diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-01-26 08:51:15 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-01-26 08:51:15 -0800 |
commit | 51f575dbf48a3bed907fca66f4db10beb81f9301 (patch) | |
tree | e77df5829135159c721029080bb88acc6cd6d7bc | |
parent | 84c3e0add62096e37fa0cd41f95e3d625c67c8f2 (diff) | |
download | openssl_tpm2_engine-51f575dbf48a3bed907fca66f4db10beb81f9301.tar.gz |
Add test for seal/unseal
Add a simple test to make sure a key is recognized as not sealed data
and to seal and unseal data with a password.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | tests/Makefile.am | 3 | ||||
-rwxr-xr-x | tests/seal_unseal.sh | 19 |
2 files changed, 21 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index cd582e0..60c3e8d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -21,6 +21,7 @@ TESTS = fail_connect.sh \ check_importable.sh \ check_rsa_oaep_pss.sh \ restricted_parent.sh \ + seal_unseal.sh \ stop_sw_tpm.sh AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; \ @@ -29,6 +30,6 @@ AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; \ export TPM_INTERFACE_TYPE OPENSSL_CONF srcdir; TEST_EXTENSIONS = .sh -CLEANFILES = key*.tpm key*.pub key*.priv tmp.* NVChip h*.bin key*.der +CLEANFILES = key*.tpm key*.pub key*.priv tmp.* NVChip h*.bin key*.der seal.* clean-local: rm -fr testdir diff --git a/tests/seal_unseal.sh b/tests/seal_unseal.sh new file mode 100755 index 0000000..b1df920 --- /dev/null +++ b/tests/seal_unseal.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -x + +bindir=${srcdir}/.. + +## +# test is +# 1. Verify that a standard key can't be unsealed +# 2. seal a phrase +# 3. recover the same phrase on unseal +## +DATA="This is some DATA" +AUTH="Passw0rd" +${bindir}/create_tpm2_key key.tpm || exit 1; +${bindir}/unseal_tpm2_data key.tpm 2> /dev/null && exit 1; +echo $DATA | ${bindir}/seal_tpm2_data -a -k ${AUTH} seal.tpm || exit 1; +${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1; + +exit 0 |