diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2018-11-14 07:25:11 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2018-11-14 18:16:18 -0800 |
commit | 18795fc4da6a7ea5919ca2288e73e2454552a920 (patch) | |
tree | 212624d95319d7dd7399efe8d88f3cd24d5758c3 | |
parent | d81444b9dccc88ace6bdb4be37fff1318361b50b (diff) | |
download | openssl_tpm2_engine-18795fc4da6a7ea5919ca2288e73e2454552a920.tar.gz |
Add tests for importable keys
Add two simple tests: creating an importable EC key with auth and
creating an importable RSA key with policy. Verify a self signed
certificate created with each key.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | tests/Makefile.am | 1 | ||||
-rwxr-xr-x | tests/check_importable.sh | 20 |
2 files changed, 21 insertions, 0 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index dc07284..0294dd0 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -17,6 +17,7 @@ TESTS = fail_connect.sh \ test_nv_key.sh \ check_enhanced_auth.sh \ check_counter_timer.sh \ + check_importable.sh \ stop_sw_tpm.sh AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; \ diff --git a/tests/check_importable.sh b/tests/check_importable.sh new file mode 100755 index 0000000..36ebe01 --- /dev/null +++ b/tests/check_importable.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +bindir=${srcdir}/.. + +# export the parent key as a public key +prim=$(tsscreateprimary -ecc nistp256 -hi o -opem srk.pub | sed 's/Handle //') || exit 1 +tssflushcontext -ha ${prim} || exit 1 + +# check an EC key with a cert and password +openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out key.priv || exit 1 +${bindir}/create_tpm2_key --import srk.pub --wrap key.priv -a -k passw0rd key.tpm || exit 1 +openssl req -new -x509 -subj '/CN=test/' -key key.tpm -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1 +openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1 + +#check an RSA key with a cert and policy +openssl genrsa 2048 > key.priv || exit 1 +${bindir}/create_tpm2_key --import srk.pub --wrap key.priv -a -k passw0rd -c policies/policy_authvalue.txt key.tpm || exit 1 +openssl req -new -x509 -subj '/CN=test/' -key key.tpm -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1 +openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1 + |