-
Notifications
You must be signed in to change notification settings - Fork 104
143 lines (123 loc) · 3.47 KB
/
tpm-ssh.yml
File metadata and controls
143 lines (123 loc) · 3.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: TPM SSH Test
on:
push:
branches: [ '*' ]
pull_request:
branches: [ '*' ]
jobs:
test-tpm-ssh:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
path: wolfssh
# Clone dependencies
- name: Clone wolfSSL
uses: actions/checkout@v4
with:
repository: wolfSSL/wolfssl
path: wolfssl
- name: Clone wolfTPM
uses: actions/checkout@v4
with:
repository: wolfSSL/wolftpm
path: wolftpm
# Install dependencies
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install -y libtool automake autoconf
sudo apt-get install -y build-essential git autoconf-archive \
libcmocka-dev libssl-dev uthash-dev libglib2.0-dev \
tpm2-tools openssh-client
# Clone, build, and start TPM Simulator
- name: Clone and Build TPM Simulator
run: |
git clone https://github.com/kgoldman/ibmswtpm2
cd ibmswtpm2/src
make
./tpm_server &
sleep 2
cd ../..
# Build and install wolfSSL
- name: Build wolfSSL
run: |
cd wolfssl
./autogen.sh
./configure --enable-wolftpm --enable-wolfssh
make
sudo make install
sudo ldconfig
cd ..
# Build and install wolfTPM
- name: Build wolfTPM
run: |
cd wolftpm
./autogen.sh
./configure --enable-swtpm
make
sudo make install
sudo ldconfig
cd ..
# Build wolfSSH
- name: Build wolfSSH
run: |
cd wolfssh
./autogen.sh
./configure --enable-tpm
make
sudo make install
sudo ldconfig
cd ..
# Test TPM SSH Default Password
- name: Test TPM SSH Default Password
run: |
# Generate key with default password
cd wolftpm
./examples/keygen/keygen keyblob.bin -rsa -t -pem -eh
# Convert key to SSH format
ssh-keygen -f key.pem -i -m PKCS8 > ../wolfssh/key.ssh
cd ..
# Start echoserver and wait for it to be ready
cd wolfssh
./examples/echoserver/echoserver -1 -s key.ssh &
echo "Echoserver started with PID: $!"
sleep 2
cd ..
# Test client connection with default password
cd wolfssh
./examples/client/client -i ../wolftpm/keyblob.bin -u hansel -K ThisIsMyKeyAuth
cd ..
# Test the TPM SSH Custom Password
- name: Test TPM SSH Custom Password
run: |
# Test with custom password
cd wolftpm
./examples/keygen/keygen keyblob2.bin -rsa -t -pem -eh -auth=custompassword
# Convert key to SSH format
ssh-keygen -f key.pem -i -m PKCS8 > ../wolfssh/key.ssh
cd ..
# Start echoserver and wait for it to be ready
cd wolfssh
./examples/echoserver/echoserver -1 -s key.ssh &
echo "Echoserver started with PID: $!"
sleep 2
cd ..
# Test with custom password
cd wolfssh
./examples/client/client -i ../wolftpm/keyblob2.bin -u hansel -K custompassword
cd ..
# Cleanup
pkill -f tpm_server
sleep 2
# Archive artifacts for debugging
- name: Archive test artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: test-artifacts
path: |
wolftpm/keyblob.bin
wolftpm/keyblob2.bin
wolftpm/key.pem
wolfssh/key.ssh