg.h>
 #include <stdio.h>
@@ -53,7 +59,7 @@ int wolfSPDM_Init(WOLFSPDM_CTX* ctx)
     return WOLFSPDM_SUCCESS;
 }
 
-#ifdef WOLFSPDM_DYNAMIC_MEMORY
+#ifdef WOLFTPM_SMALL_STACK
 WOLFSPDM_CTX* wolfSPDM_New(void)
 {
     WOLFSPDM_CTX* ctx;
@@ -72,18 +78,17 @@ WOLFSPDM_CTX* wolfSPDM_New(void)
 
     return ctx;
 }
-#endif /* WOLFSPDM_DYNAMIC_MEMORY */
+#endif /* WOLFTPM_SMALL_STACK */
 
 void wolfSPDM_Free(WOLFSPDM_CTX* ctx)
 {
+    int wasDynamic;
+
     if (ctx == NULL) {
         return;
     }
 
-#ifdef WOLFSPDM_DYNAMIC_MEMORY
-    {
-        int wasDynamic = ctx->flags.isDynamic;
-#endif
+    wasDynamic = ctx->flags.isDynamic;
 
     /* Free RNG */
     if (ctx->flags.rngInitialized) {
@@ -98,11 +103,12 @@ void wolfSPDM_Free(WOLFSPDM_CTX* ctx)
     /* Zero entire struct (covers all sensitive key material) */
     wc_ForceZero(ctx, sizeof(WOLFSPDM_CTX));
 
-#ifdef WOLFSPDM_DYNAMIC_MEMORY
-        if (wasDynamic) {
-            XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+#ifdef WOLFTPM_SMALL_STACK
+    if (wasDynamic) {
+        XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
+#else
+    (void)wasDynamic;
 #endif
 }
 
@@ -547,3 +553,5 @@ const char* wolfSPDM_GetErrorString(int error)
         default:                          return "Unknown error";
     }
 }
+
+#endif /* WOLFTPM_SPDM */

src/spdm/spdm_crypto.c

@@ -19,6 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifdef WOLFTPM_SPDM
+
 #include "spdm_internal.h"
 
 /* Left-pad a buffer in-place to targetSz with leading zeros */
@@ -346,3 +352,5 @@ int wolfSPDM_SignHash(WOLFSPDM_CTX* ctx, const byte* hash, word32 hashSz,
 
     return (rc == 0) ? WOLFSPDM_SUCCESS : WOLFSPDM_E_CRYPTO_FAIL;
 }
+
+#endif /* WOLFTPM_SPDM */

src/spdm/spdm_internal.h

@@ -72,17 +72,6 @@ struct WOLFSPDM_CTX {
     /* State machine */
     int state;
 
-    /* Boolean flag bit field */
-    struct {
-        unsigned int debug              : 1;
-        unsigned int initialized        : 1;
-        unsigned int isDynamic          : 1;  /* Set by wolfSPDM_New(), checked by Free */
-        unsigned int rngInitialized     : 1;
-        unsigned int ephemeralKeyInit   : 1;
-        unsigned int hasRspPubKey       : 1;
-        unsigned int hasReqKeyPair      : 1;
-    } flags;
-
     /* Protocol mode */
     WOLFSPDM_MODE mode;
 
@@ -166,6 +155,16 @@ struct WOLFSPDM_CTX {
     word32 reqPrivKeyLen;
     byte reqPubKey[WOLFSPDM_ECC_POINT_SIZE];
 
+    /* Boolean flag bit field (at end for better struct packing) */
+    struct {
+        unsigned int debug              : 1;
+        unsigned int initialized        : 1;
+        unsigned int isDynamic          : 1;  /* Set by wolfSPDM_New(), checked by Free */
+        unsigned int rngInitialized     : 1;
+        unsigned int ephemeralKeyInit   : 1;
+        unsigned int hasRspPubKey       : 1;
+        unsigned int hasReqKeyPair      : 1;
+    } flags;
 };
 
