package/tpm2-totp: new package

Library and utility for TOTP based attestation using the tpm2-tss software stack. Add an upstream patch to fix format string mismatch errors when building for 32bit architectures. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-08 13:56:47 +02:00 · 2019-04-08 13:56:47 +02:00 · ec2b5236c5
commit ec2b5236c5
parent 55c4f7ca4b
6 changed files with 107 additions and 0 deletions
--- a/1
+++ b/1
@ -1751,6 +1751,7 @@ F:	package/python-validators/
 F:	package/python-webob/
 F:	package/python-websocket-client/
 F:	package/sedutil/
+F:	package/tpm2-totp/
 F:	package/triggerhappy/

 N:	Peter Seiderer <ps.report@gmx.net>
--- a/package/Config.in
+++ b/package/Config.in
@ -2217,6 +2217,7 @@ menu "System tools"
 	source "package/tpm-tools/Config.in"
 	source "package/tpm2-abrmd/Config.in"
 	source "package/tpm2-tools/Config.in"
+	source "package/tpm2-totp/Config.in"
 	source "package/unscd/Config.in"
 	source "package/util-linux/Config.in"
 	source "package/xen/Config.in"
--- a/package/tpm2-totp/0001-src-fix-format-string-warnings-when-building-for-32b.patch
+++ b/package/tpm2-totp/0001-src-fix-format-string-warnings-when-building-for-32b.patch
@ -0,0 +1,60 @@
+From 1d39994398a886584c5fb14b3a646c4ae6b0d35c Mon Sep 17 00:00:00 2001
+From: Peter Korsgaard <peter@korsgaard.com>
+Date: Mon, 8 Apr 2019 11:03:09 +0200
+Subject: [PATCH] src: fix format string warnings when building for 32bit
+ architectures
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Building currently gives the following warnings (which fails the build
+because of Werror) about format string mismatches:
+
+src/tpm2-totp.c:343:23: error: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘uint64_t’ {aka ‘long long unsigned int’} [-Werror=format=]
+         printf("%s%06ld", timestr, totp);
+                   ~~~~^            ~~~~
+                   %06lld
+
+src/libtpm2-totp.c: In function ‘tpm2totp_generateKey’:
+src/libtpm2-totp.c:172:13: error: format ‘%li’ expects argument of type ‘long int’, but argument 3 has type ‘size_t’ {aka ‘unsigned int’} [-Werror=format=]
+         dbg("Calling Esys_GetRandom for %li bytes", SECRETLEN - *secret_size);
+                                         ~~^
+                                         %i
+
+Fix it by using PRIu64 from inttypes.h for uint64_t and %zu for size_t.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/libtpm2-totp.c | 2 +-
+ src/tpm2-totp.c    | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libtpm2-totp.c b/src/libtpm2-totp.c
+index e740ab1..6942771 100644
+--- a/src/libtpm2-totp.c
+++ b/src/libtpm2-totp.c
+@@ -169,7 +169,7 @@ tpm2totp_generateKey(uint32_t pcrs, uint32_t banks, const char *password,
+     if (rc != TPM2_RC_INITIALIZE) chkrc(rc, goto error);
+ 
+     while (*secret_size < SECRETLEN) {
+-        dbg("Calling Esys_GetRandom for %li bytes", SECRETLEN - *secret_size);
+        dbg("Calling Esys_GetRandom for %zu bytes", SECRETLEN - *secret_size);
+         rc = Esys_GetRandom(ctx,
+                             ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+                             SECRETLEN - *secret_size, &t);
+diff --git a/src/tpm2-totp.c b/src/tpm2-totp.c
+index 47b661a..d5dcdce 100644
+--- a/src/tpm2-totp.c
+++ b/src/tpm2-totp.c
+@@ -340,7 +340,7 @@ main(int argc, char **argv)
+                             localtime (&now));
+             chkrc(rc, exit(1));
+         }
+-        printf("%s%06ld", timestr, totp);
+        printf("%s%06" PRIu64, timestr, totp);
+         break;
+     case CMD_RESEAL:
+         rc = tpm2totp_loadKey_nv(opt.nvindex, &keyBlob, &keyBlob_size);
+-- 
+2.11.0
+
--- a/package/tpm2-totp/Config.in
+++ b/package/tpm2-totp/Config.in
@ -0,0 +1,21 @@
+config BR2_PACKAGE_TPM2_TOTP
+	bool "tpm2-tools"
+	depends on !BR2_STATIC_LIBS # tpm2-tss
+	select BR2_PACKAGE_LIBQRENCODE
+	select BR2_PACKAGE_TPM2_TSS
+	help
+	  This is a reimplementation of Matthew Garrett's tpmtotp
+	  software for TPM 2.0 using the tpm2-tss software stack. Its
+	  purpose is to attest the trustworthiness of a device against
+	  a human using time-based one-time passwords (TOTP),
+	  facilitating the Trusted Platform Module (TPM) to bind the
+	  TOTP secret to the known trustworthy system state. In
+	  addition to the original tpmtotp, given the new capabilities
+	  of in-TPM hmac calculation, the tpm2-totp's secret HMAC keys
+	  do not have to be exported from the TPM to the CPU's RAM on
+	  boot anymore.
+
+	  https://github.com/tpm2-software/tpm2-totp
+
+comment "tpm2-totp needs a toolchain w/ dynamic library"
+	depends on BR2_STATIC_LIBS
--- a/package/tpm2-totp/tpm2-totp.hash
+++ b/package/tpm2-totp/tpm2-totp.hash
@ -0,0 +1,3 @@
+# Locally computed:
+sha256 a6aa41df2d0773e67f5cf853621d46b89ae2181bc3ef5ff91ad597992259c192  tpm2-totp-0.1.1.tar.gz
+sha256 67bc21a0bff2b0890307cfaa883bd3f5337f461eb6d8a612a015cea6d704e9ed  LICENSE
--- a/package/tpm2-totp/tpm2-totp.mk
+++ b/package/tpm2-totp/tpm2-totp.mk
@ -0,0 +1,21 @@
+################################################################################
+#
+# tpm2-totp
+#
+################################################################################
+
+TPM2_TOTP_VERSION = 0.1.1
+TPM2_TOTP_SITE = https://github.com/tpm2-software/tpm2-totp/releases/download/v$(TPM2_TOTP_VERSION)
+TPM2_TOTP_LICENSE = BSD-3-Clause
+TPM2_TOTP_LICENSE_FILES = LICENSE
+TPM2_TOTP_DEPENDENCIES = libqrencode tpm2-tss host-pkgconf
+
+# -fstack-protector-all is used by default. Disable that so the BR2_SSP_* options
+# in the toolchain wrapper and CFLAGS are used instead
+TPM2_TOTP_CONF_ENV += \
+	ax_cv_check_cflags___________Wall__Werror_______fstack_protector_all=no
+
+# do not build man pages
+TPM2_TOTP_CONF_ENV += ac_cv_path_PANDOC=''
+
+$(eval $(autotools-package))