| From d49c9dbdeb62a1e04cc427d559a5c5bb66dba3d3 Mon Sep 17 00:00:00 2001 |
| From: Stefan Berger <stefanb@linux.vnet.ibm.com> |
| Date: Sun, 28 Feb 2021 16:35:02 -0500 |
| Subject: [PATCH 06/13] Disable testing with RSA 3072 |
| |
| --- |
| utils/reg.sh | 2 +- |
| utils/regtests/initkeys.sh | 2 +- |
| utils/regtests/testcreateloaded.sh | 2 +- |
| utils/regtests/testcredential.sh | 2 +- |
| utils/regtests/testprimary.sh | 2 +- |
| utils/regtests/testrsa.sh | 14 +++++++------- |
| utils/regtests/testsalt.sh | 1 + |
| utils/regtests/testsign.sh | 6 +++--- |
| utils/regtests/testx509.sh | 2 +- |
| 9 files changed, 17 insertions(+), 16 deletions(-) |
| |
| diff --git a/utils/reg.sh b/utils/reg.sh |
| index 0bba17a..b3228d6 100755 |
| --- a/utils/reg.sh |
| +++ b/utils/reg.sh |
| @@ -205,7 +205,7 @@ cleanup() |
| rm -f khrpub${HALG}.bin |
| done |
| |
| - for BITS in 2048 3072 |
| + for BITS in 2048 |
| do |
| rm -f signrsa${BITS}priv.bin |
| rm -f signrsa${BITS}pub.bin |
| diff --git a/utils/regtests/initkeys.sh b/utils/regtests/initkeys.sh |
| index 569ec89..171662a 100755 |
| --- a/utils/regtests/initkeys.sh |
| +++ b/utils/regtests/initkeys.sh |
| @@ -64,7 +64,7 @@ BITS=(2048 3072) |
| |
| for ((i = 0 ; i < 2 ; i++)) |
| do |
| - |
| + [ $i -eq 1 ] && continue # skip 3072 bits |
| echo "Create an RSA ${BITS[i]} ${SHALG[i]} storage key under the primary key" |
| ${PREFIX}create -hp 80000000 -rsa ${BITS[i]} -halg ${SHALG[i]} -st -kt f -kt p -pol policies/policycccreate-auth.bin -opr storersa${BITS[i]}priv.bin -opu storersa${BITS[i]}pub.bin -tk storersa${BITS[i]}tk.bin -ch storersa${BITS[i]}ch.bin -cd tmpcd.bin -pwdp sto -pwdk sto -v > run.out |
| checkSuccess $? |
| diff --git a/utils/regtests/testcreateloaded.sh b/utils/regtests/testcreateloaded.sh |
| index f4c449e..959f313 100755 |
| --- a/utils/regtests/testcreateloaded.sh |
| +++ b/utils/regtests/testcreateloaded.sh |
| @@ -50,7 +50,7 @@ echo "" |
| |
| for HIER in "40000001" "4000000c" "4000000b" |
| do |
| - for ALG in "-rsa 2048" "-rsa 3072" "-ecc nistp256" "-ecc nistp384" "-ecc bnp256" "-rsa" |
| + for ALG in "-rsa 2048" "-ecc nistp256" "-ecc nistp384" "-ecc bnp256" "-rsa" |
| do |
| |
| echo "CreateLoaded primary key, parent ${HIER} ${ALG}" |
| diff --git a/utils/regtests/testcredential.sh b/utils/regtests/testcredential.sh |
| index b70cdb2..45a9595 100755 |
| --- a/utils/regtests/testcredential.sh |
| +++ b/utils/regtests/testcredential.sh |
| @@ -289,7 +289,7 @@ NVNAME=( |
| # are limited. |
| for ((i = 0 ; i < 2 ; i++)) |
| do |
| - |
| + [ $i -eq 1 ] && continue # skip 3072 bits |
| echo "Create an ${CALG[i]} EK certificate" |
| ${PREFIX}createekcert -high ${CALG[i]} -cakey cakey.pem -capwd rrrr -pwdp ppp -pwde eee -of tmp.der > run.out |
| checkSuccess $? |
| diff --git a/utils/regtests/testprimary.sh b/utils/regtests/testprimary.sh |
| index f51687f..59b1754 100755 |
| --- a/utils/regtests/testprimary.sh |
| +++ b/utils/regtests/testprimary.sh |
| @@ -168,7 +168,7 @@ checkSuccess $? |
| |
| # different algorithms, command line options |
| |
| -for ALG in "-rsa 2048" "-rsa 3072" "-ecc bnp256" "-ecc nistp256" "-ecc nistp384" "-rsa" |
| +for ALG in "-rsa 2048" "-ecc bnp256" "-ecc nistp256" "-ecc nistp384" "-rsa" |
| |
| do |
| |
| diff --git a/utils/regtests/testrsa.sh b/utils/regtests/testrsa.sh |
| index 15577b6..44f6357 100755 |