 /* ----- Byte-Order Helpers ----- */
@@ -276,78 +275,78 @@ static WC_INLINE void wolfSPDM_BuildIV(byte* iv, const byte* baseIv,
 
 /* ----- Internal Function Declarations - Transcript ----- */
 
-WOLFSPDM_API void wolfSPDM_TranscriptReset(WOLFSPDM_CTX* ctx);
-WOLFSPDM_API int wolfSPDM_TranscriptAdd(WOLFSPDM_CTX* ctx, const byte* data, word32 len);
-WOLFSPDM_API int wolfSPDM_TranscriptHash(WOLFSPDM_CTX* ctx, byte* hash);
-WOLFSPDM_API int wolfSPDM_Sha384Hash(byte* out,
+WOLFTPM_LOCAL void wolfSPDM_TranscriptReset(WOLFSPDM_CTX* ctx);
+WOLFTPM_LOCAL int wolfSPDM_TranscriptAdd(WOLFSPDM_CTX* ctx, const byte* data, word32 len);
+WOLFTPM_LOCAL int wolfSPDM_TranscriptHash(WOLFSPDM_CTX* ctx, byte* hash);
+WOLFTPM_LOCAL int wolfSPDM_Sha384Hash(byte* out,
     const byte* d1, word32 d1Sz,
     const byte* d2, word32 d2Sz,
     const byte* d3, word32 d3Sz);
 
 /* ----- Internal Function Declarations - Crypto ----- */
 
-WOLFSPDM_API int wolfSPDM_GenerateEphemeralKey(WOLFSPDM_CTX* ctx);
-WOLFSPDM_API int wolfSPDM_ExportEphemeralPubKey(WOLFSPDM_CTX* ctx,
+WOLFTPM_LOCAL int wolfSPDM_GenerateEphemeralKey(WOLFSPDM_CTX* ctx);
+WOLFTPM_LOCAL int wolfSPDM_ExportEphemeralPubKey(WOLFSPDM_CTX* ctx,
     byte* pubKeyX, word32* pubKeyXSz,
     byte* pubKeyY, word32* pubKeyYSz);
-WOLFSPDM_API int wolfSPDM_ComputeSharedSecret(WOLFSPDM_CTX* ctx,
+WOLFTPM_LOCAL int wolfSPDM_ComputeSharedSecret(WOLFSPDM_CTX* ctx,
     const byte* peerPubKeyX, const byte* peerPubKeyY);
-WOLFSPDM_API int wolfSPDM_GetRandom(WOLFSPDM_CTX* ctx, byte* out, word32 outSz);
-WOLFSPDM_API int wolfSPDM_SignHash(WOLFSPDM_CTX* ctx, const byte* hash, word32 hashSz,
+WOLFTPM_LOCAL int wolfSPDM_GetRandom(WOLFSPDM_CTX* ctx, byte* out, word32 outSz);
+WOLFTPM_LOCAL int wolfSPDM_SignHash(WOLFSPDM_CTX* ctx, const byte* hash, word32 hashSz,
     byte* sig, word32* sigSz);
-WOLFSPDM_API int wolfSPDM_VerifySignature(WOLFSPDM_CTX* ctx,
+WOLFTPM_LOCAL int wolfSPDM_VerifySignature(WOLFSPDM_CTX* ctx,
     const byte* hash, word32 hashSz,
     const byte* sig, word32 sigSz);
 
