mirror of
https://github.com/stefanberger/swtpm.git
synced 2025-08-22 19:04:35 +00:00
605e823f39
Upgrade to use the IBM TSS2 tests from v1.5.0. Add a patch that eliminates all testing of 3072 bit RSA keys in case libtpms does not support such keys. This test also passes with libtpms 0.6.0 and 0.7.0. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
149 lines
4.2 KiB
Diff
149 lines
4.2 KiB
Diff
diff --git a/utils/regtests/initkeys.sh b/utils/regtests/initkeys.sh
|
|
index 80c6adb..469b5c9 100755
|
|
--- a/utils/regtests/initkeys.sh
|
|
+++ b/utils/regtests/initkeys.sh
|
|
@@ -64,7 +64,7 @@ BITS=(2048 3072)
|
|
|
|
for ((i = 0 ; i < 2 ; i++))
|
|
do
|
|
-
|
|
+ [ $i -eq 1 ] && continue # skip 3072 bits
|
|
echo "Create an RSA ${BITS[i]} ${SHALG[i]} storage key under the primary key"
|
|
${PREFIX}create -hp 80000000 -rsa ${BITS[i]} -halg ${SHALG[i]} -st -kt f -kt p -pol policies/policycccreate-auth.bin -opr storersa${BITS[i]}priv.bin -opu storersa${BITS[i]}pub.bin -tk storersa${BITS[i]}tk.bin -ch storersa${BITS[i]}ch.bin -pwdp sto -pwdk sto > run.out
|
|
checkSuccess $?
|
|
diff --git a/utils/regtests/testcredential.sh b/utils/regtests/testcredential.sh
|
|
index 8b678d9..1f6a0f2 100755
|
|
--- a/utils/regtests/testcredential.sh
|
|
+++ b/utils/regtests/testcredential.sh
|
|
@@ -289,7 +289,7 @@ NVNAME=(
|
|
# interate though high range RSA EK certficates
|
|
for ((i = 0 ; i < 2 ; i++))
|
|
do
|
|
-
|
|
+ [ $i -eq 1 ] && continue # skip 3072 bits
|
|
echo "Create an ${CALG[i]} EK certificate"
|
|
${PREFIX}createekcert -high ${CALG[i]} -cakey cakey.pem -capwd rrrr -pwdp ppp -pwde eee -of tmp.der > run.out
|
|
checkSuccess $?
|
|
diff --git a/utils/regtests/testsalt.sh b/utils/regtests/testsalt.sh
|
|
index 1bdc1a7..57ec69e 100755
|
|
--- a/utils/regtests/testsalt.sh
|
|
+++ b/utils/regtests/testsalt.sh
|
|
@@ -57,6 +57,7 @@ fi
|
|
|
|
for ASY in "${SALTALGS[@]}"
|
|
do
|
|
+ [ "$ASY" = "-rsa 3072" ] && continue # skip 3072 bits
|
|
for HALG in ${ITERATE_ALGS}
|
|
do
|
|
|
|
diff --git a/utils/regtests/testx509.sh b/utils/regtests/testx509.sh
|
|
index 813085f..f5737a8 100755
|
|
--- a/utils/regtests/testx509.sh
|
|
+++ b/utils/regtests/testx509.sh
|
|
@@ -59,7 +59,7 @@ SKEY=(rsa2048 rsa3072 eccnistp256 eccnistp384)
|
|
|
|
for ((i = 0 ; i < 4 ; i++))
|
|
do
|
|
-
|
|
+ [ $i -eq 1 ] && continue # skip 3072 bits
|
|
echo "Load the ${SALG[i]} ${SKEY[i]} issuer key 80000001 under the primary key"
|
|
${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}rpriv.bin -ipu sign${SKEY[i]}rpub.bin -pwdp sto > run.out
|
|
checkSuccess $?
