Skip to content

Commit

Permalink
Add integration CI for tpm2-tools (#1487)
Browse files Browse the repository at this point in the history 
This builds upon the work we've done in c065ab2 and adds an
integration CI for tpm2-tools.
  • Loading branch information
@samuel40791765
samuel40791765 authored Mar 25, 2024
1 parent c8bdf89 commit d09d423
Show file tree
Hide file tree
Showing 3 changed files with 88 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/integrations.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
steps:
- name: Install OS Dependencies
run: |
sudo apt-get update && sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang autoconf-archive libcmocka0 libcmocka-dev procps iproute2 build-essential git pkg-config gcc libtool automake libssl-dev uthash-dev autoconf doxygen libjson-c-dev libini-config-dev libcurl4-openssl-dev uuid-dev libltdl-dev libusb-1.0-0-dev libftdi-dev
sudo apt-get update && sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang autoconf-archive libcmocka0 libcmocka-dev procps iproute2 build-essential git pkg-config gcc libtool automake libssl-dev uthash-dev autoconf doxygen libjson-c-dev libini-config-dev libcurl4-openssl-dev uuid-dev libltdl-dev libusb-1.0-0-dev libftdi-dev libglib2.0-dev pandoc
- uses: actions/checkout@v3
- name: Run integration build
run: |
Expand Down
40 changes: 39 additions & 1 deletion tests/ci/integration/run_tpm2_tss_integration.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ source tests/ci/common_posix_setup.sh
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
SCRATCH_FOLDER=${SYS_ROOT}/"TPM2_TSS_SCRATCH"
TPM2_TSS_SRC_FOLDER="${SCRATCH_FOLDER}/tpm2-tss"
TPM2_TSS_INSTALL_FOLDER="${SCRATCH_FOLDER}/tpm2-tss-install"
TPM2_ABRMD_SRC_FOLDER="${SCRATCH_FOLDER}/tpm2-abrmd"
TPM2_ABRMD_INSTALL_FOLDER="${SCRATCH_FOLDER}/tpm2-abrmd-install"
TPM2_TOOLS_SRC_FOLDER="${SCRATCH_FOLDER}/tpm2-tools"
AWS_LC_BUILD_FOLDER="${SCRATCH_FOLDER}/aws-lc-build"
AWS_LC_INSTALL_FOLDER="${SCRATCH_FOLDER}/aws-lc-install"
CURL_SRC_FOLDER="${SCRATCH_FOLDER}/curl"
Expand All @@ -46,15 +50,36 @@ function tpm2_tss_build() {
git apply "${SCRIPT_DIR}/tpm2_tss_patch/aws-lc-tpm2-tss.patch"
export PKG_CONFIG_PATH="${AWS_LC_INSTALL_FOLDER}/lib/pkgconfig:${CURL_INSTALL_FOLDER}/lib/pkgconfig"
/bin/sh ./bootstrap
./configure --enable-unit --with-crypto=ossl CFLAGS="-g -ggdb -O0 -I\"${AWS_LC_INSTALL_FOLDER}\"/include -I\"${CURL_INSTALL_FOLDER}\"/include -L\"${AWS_LC_INSTALL_FOLDER}\"/lib -L\"${CURL_INSTALL_FOLDER}\"/lib" LT_SYS_LIBRARY_PATH="${LD_LIBRARY_PATH}"
./configure --enable-unit --with-crypto=ossl --prefix="${TPM2_TSS_INSTALL_FOLDER}"
make -j "${NUM_CPU_THREADS}" all VERBOSE=1
make -j "${NUM_CPU_THREADS}" check VERBOSE=1
ldd "${TPM2_TSS_SRC_FOLDER}/test/unit/.libs/fapi-get-web-cert" | grep "${AWS_LC_INSTALL_FOLDER}/lib/libcrypto.so" || exit 1
make -j "${NUM_CPU_THREADS}" install
}

function tpm2_abrmd_build() {
export PKG_CONFIG_PATH="${AWS_LC_INSTALL_FOLDER}/lib/pkgconfig:${TPM2_TSS_INSTALL_FOLDER}/lib/pkgconfig"
/bin/sh ./bootstrap
./configure --enable-unit --with-crypto=ossl --prefix="${TPM2_ABRMD_INSTALL_FOLDER}"
make -j "${NUM_CPU_THREADS}" all VERBOSE=1
make -j "${NUM_CPU_THREADS}" check VERBOSE=1
make -j "${NUM_CPU_THREADS}" install
}

function tpm2_tools_build() {
git apply "${SCRIPT_DIR}/tpm2_tools_patch/aws-lc-tpm2-tools.patch"
export PKG_CONFIG_PATH="${AWS_LC_INSTALL_FOLDER}/lib/pkgconfig:${TPM2_TSS_INSTALL_FOLDER}/lib/pkgconfig:${TPM2_ABRMD_INSTALL_FOLDER}/lib/pkgconfig"
/bin/sh ./bootstrap
./configure --with-crypto=ossl
make -j "${NUM_CPU_THREADS}" all VERBOSE=1
make -j "${NUM_CPU_THREADS}" check VERBOSE=1
}

