Add tests for importable keys

Add two simple tests: creating an importable EC key with auth and
creating an importable RSA key with policy.  Verify a self signed
certificate created with each key.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

2 files changed, 21 insertions, 0 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index dc07284..0294dd0 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -17,6 +17,7 @@ TESTS = fail_connect.sh \
 	test_nv_key.sh \
 	check_enhanced_auth.sh \
 	check_counter_timer.sh \
+	check_importable.sh \
 	stop_sw_tpm.sh
 
 AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; \
diff --git a/tests/check_importable.sh b/tests/check_importable.sh
new file mode 100755
index 0000000..36ebe01
--- /dev/null
+++ b/tests/check_importable.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+bindir=${srcdir}/..
+
+# export the parent key as a public key
+prim=$(tsscreateprimary -ecc nistp256 -hi o -opem srk.pub | sed 's/Handle //') || exit 1
+tssflushcontext -ha ${prim} || exit 1
+
+# check an EC key with a cert and password
+openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out key.priv || exit 1
+${bindir}/create_tpm2_key --import srk.pub --wrap key.priv -a -k passw0rd key.tpm || exit 1
+openssl req -new -x509 -subj '/CN=test/' -key key.tpm -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1
+openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
+
+#check an RSA key with a cert and policy
+openssl genrsa 2048 > key.priv || exit 1
+${bindir}/create_tpm2_key --import srk.pub --wrap key.priv -a -k passw0rd -c policies/policy_authvalue.txt key.tpm || exit 1
+openssl req -new -x509 -subj '/CN=test/' -key key.tpm -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1
+openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
+