#!/usr/bin/env bash # For the license, see the LICENSE file in the root directory. ROOT=${abs_top_builddir:-$(dirname "$0")/..} TESTDIR=${abs_top_testdir:=$(dirname "$0")} SWTPM_CERT=${SWTPM_CERT:-${ROOT}/src/swtpm_cert/swtpm_cert} cert=$(mktemp) pwdfile=$(mktemp) trap "cleanup" SIGTERM EXIT function cleanup() { rm -f "${cert}" "${pwdfile}" } function check_cert_size() { local cert="$1" local exp="$2" # Unfortunately different GnuTLS versions may create certs of different # sizes; deactivate this test for now return local size=$(stat -c%s ${cert} 2>/dev/null) if [ $size -ne $exp ]; then echo "Warning: Certificate file has unexpected size." echo " Expected: $exp; found: $size" fi } VARNAME=password ${SWTPM_CERT} \ --signkey ${TESTDIR}/data/signkey-encrypted.pem \ --signkey-pwd env:VARNAME \ --issuercert ${TESTDIR}/data/issuercert.pem \ --out-cert ${cert} \ --modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \ --days 3650 \ --pem \ --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \ --tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321 if [ $? -ne 0 ]; then echo "Error: ${SWTPM_CERT} returned error code." exit 1 fi #expecting size to be constant check_cert_size "${cert}" 1224 # truncate result file echo -n > ${cert} echo "Test 1: OK" ${SWTPM_CERT} \ --signkey ${TESTDIR}/data/signkey-encrypted.pem \ --signkey-pwd file:<(echo -en "password") \ --issuercert ${TESTDIR}/data/issuercert.pem \ --out-cert ${cert} \ --modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \ --days 3650 \ --subject "OU=foo,L=NewYork,ST=NY,C=US" \ --pem \ --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \ --tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321 if [ $? -ne 0 ]; then echo "Error: ${SWTPM_CERT} returned error code." exit 1 fi #expecting size to be constant check_cert_size "${cert}" 1302 # truncate result file echo -n > ${cert} echo "Test 2: OK" ${SWTPM_CERT} \ --signkey ${TESTDIR}/data/signkey-encrypted.pem \ --signkey-pwd pass:password \ --issuercert ${TESTDIR}/data/issuercert.pem \ --out-cert ${cert} \ --pubkey ${TESTDIR}/data/pubek.pem \ --days 3650 \ --subject "OU=foo,L=NewYork,ST=NY,C=US" \ --pem \ --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \ --tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321 if [ $? -ne 0 ]; then echo "Error: ${SWTPM_CERT} returned error code." exit 1 fi #expecting size to be constant check_cert_size "${cert}" 1367 # truncate result file #certtool --certificate-info --infile ${cert} echo -n > ${cert} echo "Test 3: OK" ###################### Platform Certificate ##################### echo -en "password" > ${pwdfile} exec 100<${pwdfile} ${SWTPM_CERT} \ --type platform \ --signkey ${TESTDIR}/data/signkey-encrypted.pem \ --signkey-pwd fd:100 \ --issuercert ${TESTDIR}/data/issuercert.pem \ --pubkey ${TESTDIR}/data/pubek.pem \ --out-cert ${cert} \ --days 3650 \ --subject "OU=foo,L=NewYork,ST=NY,C=US" \ --pem \ --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \ --platform-manufacturer Fedora \ --platform-model QEMU \ --platform-version 2.1 if [ $? -ne 0 ]; then echo "Error: ${SWTPM_CERT} returned error code." exit 1 fi #expecting size to be constant check_cert_size "${cert}" 1411 # truncate result file #certtool --certificate-info --infile ${cert} echo -n > ${cert} echo "Test 4: OK"