| --- a/utils/regtests/testrsa.sh |
| +++ b/utils/regtests/testrsa.sh |
| @@ -55,7 +55,7 @@ echo "" |
| echo "Generate the encryption key with openssl" |
| if [ ${CRYPTOLIBRARY} == "openssl" ]; then |
| |
| - for BITS in 2048 3072 |
| + for BITS in 2048 |
| do |
| |
| echo "Generate the RSA $BITS encryption key with openssl" |
| @@ -73,7 +73,7 @@ if [ ${CRYPTOLIBRARY} == "openssl" ]; then |
| |
| elif [ ${CRYPTOLIBRARY} == "mbedtls" ]; then |
| |
| - for BITS in 2048 3072 |
| + for BITS in 2048 |
| do |
| |
| echo "Generate the RSA $BITS encryption key with openssl" |
| @@ -99,7 +99,7 @@ echo "" |
| echo "RSA decryption key" |
| echo "" |
| |
| -for BITS in 2048 3072 |
| +for BITS in 2048 |
| do |
| |
| echo "Load the RSA $BITS decryption key under the primary key" |
| @@ -129,7 +129,7 @@ echo "" |
| echo "RSA decryption key to sign with OID" |
| echo "" |
| |
| -for BITS in 2048 3072 |
| +for BITS in 2048 |
| do |
| |
| echo "Load the RSA $BITS decryption key" |
| @@ -173,7 +173,7 @@ if [ ${CRYPTOLIBRARY} == "openssl" ]; then |
| ${PREFIX}startauthsession -se h > run.out |
| checkSuccess $? |
| |
| - for BITS in 2048 3072 |
| + for BITS in 2048 |
| do |
| |
| for SESS in "" "-se0 02000000 1" |
| @@ -260,7 +260,7 @@ if [ ${CRYPTOLIBRARY} == "openssl" ]; then |
| echo "Loadexternal DER encryption key" |
| echo "" |
| |
| - for BITS in 2048 3072 |
| + for BITS in 2048 |
| do |
| |
| echo "Start an HMAC auth session" |
| @@ -418,7 +418,7 @@ rm -f deepub.bin |
| rm -f tmpmsg.bin |
| rm -f tmpdig.bin |
| rm -f tmpsig.bin |
| -for BITS in 2048 3072 |
| +for BITS in 2048 |
| do |
| rm -f tmpkeypairrsa${BITS}.der |
| rm -f tmpkeypairrsa${BITS}.pem |
| diff --git a/utils/regtests/testsalt.sh b/utils/regtests/testsalt.sh |
| index e0c3376..bf6f2a1 100755 |
| --- a/utils/regtests/testsalt.sh |
| +++ b/utils/regtests/testsalt.sh |
| @@ -57,6 +57,7 @@ fi |
| |
| for ASY in "${SALTALGS[@]}" |
| do |
| + [ "$ASY" = "-rsa 3072" ] && continue # skip 3072 bits |
| for HALG in ${ITERATE_ALGS} |
| do |
| |
| diff --git a/utils/regtests/testsign.sh b/utils/regtests/testsign.sh |
| index 58eb426..4e4e64b 100755 |
| --- a/utils/regtests/testsign.sh |
| +++ b/utils/regtests/testsign.sh |
| @@ -44,7 +44,7 @@ echo "" |
| echo "RSA Signing key" |
| echo "" |
| |
| -for BITS in 2048 3072 |
| +for BITS in 2048 |
| do |
| |
| echo "Create an RSA $BITS key pair in DER format using openssl" |
| @@ -434,8 +434,8 @@ checkSuccess $? |
| |
| rm -f tmpkeypairrsa2048.pem |
| rm -f tmpkeypairrsa2048.der |
| -rm -f tmpkeypairrsa3072.pem |
| -rm -f tmpkeypairrsa3072.der |
| +rm -f tmpkeypairrsa3072.pem &>/dev/null |
| +rm -f tmpkeypairrsa3072.der &>/dev/null |
| rm -f tmpkeypaireccnistp256.pem |
| rm -f tmpkeypaireccnistp256.der |
| rm -f tmpkeypaireccnistp384.pem |
| diff --git a/utils/regtests/testx509.sh b/utils/regtests/testx509.sh |
| index 5640985..17d0288 100755 |
| --- a/utils/regtests/testx509.sh |
| +++ b/utils/regtests/testx509.sh |
| @@ -59,7 +59,7 @@ SKEY=(rsa2048 rsa3072 eccnistp256 eccnistp384) |
| |
| for ((i = 0 ; i < 4 ; i++)) |
| do |
| - |
| + [ $i -eq 1 ] && continue # skip 3072 bits |
| echo "Load the ${SALG[i]} ${SKEY[i]} issuer key 80000001 under the primary key" |
| ${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}rpriv.bin -ipu sign${SKEY[i]}rpub.bin -pwdp sto > run.out |
| checkSuccess $? |
| -- |
| 2.39.1 |
| |