diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-05-09 12:37:08 -0700 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-05-09 12:37:08 -0700 |
commit | 695b434d705de49f11d02a250b64a4b0450f3ac9 (patch) | |
tree | d27a199f50af8a1ba1ed11b9675fea71d86f6a2d | |
parent | 3dfbdf6d0e4dc78c860412b8ec34dcc44cfebf5f (diff) | |
download | openssl_tpm2_engine-695b434d705de49f11d02a250b64a4b0450f3ac9.tar.gz |
wrap_ecc.sh: Add tests for explicit curve parametrisation
Openssl can deal with elliptic curves in two ways: named curve for the
ones it knows about and explicitly parametrised for ones it doesn't.
Expand the wrap_ecc.sh test to add a set of tests for wrapping
explicitly parametrised keys. This actually checks the curve numbers
hard coded into tpm2-common.c
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rwxr-xr-x | tests/wrap_ecc.sh | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/tests/wrap_ecc.sh b/tests/wrap_ecc.sh index 0ccc029..9912c24 100755 --- a/tests/wrap_ecc.sh +++ b/tests/wrap_ecc.sh @@ -13,7 +13,19 @@ for curve in $(${bindir}/create_tpm2_key --list-curves); do continue fi echo "Checking curve ${curve}" - openssl ecparam -genkey -name ${curve} > tmp.param && \ + openssl ecparam -param_enc named_curve -genkey -name ${curve} > tmp.param && \ + openssl genpkey -paramfile tmp.param -out key.priv && \ + ${bindir}/create_tpm2_key -p 81000001 -w key.priv key.tpm && \ + openssl req -new -x509 -subj '/CN=test/' -key key.tpm -engine tpm2 -keyform engine -out tmp.crt && \ + openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || \ + exit 1 +done +for curve in $(${bindir}/create_tpm2_key --list-curves); do + if openssl ecparam -name ${curve} 2>&1 | grep 'unknown curve'; then + continue + fi + echo "Checking curve ${curve}" + openssl ecparam -param_enc explicit -genkey -name ${curve} > tmp.param && \ openssl genpkey -paramfile tmp.param -out key.priv && \ ${bindir}/create_tpm2_key -p 81000001 -w key.priv key.tpm && \ openssl req -new -x509 -subj '/CN=test/' -key key.tpm -engine tpm2 -keyform engine -out tmp.crt && \ |