From bf48fcbd073dc8b2eb4ebf151f04996c7240a415 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Wed, 22 Jul 2020 16:30:36 +0200
Subject: [PATCH] Redo tests to add second PCR and commit privkey

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 tests/policy_broken.json  |  2 +-
 tests/policy_privkey.pem  | 28 ++++++++++++++++++++++++++++
 tests/policy_pubkey.json  |  2 +-
 tests/policy_working.json |  2 +-
 tests/test_policy         | 12 ++++++++----
 5 files changed, 39 insertions(+), 7 deletions(-)
 create mode 100644 tests/policy_privkey.pem

diff --git a/tests/policy_broken.json b/tests/policy_broken.json
index 43ff11f..add5b91 100644
--- a/tests/policy_broken.json
+++ b/tests/policy_broken.json
@@ -1 +1 @@
-[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[22],"hash_algorithm":"SHA256","value":"xAMnMY1mjmbJNCTyjgouD4pnnfqEBrHXx/T8YUdXL/s="}}],"signature":"LyFasUy+THxDnfYI3GkPEyttCYlKrcdziF2m+Fd7CpXIyBMVfhbieL8HX63U2o/EAIIWQ2/7OTkKSxIr+XEp+e+7GEek+w5HRfo1FymUINx/DrDkpHNITPeqY9a5Audf/wN+dwvrEl509RAMZDF9H1tjAu4t6ittXsiJrD5pCMg+WtfC1X1W6atf5tDLbD/Yz6BArg3ETIFPahR/aWD4a9VuG+dLtu+XKNfyZXOFXNNtZIZyV9JOK6bmjtWNfJwU9UTzfmW+8J9KlIxk94iKPQ/aUmJH3+yokpcRXpwji+CsEnsWPctCob2ZIVPlllZ0AT0NSGxGHws3584gR+VgOg=="}]
\ No newline at end of file
+[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"HdrIM41JwpxADslqUfr2lCCiTMkVeZvRz22W3hXtiNI="}}],"signature":"XXTFbbqnWKtBlRBUz4Rhlaec3rW6WmEs+td35BpXXFm0iejylscAWTmD4wYYLBj2y8hQmjHsuJGbmkx98m0WRsPmubbgPqtX5a6bSlS58hBPcSaerlGM18uBsG9Fqprtm7XX1gLlMWeiSvzzQtLxlhGfYptUdAW+hZMnRMx+nndJk7PhZvqeqXOFXhR35XSEJ6LQSU1urCWYB5AwwLX7WN73W3y50iLjutv5MWaXrp32N3LMoMEuPbJKfVuT8ydNecINDMU5EmXYQqRSf7O7LScMyBTJbXwdaoJYuMNM6R/amYIobfS7Beq5d6u82bGazPK0KEupVvllJ3rdnClbhg=="}]
\ No newline at end of file
diff --git a/tests/policy_privkey.pem b/tests/policy_privkey.pem
new file mode 100644
index 0000000..dd5c488
--- /dev/null
+++ b/tests/policy_privkey.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDircjVAHSZ2f42
+sKum4lXway0DwVEBGAXV0L5y0rRQoJ1lvD+d4bCcTx03hcqrIQYOEA2cvT6mba6z
+63TIM4BELi1vdbqYF4DlIhNhRvKPu7kBXt+VFkjhKdYomS0x6o5voXSKItD08e/L
+tId115JtdLAKQyR+8mhYlisMfEg26HceqhE2//JQn3poqSvrvoDCZYYi+tk5jEX8
+5MdiUyZAyl6rZzrFxl839dN4sARL284/3ljTvjhfYExqmb4mO95KV7eNpQpD/1Ae