 /* ----- Internal Function Declarations - Key Derivation ----- */
 
-WOLFSPDM_API int wolfSPDM_DeriveHandshakeKeys(WOLFSPDM_CTX* ctx, const byte* th1Hash);
-WOLFSPDM_API int wolfSPDM_DeriveFromHandshakeSecret(WOLFSPDM_CTX* ctx, const byte* th1Hash);
-WOLFSPDM_API int wolfSPDM_DeriveAppDataKeys(WOLFSPDM_CTX* ctx);
-WOLFSPDM_API int wolfSPDM_HkdfExpandLabel(byte spdmVersion, const byte* secret, word32 secretSz,
+WOLFTPM_LOCAL int wolfSPDM_DeriveHandshakeKeys(WOLFSPDM_CTX* ctx, const byte* th1Hash);
+WOLFTPM_LOCAL int wolfSPDM_DeriveFromHandshakeSecret(WOLFSPDM_CTX* ctx, const byte* th1Hash);
+WOLFTPM_LOCAL int wolfSPDM_DeriveAppDataKeys(WOLFSPDM_CTX* ctx);
+WOLFTPM_LOCAL int wolfSPDM_HkdfExpandLabel(byte spdmVersion, const byte* secret, word32 secretSz,
     const char* label, const byte* context, word32 contextSz,
     byte* out, word32 outSz);
-WOLFSPDM_API int wolfSPDM_ComputeVerifyData(const byte* finishedKey, const byte* thHash,
+WOLFTPM_LOCAL int wolfSPDM_ComputeVerifyData(const byte* finishedKey, const byte* thHash,
     byte* verifyData);
 
 /* ----- Internal Function Declarations - Message Building ----- */
 
-WOLFSPDM_API int wolfSPDM_BuildGetVersion(byte* buf, word32* bufSz);
-WOLFSPDM_API int wolfSPDM_BuildKeyExchange(WOLFSPDM_CTX* ctx, byte* buf, word32* bufSz);
-WOLFSPDM_API int wolfSPDM_BuildFinish(WOLFSPDM_CTX* ctx, byte* buf, word32* bufSz);
-WOLFSPDM_API int wolfSPDM_BuildEndSession(WOLFSPDM_CTX* ctx, byte* buf, word32* bufSz);
+WOLFTPM_LOCAL int wolfSPDM_BuildGetVersion(byte* buf, word32* bufSz);
+WOLFTPM_LOCAL int wolfSPDM_BuildKeyExchange(WOLFSPDM_CTX* ctx, byte* buf, word32* bufSz);
+WOLFTPM_LOCAL int wolfSPDM_BuildFinish(WOLFSPDM_CTX* ctx, byte* buf, word32* bufSz);
+WOLFTPM_LOCAL int wolfSPDM_BuildEndSession(WOLFSPDM_CTX* ctx, byte* buf, word32* bufSz);
 /* PSK message builders/parsers declared in spdm_psk.h */
 
 /* ----- Internal Function Declarations - Message Parsing ----- */
 
-WOLFSPDM_API int wolfSPDM_ParseVersion(WOLFSPDM_CTX* ctx, const byte* buf, word32 bufSz);
-WOLFSPDM_API int wolfSPDM_ParseKeyExchangeRsp(WOLFSPDM_CTX* ctx, const byte* buf, word32 bufSz);
-WOLFSPDM_API int wolfSPDM_ParseFinishRsp(WOLFSPDM_CTX* ctx, const byte* buf, word32 bufSz);
-WOLFSPDM_API int wolfSPDM_CheckError(const byte* buf, word32 bufSz, int* errorCode);
+WOLFTPM_LOCAL int wolfSPDM_ParseVersion(WOLFSPDM_CTX* ctx, const byte* buf, word32 bufSz);
+WOLFTPM_LOCAL int wolfSPDM_ParseKeyExchangeRsp(WOLFSPDM_CTX* ctx, const byte* buf, word32 bufSz);
+WOLFTPM_LOCAL int wolfSPDM_ParseFinishRsp(WOLFSPDM_CTX* ctx, const byte* buf, word32 bufSz);
+WOLFTPM_LOCAL int wolfSPDM_CheckError(const byte* buf, word32 bufSz, int* errorCode);
 
