diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-11-23 13:53:02 +0000 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-12-14 10:41:29 -0500 |
| commit | 76aec723ebf4d7238808479163535de84caca8cc (patch) | |
| tree | 63ff0285a54e3ded95093c5861f6aca6cedc756e | |
| parent | 8cbc00ce2535dcb864f6ccf7c07f3fc1b6f39f27 (diff) | |
| download | openssl_tpm2_engine-76aec723ebf4d7238808479163535de84caca8cc.tar.gz | |
tests: Add testing for the new locality flag
Fairly simple since the emulator only runs at locality zero.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rwxr-xr-x | tests/check_locality.sh | 23 | ||||
| -rw-r--r-- | tests/engine/Makefile.am | 1 | ||||
| -rw-r--r-- | tests/provider/Makefile.am | 1 |
3 files changed, 25 insertions, 0 deletions
diff --git a/tests/check_locality.sh b/tests/check_locality.sh new file mode 100755 index 0000000..f4ec2b9 --- /dev/null +++ b/tests/check_locality.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -x +## +# The TPM emulators always run in locality 0, so the only tests +# we can do is create a key including and excluding locality zero +# and check that one loads and the other doesn't +## +LOCALITY_01234=0x1f +LOCALITY_1234=0x1e +echo "This is a message" > plain.txt +DATA="Test some data" + +${bindir}/create_tpm2_key --ecc prime256v1 --locality ${LOCALITY_01234} key.tpm || exit 1 +openssl pkeyutl -sign $ENGINE $KEYFORM -inkey key.tpm -in plain.txt -out tmp.msg|| exit 1 +echo "${DATA}"|${bindir}/seal_tpm2_data --locality ${LOCALITY_01234} key.tpm +${bindir}/unseal_tpm2_data key.tpm|grep -q "${DATA}" || exit 1 + +${bindir}/create_tpm2_key --ecc prime256v1 --locality ${LOCALITY_1234} key.tpm || exit 1 +openssl pkeyutl -sign $ENGINE $KEYFORM -inkey key.tpm -in plain.txt -out tmp.msg&& exit 1 +echo "${DATA}"|${bindir}/seal_tpm2_data --locality ${LOCALITY_1234} key.tpm +${bindir}/unseal_tpm2_data key.tpm && exit 1 + +exit 0; diff --git a/tests/engine/Makefile.am b/tests/engine/Makefile.am index be350b5..8bc8765 100644 --- a/tests/engine/Makefile.am +++ b/tests/engine/Makefile.am @@ -27,6 +27,7 @@ TESTS += ../check_curves.sh \ ../restricted_parent.sh \ ../seal_unseal.sh \ ../check_signed_policies.sh \ + ../check_locality.sh \ ../dynamic_engine.sh \ ../stop_sw_tpm.sh diff --git a/tests/provider/Makefile.am b/tests/provider/Makefile.am index 5b54580..cdd043b 100644 --- a/tests/provider/Makefile.am +++ b/tests/provider/Makefile.am @@ -29,6 +29,7 @@ TESTS += ../check_curves.sh \ ../restricted_parent.sh \ ../seal_unseal.sh \ ../check_signed_policies.sh \ + ../check_locality.sh \ ../stop_sw_tpm.sh fail_connect.sh: tpm_server_found |