[swtpm.git] / tests / test_swtpm_cert

#!/usr/bin/env bash

# For the license, see the LICENSE file in the root directory.

ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:=$(dirname "$0")}

SWTPM_CERT=${SWTPM_CERT:-${ROOT}/src/swtpm_cert/swtpm_cert}

cert=$(mktemp)
pwdfile=$(mktemp)

trap "cleanup" SIGTERM EXIT


function cleanup()
{
	rm -f "${cert}" "${pwdfile}"
}

function check_cert_size()
{
	local cert="$1"
	local exp="$2"

	# Unfortunately different GnuTLS versions may create certs of different
	# sizes; deactivate this test for now
	return

	local size=$(stat -c%s ${cert} 2>/dev/null)
	if [ $size -ne $exp ]; then
		echo "Warning: Certificate file has unexpected size."
		echo "         Expected: $exp;  found: $size"
	fi
}

VARNAME=password ${SWTPM_CERT} \
	--signkey ${TESTDIR}/data/signkey-encrypted.pem \
	--signkey-pwd env:VARNAME \
	--issuercert ${TESTDIR}/data/issuercert.pem \
	--out-cert ${cert} \
	--modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
	--days 3650 \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321

if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "${cert}" 1224

# truncate result file
echo -n > ${cert}
echo "Test 1: OK"

${SWTPM_CERT} \
	--signkey ${TESTDIR}/data/signkey-encrypted.pem \
	--signkey-pwd file:<(echo -en "password") \
	--issuercert ${TESTDIR}/data/issuercert.pem \
	--out-cert ${cert} \
	--modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
	--days 3650 \
	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321

if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "${cert}" 1302

# truncate result file
echo -n > ${cert}
echo "Test 2: OK"

${SWTPM_CERT} \
	--signkey ${TESTDIR}/data/signkey-encrypted.pem \
	--signkey-pwd pass:password \
	--issuercert ${TESTDIR}/data/issuercert.pem \
	--out-cert ${cert} \
	--pubkey ${TESTDIR}/data/pubek.pem \
	--days 3650 \
	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321

if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "${cert}" 1367

# truncate result file
#certtool --certificate-info --infile ${cert}
echo -n > ${cert}
echo "Test 3: OK"


###################### Platform Certificate #####################

echo -en "password" > ${pwdfile}
exec 100<${pwdfile}
${SWTPM_CERT} \
        --type platform \
	--signkey ${TESTDIR}/data/signkey-encrypted.pem \
	--signkey-pwd fd:100 \
	--issuercert ${TESTDIR}/data/issuercert.pem \
	--pubkey ${TESTDIR}/data/pubek.pem \
	--out-cert ${cert} \
	--days 3650 \
	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--platform-manufacturer Fedora \
	--platform-model QEMU \
	--platform-version 2.1

