tpm2-store/tests/test_policy

#!/bin/bash
cargo build || (echo "Failed to build"; exit 1)
(
	cd ../clevis-pin-tpm2-signtool
	go build
)
(
	cd tests
	rm -f policy_broken.json policy_working.json privatekey.pem publickey.json
	../../clevis-pin-tpm2-signtool/clevis-pin-tpm2-signtool <policy_working.yaml >policy_working.json
	../../clevis-pin-tpm2-signtool/clevis-pin-tpm2-signtool <policy_broken.yaml >policy_broken.json
)
echo "Working: with Policy" | ./target/debug/clevis-pin-tpm2 encrypt '{"use_policy": true, "policy_pubkey_path":"./tests/publickey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' | ./target/debug/clevis-pin-tpm2 decrypt
echo "Working: with Policy (no use_policy)" | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/publickey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' | ./target/debug/clevis-pin-tpm2 decrypt
# Negative test (non-valid policy)
token=$(echo Failed | ./target/debug/clevis-pin-tpm2 encrypt '{"use_policy": true, "policy_pubkey_path":"./tests/publickey.json", "policy_ref": "", "policy_path": "./tests/policy_broken.json"}')
res=$(echo "$token" | ./target/debug/clevis-pin-tpm2 decrypt 2>&1)
ret=$?
if [ $ret == 0 -a "$res" == "Failed" ]
then
	echo "Managed to decrypt with invalid policy"
	exit 1
elif [ $ret == 0 ];
then
	echo "Success returned but not decrypted"
	exit 1
elif [[ $res =~ Esys_VerifySignature_Finish() ]]
then
	echo "Working: with policy with invalid digest"
else
	echo "Something went wrong: $res"
	exit 1
fi
Initial commit 2020-02-14 11:50:13 +01:00			`#!/bin/bash`
			`cargo build \|\| (echo "Failed to build"; exit 1)`
Generate a new key and signed policy during the test Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> 2020-07-22 16:46:54 +02:00			`(`
			`cd ../clevis-pin-tpm2-signtool`
			`go build`
			`)`
			`(`
			`cd tests`
			`rm -f policy_broken.json policy_working.json privatekey.pem publickey.json`
			`../../clevis-pin-tpm2-signtool/clevis-pin-tpm2-signtool <policy_working.yaml >policy_working.json`
			`../../clevis-pin-tpm2-signtool/clevis-pin-tpm2-signtool <policy_broken.yaml >policy_broken.json`
			`)`
Add test that no use_policy is not fatal yet Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> 2020-12-03 17:45:18 +01:00			`echo "Working: with Policy" \| ./target/debug/clevis-pin-tpm2 encrypt '{"use_policy": true, "policy_pubkey_path":"./tests/publickey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' \| ./target/debug/clevis-pin-tpm2 decrypt`
			`echo "Working: with Policy (no use_policy)" \| ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/publickey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' \| ./target/debug/clevis-pin-tpm2 decrypt`
Initial commit 2020-02-14 11:50:13 +01:00			`# Negative test (non-valid policy)`
Add test that no use_policy is not fatal yet Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> 2020-12-03 17:45:18 +01:00			`token=$(echo Failed \| ./target/debug/clevis-pin-tpm2 encrypt '{"use_policy": true, "policy_pubkey_path":"./tests/publickey.json", "policy_ref": "", "policy_path": "./tests/policy_broken.json"}')`
Redo tests to add second PCR and commit privkey Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> 2020-07-22 16:30:36 +02:00			`res=$(echo "$token" \| ./target/debug/clevis-pin-tpm2 decrypt 2>&1)`
Initial commit 2020-02-14 11:50:13 +01:00			`ret=$?`
			`if [ $ret == 0 -a "$res" == "Failed" ]`
			`then`
			`echo "Managed to decrypt with invalid policy"`
			`exit 1`
Redo tests to add second PCR and commit privkey Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> 2020-07-22 16:30:36 +02:00			`elif [ $ret == 0 ];`
Initial commit 2020-02-14 11:50:13 +01:00			`then`
Redo tests to add second PCR and commit privkey Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> 2020-07-22 16:30:36 +02:00			`echo "Success returned but not decrypted"`
Initial commit 2020-02-14 11:50:13 +01:00			`exit 1`
Redo tests to add second PCR and commit privkey Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> 2020-07-22 16:30:36 +02:00			`elif [[ $res =~ Esys_VerifySignature_Finish() ]]`
			`then`
Change the policy test prints Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> 2020-07-17 18:09:30 +02:00			`echo "Working: with policy with invalid digest"`
Redo tests to add second PCR and commit privkey Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> 2020-07-22 16:30:36 +02:00			`else`
			`echo "Something went wrong: $res"`
			`exit 1`
Initial commit 2020-02-14 11:50:13 +01:00			`fi`