aws · smittals2 · Feb 28, 2025 · Feb 28, 2025 · Feb 28, 2025 · Feb 28, 2025
@@ -342,6 +342,16 @@ batch:
         variables:
           AWS_LC_CI_TARGET: "tests/ci/integration/run_nmap_integration.sh"
 
+    - identifier: ibmtpm_integration_x86_64
+      buildspec: tests/ci/codebuild/common/run_simple_target.yml
+      env:
+        type: LINUX_CONTAINER
+        privileged-mode: false
+        compute-type: BUILD_GENERAL1_MEDIUM
+        image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-22.04_gcc-12x_integration_latest
+        variables:
+          AWS_LC_CI_TARGET: "tests/ci/integration/run_ibmtpm_integration.sh"
+
     - identifier: grpc_integration_x86_64
       buildspec: tests/ci/codebuild/common/run_ipv6_target.yml
       env:

@@ -0,0 +1,146 @@
+diff --git a/src/BnToOsslMath.c b/src/BnToOsslMath.c
+index a185a70..1f17489 100644
+--- a/src/BnToOsslMath.c
++++ b/src/BnToOsslMath.c
+@@ -86,6 +86,12 @@
+ #ifdef MATH_LIB_OSSL
+ #  include "BnToOsslMath_fp.h"
+
++#ifdef OPENSSL_IS_AWSLC
++    #define BN_FIELD_SIZE(a) (BN_get_minimal_width(a))
++#else
++    #define BN_FIELD_SIZE(a) ((a)->top)
++#endif
++
+ //** Functions
+
+ //*** OsslToTpmBn()
+@@ -105,10 +111,10 @@ BOOL OsslToTpmBn(bigNum bn, BIGNUM* osslBn)
+ 	{
+ 	    int i;
+ 	    //
+-	    GOTO_ERROR_UNLESS((unsigned)osslBn->top <= BnGetAllocated(bn));
+-	    for(i = 0; i < osslBn->top; i++)
++	    GOTO_ERROR_UNLESS((unsigned)BN_FIELD_SIZE(osslBn) <= BnGetAllocated(bn));
++	    for(i = 0; i < BN_FIELD_SIZE(osslBn); i++)
+ 		bn->d[i] = osslBn->d[i];
+-	    BnSetTop(bn, osslBn->top);
++	    BnSetTop(bn, BN_FIELD_SIZE(osslBn));
+ 	}
+     return TRUE;
+  Error:
+@@ -127,7 +133,11 @@ BIGNUM* BigInitialized(BIGNUM* toInit, bigConst initializer)
+ 	return NULL;
+     toInit->d     = (BN_ULONG*)&initializer->d[0];
+     toInit->dmax  = (int)initializer->allocated;
++#ifdef OPENSSL_IS_AWSLC
++    toInit->width = (int)initializer->size;
++#else
+     toInit->top   = (int)initializer->size;
++#endif
+     toInit->neg   = 0;
+     toInit->flags = 0;
+     return toInit;
+@@ -156,7 +166,7 @@ static void BIGNUM_print(const char* label, const BIGNUM* a, BOOL eol)
+ 	}
+     if(a->neg)
+ 	printf("-");
+-    for(i = a->top, d = &a->d[i - 1]; i > 0; i--)
++    for(i = BN_FIELD_SIZE(a), d = &a->d[i - 1]; i > 0; i--)
+ 	{
+ 	    int      j;
+ 	    BN_ULONG l = *d--;
+@@ -209,7 +219,7 @@ BOOL BnMathLibraryCompatibilityCheck(void)
+     // Convert the test data to an OpenSSL BIGNUM
+     BN_bin2bn(test, sizeof(test), osslTemp);
+     // Make sure the values are consistent
+-    GOTO_ERROR_UNLESS(osslTemp->top == (int)tpmTemp->size);
++    GOTO_ERROR_UNLESS(BN_FIELD_SIZE(osslTemp) == (int)tpmTemp->size);
+     for(i = 0; i < tpmTemp->size; i++)
+ 	GOTO_ERROR_UNLESS(osslTemp->d[i] == tpmTemp->d[i]);
+     OSSL_LEAVE();
+@@ -558,6 +568,18 @@ LIB_EXPORT BOOL BnEccModMult2(bigPoint            R,  // OUT: computed point
+ 	EC_POINT_mul(E->G, pR, bnD, pQ, bnU, E->CTX);
+     else
+ 	{
++#ifdef OPENSSL_IS_AWSLC
++        EC_POINT *pR1 = EC_POINT_new(E->G);
++        EC_POINT *pR2 = EC_POINT_new(E->G);
++        int OK;
++
++        OK = EC_POINT_mul(E->G, pR1, NULL, pS, bnD, E->CTX);
++        OK &= EC_POINT_mul(E->G, pR2, NULL, pQ, bnU, E->CTX);
++        OK &= EC_POINT_add(E->G, pR, pR1, pR2, E->CTX);
++
++        EC_POINT_free(pR1);
++        EC_POINT_free(pR2);
++#else
+ 	    const EC_POINT* points[2];
+ 	    const BIGNUM*   scalars[2];
+ 	    points[0]  = pS;
+@@ -565,6 +587,7 @@ LIB_EXPORT BOOL BnEccModMult2(bigPoint            R,  // OUT: computed point
+ 	    scalars[0] = bnD;
+ 	    scalars[1] = bnU;
+ 	    EC_POINTs_mul(E->G, pR, NULL, 2, points, scalars, E->CTX);
++#endif
+ 	}
+     PointFromOssl(R, pR, E);
+     EC_POINT_free(pR);
+diff --git a/src/BnToOsslMath.h b/src/BnToOsslMath.h
+index 165304d..78f295b 100644
+--- a/src/BnToOsslMath.h
++++ b/src/BnToOsslMath.h
+@@ -81,7 +81,7 @@
+ // Check the bignum_st definition against the one below and either update the
+ // version check or provide the new definition for this version.