if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "${cert}" 1411

# truncate result file
#certtool --certificate-info --infile ${cert}
echo -n > ${cert}
echo "Test 4: OK"
Commit	Line	Data
8f0f381f	1	#!/usr/bin/env bash
e46a2b66 SB	2
	3	# For the license, see the LICENSE file in the root directory.
	4
313cf75c SB	5	ROOT=${abs_top_builddir:-$(dirname "$0")/..}
	6	TESTDIR=${abs_top_testdir:=$(dirname "$0")}
	7
660ec542	8	SWTPM_CERT=${SWTPM_CERT:-${ROOT}/src/swtpm_cert/swtpm_cert}
e46a2b66 SB	9
e46a2b66 SB	10	cert=$(mktemp)
b35eb9fc	11	pwdfile=$(mktemp)
e46a2b66 SB	12
	13	trap "cleanup" SIGTERM EXIT
	14
	15
	16	function cleanup()
	17	{
b35eb9fc	18	rm -f "${cert}" "${pwdfile}"
e46a2b66 SB	19	}
e46a2b66 SB	20
cf56d345 SB	21	function check_cert_size()
	22	{
	23	local cert="$1"
	24	local exp="$2"
	25
	26	# Unfortunately different GnuTLS versions may create certs of different
	27	# sizes; deactivate this test for now
	28	return
	29
	30	local size=$(stat -c%s ${cert} 2>/dev/null)
	31	if [ $size -ne $exp ]; then
	32	echo "Warning: Certificate file has unexpected size."
	33	echo " Expected: $exp; found: $size"
	34	fi
	35	}
	36
b35eb9fc SB	37	VARNAME=password ${SWTPM_CERT} \
	38	--signkey ${TESTDIR}/data/signkey-encrypted.pem \
	39	--signkey-pwd env:VARNAME \
313cf75c	40	--issuercert ${TESTDIR}/data/issuercert.pem \
e46a2b66 SB	41	--out-cert ${cert} \
	42	--modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
	43	--days 3650 \
	44	--pem \
68baacd7 SB	45	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
68baacd7 SB	46	--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321
e46a2b66	47
d7fc0469 SB	48	if [ $? -ne 0 ]; then
	49	echo "Error: ${SWTPM_CERT} returned error code."
	50	exit 1
	51	fi
	52
e46a2b66	53	#expecting size to be constant
cf56d345	54	check_cert_size "${cert}" 1224
e46a2b66 SB	55
	56	# truncate result file
	57	echo -n > ${cert}
	58	echo "Test 1: OK"
	59
	60	${SWTPM_CERT} \
b35eb9fc SB	61	--signkey ${TESTDIR}/data/signkey-encrypted.pem \
b35eb9fc SB	62	--signkey-pwd file:<(echo -en "password") \
313cf75c	63	--issuercert ${TESTDIR}/data/issuercert.pem \
e46a2b66 SB	64	--out-cert ${cert} \
	65	--modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
	66	--days 3650 \
	67	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	68	--pem \
68baacd7 SB	69	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
68baacd7 SB	70	--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321
e46a2b66	71
d7fc0469 SB	72	if [ $? -ne 0 ]; then
	73	echo "Error: ${SWTPM_CERT} returned error code."
	74	exit 1
	75	fi
	76
e46a2b66	77	#expecting size to be constant
cf56d345	78	check_cert_size "${cert}" 1302
e46a2b66 SB	79
	80	# truncate result file
	81	echo -n > ${cert}
	82	echo "Test 2: OK"
	83
	84	${SWTPM_CERT} \
b35eb9fc SB	85	--signkey ${TESTDIR}/data/signkey-encrypted.pem \
b35eb9fc SB	86	--signkey-pwd pass:password \
313cf75c	87	--issuercert ${TESTDIR}/data/issuercert.pem \
e46a2b66	88	--out-cert ${cert} \
313cf75c	89	--pubkey ${TESTDIR}/data/pubek.pem \
e46a2b66 SB	90	--days 3650 \
	91	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	92	--pem \
68baacd7 SB	93	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
68baacd7 SB	94	--tpm-spec-family 1.2 --tpm-spec-revision 123 --tpm-spec-level 321
e46a2b66	95
d7fc0469 SB	96	if [ $? -ne 0 ]; then
	97	echo "Error: ${SWTPM_CERT} returned error code."
	98	exit 1
	99	fi
	100
e46a2b66	101	#expecting size to be constant
cf56d345	102	check_cert_size "${cert}" 1367
e46a2b66 SB	103
	104	# truncate result file
	105	#certtool --certificate-info --infile ${cert}
	106	echo -n > ${cert}
	107	echo "Test 3: OK"
	108
	109
	110	###################### Platform Certificate #####################
	111
b35eb9fc SB	112	echo -en "password" > ${pwdfile}
b35eb9fc SB	113	exec 100<${pwdfile}
e46a2b66 SB	114	${SWTPM_CERT} \
e46a2b66 SB	115	--type platform \
b35eb9fc SB	116	--signkey ${TESTDIR}/data/signkey-encrypted.pem \
b35eb9fc SB	117	--signkey-pwd fd:100 \
313cf75c SB	118	--issuercert ${TESTDIR}/data/issuercert.pem \
313cf75c SB	119	--pubkey ${TESTDIR}/data/pubek.pem \
e46a2b66 SB	120	--out-cert ${cert} \
	121	--days 3650 \
	122	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	123	--pem \
	124	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	125	--platform-manufacturer Fedora \
	126	--platform-model QEMU \
	127	--platform-version 2.1
	128
d7fc0469 SB	129	if [ $? -ne 0 ]; then
	130	echo "Error: ${SWTPM_CERT} returned error code."
	131	exit 1
	132	fi
	133
e46a2b66	134	#expecting size to be constant
cf56d345	135	check_cert_size "${cert}" 1411
e46a2b66 SB	136
	137	# truncate result file
	138	#certtool --certificate-info --infile ${cert}
	139	echo -n > ${cert}
	140	echo "Test 4: OK"