mirror of
https://github.com/stefanberger/swtpm.git
synced 2025-08-22 19:04:35 +00:00
b35eb9fcd5
Allow passing signing key and parent key via files and file descriptors and environment variables. Adapt a test case to exercise this new functionality. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
141 lines
4.3 KiB
Bash
Executable File
141 lines
4.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# For the license, see the LICENSE file in the root directory.
|
|
|
|
ROOT=${abs_top_builddir:-$(dirname "$0")/..}
|
|
TESTDIR=${abs_top_testdir:=$(dirname "$0")}
|
|
|
|
SWTPM_CERT=${SWTPM_CERT:-${ROOT}/src/swtpm_cert/swtpm_cert}
|
|
|
|
cert=$(mktemp)
|
|
pwdfile=$(mktemp)
|
|
|
|
trap "cleanup" SIGTERM EXIT
|
|
|
|
|
|
function cleanup()
|
|
{
|
|
rm -f "${cert}" "${pwdfile}"
|
|
}
|
|
|
|
function check_cert_size()
|
|
{
|
|
local cert="$1"
|
|
local exp="$2"
|
|
|
|
# Unfortunately different GnuTLS versions may create certs of different
|
|
# sizes; deactivate this test for now
|
|
return
|
|
|
|
local size=$(stat -c%s ${cert} 2>/dev/null)
|
|
if [ $size -ne $exp ]; then
|
|
echo "Warning: Certificate file has unexpected size."
|
|
echo " Expected: $exp; found: $size"
|
|
fi
|
|
}
|
|
|
|
VARNAME=password ${SWTPM_CERT} \
|
|
--signkey ${TESTDIR}/data/signkey-encrypted.pem \
|
|
--signkey-pwd env:VARNAME \
|
|
--issuercert ${TESTDIR}/data/issuercert.pem \
|
|
--out-cert ${cert} \
|
|
--modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
|
|
--days 3650 \
|
|
--pem \
|
|
--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
|
|
--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321
|
|
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: ${SWTPM_CERT} returned error code."
|
|
exit 1
|
|
fi
|
|
|
|
#expecting size to be constant
|
|
check_cert_size "${cert}" 1224
|
|
|
|
# truncate result file
|
|
echo -n > ${cert}
|
|
echo "Test 1: OK"
|
|
|
|
${SWTPM_CERT} \
|
|
--signkey ${TESTDIR}/data/signkey-encrypted.pem \
|
|
--signkey-pwd file:<(echo -en "password") \
|
|
--issuercert ${TESTDIR}/data/issuercert.pem \
|
|
--out-cert ${cert} \
|
|
--modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
|
|
--days 3650 \
|
|
--subject "OU=foo,L=NewYork,ST=NY,C=US" \
|
|
--pem \
|
|
--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
|
|
--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321
|
|
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: ${SWTPM_CERT} returned error code."
|
|
exit 1
|
|
fi
|
|
|
|
#expecting size to be constant
|
|
check_cert_size "${cert}" 1302
|
|
|
|
# truncate result file
|
|
echo -n > ${cert}
|
|
echo "Test 2: OK"
|
|
|
|
${SWTPM_CERT} \
|
|
--signkey ${TESTDIR}/data/signkey-encrypted.pem \
|
|
--signkey-pwd pass:password \
|
|
--issuercert ${TESTDIR}/data/issuercert.pem \
|
|
--out-cert ${cert} \
|
|
--pubkey ${TESTDIR}/data/pubek.pem \
|
|
--days 3650 \
|
|
--subject "OU=foo,L=NewYork,ST=NY,C=US" \
|
|
--pem \
|
|
--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
|
|
--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321
|
|
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: ${SWTPM_CERT} returned error code."
|
|
exit 1
|
|
fi
|
|
|
|
#expecting size to be constant
|
|
check_cert_size "${cert}" 1367
|
|
|
|
# truncate result file
|
|
#certtool --certificate-info --infile ${cert}
|
|
echo -n > ${cert}
|
|
echo "Test 3: OK"
|
|
|
|
|
|
###################### Platform Certificate #####################
|
|
|
|
echo -en "password" > ${pwdfile}
|
|
exec 100<${pwdfile}
|
|
${SWTPM_CERT} \
|
|
--type platform \
|
|
--signkey ${TESTDIR}/data/signkey-encrypted.pem \
|
|
--signkey-pwd fd:100 \
|
|
--issuercert ${TESTDIR}/data/issuercert.pem \
|
|
--pubkey ${TESTDIR}/data/pubek.pem \
|
|
--out-cert ${cert} \
|
|
--days 3650 \
|
|
--subject "OU=foo,L=NewYork,ST=NY,C=US" \
|
|
--pem \
|
|
--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
|
|
--platform-manufacturer Fedora \
|
|
--platform-model QEMU \
|
|
--platform-version 2.1
|
|
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: ${SWTPM_CERT} returned error code."
|
|
exit 1
|
|
fi
|
|
|
|
#expecting size to be constant
|
|
check_cert_size "${cert}" 1411
|
|
|
|
# truncate result file
|
|
#certtool --certificate-info --infile ${cert}
|
|
echo -n > ${cert}
|
|
echo "Test 4: OK"
|