diff options
author | Jonas Witschel | 2019-09-17 01:31:13 +0200 |
---|---|---|
committer | Jonas Witschel | 2019-09-17 01:31:13 +0200 |
commit | 5d8abcd594267568d6aea12f2db4c444469e569d (patch) | |
tree | e3be10489e02d30e8a747ebe60a42add3d57c136 | |
parent | cb14045efeb3189824a611a169a8c4fea6a78a52 (diff) | |
download | aur-5d8abcd594267568d6aea12f2db4c444469e569d.tar.gz |
upgpkg: tpm2-tss-engine 1.0.1-2
Update tests for tpm2-tools 4.0, now available in [community].
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 14 | ||||
-rw-r--r-- | tpm2-tss-engine-1.0.1-tpm2-tools-4.0.patch | 159 |
3 files changed, 173 insertions, 4 deletions
@@ -1,7 +1,7 @@ pkgbase = tpm2-tss-engine pkgdesc = OpenSSL engine for Trusted Platform Module 2.0 devices pkgver = 1.0.1 - pkgrel = 1 + pkgrel = 2 url = https://github.com/tpm2-software/tpm2-tss-engine arch = x86_64 license = BSD @@ -14,10 +14,12 @@ pkgbase = tpm2-tss-engine source = https://github.com/tpm2-software/tpm2-tss-engine/releases/download/v1.0.1/tpm2-tss-engine-1.0.1.tar.gz source = https://github.com/tpm2-software/tpm2-tss-engine/releases/download/v1.0.1/tpm2-tss-engine-1.0.1.tar.gz.asc source = tpm2-tss-engine_check.sh + source = tpm2-tss-engine-1.0.1-tpm2-tools-4.0.patch validpgpkeys = D6B4D8BAC7E0CC97DCD4AC7272E88B53F7A95D84 sha512sums = 106fc6aadf0b4b27c3b38be596356aa59b4b76ec1602e8c5564aec6b4be7e2b5d6077006ee13d41e58402255b879aadaa966c758b5b326ae32742007ce2ef238 sha512sums = SKIP sha512sums = 77d0d1789376e76b1f357edea59e5cd0953cfcf33c35069da6c4092c43e028dfb1e1593e3c85456e590f9da8252701519a06a5eb94adf8501cf4e5f21cc92cf1 + sha512sums = bf73ef8834fc92c1a85b590e0dd69e9d0a465533e631768652fdd0e316f590fa5a16fdcc7faf9af360b6b05a508d904f3657e7c476c136b2000e3374e2a3606d pkgname = tpm2-tss-engine @@ -1,7 +1,7 @@ # Maintainer: Jonas Witschel <diabonas at gmx dot de> pkgname=tpm2-tss-engine pkgver=1.0.1 -pkgrel=1 +pkgrel=2 pkgdesc='OpenSSL engine for Trusted Platform Module 2.0 devices' arch=('x86_64') url='https://github.com/tpm2-software/tpm2-tss-engine' @@ -9,12 +9,20 @@ license=('BSD') depends=('openssl' 'tpm2-tss') checkdepends=('cmocka' 'expect' 'ibm-sw-tpm2' 'tpm2-tools') source=("$url/releases/download/v$pkgver/$pkgname-$pkgver.tar.gz"{,.asc} - 'tpm2-tss-engine_check.sh') + 'tpm2-tss-engine_check.sh' + 'tpm2-tss-engine-1.0.1-tpm2-tools-4.0.patch') sha512sums=('106fc6aadf0b4b27c3b38be596356aa59b4b76ec1602e8c5564aec6b4be7e2b5d6077006ee13d41e58402255b879aadaa966c758b5b326ae32742007ce2ef238' 'SKIP' - '77d0d1789376e76b1f357edea59e5cd0953cfcf33c35069da6c4092c43e028dfb1e1593e3c85456e590f9da8252701519a06a5eb94adf8501cf4e5f21cc92cf1') + '77d0d1789376e76b1f357edea59e5cd0953cfcf33c35069da6c4092c43e028dfb1e1593e3c85456e590f9da8252701519a06a5eb94adf8501cf4e5f21cc92cf1' + 'bf73ef8834fc92c1a85b590e0dd69e9d0a465533e631768652fdd0e316f590fa5a16fdcc7faf9af360b6b05a508d904f3657e7c476c136b2000e3374e2a3606d') validpgpkeys=('D6B4D8BAC7E0CC97DCD4AC7272E88B53F7A95D84') # Andreas Fuchs +prepare() { + cd "$pkgname-$pkgver" + # Use tpm2-tools 4.0 for tests (backport of GitHub PR #142) + patch --strip=1 --input="$srcdir/tpm2-tss-engine-1.0.1-tpm2-tools-4.0.patch" +} + build() { cd "$pkgname-$pkgver" (( CHECKFUNC )) && _opts=('--enable-unit' '--enable-integration') diff --git a/tpm2-tss-engine-1.0.1-tpm2-tools-4.0.patch b/tpm2-tss-engine-1.0.1-tpm2-tools-4.0.patch