packaging: track dbgsym package for swtpm-libs and swtpm-tools

[swtpm.git] / tests / test_tpm2_swtpm_cert_ecc

#!/usr/bin/env bash

# For the license, see the LICENSE file in the root directory.

ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}

SWTPM_CERT=${SWTPM_CERT:-${ROOT}/src/swtpm_cert/swtpm_cert}

cert="$(mktemp)" || exit 1

trap "cleanup" SIGTERM EXIT


function cleanup()
{
        rm -f ${cert}
}

function check_cert_size()
{
        local cert="$1"
        local exp="$2"

        # Unfortunately different GnuTLS versions may create certs of different
        # sizes; deactivate this test for now
        return

        local size=$(stat -c%s ${cert} 2>/dev/null)
        if [ $size -ne $exp ]; then
                echo "Warning: Certificate file has unexpected size."
                echo "         Expected: $exp;  found: $size"
        fi
}

${SWTPM_CERT} \
        --tpm2 \
        --signkey ${TESTDIR}/data/signkey.pem \
        --issuercert ${TESTDIR}/data/issuercert.pem \
        --out-cert ${cert} \
        --ecc-x 61eaf811ea582656ca2a835dd1b9cd63eb196d7ff62711d6e9b8f85e580a47ca \
        --ecc-y a51efdc71fd6c791a24a75beb50526aa81b44cc598e65b2d5e116084aea4cb5b \
        --days 3650 \
        --pem \
        --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 2.0 \
        --tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0

if [ $? -ne 0 ]; then
        echo "Error: ${SWTPM_CERT} returned error code."
        exit 1
fi

#expecting size to be constant
check_cert_size "{$cert}" 948

#certtool --certificate-info --infile ${cert}
#openssl x509 -in ${cert} -text

# truncate result file
echo -n > ${cert}
echo "Test 1: OK"

${SWTPM_CERT} \
        --tpm2 \
        --signkey ${TESTDIR}/data/signkey.pem \
        --issuercert ${TESTDIR}/data/issuercert.pem \
        --out-cert ${cert} \
        --ecc-x 61eaf811ea582656ca2a835dd1b9cd63eb196d7ff62711d6e9b8f85e580a47ca \
        --ecc-y a51efdc71fd6c791a24a75beb50526aa81b44cc598e65b2d5e116084aea4cb5b \
        --days 3650 \
        --subject "OU=foo,L=NewYork,ST=NY,C=US" \
        --pem \
        --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
        --tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0

if [ $? -ne 0 ]; then
        echo "Error: ${SWTPM_CERT} returned error code."
        exit 1
fi

#expecting size to be constant
check_cert_size "{$cert}" 1025

# truncate result file
echo -n > ${cert}
echo "Test 2: OK"

${SWTPM_CERT} \
        --tpm2 \
        --signkey ${TESTDIR}/data/signkey.pem \
        --issuercert ${TESTDIR}/data/issuercert.pem \
        --out-cert ${cert} \
        --pubkey ${TESTDIR}/data/ecpubek.pem \
        --days 3650 \
        --subject "OU=foo,L=NewYork,ST=NY,C=US" \
        --pem \
        --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
        --tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0

if [ $? -ne 0 ]; then
        echo "Error: ${SWTPM_CERT} returned error code."
        exit 1
fi

#expecting size to be constant
check_cert_size "{$cert}" 1025

# truncate result file
#certtool --certificate-info --infile ${cert}
echo -n > ${cert}
echo "Test 3: OK"


###################### Platform Certificate #####################

${SWTPM_CERT} \
        --tpm2 \
        --type platform \
        --signkey ${TESTDIR}/data/signkey.pem \
        --issuercert ${TESTDIR}/data/issuercert.pem \
        --pubkey ${TESTDIR}/data/ecpubek.pem \
        --out-cert ${cert} \
        --days 3650 \
        --subject "OU=foo,L=NewYork,ST=NY,C=US" \
        --pem \
        --tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
        --platform-manufacturer Fedora \
        --platform-model QEMU \
        --platform-version 2.1

if [ $? -ne 0 ]; then
        echo "Error: ${SWTPM_CERT} returned error code."
        exit 1
fi

#expecting size to be constant
check_cert_size "{$cert}" 1070

# truncate result file
#certtool --certificate-info --infile ${cert}
echo -n > ${cert}
echo "Test 4: OK"