tests: add a test for DER keys

Now that we're supposed to support DER based keys, check that we can
use them.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

2 files changed, 19 insertions, 1 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 21da53d..cd582e0 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -8,6 +8,7 @@ TESTS = fail_connect.sh \
 	wrap_tpm_key.sh \
 	check_wrap_auth.sh \
 	check_old_keys.sh \
+	check_der.sh \
 	create_ecc.sh \
 	wrap_ecc.sh \
 	wrap_generic_ecc.sh \
@@ -28,6 +29,6 @@ AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; \
 	export TPM_INTERFACE_TYPE OPENSSL_CONF srcdir;
 TEST_EXTENSIONS = .sh
 
-CLEANFILES = key*.tpm key*.pub key*.priv tmp.* NVChip h*.bin
+CLEANFILES = key*.tpm key*.pub key*.priv tmp.* NVChip h*.bin key*.der
 clean-local:
 	rm -fr testdir
diff --git a/tests/check_der.sh b/tests/check_der.sh
new file mode 100755
index 0000000..0cbfe06
--- /dev/null
+++ b/tests/check_der.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+bindir=${srcdir}/..
+
+##
+# test is
+# 1. create TPM internal private key
+# 2. convert it to DER form
+# 3. get the corresponding public key from the engine
+# 4. encode a message using the TPM key
+# 5. verify the message through the public key
+${bindir}/create_tpm2_key -a -k passw0rd key2.tpm && \
+openssl asn1parse -in key2.tpm -out key2.der && \
+openssl rsa -engine tpm2 -inform engine -passin pass:passw0rd -in key2.der -pubout -out key2.pub && \
+echo "This is a message" | openssl rsautl -sign -engine tpm2 -engine tpm2 -keyform engine -inkey key2.der -passin pass:passw0rd -out tmp.msg && \
+openssl rsautl -verify -in tmp.msg -inkey key2.pub -pubin
+