tests/test_tpm2_swtpm_cert

   1 #!/usr/bin/env bash
   2
   3 # For the license, see the LICENSE file in the root directory.
   4
   5 ROOT=${abs_top_builddir:-$(dirname "$0")/..}
   6 TESTDIR=${abs_top_testdir:-$(dirname "$0")}
   7
   8 SWTPM_CERT=${SWTPM_CERT:-${ROOT}/src/swtpm_cert/swtpm_cert}
   9
  10 cert=$(mktemp)
  11
  12 trap "cleanup" SIGTERM EXIT
  13
  14
  15 function cleanup()
  16 {
  17         rm -f ${cert}
  18 }
  19
  20 function check_cert_size()
  21 {
  22         local cert="$1"
  23         local exp="$2"
  24
  25         # Unfortunately different GnuTLS versions may create certs of different
  26         # sizes; deactivate this test for now
  27         return
  28
  29         local size=$(stat -c%s ${cert} 2>/dev/null)
  30         if [ $size -ne $exp ]; then
  31                 echo "Warning: Certificate file has unexpected size."
  32                 echo "         Expected: $exp;  found: $size"
  33         fi
  34 }
  35
  36 ${SWTPM_CERT} \
  37         --tpm2 \
  38         --allow-signing \
  39         --signkey ${TESTDIR}/data/signkey.pem \
  40         --issuercert ${TESTDIR}/data/issuercert.pem \
  41         --out-cert ${cert} \
  42         --modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
  43         --days 3650 \
  44         --pem \
  45         --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
  46         --tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0
  47
  48 if [ $? -ne 0 ]; then
  49         echo "Error: ${SWTPM_CERT} returned error code."
  50         exit 1
  51 fi
  52
  53 #expecting size to be constant
  54 check_cert_size "${cert}" 1224
  55
  56 # truncate result file
  57 echo -n > ${cert}
  58 echo "Test 1: OK"
  59
  60 ${SWTPM_CERT} \
  61         --tpm2 \
  62         --signkey ${TESTDIR}/data/signkey.pem \
  63         --issuercert ${TESTDIR}/data/issuercert.pem \
  64         --out-cert ${cert} \
  65         --modulus 'b9dda830729de58f9f5bed2b3b9394ad4ec5afb9c390b89a3337250cbc575cfc8f31f7ffd3f05f4155076f7d1605381cd281b7f147b801154e4f89ee529fe36eae50f79561850e5b63037edaacbb390ea3fcd037e674fb179e3c5afe31214d78a756ca44cc6cf25421b51420ede548310c92b08a513ccc62fd0ef45dcf6546f6e865be6a661d045d1c47b60b428d11dc97cb9f35ee7c385bb20320934b015f8014e8fb19851c2af307e1e64648c142175e40b60615dc494fdb09ea5d5a6f3273b65a241e3cf30cc449b9fb3f900d1ed4be967b32b16f95a1d732dbfa143eaa1c2017556117f70faee5d77f836705d05405361ad5871a32161fa5a1234cfab497' \
  66         --days 3650 \
  67         --subject "OU=foo,L=NewYork,ST=NY,C=US" \
  68         --pem \
  69         --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
  70         --tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0
  71
  72 if [ $? -ne 0 ]; then
  73         echo "Error: ${SWTPM_CERT} returned error code."
  74         exit 1
  75 fi
  76
  77 #expecting size to be constant
  78 check_cert_size "${cert}" 1302
  79
  80 # truncate result file
  81 echo -n > ${cert}
  82 echo "Test 2: OK"
  83
  84 ${SWTPM_CERT} \
  85         --tpm2 \
  86         --signkey ${TESTDIR}/data/signkey.pem \
  87         --issuercert ${TESTDIR}/data/issuercert.pem \
  88         --out-cert ${cert} \
  89         --pubkey ${TESTDIR}/data/pubek.pem \
  90         --days 3650 \
  91         --subject "OU=foo,L=NewYork,ST=NY,C=US" \
  92         --pem \
  93         --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
  94         --tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0
  95
  96 if [ $? -ne 0 ]; then
  97         echo "Error: ${SWTPM_CERT} returned error code."
  98         exit 1
  99 fi
 100
 101 #expecting size to be constant
 102 check_cert_size "${cert}" 1367
 103
 104 # truncate result file
 105 #certtool --certificate-info --infile ${cert}
 106 echo -n > ${cert}
 107 echo "Test 3: OK"
 108
 109
 110 ###################### Platform Certificate #####################
 111
 112 ${SWTPM_CERT} \
 113         --tpm2 \
 114         --type platform \
 115         --signkey ${TESTDIR}/data/signkey.pem \
 116         --issuercert ${TESTDIR}/data/issuercert.pem \
 117         --pubkey ${TESTDIR}/data/pubek.pem \
 118         --out-cert ${cert} \
 119         --days 3650 \
 120         --subject "OU=foo,L=NewYork,ST=NY,C=US" \
 121         --pem \
 122         --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
 123         --platform-manufacturer Fedora \
 124         --platform-model QEMU \
 125         --platform-version 2.1
 126
 127 if [ $? -ne 0 ]; then
 128         echo "Error: ${SWTPM_CERT} returned error code."
 129         exit 1
 130 fi
 131
 132 #expecting size to be constant
 133 check_cert_size "${cert}" 1411
 134
 135 # truncate result file
 136 #certtool --certificate-info --infile ${cert}
 137 echo -n > ${cert}
 138 echo "Test 4: OK"