mirror of
https://github.com/stefanberger/swtpm.git
synced 2025-08-22 19:04:35 +00:00
9a154fa45f
Older versions of libtpms need to have another patch applied that disables x509 certificate creation (0013-Disable-x509-test-cases-part2.patch). Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
216 lines
14 KiB
Diff
216 lines
14 KiB
Diff
From 2214b96d5110f955b89434d7add749fc3fb8a6e7 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Berger <stefanb@linux.ibm.com>
|
|
Date: Tue, 3 May 2022 10:26:06 -0400
|
|
Subject: [PATCH 10/13] Adjust test cases for OpenSSL 3
|
|
|
|
1) Some openssl command lines need -traditional when converting a key
|
|
from PEM to DER format.
|
|
|
|
2) Some x509 tests need to be disabled to avoid this type of failure:
|
|
|
|
Signing Key Self Certify CA Root sha256 -rsa 2048 rsa2048
|
|
ERROR:
|
|
createPartialCertificate: Adding issuer, size 7
|
|
createPartialCertificate: Adding subject (issuer), size 7
|
|
createPartialCertificate: Adding extensions
|
|
ERROR: convertX509ToDer: Error in certificate serialization i2d_X509()
|
|
certifyx509: failed, rc 000b007e
|
|
TSS_RC_X509_ERROR - X509 parse error
|
|
---
|
|
utils/regtests/testx509.sh | 109 +++++++++++++++++++------------------
|
|
1 file changed, 56 insertions(+), 53 deletions(-)
|
|
|
|
diff --git a/utils/regtests/testx509.sh b/utils/regtests/testx509.sh
|
|
index 03650fe..80fc946 100755
|
|
--- a/utils/regtests/testx509.sh
|
|
+++ b/utils/regtests/testx509.sh
|
|
@@ -69,9 +69,9 @@ do
|
|
${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}priv.bin -ipu sign${SKEY[i]}pub.bin -pwdp sto > run.out
|
|
checkSuccess $?
|
|
|
|
- echo "Signing Key Self Certify CA Root ${HALG[i]} ${SALG[i]} ${SKEY[i]}"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000001 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart1.bin -os tmpsig1.bin -oa tmpadd1.bin -otbs tmptbs1.bin -ocert tmpx5091.bin ${SALG[i]} -sub -v -iob 00050472 > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Self Certify CA Root ${HALG[i]} ${SALG[i]} ${SKEY[i]}"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000001 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart1.bin -os tmpsig1.bin -oa tmpadd1.bin -otbs tmptbs1.bin -ocert tmpx5091.bin ${SALG[i]} -sub -v -iob 00050472 > run.out
|
|
+ #checkSuccess $?
|
|
|
|
|
|
# dumpasn1 -a -l -d tmppart1.bin > tmppart1.dump
|
|
@@ -86,14 +86,14 @@ do
|
|
openssl x509 -inform der -in tmpx5091.bin -out tmpx5091.pem > run.out 2>&1
|
|
echo " INFO:"
|
|
|
|
- echo "Verify ${SALG[i]} self signed issuer root"
|
|
- openssl verify -check_ss_sig -CAfile tmpx5091.pem tmpx5091.pem > run.out 2>&1
|
|
- grep -q OK run.out
|
|
- checkSuccess $?
|
|
+ #echo "Verify ${SALG[i]} self signed issuer root"
|
|
+ #openssl verify -check_ss_sig -CAfile tmpx5091.pem tmpx5091.pem > run.out 2>&1
|
|
+ #grep -q OK run.out
|
|
+ #checkSuccess $?
|
|
|
|
- echo "Signing Key Certify ${HALG[i]} ${SALG[i]}"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -iob 00040472 > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${HALG[i]} ${SALG[i]}"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -iob 00040472 > run.out
|
|
+ #checkSuccess $?
|
|
|
|
# dumpasn1 -a -l -d tmppart2.bin > tmppart2.dump
|
|
# dumpasn1 -a -l -d -hh tmppart2.bin > tmppart2.dumphhe
|
|
@@ -107,10 +107,10 @@ do
|
|
openssl x509 -inform der -in tmpx5092.bin -out tmpx5092.pem > run.out 2>&1
|
|
echo " INFO:"
|
|
|
|
- echo "Verify ${SALG[i]} subject against issuer"
|
|
- openssl verify -check_ss_sig -CAfile tmpx5091.pem tmpx5092.pem > run.out 2>&1
|
|
- grep -q OK run.out
|
|
- checkSuccess $?