# Get latest curl and tpm2-tss
git clone https://github.com/curl/curl.git "${CURL_SRC_FOLDER}"
git clone https://github.com/tpm2-software/tpm2-tss.git "${TPM2_TSS_SRC_FOLDER}"
git clone https://github.com/tpm2-software/tpm2-abrmd.git "${TPM2_ABRMD_SRC_FOLDER}"
git clone https://github.com/tpm2-software/tpm2-tools.git "${TPM2_TOOLS_SRC_FOLDER}"
mkdir -p "${AWS_LC_BUILD_FOLDER}" "${AWS_LC_INSTALL_FOLDER}" "${CURL_BUILD_FOLDER}" "${CURL_INSTALL_FOLDER}"
ls

Expand All @@ -64,11 +89,24 @@ export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:-}:${AWS_LC_INSTALL_FOLDER}/lib/"
curl_build

export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:-}:${CURL_INSTALL_FOLDER}/lib/"
export CFLAGS="-g -ggdb -O0 -I\"${AWS_LC_INSTALL_FOLDER}\"/include -I\"${CURL_INSTALL_FOLDER}\"/include -L\"${AWS_LC_INSTALL_FOLDER}\"/lib -L\"${CURL_INSTALL_FOLDER}\"/lib" LT_SYS_LIBRARY_PATH="${LD_LIBRARY_PATH}"

pushd "${TPM2_TSS_SRC_FOLDER}"
tpm2_tss_build
popd

export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:-}:${TPM2_TSS_INSTALL_FOLDER}/lib/"

pushd "${TPM2_ABRMD_SRC_FOLDER}"
tpm2_abrmd_build
popd

export PATH="${PATH:-}:${TPM2_ABRMD_INSTALL_FOLDER}/sbin/"

pushd "${TPM2_TOOLS_SRC_FOLDER}"
tpm2_tools_build
popd

popd


48 changes: 48 additions & 0 deletions tests/ci/integration/tpm2_tools_patch/aws-lc-tpm2-tools.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
diff --git a/lib/tpm2_identity_util.c b/lib/tpm2_identity_util.c
index fbf1e938..2c6448d3 100644
--- a/lib/tpm2_identity_util.c
+++ b/lib/tpm2_identity_util.c
@@ -91,7 +91,7 @@ static bool share_secret_with_tpm2_rsa_public_key(TPM2B_DIGEST *protection_seed,
goto error;
}

- rc = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, newlabel, label_len);
+ rc = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, (uint8_t*)newlabel, label_len);
if (rc <= 0) {
LOG_ERR("Failed EVP_PKEY_CTX_set0_rsa_oaep_label");
free(newlabel);
diff --git a/lib/tpm2_openssl.c b/lib/tpm2_openssl.c
index 516d8b63..48d75c7b 100644
--- a/lib/tpm2_openssl.c
+++ b/lib/tpm2_openssl.c
@@ -36,7 +36,7 @@ int tpm2_openssl_halgid_from_tpmhalg(TPMI_ALG_HASH algorithm) {
return NID_sha384;
case TPM2_ALG_SHA512:
return NID_sha512;
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && HAVE_EVP_SM3
case TPM2_ALG_SM3_256:
return NID_sm3;
#endif
@@ -666,7 +666,7 @@ static const struct {
{ TPM2_ECC_NIST_P256, NID_X9_62_prime256v1 },
{ TPM2_ECC_NIST_P384, NID_secp384r1 },
{ TPM2_ECC_NIST_P521, NID_secp521r1 },
-#if OPENSSL_VERSION_NUMBER >= 0x10101003L
+#if OPENSSL_VERSION_NUMBER >= 0x10101003L && HAVE_EVP_SM3
{ TPM2_ECC_SM2_P256, NID_sm2 },
#endif
/*
diff --git a/tools/misc/tpm2_checkquote.c b/tools/misc/tpm2_checkquote.c
index e5f8ef41..10847523 100644
--- a/tools/misc/tpm2_checkquote.c
+++ b/tools/misc/tpm2_checkquote.c
@@ -80,7 +80,7 @@ static bool verify(void) {
return false;
}

-#if OPENSSL_VERSION_NUMBER >= 0x10101003L
+#if OPENSSL_VERSION_NUMBER >= 0x10101003L && HAVE_EVP_SM3
#if OPENSSL_VERSION_MAJOR < 3
if (ctx.halg == TPM2_ALG_SM3_256) {
ret = EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);

0 comments on commit d09d423

Please sign in to comment.