diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-02-28 15:00:41 -0500 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-03-17 12:27:34 -0400 |
commit | 2375eaeb8bc7f4b5cd8f0428eb89df6906dbc214 (patch) | |
tree | f9a1232f3a20c0a6a5dbaf0d74b486851abd2d18 | |
parent | d342a96be117b701e24b7124c7f55f2fb70d9081 (diff) | |
download | openssl_tpm2_engine-2375eaeb8bc7f4b5cd8f0428eb89df6906dbc214.tar.gz |
add tests for elliptic curve parent authority
During the construction of the prior elliptic curve refactor patch a
mistake was made whereby the parent authority wasn't passed in. This
wasn't picked up by any of the current tests, so add a test
specifically using parent authority for elliptic curve keys to prevent
any regressions in this area.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rwxr-xr-x | tests/create_tpm_key_auth.sh | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/create_tpm_key_auth.sh b/tests/create_tpm_key_auth.sh index bbde12c..5c6d156 100755 --- a/tests/create_tpm_key_auth.sh +++ b/tests/create_tpm_key_auth.sh @@ -12,12 +12,19 @@ tsshierarchychangeauth -hi p -pwdn ${auth} # 3. encode a message using the TPM key # 4. verify the message through the public key ${bindir}/create_tpm2_key -p platform -b ${auth} key0.tpm || exit 1 +${bindir}/create_tpm2_key -p platform -b ${auth} --ecc prime256v1 key1.tpm || exit 1 openssl rsa $ENGINE $INFORM -in key0.tpm -pubout -out key0.pub || exit 1 +openssl pkey $ENGINE $INFORM -in key1.tpm -pubout -out key1.pub || exit 1 # openssl has no way to specify the engine ctrl for the pin so we cheat # and do it in the openssl.cnf file via an environment variable export SRKPIN=${auth} echo "This is a message" | openssl rsautl -sign $ENGINE $KEYFORM -inkey key0.tpm -out tmp.msg || exit 1 openssl rsautl -verify -in tmp.msg -inkey key0.pub -pubin || exit 1 +# now use the encrypted message file and sign it with key1 +echo "This is another message" | openssl dgst -sha256 -binary -out tmp.msg +openssl pkeyutl -sign $ENGINE $KEYFORM -inkey key1.tpm -pkeyopt digest:sha256 -in tmp.msg -out tmp.sig || exit 1 +openssl pkeyutl -verify -in tmp.msg -sigfile tmp.sig -pubin -inkey key1.pub || exit 1 + tsshierarchychangeauth -hi p -pwda ${auth} |