Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2026-01-11 08:28:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2b8a668dbb
swtpm/tests/test_swtpm_cert
Stefan Berger 68baacd721 swtpm_cert: Add Subject Directory Attributes to EK cert 
Create the TPMSpecification SEQUENCE and add it to the subject
directory attributes of an EK cert.

The code generates the same ASN.1 for the Subject Directory Attributes
as the example in the EK spec has.

> openssl asn1parse -in ${cert} -strparse 603
    0:d=0  hl=2 l=  30 cons: SEQUENCE
    2:d=1  hl=2 l=  28 cons: SEQUENCE
    4:d=2  hl=2 l=   5 prim: OBJECT            :2.23.133.2.16
   11:d=2  hl=2 l=  19 cons: SET
   13:d=3  hl=2 l=  17 cons: SEQUENCE
   15:d=4  hl=2 l=   3 prim: UTF8STRING        :1.2
   20:d=4  hl=2 l=   4 prim: INTEGER           :41010000
   26:d=4  hl=2 l=   4 prim: INTEGER           :7B000000

Extend existing test case so they create the ASN.1 as well.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2018-04-16 21:22:19 -04:00

133 lines
3.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# For the license, see the LICENSE file in the root directory.
DIR=$(dirname "$0")
ROOT=${DIR}/..
SWTPM_CERT=${ROOT}/src/swtpm_cert/swtpm_cert
cert=$(mktemp)
trap "cleanup" SIGTERM EXIT
function cleanup()
{
rm -f ${cert}
}
function check_cert_size()
{
local cert="$1"
local exp="$2"
# Unfortunately different GnuTLS versions may create certs of different
# sizes; deactivate this test for now
return
local size=$(stat -c%s ${cert} 2>/dev/null)
if [ $size -ne $exp ]; then
echo "Warning: Certificate file has unexpected size."
echo " Expected: $exp; found: $size"
fi
}
${SWTPM_CERT} \
--signkey ${DIR}/data/signkey.pem \
--issuercert ${DIR}/data/issuercert.pem \
--out-cert ${cert} \
--modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
--days 3650 \
--pem \
--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321
if [ $? -ne 0 ]; then
echo "Error: ${SWTPM_CERT} returned error code."
exit 1
fi
#expecting size to be constant
check_cert_size "${cert}" 1224
# truncate result file
echo -n > ${cert}
echo "Test 1: OK"
${SWTPM_CERT} \
--signkey ${DIR}/data/signkey.pem \
--issuercert ${DIR}/data/issuercert.pem \
--out-cert ${cert} \
--modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
--days 3650 \
--subject "OU=foo,L=NewYork,ST=NY,C=US" \
--pem \
--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321
if [ $? -ne 0 ]; then
echo "Error: ${SWTPM_CERT} returned error code."
exit 1
fi
#expecting size to be constant
check_cert_size "${cert}" 1302
# truncate result file
echo -n > ${cert}
echo "Test 2: OK"
${SWTPM_CERT} \
--signkey ${DIR}/data/signkey.pem \
--issuercert ${DIR}/data/issuercert.pem \
--out-cert ${cert} \
--pubkey ${DIR}/data/pubek.pem \
--days 3650 \
--subject "OU=foo,L=NewYork,ST=NY,C=US" \
--pem \
--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321
if [ $? -ne 0 ]; then
echo "Error: ${SWTPM_CERT} returned error code."
exit 1
fi
#expecting size to be constant
check_cert_size "${cert}" 1367
# truncate result file
#certtool --certificate-info --infile ${cert}
echo -n > ${cert}
echo "Test 3: OK"
###################### Platform Certificate #####################
${SWTPM_CERT} \
--type platform \
--signkey ${DIR}/data/signkey.pem \
--issuercert ${DIR}/data/issuercert.pem \
--pubkey ${DIR}/data/pubek.pem \
--out-cert ${cert} \
--days 3650 \
--subject "OU=foo,L=NewYork,ST=NY,C=US" \
--pem \
--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
--platform-manufacturer Fedora \
--platform-model QEMU \
--platform-version 2.1
if [ $? -ne 0 ]; then
echo "Error: ${SWTPM_CERT} returned error code."
exit 1
fi
#expecting size to be constant
check_cert_size "${cert}" 1411
# truncate result file
#certtool --certificate-info --infile ${cert}
echo -n > ${cert}
echo "Test 4: OK"
Reference in New Issue View Git Blame Copy Permalink