Topics

[PATCH 4/4] Add tests for importable keys

James Bottomley
 

Add two simple tests: creating an importable EC key with auth and
creating an importable RSA key with policy. Verify a self signed
certificate created with each key.

Signed-off-by: James Bottomley <James.Bottomley@...>
---
tests/Makefile.am | 1 +
tests/check_importable.sh | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+)
create mode 100755 tests/check_importable.sh

diff --git a/tests/Makefile.am b/tests/Makefile.am
index dc07284..0294dd0 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -17,6 +17,7 @@ TESTS = fail_connect.sh \
test_nv_key.sh \
check_enhanced_auth.sh \
check_counter_timer.sh \
+ check_importable.sh \
stop_sw_tpm.sh

AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; \
diff --git a/tests/check_importable.sh b/tests/check_importable.sh
new file mode 100755
index 0000000..2b01f5b
--- /dev/null
+++ b/tests/check_importable.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+bindir=${srcdir}/..
+
+# export the parent key as a public key
+prim=$(tsscreateprimary -ecc nistp256 -hi o -opem srk.pub | sed 's/Handle //') || exit 1
+tssflushcontext -ha ${prim} || exit 1
+
+# check an EC key with a cert and password
+openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out key.priv || exit 1
+${bindir}/create_tpm2_key --import srk.pub --wrap key.priv -a -k passw0rd key.tpm || exit 1
+openssl req -new -x509 -subj '/CN=test/' -key key.tpm -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1
+openssl verify -CAfile tmp.crt --check_ss_sig tmp.crt || exit 1
+
+#check an RSA key with a cert and policy
+openssl genrsa 2048 > key.priv || exit 1
+${bindir}/create_tpm2_key --import srk.pub --wrap key.priv -a -k passw0rd -c policies/policy_authvalue.txt key.tpm || exit 1
+openssl req -new -x509 -subj '/CN=test/' -key key.tpm -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1
+openssl verify -CAfile tmp.crt --check_ss_sig tmp.crt || exit 1
+
--
2.16.4