+ #  error Untested OpenSSL version
+-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
++#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_IS_AWSLC)
+ // from crypto/bn/bn_lcl.h (OpenSSL 1.x) or crypto/bn/bn_local.h (OpenSSL 3.0)
+ struct bignum_st
+ {
+diff --git a/src/TpmProfile_Common.h b/src/TpmProfile_Common.h
+index 13dfc0d..3c87c3e 100644
+--- a/src/TpmProfile_Common.h
++++ b/src/TpmProfile_Common.h
+@@ -65,6 +65,8 @@
+ // Requires basic YES/NO defines are already set (by TpmBuildSwitches.h)
+ // Less frequently changed items are in other TpmProfile Headers.
+
++#include <openssl/opensslconf.h>
++
+ #ifndef _TPM_PROFILE_COMMON_H_
+ #define _TPM_PROFILE_COMMON_H_
+ // YES & NO defined by TpmBuildSwitches.h
+@@ -107,6 +109,10 @@
+ #define     SM4_128                     (NO  * ALG_SM4)
+
+ #define ALG_CAMELLIA                ALG_YES
++#ifdef OPENSSL_NO_CAMELLIA
++#undef ALG_CAMELLIA
++#define ALG_CAMELLIA                ALG_NO
++#endif
+
+ #define     CAMELLIA_128                (YES * ALG_CAMELLIA)
+ #define     CAMELLIA_192                (NO  * ALG_CAMELLIA)
+diff --git a/src/makefile b/src/makefile
+index 407dc9c..b2b50a9 100644
+--- a/src/makefile
++++ b/src/makefile
+@@ -47,7 +47,7 @@ CCFLAGS = -Wall  			\
+ 	 -c -ggdb -O0 			\
+ 	-DTPM_POSIX			\
+ 	-D_POSIX_			\
+-	-DTPM_NUVOTON
++	-DTPM_NUVOTON $(CFLAGS)
+
+ # add this line for big endian platforms
+ #	-DBIG_ENDIAN_TPM=YES
+@@ -59,7 +59,7 @@ LNFLAGS = -ggdb 			\
+ 	-lcrypto			\
+ 	-lpthread			\
+ 	-lrt				\
+-	-I.
++	-I. $(LDFLAGS)
+
+ #	--coverage -lgcov
@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+set -ex
+
+source tests/ci/common_posix_setup.sh
+
+# Set up environment.
+
+# SYS_ROOT
+#  - SRC_ROOT(aws-lc)
+#    - SCRATCH_FOLDER
+#      - IBMTPM_SRC_FOLDER
+#      - AWS_LC_BUILD_FOLDER
+#      - AWS_LC_INSTALL_FOLDER
+
+# Assumes script is executed from the root of aws-lc directory
+SCRATCH_FOLDER="${SRC_ROOT}/IBMTPM_BUILD_ROOT"
+IBMTPM_SRC_FOLDER="${SCRATCH_FOLDER}/ibmtpm"
+IBMTPM_BUILD_PREFIX="${IBMTPM_SRC_FOLDER}/build/install"
+IBMTPM_PATCH_BUILD_FOLDER="${SRC_ROOT}/tests/ci/integration/ibmtpm_patch"
+
+AWS_LC_BUILD_FOLDER="${SCRATCH_FOLDER}/aws-lc-build"
+AWS_LC_INSTALL_FOLDER="${SCRATCH_FOLDER}/aws-lc-install"
+
+mkdir -p ${SCRATCH_FOLDER}
+rm -rf "${SCRATCH_FOLDER:?}"/*
+cd ${SCRATCH_FOLDER}
+
+function ibmtpm_build() {
+  export CXXFLAGS="-I${AWS_LC_INSTALL_FOLDER}/include $CXXFLAGS"
+  export CFLAGS="-I${AWS_LC_INSTALL_FOLDER}/include $CFLAGS"
+  export LDFLAGS="-L${AWS_LC_INSTALL_FOLDER}/lib $LDFLAGS"
+
+  pushd src
+  make -j
+
+  export LD_LIBRARY_PATH="${AWS_LC_INSTALL_FOLDER}/lib"
+  local ibmtpm_executable="tpm_server"
+  ldd ${ibmtpm_executable} \
+    | grep "${AWS_LC_INSTALL_FOLDER}/lib/libcrypto.so" || exit 1
+
+  popd
+}
+
+function ibmtpm_patch_build() {
+  patchfile="${IBMTPM_PATCH_BUILD_FOLDER}/ibmtpm-mainline-awslc.patch"
+  echo "Apply patch $patchfile..."
+  patch -p1 --quiet -i "$patchfile"
+}
+
+git clone https://github.com/kgoldman/ibmswtpm2.git ${IBMTPM_SRC_FOLDER}
+cd ${IBMTPM_SRC_FOLDER}
+mkdir -p ${AWS_LC_BUILD_FOLDER} ${AWS_LC_INSTALL_FOLDER}
+ls
+
+aws_lc_build "$SRC_ROOT" "$AWS_LC_BUILD_FOLDER" "$AWS_LC_INSTALL_FOLDER" -DCMAKE_INSTALL_LIBDIR=lib -DBUILD_TESTING=OFF -DBUILD_TOOL=OFF -DCMAKE_BUILD_TYPE=Debug -DBUILD_SHARED_LIBS=1
+
+# Build ibmtpm from source.
+pushd ${IBMTPM_SRC_FOLDER}
+ibmtpm_patch_build
+ibmtpm_build
+popd