 /* ----- Internal Function Declarations - Secured Messaging ----- */
 
-WOLFSPDM_API int wolfSPDM_EncryptInternal(WOLFSPDM_CTX* ctx,
+WOLFTPM_LOCAL int wolfSPDM_EncryptInternal(WOLFSPDM_CTX* ctx,
     const byte* plain, word32 plainSz,
     byte* enc, word32* encSz);
-WOLFSPDM_API int wolfSPDM_DecryptInternal(WOLFSPDM_CTX* ctx,
+WOLFTPM_LOCAL int wolfSPDM_DecryptInternal(WOLFSPDM_CTX* ctx,
     const byte* enc, word32 encSz,
     byte* plain, word32* plainSz);
 
 /* ----- Internal Utility Functions ----- */
 
-WOLFSPDM_API int wolfSPDM_SendReceive(WOLFSPDM_CTX* ctx,
+WOLFTPM_LOCAL int wolfSPDM_SendReceive(WOLFSPDM_CTX* ctx,
     const byte* txBuf, word32 txSz,
     byte* rxBuf, word32* rxSz);
 
 #ifdef DEBUG_WOLFTPM
-WOLFSPDM_API void wolfSPDM_DebugPrint(WOLFSPDM_CTX* ctx, const char* fmt, ...)
+WOLFTPM_LOCAL void wolfSPDM_DebugPrint(WOLFSPDM_CTX* ctx, const char* fmt, ...)
 #ifdef __GNUC__
     __attribute__((format(printf, 2, 3)))
 #endif
     ;
 
-WOLFSPDM_API void wolfSPDM_DebugHex(WOLFSPDM_CTX* ctx, const char* label,
+WOLFTPM_LOCAL void wolfSPDM_DebugHex(WOLFSPDM_CTX* ctx, const char* label,
     const byte* data, word32 len);
 #else
 #define wolfSPDM_DebugPrint(ctx, fmt, ...) do { (void)(ctx); (void)fmt; } while(0)

src/spdm/spdm_kdf.c

@@ -19,6 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifdef WOLFTPM_SPDM
+
 #include "spdm_internal.h"
 
 /* SPDM key derivation (DSP0277): HKDF with 
@@ -262,3 +268,5 @@ int wolfSPDM_DeriveAppDataKeys(WOLFSPDM_CTX* ctx)
 
     return rc;
 }
+
+#endif /* WOLFTPM_SPDM */

src/spdm/spdm_msg.c

@@ -19,6 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifdef WOLFTPM_SPDM
+
 #include "spdm_internal.h"
 
 int wolfSPDM_BuildGetVersion(byte* buf, word32* bufSz)
@@ -539,3 +545,5 @@ int wolfSPDM_ParseFinishRsp(WOLFSPDM_CTX* ctx, const byte* buf, word32 bufSz)
 }
 
 /* PSK message builders/parsers moved to spdm_psk.c */
+
+#endif /* WOLFTPM_SPDM */

src/spdm/spdm_nations.c

@@ -19,6 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifdef WOLFTPM_SPDM
+
 /* Nations Technology NS350 SPDM Functions
  *
  * PSK-mode vendor commands and PSK connection flow.
@@ -172,3 +178,5 @@ int wolfSPDM_Nations_PskClearWithVCA(WOLFSPDM_CTX* ctx,
  * wolfSPDM_ConnectNationsPsk is a backward-compat alias in spdm_psk.h. */
 
 #endif /* WOLFSPDM_NATIONS */
+
+#endif /* WOLFTPM_SPDM */

src/spdm/spdm_nuvoton.c

@@ -19,6 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifdef WOLFTPM_SPDM
+
 /* Nuvoton-specific SPDM functions (GetStatus, SetOnlyMode). */
 
 #include "spdm_internal.h"
@@ -110,3 +116,5 @@ int wolfSPDM_Nuvoton_SetOnlyMode(
 }
 
 #endif /* WOLFSPDM_NUVOTON */
+
+#endif /* WOLFTPM_SPDM */