tests: fix checks for illegal curves

The openssl check for unknown curve names simply looks for a specific
string. Old openssl printed this but didn't error, but new openssl
errors out.  Update the check firstly to fail on error then check the
string.

Additionally some vTPMs have started supporting the SM2 curve.  When
it works in openssl it has the problem that it's only allowed with the
SM3 hash, which won't work with any of the generic hash looping tests,
so disable testing the SM2 curve.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

5 files changed, 28 insertions, 9 deletions

diff --git a/tests/create_ecc.sh b/tests/create_ecc.sh
index bbb3014..5b387d8 100755
--- a/tests/create_ecc.sh
+++ b/tests/create_ecc.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-
+. ../test-common.sh
 
 ##
 # test is
@@ -7,7 +7,7 @@
 # 2. Create a self signed x509 certificate
 # 3. verify the certificate
 for curve in $(${bindir}/create_tpm2_key --list-curves); do
-    if openssl ecparam -name ${curve} 2>&1 | egrep '(invalid|unknown) curve'; then
+    if check_curve ${curve}; then
 	continue
     fi
     echo "Checking curve ${curve}"
diff --git a/tests/derive_ecc.sh b/tests/derive_ecc.sh
index 69ec381..c53adde 100755
--- a/tests/derive_ecc.sh
+++ b/tests/derive_ecc.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-
+. ../test-common.sh
 
 ##
 # test is to check that the key derivation works
@@ -23,7 +23,7 @@
 ##
 
 for curve in $(${bindir}/create_tpm2_key --list-curves); do
-    if openssl ecparam -name ${curve} 2>&1 | egrep '(invalid|unknown) curve'; then
+    if check_curve ${curve}; then
 	continue
     fi
     echo "Checking curve ${curve} explicitly named"
diff --git a/tests/test-common.sh b/tests/test-common.sh
new file mode 100644
index 0000000..22c9e13
--- /dev/null
+++ b/tests/test-common.sh
@@ -0,0 +1,19 @@
+##
+# common routines to be included
+##
+
+##
+# check curve, returns 0 (success) for invalid curve so
+#   if check_curve; then continue works
+##
+check_curve() {
+    ##
+    # if openssl supports sm2, it only allows sm3 as the hash, which
+    # doesn't work with our generic tests, so skip it
+    ##
+    [ "${curve}" = "sm2" ] && return 0
+
+    name=$(openssl ecparam -name $1 2>&1) || return 0
+    echo $name|egrep '(invalid|unknown) curve' && return 0
+    return 1
+}
diff --git a/tests/wrap_ecc.sh b/tests/wrap_ecc.sh
index 63fa445..ff6d087 100755
--- a/tests/wrap_ecc.sh
+++ b/tests/wrap_ecc.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-
+. ../test-common.sh
 
 ##
 # test is
@@ -8,7 +8,7 @@
 # 3. Create a self signed x509 certificate
 # 4. verify the certificate
 for curve in $(${bindir}/create_tpm2_key --list-curves); do
-    if openssl ecparam -name ${curve} 2>&1 | egrep '(unknown|invalid) curve'; then
+    if check_curve ${curve}; then
 	continue
     fi
     echo "Checking curve ${curve}"
@@ -20,7 +20,7 @@ for curve in $(${bindir}/create_tpm2_key --list-curves); do
     exit 1
 done
 for curve in $(${bindir}/create_tpm2_key --list-curves); do
-    if openssl ecparam -name ${curve} 2>&1 | egrep '(invalid|unknown) curve'; then
+    if check_curve ${curve}; then
 	continue
     fi
     echo "Checking curve ${curve}"
diff --git a/tests/wrap_generic_ecc.sh b/tests/wrap_generic_ecc.sh
index 4cc0172..e3fadf5 100755
--- a/tests/wrap_generic_ecc.sh
+++ b/tests/wrap_generic_ecc.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-
+. ../test-common.sh
 
 ##
 # test is
@@ -8,7 +8,7 @@
 # 3. Create a self signed x509 certificate
 # 4. verify the certificate
 for curve in $(${bindir}/create_tpm2_key --list-curves); do
-    if openssl ecparam -name ${curve} 2>&1 | egrep '(invalid|unknown) curve'; then
+    if check_curve ${curve}; then
 	continue
     fi
     openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:${curve} -out key.priv && \