Skip to content
TPM SSH Test

wolfSSH support for using TPM based key for authentication #14

Sign in to view logs

wolfSSH support for using TPM based key for authentication

wolfSSH support for using TPM based key for authentication #14

Workflow file for this run

.github/workflows/tpm-ssh.yml at a1617c7
name: TPM SSH Test
on:
push:
branches: [ '*' ]
pull_request:
branches: [ '*' ]
jobs:
test-tpm-ssh:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
path: wolfssh
# Clone dependencies
- name: Clone wolfSSL
uses: actions/checkout@v4
with:
repository: wolfSSL/wolfssl
path: wolfssl
- name: Clone wolfTPM
uses: actions/checkout@v4
with:
repository: wolfSSL/wolftpm
path: wolftpm
# Install dependencies
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install -y libtool automake autoconf
sudo apt-get install -y build-essential git autoconf-archive \
libcmocka-dev libssl-dev uthash-dev libglib2.0-dev \
tpm2-tools openssh-client
# Clone, build, and start TPM Simulator
- name: Clone and Build TPM Simulator
run: |
git clone https://github.com/kgoldman/ibmswtpm2
cd ibmswtpm2/src
make
./tpm_server &
sleep 2
cd ../..
# Build and install wolfSSL
- name: Build wolfSSL
run: |
cd wolfssl
./autogen.sh
./configure --enable-wolftpm --enable-wolfssh
make
sudo make install
sudo ldconfig
cd ..
# Build and install wolfTPM
- name: Build wolfTPM
run: |
cd wolftpm
./autogen.sh
./configure --enable-swtpm
make
sudo make install
sudo ldconfig
cd ..
# Build wolfSSH
- name: Build wolfSSH
run: |
cd wolfssh
./autogen.sh
./configure --enable-tpm
make
sudo make install
sudo ldconfig
cd ..
# Test TPM SSH Default Password
- name: Test TPM SSH Default Password
run: |
# Generate key with default password
cd wolftpm
echo "Generating key..."
./examples/keygen/keygen keyblob.bin -rsa -t -pem -eh || { echo "Keygen failed"; exit 1; }
# Convert key to SSH format
echo "Converting to SSH key format..."
ssh-keygen -f key.pem -i -m PKCS8 > ../wolfssh/key.ssh || { echo "SSH keygen failed"; exit 1; }
cd ..
# Start echoserver and wait for it to be ready
echo "Starting echoserver..."
cd wolfssh
./examples/echoserver/echoserver -1 -s key.ssh & || { echo "Echoserver failed to start"; exit 1; }
echo "Echoserver started with PID: $!"
sleep 2
cd ..
# Test client connection with default password
echo "Testing client connection..."
cd wolfssh
./examples/client/client -i ../wolftpm/keyblob.bin -u hansel -K ThisIsMyKeyAuth || { echo "Client connection failed"; exit 1; }
cd ..
# Kill the server and simulator and restart them
- name: Kill server and simulator and restart
run: |
echo "Killing server and simulator..."
pkill -f tpm_server
sleep 2 # Wait for the server to be killed
echo "Restarting server and simulator..."
cd ibmswtpm2/src
./tpm_server &
sleep 2 # Wait for the server to be restarted
cd ../..
# Test the TPM SSH Custom Password
- name: Test TPM SSH Custom Password
run: |
# Test with custom password
cd wolftpm
echo "Generating key with custom password..."
./examples/keygen/keygen keyblob2.bin -rsa -t -pem -eh -auth=custompassword || { echo "Keygen failed"; exit 1; }
# Convert key to SSH format
echo "Converting to SSH key format..."
ssh-keygen -f key.pem -i -m PKCS8 > ../wolfssh/key.ssh || { echo "SSH keygen failed"; exit 1; }
cd ..
# Start echoserver and wait for it to be ready
echo "Starting echoserver..."
cd wolfssh
./examples/echoserver/echoserver -1 -s key.ssh & || { echo "Echoserver failed to start"; exit 1; }
echo "Echoserver started with PID: $!"
sleep 2
cd ..
# Test with custom password
echo "Testing client connection with custom password..."
cd wolfssh
./examples/client/client -i ../wolftpm/keyblob2.bin -u hansel -K custompassword || { echo "Client connection failed"; exit 1; }
cd ..
# Cleanup
echo "Cleaning up..."
pkill -f tpm_server
sleep 2
# Archive artifacts for debugging
- name: Archive test artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: test-artifacts
path: |
wolfssh/keyblob.bin
wolfssh/keyblob2.bin
wolfssh/key.pem
wolfssh/key.ssh