diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-01-10 08:31:28 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-01-10 08:31:28 -0800 |
commit | 1be01f3bf05298dbf441813a4946aed20b2229ab (patch) | |
tree | 172324e329083ae66c903feeafb745a52dce649f | |
parent | e682157c9379d25d0a65759bf2cb7efa327be427 (diff) | |
download | openssl_tpm2_engine-1be01f3bf05298dbf441813a4946aed20b2229ab.tar.gz |
tests: add a test for DER keys
Now that we're supposed to support DER based keys, check that we can
use them.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | tests/Makefile.am | 3 | ||||
-rwxr-xr-x | tests/check_der.sh | 17 |
2 files changed, 19 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 21da53d..cd582e0 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -8,6 +8,7 @@ TESTS = fail_connect.sh \ wrap_tpm_key.sh \ check_wrap_auth.sh \ check_old_keys.sh \ + check_der.sh \ create_ecc.sh \ wrap_ecc.sh \ wrap_generic_ecc.sh \ @@ -28,6 +29,6 @@ AM_TESTS_ENVIRONMENT = TPM_INTERFACE_TYPE=socsim; \ export TPM_INTERFACE_TYPE OPENSSL_CONF srcdir; TEST_EXTENSIONS = .sh -CLEANFILES = key*.tpm key*.pub key*.priv tmp.* NVChip h*.bin +CLEANFILES = key*.tpm key*.pub key*.priv tmp.* NVChip h*.bin key*.der clean-local: rm -fr testdir diff --git a/tests/check_der.sh b/tests/check_der.sh new file mode 100755 index 0000000..0cbfe06 --- /dev/null +++ b/tests/check_der.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +bindir=${srcdir}/.. + +## +# test is +# 1. create TPM internal private key +# 2. convert it to DER form +# 3. get the corresponding public key from the engine +# 4. encode a message using the TPM key +# 5. verify the message through the public key +${bindir}/create_tpm2_key -a -k passw0rd key2.tpm && \ +openssl asn1parse -in key2.tpm -out key2.der && \ +openssl rsa -engine tpm2 -inform engine -passin pass:passw0rd -in key2.der -pubout -out key2.pub && \ +echo "This is a message" | openssl rsautl -sign -engine tpm2 -engine tpm2 -keyform engine -inkey key2.der -passin pass:passw0rd -out tmp.msg && \ +openssl rsautl -verify -in tmp.msg -inkey key2.pub -pubin + |