+bRHiK8jvdCQRDF8wtf+0WBBg2XCWs+As2hNgBxZot5Zqq+uyPTTO6XcKsrcf5VXi
+JuQsqRNhAgMBAAECggEAJ9afG0BPPdLgKMB4CoZw0CYl7SkGkYilTeS38/owEpOH
+1h91lsvZfD8zRVTQP684HzSXD9r6rclNEPXqulzCyDjNZ29rcdt/ncWVXl1XuAco
+BqOj69HU0S3HI694D/PHQLtBfh2MV+BFYqnBvOY8J9yAK+2M9nqn+Bm8Sx90maGA
+vz3yK7jdwBbqX5GyHY9tuipVungqiaKofzCn88gvLGuM2GuD/yOn3jEby542eOop
+VTpeszksGSw/iDB3hUd5u9P3Qwns5mI4wT66ihcVopt+HBKRhP4TQ+O/v3faVlnM
+gPubUKnruBpuaPZIBiptyLnNC3Bl/HDvS5dEOAQD+QKBgQDnQ2IOcxDJhldGQr7p
+sFhwO4fDjHWB9CSZIkN8/6Fy3LBa58Wtk+NYIwUimVNjtpWaFk+TV82XMVuHO9w1
++LN/q7/439JZisHTfaSE2QjoI5NCQjxWWwRl137tGAAbsjk+5kWWrM6zkzfI3XcH
+9Fp78yzpUJn5i+I2z7K+5xRXRwKBgQD67N5zMTgSlljc7BTOc1/Ep+/xgvbZbnPD
+ZQdIa34dcMEgb73nG2bZsxRMILTRf/eyG99/hoW8u4CNyRQK1BKjROUcoOfOdIli
+xM0W/ztVOTSokCoaiVV9jCUdWGqERiMscCPteB2pbGk1t2u4vx7HMNPDQ6Td1O+z
+nplP1BbkFwKBgQDhjNif2x2uTvXjsslcRf+bRpQ85krc+e6P49kKmo8t5YuivZYQ
+msIKfe1ON1gbUkJKTCREQkhjg2IPXRSDFxKKHEpZQoJ3jltIF6xTXRHQxpGi99K9
+Lnv1j91dBCFm4cXvUMriD5xxi83GfCjRe0KczSkqTNA/kGyKpLticSFnlQKBgQCb
+UzUAKV+EYfzwBFN82H5XxX0KCv+y6GRQd6Fieue+YaWq5oCvJo8sA2Z1GWnUpVo2
+rnpS/nqasZaKLgZyDYTb/DG23wOfERRaR2iM68FWp+qozVTCyHBbHv16hNiquJ/d
+Si1zOf9iePFHhxrvaZ8rvlXXcXAEwWL/1RUiDS9+UQKBgQDH7qXtbcW/eAe6LdeI
+vMz+Or7V3O/Dm6UI/RhFwsMOwMUf6w5l0czGKhilLKRl+R2yEAx1WPzIzN7o4NA2
+MVXLdJU7SSs4QBsuFiMWBtFS3iT+RC2muSEP5CUdFr9HMFMafH8zaxsm9t2jZitM
+429LdZJETEHqHcAU6bexjxxSQQ==
+-----END PRIVATE KEY-----
diff --git a/tests/policy_pubkey.json b/tests/policy_pubkey.json
index 1bf17f8..81a01e3 100644
--- a/tests/policy_pubkey.json
+++ b/tests/policy_pubkey.json
@@ -1 +1 @@
-{"RSA":{"scheme":"RSASSA","hashing_algo":"SHA256","exponent":65537,"modulus":"qadvv0A6SNW89h4Gum3Pdb2Gn4V4KBKSELvTh2f2SwIgh3+L+J2zHzmYcY/kCM2uTZorlF1BJ5q0Y+f86luqowvithKUKOsJB3Hj58qdFZTslKlDkWG6JK9GFbtNKSOXfUiIPLQ8l2cgAei+Ym0Ax7Csryd8QDp2oDwL6Sl8iAFkPS1vWcxEv/miJhA0hFDdXcsUUBOSATGnLrUxOQ9ISBMD9GPgZaEDt/LCY2yLpZIs1JvISWPSm5CpMcfTcmis6kyXIBfhB+dR1hEcDtZKoHxgxYhlSYa8g57D5KO5orwKuZqwFfRXSz+GGV/r/ezRZh1laCKFsp03S9fWsC9c1w=="}}
\ No newline at end of file
+{"RSA":{"scheme":"RSASSA","hashing_algo":"SHA256","exponent":65537,"modulus":"4q3I1QB0mdn+NrCrpuJV8GstA8FRARgF1dC+ctK0UKCdZbw/neGwnE8dN4XKqyEGDhANnL0+pm2us+t0yDOARC4tb3W6mBeA5SITYUbyj7u5AV7flRZI4SnWKJktMeqOb6F0iiLQ9PHvy7SHddeSbXSwCkMkfvJoWJYrDHxINuh3HqoRNv/yUJ96aKkr676AwmWGIvrZOYxF/OTHYlMmQMpeq2c6xcZfN/XTeLAES9vOP95Y0744X2BMapm+JjveSle3jaUKQ/9QHm0R4ivI73QkEQxfMLX/tFgQYNlwlrPgLNoTYAcWaLeWaqvrsj00zul3CrK3H+VV4ibkLKkTYQ=="}}
