Add test for seal/unseal

Add a simple test to make sure a key is recognized as not sealed data
and to seal and unseal data with a password.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

2 files changed, 21 insertions, 1 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index cd582e0..60c3e8d 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -21,6 +21,7 @@ TESTS = fail_connect.sh \
 	check_importable.sh \
 	check_rsa_oaep_pss.sh \
 	restricted_parent.sh \
+	seal_unseal.sh \
 	stop_sw_tpm.sh
 
 AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; \
@@ -29,6 +30,6 @@ AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; \
 	export TPM_INTERFACE_TYPE OPENSSL_CONF srcdir;
 TEST_EXTENSIONS = .sh
 
-CLEANFILES = key*.tpm key*.pub key*.priv tmp.* NVChip h*.bin key*.der
+CLEANFILES = key*.tpm key*.pub key*.priv tmp.* NVChip h*.bin key*.der seal.*
 clean-local:
 	rm -fr testdir
diff --git a/tests/seal_unseal.sh b/tests/seal_unseal.sh
new file mode 100755
index 0000000..b1df920
--- /dev/null
+++ b/tests/seal_unseal.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+set -x
+
+bindir=${srcdir}/..
+
+##
+# test is
+# 1. Verify that a standard key can't be unsealed
+# 2. seal a phrase
+# 3. recover the same phrase on unseal
+##
+DATA="This is some DATA"
+AUTH="Passw0rd"
+${bindir}/create_tpm2_key key.tpm || exit 1;
+${bindir}/unseal_tpm2_data key.tpm 2> /dev/null && exit 1;
+echo $DATA | ${bindir}/seal_tpm2_data -a -k ${AUTH} seal.tpm || exit 1;
+${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1;
+
+exit 0