new file mode 100644 index 000000000000..453ed4794757 --- /dev/null +++ b/tpm2-tss-engine-1.0.1-tpm2-tools-4.0.patch @@ -0,0 +1,159 @@ +From 2baa572d28c826837d94114acf8e894030c65d67 Mon Sep 17 00:00:00 2001 +From: Jonas Witschel <diabonas@gmx.de> +Date: Sun, 25 Aug 2019 00:18:03 +0200 +Subject: [PATCH] test: use tpm2-tools 4.X + +Since tpm2-tools 4.0 has been released, we can update our tests. +tpm2-tools 4.0 also requires tpm2-tss 2.3, so bump that as well. + +Signed-off-by: Jonas Witschel <diabonas@gmx.de> +--- + test/rsasign_parent.sh | 8 ++++---- + test/rsasign_persistent.sh | 26 +++++++++++++------------- + test/rsasign_persistent_emptyauth.sh | 24 ++++++++++++------------ + 3 files changed, 29 insertions(+), 29 deletions(-) + +diff --git a/test/rsasign_parent.sh b/test/rsasign_parent.sh +index 238631d..ce0f494 100755 +--- a/test/rsasign_parent.sh ++++ b/test/rsasign_parent.sh +@@ -15,12 +15,12 @@ PARENT_CTX=${DIR}/primary_owner_key.ctx + + tpm2_startup -c || true + +-tpm2_createprimary --hierarchy=o --halg=sha256 --kalg=rsa \ +- --context=${PARENT_CTX} ++tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=rsa \ ++ --key-context=${PARENT_CTX} + tpm2_flushcontext --transient-object + + # Load primary key to persistent handle +-HANDLE=$(tpm2_evictcontrol --auth=o --context=${PARENT_CTX} --persistent=0x81010001 | cut -d ' ' -f 2 | head -n 1) ++HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${PARENT_CTX} | cut -d ' ' -f 2 | head -n 1) + tpm2_flushcontext --transient-object + + # Generating a key underneath the persistent parent +@@ -32,7 +32,7 @@ cat ${DIR}/mykey.pub + echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey ${DIR}/mykey -sign -in ${DIR}/mydata.txt -out ${DIR}/mysig -passin stdin + + # Release persistent HANDLE +-tpm2_evictcontrol --auth=o --handle=${HANDLE} --persistent=${HANDLE} ++tpm2_evictcontrol --hierarchy=o --object-context=${HANDLE} + + cat ${DIR}/mysig + +diff --git a/test/rsasign_persistent.sh b/test/rsasign_persistent.sh +index d08809a..5dd749e 100755 +--- a/test/rsasign_persistent.sh ++++ b/test/rsasign_persistent.sh +@@ -15,38 +15,38 @@ PARENT_CTX=${DIR}/primary_owner_key.ctx + + tpm2_startup -c || true + +-tpm2_createprimary --hierarchy=o --halg=sha256 --kalg=rsa \ +- --context=${PARENT_CTX} ++tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=rsa \ ++ --key-context=${PARENT_CTX} + tpm2_flushcontext --transient-object + + # Create an RSA key pair + echo "Generating RSA key pair" + TPM_RSA_PUBKEY=${DIR}/rsakey.pub + TPM_RSA_KEY=${DIR}/rsakey +-tpm2_create --pwdk=abc \ +- --context-parent=${PARENT_CTX} \ +- --halg=sha256 --kalg=rsa \ +- --pubfile=${TPM_RSA_PUBKEY} --privfile=${TPM_RSA_KEY} \ +- --object-attributes=sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda ++tpm2_create --key-auth=abc \ ++ --parent-context=${PARENT_CTX} \ ++ --hash-algorithm=sha256 --key-algorithm=rsa \ ++ --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ ++ --attributes=sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda + tpm2_flushcontext --transient-object + + # Load Key to persistent handle + RSA_CTX=${DIR}/rsakey.ctx +-tpm2_load --context-parent=${PARENT_CTX} \ +- --pubfile=${TPM_RSA_PUBKEY} --privfile=${TPM_RSA_KEY} \ +- --context=${RSA_CTX} ++tpm2_load --parent-context=${PARENT_CTX} \ ++ --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ ++ --key-context=${RSA_CTX} + tpm2_flushcontext --transient-object + +-HANDLE=$(tpm2_evictcontrol --auth=o --context=${RSA_CTX} --persistent=0x81010001 | cut -d ' ' -f 2 | head -n 1) ++HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${RSA_CTX} | cut -d ' ' -f 2 | head -n 1) + tpm2_flushcontext --transient-object + + # Signing Data + echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey ${HANDLE} -sign -in ${DIR}/mydata.txt -out ${DIR}/mysig -passin stdin + # Get public key of handle +-tpm2_readpublic --object=${HANDLE} --opu=${DIR}/mykey.pem --format=pem ++tpm2_readpublic --object-context=${HANDLE} --output=${DIR}/mykey.pem --format=pem + + # Release persistent HANDLE +-tpm2_evictcontrol --auth=o --handle=${HANDLE} --persistent=${HANDLE} ++tpm2_evictcontrol --hierarchy=o --object-context=${HANDLE} + + R="$(openssl pkeyutl -pubin -inkey ${DIR}/mykey.pem -verify -in ${DIR}/mydata.txt -sigfile ${DIR}/mysig || true)" + if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then +diff --git a/test/rsasign_persistent_emptyauth.sh b/test/rsasign_persistent_emptyauth.sh +index eeded63..5a4c757 100755 +--- a/test/rsasign_persistent_emptyauth.sh ++++ b/test/rsasign_persistent_emptyauth.sh +@@ -15,28 +15,28 @@ PARENT_CTX=${DIR}/primary_owner_key.ctx + + tpm2_startup -c || true + +-tpm2_createprimary --hierarchy=o --halg=sha256 --kalg=rsa \ +- --context=${PARENT_CTX} ++tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=rsa \ ++ --key-context=${PARENT_CTX} + tpm2_flushcontext --transient-object + + # Create an RSA key pair + echo "Generating RSA key pair" + TPM_RSA_PUBKEY=${DIR}/rsakey.pub + TPM_RSA_KEY=${DIR}/rsakey +-tpm2_create --context-parent=${PARENT_CTX} \ +- --halg=sha256 --kalg=rsa \ +- --pubfile=${TPM_RSA_PUBKEY} --privfile=${TPM_RSA_KEY} \ +- --object-attributes=sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda ++tpm2_create --parent-context=${PARENT_CTX} \ ++ --hash-algorithm=sha256 --key-algorithm=rsa \ ++ --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ ++ --attributes=sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda + tpm2_flushcontext --transient-object + + # Load Key to persistent handle + RSA_CTX=${DIR}/rsakey.ctx +-tpm2_load --context-parent=${PARENT_CTX} \ +- --pubfile=${TPM_RSA_PUBKEY} --privfile=${TPM_RSA_KEY} \ +- --context=${RSA_CTX} ++tpm2_load --parent-context=${PARENT_CTX} \ ++ --public=${TPM_RSA_PUBKEY} --private=${TPM_RSA_KEY} \ ++ --key-context=${RSA_CTX} + tpm2_flushcontext --transient-object + +-HANDLE=$(tpm2_evictcontrol --auth=o --context=${RSA_CTX} --persistent=0x81010001 | cut -d ' ' -f 2 | head -n 1) ++HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${RSA_CTX} | cut -d ' ' -f 2 | head -n 1) + tpm2_flushcontext --transient-object + + # Signing Data +@@ -52,10 +52,10 @@ EOF + fi + + # Get public key of handle +-tpm2_readpublic --object=${HANDLE} --opu=${DIR}/mykey.pem --format=pem ++tpm2_readpublic --object-context=${HANDLE} --output=${DIR}/mykey.pem --format=pem + + # Release persistent HANDLE +-tpm2_evictcontrol --auth=o --handle=${HANDLE} --persistent=${HANDLE} ++tpm2_evictcontrol --hierarchy=o --object-context=${HANDLE} + + R="$(openssl pkeyutl -pubin -inkey ${DIR}/mykey.pem -verify -in ${DIR}/mydata.txt -sigfile ${DIR}/mysig || true)" + if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then +-- +2.23.0 + |