wrap_ecc.sh: Add tests for explicit curve parametrisation

Openssl can deal with elliptic curves in two ways: named curve for the
ones it knows about and explicitly parametrised for ones it doesn't.
Expand the wrap_ecc.sh test to add a set of tests for wrapping
explicitly parametrised keys.  This actually checks the curve numbers
hard coded into tpm2-common.c

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

1 files changed, 13 insertions, 1 deletions

diff --git a/tests/wrap_ecc.sh b/tests/wrap_ecc.sh
index 0ccc029..9912c24 100755
--- a/tests/wrap_ecc.sh
+++ b/tests/wrap_ecc.sh
@@ -13,7 +13,19 @@ for curve in $(${bindir}/create_tpm2_key --list-curves); do
 	continue
     fi
     echo "Checking curve ${curve}"
-    openssl ecparam -genkey -name ${curve} > tmp.param && \
+    openssl ecparam -param_enc named_curve -genkey -name ${curve} > tmp.param && \
+    openssl genpkey -paramfile tmp.param -out key.priv && \
+    ${bindir}/create_tpm2_key -p 81000001 -w key.priv key.tpm && \
+    openssl req -new -x509 -subj '/CN=test/' -key key.tpm -engine tpm2 -keyform engine -out tmp.crt && \
+    openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || \
+    exit 1
+done
+for curve in $(${bindir}/create_tpm2_key --list-curves); do
+    if openssl ecparam -name ${curve} 2>&1 | grep 'unknown curve'; then
+	continue
+    fi
+    echo "Checking curve ${curve}"
+    openssl ecparam -param_enc explicit -genkey -name ${curve} > tmp.param && \
     openssl genpkey -paramfile tmp.param -out key.priv && \
     ${bindir}/create_tpm2_key -p 81000001 -w key.priv key.tpm && \
     openssl req -new -x509 -subj '/CN=test/' -key key.tpm -engine tpm2 -keyform engine -out tmp.crt && \