[WIP]: TPM Support

Author: itsManjeet

.github/workflows/build.yml renamed to .github/workflows/build.yml.disabled

@@ -0,0 +1,22 @@
+/**
+ *  Copyright Notice:
+ *  Copyright 2021-2025 DMTF. All rights reserved.
+ *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
+ **/
+
+#ifndef __CRYPTLIB_TPM_H__
+#define __CRYPTLIB_TPM_H__
+
+#include <stdbool.h>
+
+bool libspdm_tpm_device_init();
+
+bool libspdm_tpm_get_private_key(void *handle, void **context);
+
+bool libspdm_tpm_get_public_key(void *handle, void **context);
+
+bool libspdm_tpm_get_certificate(void *handle, void **context);
+
+bool libspdm_tpm_dump_certificate(void *context, void **buffer, size_t *size);
+
+#endif

.github/workflows/cifuzz.yml renamed to .github/workflows/cifuzz.yml.disabled

@@ -5,6 +5,7 @@
  **/
 
 #include "internal/libspdm_crypt_lib.h"
+#include <openssl/x509.h>
 
 #if LIBSPDM_CERT_PARSE_SUPPORT
 
@@ -180,6 +181,25 @@ typedef bool (*libspdm_asym_get_public_key_from_x509_func)(const uint8_t *cert,
                                                            size_t cert_size,
                                                            void **context);
 
+static void dump_hex(const char* id, const unsigned char *buf, long buflen)
+{
+    char buffer[4096];
+    const unsigned char *p = buf;
+    X509 *cert = d2i_X509(NULL, &p, buflen);
+    if (!cert) {
+        printf("Not an X.509 cert inside this ASN.1 object.\n");
+        return;
+    }
+
+    /* Print certificate */
+    BIO *bio = BIO_new(BIO_s_mem());
+    X509_print(bio, cert);
+    int s = BIO_read(bio, (void*) buffer, sizeof(buffer));
+    buffer[s] = '\0';
+    printf("%s CERT: %s\n", id, buffer);
+    X509_free(cert);
+}
+
 /**
  * Return asymmetric GET_PUBLIC_KEY_FROM_X509 function, based upon the negotiated asymmetric algorithm.
  *
@@ -2143,6 +2163,8 @@ bool libspdm_verify_cert_chain_data_with_pqc(
         return false;
     }
 
+    dump_hex("ROOT", root_cert_buffer, root_cert_buffer_size);
+
     if (!libspdm_x509_verify_cert_chain(root_cert_buffer, root_cert_buffer_size,
                                         cert_chain_data, cert_chain_data_size)) {
         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,
@@ -2158,6 +2180,8 @@ bool libspdm_verify_cert_chain_data_with_pqc(
         return false;
     }
 
+    dump_hex("LEAF", leaf_cert_buffer, leaf_cert_buffer_size);
+
     if (!libspdm_x509_certificate_check_with_pqc(leaf_cert_buffer, leaf_cert_buffer_size,
                                                  base_asym_algo, pqc_asym_algo, base_hash_algo,
                                                  is_requester_cert, is_device_cert_model)) {

.github/workflows/code_coverage.yml renamed to .github/workflows/code_coverage.yml.disabled

@@ -47,6 +47,7 @@ target_sources(cryptlib_openssl
         pk/x509_pqc.c
         rand/rand.c
         sys_call/crt_wrapper_host.c
+        tpm/tpm.c
 )
 
 target_compile_options(cryptlib_openssl PRIVATE ${OPENSSL_FLAGS})

.github/workflows/codeql-analysis.yml renamed to .github/workflows/codeql-analysis.yml.disabled

@@ -681,6 +681,13 @@ bool libspdm_ecdsa_sign(void *ec_context, size_t hash_nid,
         return false;
     }
 
+    char buffer[4096];
+    BIO *bio = BIO_new(BIO_s_mem());
+    EVP_PKEY_print_public(bio, evp_pkey, 4, NULL);
+    int len = BIO_read(bio, (void*) buffer, sizeof(buffer));
+    buffer[len] = '\0';
+    printf("SIGN PUBLIC KEY: %s\n", buffer);
+
     half_size = evp_pkey_get_half_size(evp_pkey);
     if (*sig_size < (size_t)(half_size * 2)) {
         *sig_size = half_size * 2;
@@ -828,6 +835,13 @@ bool libspdm_ecdsa_verify(void *ec_context, size_t hash_nid,
         return false;
     }
 
+    char buffer[4096];
+    BIO *bio = BIO_new(BIO_s_mem());
+    EVP_PKEY_print_public(bio, evp_pkey, 4, NULL);
+    int len = BIO_read(bio, (void*) buffer, sizeof(buffer));
+    buffer[len] = '\0';
+    printf("VERIFY PUBLIC KEY: %s\n", buffer);
+
     half_size = evp_pkey_get_half_size(evp_pkey);
     if (sig_size != (size_t)(half_size * 2)) {
         return false;