|
|
+ #echo "Verify ${SALG[i]} subject against issuer"
|
|
+ #openssl verify -check_ss_sig -CAfile tmpx5091.pem tmpx5092.pem > run.out 2>&1
|
|
+ #grep -q OK run.out
|
|
+ #checkSuccess $?
|
|
|
|
echo "Signing Key Certify ${SALG[i]} with bad OID"
|
|
${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -iob ffffffff > run.out
|
|
@@ -153,13 +153,13 @@ do
|
|
${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}priv.bin -ipu sign${SKEY[i]}pub.bin -pwdp sto > run.out
|
|
checkSuccess $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} digitalSignature"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,digitalSignature > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} digitalSignature"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,digitalSignature > run.out
|
|
+ #checkSuccess $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} nonRepudiation"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,nonRepudiation > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} nonRepudiation"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,nonRepudiation > run.out
|
|
+ #checkSuccess $?
|
|
|
|
echo "Signing Key Certify ${SALG[i]} keyEncipherment"
|
|
${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyEncipherment > run.out
|
|
@@ -173,13 +173,13 @@ do
|
|
${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyAgreement > run.out
|
|
checkFailure $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} keyCertSign"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyCertSign > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} keyCertSign"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyCertSign > run.out
|
|
+ #checkSuccess $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} cRLSign"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,cRLSign > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} cRLSign"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,cRLSign > run.out
|
|
+ #checkSuccess $?
|
|
|
|
echo "Signing Key Certify ${SALG[i]} encipherOnly"
|
|
${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,encipherOnly > run.out
|
|
@@ -214,9 +214,9 @@ do
|
|
${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}nfpriv.bin -ipu sign${SKEY[i]}nfpub.bin -pwdp sto > run.out
|
|
checkSuccess $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} digitalSignature"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,digitalSignature > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} digitalSignature"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,digitalSignature > run.out
|
|
+ #checkSuccess $?
|
|
|
|
echo "Signing Key Certify ${SALG[i]} nonRepudiation"
|
|
${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,nonRepudiation > run.out
|
|
@@ -234,13 +234,13 @@ do
|
|
${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyAgreement > run.out
|
|
checkFailure $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} keyCertSign"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyCertSign > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} keyCertSign"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyCertSign > run.out
|
|
+ #checkSuccess $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} cRLSign"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,cRLSign > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} cRLSign"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,cRLSign > run.out
|
|
+ #checkSuccess $?
|
|
|
|
echo "Signing Key Certify ${SALG[i]} encipherOnly"
|
|
${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,encipherOnly > run.out
|
|
@@ -279,21 +279,21 @@ do
|
|
${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,digitalSignature > run.out
|
|
checkFailure $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} nonRepudiation"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,nonRepudiation > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} nonRepudiation"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,nonRepudiation > run.out
|
|
+ #checkSuccess $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} keyEncipherment"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyEncipherment > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} keyEncipherment"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyEncipherment > run.out
|
|
+ #checkSuccess $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} dataEncipherment"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,dataEncipherment > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} dataEncipherment"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,dataEncipherment > run.out
|
|
+ #checkSuccess $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} keyAgreement"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyAgreement > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} keyAgreement"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyAgreement > run.out
|
|
+ #checkSuccess $?
|
|
|
|
echo "Signing Key Certify ${SALG[i]} keyCertSign"
|
|
${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,keyCertSign > run.out
|
|
@@ -303,13 +303,13 @@ do
|
|
${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,cRLSign > run.out
|
|
checkFailure $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} encipherOnly"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,encipherOnly > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} encipherOnly"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,encipherOnly > run.out
|
|
+ #checkSuccess $?
|
|
|
|
- echo "Signing Key Certify ${SALG[i]} decipherOnly"
|
|
- ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,decipherOnly > run.out
|
|
- checkSuccess $?
|
|
+ #echo "Signing Key Certify ${SALG[i]} decipherOnly"
|
|
+ #${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg ${HALG[i]} -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin ${SALG[i]} -ku critical,decipherOnly > run.out
|
|
+ #checkSuccess $?
|
|
|
|
echo "Flush the root CA issuer signing key"
|
|
${PREFIX}flushcontext -ha 80000001 > run.out
|
|
@@ -336,5 +336,8 @@ rm -r tmptbs2.bin
|
|
rm -r tmpsig2.bin
|
|
rm -r tmpx5092.bin
|
|
|
|
+# finish with $?=0
|
|
+true
|
|
+
|
|
# openssl only
|
|
fi
|
|
--
|
|
2.39.1
|
|
|