diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-01-11 15:12:22 -0500 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-01-12 16:41:35 -0500 |
commit | 046bd2730f1d6685e5eab89ad1af9d9422c01ea2 (patch) | |
tree | 4cc19cd52c5d307b0286ac4e04b2e05eae302a50 | |
parent | ac3fa839ebb4267c715f49e719ad731f31709677 (diff) | |
download | openssl_tpm2_engine-046bd2730f1d6685e5eab89ad1af9d9422c01ea2.tar.gz |
tests: add test for importable sealed data
Under simple conditions: a key with authorization and a key with pcr
policy.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rwxr-xr-x | tests/seal_unseal.sh | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/seal_unseal.sh b/tests/seal_unseal.sh index 37b077e..53c1185 100755 --- a/tests/seal_unseal.sh +++ b/tests/seal_unseal.sh @@ -33,5 +33,28 @@ ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1; tsspcrextend -ha 16 -ic $RANDOM ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm && exit 1 +## +# Check importable +# test is +# 1. create srk.pub as parent for import +# 2. seal with password +# 3. check unseal +# 4. seal with policy +# 5. check unseal +# 6. update PCR and check unseal failure + +DATA="Some Different DATA" +POLICYFILE="policies/policy_pcr.txt" +prim=$(tsscreateprimary -hi o -st -ecc nistp256 -opem srk.pub | sed 's/Handle //') || exit 1 +tssflushcontext -ha $prim +TPM_INTERFACE_TYPE= echo $DATA | ${bindir}/seal_tpm2_data -a -k ${AUTH} --import srk.pub seal.tpm || exit 1; +${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1; +rm seal.tpm + +TPM_INTERFACE_TYPE= echo $DATA | ${bindir}/seal_tpm2_data --import srk.pub --policy ${POLICYFILE} seal.tpm || exit 1; +tsspcrreset -ha 16 +${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm && exit 1 +tsspcrextend -ha 16 -ic aaa +${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1; exit 0 |