mirror of
https://github.com/stefanberger/swtpm.git
synced 2026-02-05 14:12:54 +00:00
77819bb2e6
Protect variables with quotes so that pathnames with spaces are now supported. Adjust the accompanying test case to make use of spaces in file paths. Address several issues found by shellcheck. Some of them are false positives especially when it comes to protecting variables passed to a commaned in an 'eval' line. They must not be protected, otherwise they are not passed correctly. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
120 lines
2.6 KiB
Bash
Executable File
120 lines
2.6 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# For the license, see the LICENSE file in the root directory.
|
|
#set -x
|
|
|
|
TOPBUILD=${abs_top_builddir:-$(dirname "$0")/..}
|
|
TOPSRC=${abs_top_srcdir:-$(dirname "$0")/..}
|
|
TESTDIR=${abs_top_testdir:-$(dirname "$0")}
|
|
|
|
SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca
|
|
|
|
workdir=$(mktemp -d "/tmp/path with spaces.XXXXXX")
|
|
|
|
ek=""
|
|
for ((i = 0; i < 256; i++)); do
|
|
ek="${ek}$(printf "%02x" $i)"
|
|
done
|
|
|
|
SIGNINGKEY=${workdir}/signingkey.pem
|
|
ISSUERCERT=${workdir}/issuercert.pem
|
|
CERTSERIAL=${workdir}/certserial
|
|
|
|
PATH=${TOPBUILD}/src/swtpm_cert:$PATH
|
|
|
|
trap "cleanup" SIGTERM EXIT
|
|
|
|
function cleanup()
|
|
{
|
|
rm -rf "${workdir}"
|
|
}
|
|
|
|
case "$(uname -s)" in
|
|
Darwin)
|
|
CERTTOOL=gnutls-certtool;;
|
|
*)
|
|
CERTTOOL=certtool;;
|
|
esac
|
|
|
|
cat <<_EOF_ > "${workdir}/swtpm-localca.conf"
|
|
statedir=${workdir}
|
|
signingkey = ${SIGNINGKEY}
|
|
issuercert = ${ISSUERCERT}
|
|
certserial = ${CERTSERIAL}
|
|
_EOF_
|
|
|
|
cat <<_EOF_ > "${workdir}/swtpm-localca.options"
|
|
--tpm-manufacturer IBM
|
|
--tpm-model swtpm-libtpms
|
|
--tpm-version 2
|
|
--platform-manufacturer Fedora
|
|
--platform-version 2.1
|
|
--platform-model QEMU
|
|
_EOF_
|
|
|
|
# the following contains the test parameters and
|
|
# expected key usage
|
|
for testparams in \
|
|
"--allow-signing|Digital signature" \
|
|
"--allow-signing --decryption|Digital signature,Key encipherment" \
|
|
"--decryption|Key encipherment" \
|
|
"|Key encipherment";
|
|
do
|
|
params=$(echo ${testparams} | cut -d"|" -f1)
|
|
usage=$(echo ${testparams} | cut -d"|" -f2)
|
|
|
|
${SWTPM_LOCALCA} \
|
|
--type ek \
|
|
--ek "${ek}" \
|
|
--dir "${workdir}" \
|
|
--vmid test \
|
|
--tpm2 \
|
|
--configfile "${workdir}/swtpm-localca.conf" \
|
|
--optsfile "${workdir}/swtpm-localca.options" \
|
|
--tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0 \
|
|
${params}
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: Test with parameters '$params' failed."
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -r "${workdir}/ek.cert" ]; then
|
|
echo "Error: ${workdir}/ek.cert was not created."
|
|
exit 1
|
|
fi
|
|
|
|
OIFS="$IFS"
|
|
IFS=","
|
|
|
|
for u in $usage; do
|
|
echo $u
|
|
if [ -z "$(${CERTTOOL} -i \
|
|
--inder --infile "${workdir}/ek.cert" | \
|
|
grep "Key Usage" -A2 | \
|
|
grep "$u")" ]; then
|
|
echo "Error: Could not find key usage $u in key created " \
|
|
"with $params."
|
|
else
|
|
echo "Found '$u'"
|
|
fi
|
|
done
|
|
|
|
IFS="$OIFS"
|
|
|
|
${CERTTOOL} \
|
|
-i \
|
|
--inder --infile "${workdir}/ek.cert" \
|
|
--outfile "${workdir}/ek.pem"
|
|
|
|
${CERTTOOL} \
|
|
--verify \
|
|
--load-ca-certificate "${ISSUERCERT}" \
|
|
--infile "${workdir}/ek.pem"
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: Could not verify certificate chain."
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
exit 0
|