mirror of
https://github.com/stefanberger/swtpm.git
synced 2025-08-26 08:24:14 +00:00
80d7bb488c
Extend the --print-capabilities option to also report supported RSA
key sizes. Only the TPM 2 may support anything else than 2048 bit RSA
keys, so we only consult 'swtpm socket --tpm2 --print-capabilities'
and grep for 2048 and 3072 key sizes and report them.
If nothing is found, nothing is reported, as before, and 2048 bit RSA
keys should be assumed.
'swtpm_setup --tpm2 --print-capabilities' may now show the following:
{
"type": "swtpm_setup",
"features": [
"cmdarg-keyfile-fd",
"cmdarg-pwdfile-fd",
"tpm2-rsa-keysize-2048",
"tpm2-rsa-keysize-3072"
]
}
Also adjust a test case to use a regular expression for matching
against an expected string that may nor may not have rsa-keysize
verbs.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
78 lines
2.2 KiB
Bash
Executable File
78 lines
2.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# For the license, see the LICENSE file in the root directory.
|
|
#set -x
|
|
|
|
ROOT=${abs_top_builddir:-$(pwd)/..}
|
|
TESTDIR=${abs_top_testdir:-$(dirname "$0")}
|
|
|
|
[ "${SWTPM_IFACE}" == "cuse" ] && source ${TESTDIR}/test_cuse
|
|
source ${TESTDIR}/common
|
|
|
|
msg="$(${SWTPM_EXE} ${SWTPM_IFACE} --tpm2 --print-capabilities 2>&1)"
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: Could not pass --print-capabilities"
|
|
echo "${msg}"
|
|
exit 1
|
|
fi
|
|
|
|
if has_seccomp_support "${SWTPM_EXE}"; then
|
|
seccomp='"cmdarg-seccomp", '
|
|
fi
|
|
if [ "${SWTPM_IFACE}" != "cuse" ]; then
|
|
noncuse='"tpm-send-command-header", "flags-opt-startup", '
|
|
fi
|
|
|
|
# The rsa key size reporting is variable, so use a regex
|
|
exp='\{ "type": "swtpm", "features": \[ '${noncuse}${seccomp}'"cmdarg-key-fd", "cmdarg-pwd-fd"(, "rsa-keysize-1024")?(, "rsa-keysize-2048")?(, "rsa-keysize-3072")? \] \}'
|
|
if ! [[ ${msg} =~ ${exp} ]]; then
|
|
echo "Unexpected response from ${SWTPM_IFACE} TPM to --print-capabilities:"
|
|
echo "Actual : ${msg}"
|
|
echo "Expected : ${exp}"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Test 1: OK"
|
|
|
|
msg="$(${SWTPM_SETUP} --tpm2 --print-capabilities 2>&1)"
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: Could not pass --print-capabilities"
|
|
echo "${msg}"
|
|
exit 1
|
|
fi
|
|
|
|
# The are some variable parameters at the end, use regex
|
|
exp='\{ "type": "swtpm_setup", "features": \[ "cmdarg-keyfile-fd", "cmdarg-pwdfile-fd"(, "no-tpm12-tools")?(, "tpm2-rsa-keysize-2048")?(, "tpm2-rsa-keysize-3072")? \] \}'
|
|
if ! [[ ${msg} =~ ${exp} ]]; then
|
|
echo "Unexpected response from ${SWTPM_SETUP} to --print-capabilities:"
|
|
echo "Actual : ${msg}"
|
|
echo "Expected : ${exp}"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Test 2: OK"
|
|
|
|
# SWTPM_CERT may be run by valgrind
|
|
if [ -x "$(type -P $(echo "${SWTPM_CERT}" | cut -d" " -f1) )" ]; then
|
|
msg="$(${SWTPM_CERT} --tpm2 --print-capabilities 2>&1)"
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: Could not pass --print-capabilities to ${SWTPM_CERT}"
|
|
echo "${msg}"
|
|
exit 1
|
|
fi
|
|
|
|
exp='{ "type": "swtpm_cert", "features": [ "cmdarg-signkey-pwd", "cmdarg-parentkey-pwd" ] }'
|
|
if [ "${msg}" != "${exp}" ]; then
|
|
echo "Unexpected response from ${SWTPM_CERT} to --print-capabilities:"
|
|
echo "Actual : ${msg}"
|
|
echo "Expected : ${exp}"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Test 3: OK"
|
|
else
|
|
echo "Test 2: SKIP -- ${SWTPM_CERT} not found or not an executable"
|
|
fi
|
|
|
|
exit 0
|