tests/test_tpm2_samples_swtpm_localca - third_party/github.com/stefanberger/swtpm - Git at Google

 #!/usr/bin/env bash

 # For the license, see the LICENSE file in the root directory.
 #set -x

 TOPBUILD=${abs_top_builddir:-$(dirname "$0")/..}
 TOPSRC=${abs_top_srcdir:-$(dirname "$0")/..}
 TESTDIR=${abs_top_testdir:-$(dirname "$0")}

 SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca

 workdir=$(mktemp -d)

 ek=""
 for ((i = 0; i < 256; i++)); do
   ek="${ek}$(printf "%02x" $i)"
 done

 SIGNINGKEY=${workdir}/signingkey.pem
 ISSUERCERT=${workdir}/issuercert.pem
 CERTSERIAL=${workdir}/certserial

 PATH=${TOPBUILD}/src/swtpm_cert:$PATH

 trap "cleanup" SIGTERM EXIT

 function cleanup()
 {
 	rm -rf ${workdir}
 }

 case "$(uname -s)" in
 Darwin)
 	CERTTOOL=gnutls-certtool;;
 *)
 	CERTTOOL=certtool;;
 esac

 cat <<_EOF_ > ${workdir}/swtpm-localca.conf
 statedir=${workdir}
 signingkey = ${SIGNINGKEY}
 issuercert = ${ISSUERCERT}
 certserial = ${CERTSERIAL}
 _EOF_

 cat <<_EOF_ > ${workdir}/swtpm-localca.options
 --tpm-manufacturer IBM
 --tpm-model swtpm-libtpms
 --tpm-version 2
 --platform-manufacturer Fedora
 --platform-version 2.1
 --platform-model QEMU
 _EOF_

 # the following contains the test parameters and
 # expected key usage
 for testparams in \
 	"--allow-signing|Digital signature" \
 	"--allow-signing --decryption|Digital signature,Key encipherment" \
 	"--decryption|Key encipherment" \
 	"|Key encipherment";
 do
   params=$(echo ${testparams} | cut -d"|" -f1)
   usage=$(echo ${testparams} | cut -d"|" -f2)

   ${SWTPM_LOCALCA} \
     --type ek \
     --ek ${ek} \
     --dir ${workdir} \
     --vmid test \
     --tpm2 \
     --configfile ${workdir}/swtpm-localca.conf \
     --optsfile ${workdir}/swtpm-localca.options \
     --tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0 \
     ${params}
   if [ $? -ne 0 ]; then
     echo "Error: Test with parameters '$params' failed."
     exit 1
   fi

   if [ ! -r ${workdir}/ek.cert ]; then
     echo "Error: ${workdir}/ek.cert was not created."
     exit 1
   fi

   OIFS="$IFS"
   IFS=","

   for u in $usage; do
     echo $u
     if [ -z "$(${CERTTOOL} -i \
                  --inder --infile ${workdir}/ek.cert | \
                 grep "Key Usage" -A2 | \
                 grep "$u")" ]; then
       echo "Error: Could not find key usage $u in key created " \
            "with $params."
     else
       echo "Found '$u'"
     fi
   done

   IFS="$OIFS"

   ${CERTTOOL} \
     -i \
     --inder --infile ${workdir}/ek.cert \
     --outfile ${workdir}/ek.pem

   ${CERTTOOL} \
     --verify \
     --load-ca-certificate ${ISSUERCERT} \
     --infile ${workdir}/ek.pem
   if [ $? -ne 0 ]; then
     echo "Error: Could not verify certificate chain."
     exit 1
   fi
 done

 exit 0
	#!/usr/bin/env bash

	# For the license, see the LICENSE file in the root directory.
	#set -x

	TOPBUILD=${abs_top_builddir:-$(dirname "$0")/..}
	TOPSRC=${abs_top_srcdir:-$(dirname "$0")/..}
	TESTDIR=${abs_top_testdir:-$(dirname "$0")}

	SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca

	workdir=$(mktemp -d)

	ek=""
	for ((i = 0; i < 256; i++)); do
	ek="${ek}$(printf "%02x" $i)"
	done

	SIGNINGKEY=${workdir}/signingkey.pem
	ISSUERCERT=${workdir}/issuercert.pem
	CERTSERIAL=${workdir}/certserial

	PATH=${TOPBUILD}/src/swtpm_cert:$PATH

	trap "cleanup" SIGTERM EXIT

	function cleanup()
	{
	rm -rf ${workdir}
	}

	case "$(uname -s)" in
	Darwin)
	CERTTOOL=gnutls-certtool;;
	*)
	CERTTOOL=certtool;;
	esac

	cat <<_EOF_ > ${workdir}/swtpm-localca.conf
	statedir=${workdir}
	signingkey = ${SIGNINGKEY}
	issuercert = ${ISSUERCERT}
	certserial = ${CERTSERIAL}
	_EOF_

	cat <<_EOF_ > ${workdir}/swtpm-localca.options
	--tpm-manufacturer IBM
	--tpm-model swtpm-libtpms
	--tpm-version 2
	--platform-manufacturer Fedora
	--platform-version 2.1
	--platform-model QEMU
	_EOF_

	# the following contains the test parameters and
	# expected key usage
	for testparams in \
	"--allow-signing\|Digital signature" \
	"--allow-signing --decryption\|Digital signature,Key encipherment" \
	"--decryption\|Key encipherment" \
	"\|Key encipherment";
	do
	params=$(echo ${testparams} \| cut -d"\|" -f1)
	usage=$(echo ${testparams} \| cut -d"\|" -f2)

	${SWTPM_LOCALCA} \
	--type ek \
	--ek ${ek} \
	--dir ${workdir} \
	--vmid test \
	--tpm2 \
	--configfile ${workdir}/swtpm-localca.conf \
	--optsfile ${workdir}/swtpm-localca.options \
	--tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0 \
	${params}
	if [ $? -ne 0 ]; then
	echo "Error: Test with parameters '$params' failed."
	exit 1
	fi

	if [ ! -r ${workdir}/ek.cert ]; then
	echo "Error: ${workdir}/ek.cert was not created."
	exit 1
	fi

	OIFS="$IFS"
	IFS=","

	for u in $usage; do
	echo $u
	if [ -z "$(${CERTTOOL} -i \
	--inder --infile ${workdir}/ek.cert \| \
	grep "Key Usage" -A2 \| \
	grep "$u")" ]; then
	echo "Error: Could not find key usage $u in key created " \
	"with $params."
	else
	echo "Found '$u'"
	fi
	done

	IFS="$OIFS"

	${CERTTOOL} \
	-i \
	--inder --infile ${workdir}/ek.cert \
	--outfile ${workdir}/ek.pem

	${CERTTOOL} \
	--verify \
	--load-ca-certificate ${ISSUERCERT} \
	--infile ${workdir}/ek.pem
	if [ $? -ne 0 ]; then
	echo "Error: Could not verify certificate chain."
	exit 1
	fi
	done

	exit 0