|
|
diff --git a/utils/regtests/testrsa.sh b/utils/regtests/testrsa.sh
|
|
index 23bf894..d02f748 100755
|
|
--- a/utils/regtests/testrsa.sh
|
|
+++ b/utils/regtests/testrsa.sh
|
|
@@ -46,7 +46,7 @@ echo ""
|
|
echo "Test RSA"
|
|
echo ""
|
|
|
|
-for BITS in 2048 3072
|
|
+for BITS in 2048
|
|
do
|
|
|
|
echo "generate the RSA $BITS encryption key with openssl"
|
|
@@ -61,7 +61,7 @@ echo ""
|
|
echo "RSA decryption key"
|
|
echo ""
|
|
|
|
-for BITS in 2048 3072
|
|
+for BITS in 2048
|
|
do
|
|
|
|
echo "Load the RSA $BITS decryption key under the primary key"
|
|
@@ -91,7 +91,7 @@ echo ""
|
|
echo "RSA decryption key to sign with OID"
|
|
echo ""
|
|
|
|
-for BITS in 2048 3072
|
|
+for BITS in 2048
|
|
do
|
|
|
|
echo "Load the RSA $BITS decryption key"
|
|
@@ -133,7 +133,7 @@ echo "Start an HMAC auth session"
|
|
${PREFIX}startauthsession -se h > run.out
|
|
checkSuccess $?
|
|
|
|
-for BITS in 2048 3072
|
|
+for BITS in 2048
|
|
do
|
|
|
|
for SESS in "" "-se0 02000000 1"
|
|
@@ -180,7 +180,7 @@ echo ""
|
|
echo "Loadexternal DER encryption key"
|
|
echo ""
|
|
|
|
-for BITS in 2048 3072
|
|
+for BITS in 2048
|
|
do
|
|
|
|
echo "Start an HMAC auth session"
|
|
@@ -338,8 +338,8 @@ rm -f tmpdig.bin
|
|
rm -f tmpsig.bin
|
|
rm -f tmpkeypairrsa2048.der
|
|
rm -f tmpkeypairrsa2048.pem
|
|
-rm -f tmpkeypairrsa3072.der
|
|
-rm -f tmpkeypairrsa3072.pem
|
|
+rm -f tmpkeypairrsa3072.der &>/dev/null
|
|
+rm -f tmpkeypairrsa3072.pem &>/dev/null
|
|
rm -f tmppubkey.bin
|
|
rm -f tmppubkey.pem
|
|
rm -f tmpprivkey.bin
|
|
diff --git a/utils/regtests/testsign.sh b/utils/regtests/testsign.sh
|
|
index 060b374..e6f3fec 100755
|
|
--- a/utils/regtests/testsign.sh
|
|
+++ b/utils/regtests/testsign.sh
|
|
@@ -44,7 +44,7 @@ echo ""
|
|
echo "RSA Signing key"
|
|
echo ""
|
|
|
|
-for BITS in 2048 3072
|
|
+for BITS in 2048
|
|
do
|
|
|
|
echo "Create an RSA $BITS key pair in PEM format using openssl"
|
|
@@ -410,8 +410,8 @@ done
|
|
|
|
rm -f tmpkeypairrsa2048.pem
|
|
rm -f tmpkeypairrsa2048.der
|
|
-rm -f tmpkeypairrsa3072.pem
|
|
-rm -f tmpkeypairrsa3072.der
|
|
+rm -f tmpkeypairrsa3072.pem &>/dev/null
|
|
+rm -f tmpkeypairrsa3072.der &>/dev/null
|
|
rm -f tmpkeypairecc.pem
|
|
rm -f tmpkeypairecc.der
|
|
rm -r pssig.bin
|
|
|
|
index d43767a..59d0bc7 100755
|
|
--- a/utils/reg.sh
|
|
+++ b/utils/reg.sh
|
|
@@ -171,7 +171,7 @@ cleanup()
|
|
rm -f khrpub${HALG}.bin
|
|
done
|
|
|
|
- for BITS in 2048 3072
|
|
+ for BITS in 2048
|
|
do
|
|
rm -f signrsa${BITS}priv.bin
|
|
rm -f signrsa${BITS}pub.bin
|