\ No newline at end of file
diff --git a/tests/policy_working.json b/tests/policy_working.json
index 520d53a..033041d 100644
--- a/tests/policy_working.json
+++ b/tests/policy_working.json
@@ -1 +1 @@
-[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[22],"hash_algorithm":"SHA256","value":"r5YTdg9yY1+9tEpaCmPDnxKvMPlQpu5clxvhiOicQFE="}}],"signature":"VNnP6c2B+JNVIXY+gGsM8CqfCqtbFDEGHoNEvpO58h8aajybfjn9nlqUrsoGyWx5/ytXPYrw/WWlGoIq7t4ekPIiX27YAt6pNGxeSMGcR2do3MKSCdyJ5WxZ5xjPFqalFcFTt4qVnH0d5XJd7mxlCxTbsLIk4TGTe20CNdWVsSWY+H7R6Mh65eGWjAPorl+a/iSWHfB3zh8JBZe629wOlOMIdTt4c+bONPfa4kXIVqnIRau4UDXeq63wrXXHEGorSHjnMKhysN1piGAsYSe9DNVn3Ku3/cGyBNw3SoKUdo7DUBVQ99+guD2jMprbVd4wYt+9bhU/2aQVgrvDhgkhZQ=="}]
\ No newline at end of file
+[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"hmfnGClOng3x0wYAuj7rIB92Sq0trXJ0hkPkooXh0fc="}}],"signature":"LF3IOinkotJFbuPTNTW36izk3UA+wFugnxTW8QfemVVxCYSbEcLzabxZzxHSHPvjvu8ZaVfqdC0C+xKzvh0i7HEQ5qYEF7Q4jOmBXeLUOjKsO9EsglZ2Dgg2ii1MvZWAwp/8DYACpMUdw0nF/VCLTe/MMdppFGbrZS7HB6a33TiApBN2AGxF17AsZ9CG5IZpTSUOeJuAxM1R8JDEbiGLDzQAqhohdOf6GNZD19Ry/jhgeqkYoWx+LhIzsqcHlN5k/xHKUdgNifTL+Zc4URJJjt4WVhJqzU+8+nu9LpdP3Q5wLxQp1r/bhL3fKbFPqYNaj7AlLUFWhaPe92XbzoLiRQ=="}]
\ No newline at end of file
diff --git a/tests/test_policy b/tests/test_policy
index 9c15a99..b4dd38d 100755
--- a/tests/test_policy
+++ b/tests/test_policy
@@ -3,16 +3,20 @@ cargo build || (echo "Failed to build"; exit 1)
 echo "Working: with Policy" | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/policy_pubkey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' | ./target/debug/clevis-pin-tpm2 decrypt
 # Negative test (non-valid policy)
 token=$(echo Failed | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/policy_pubkey.json", "policy_ref": "", "policy_path": "./tests/policy_broken.json"}')
-res=$(echo "$token" | ./target/debug/clevis-pin-tpm2 decrypt 2>/dev/null)
+res=$(echo "$token" | ./target/debug/clevis-pin-tpm2 decrypt 2>&1)
 ret=$?
 if [ $ret == 0 -a "$res" == "Failed" ]
 then
 	echo "Managed to decrypt with invalid policy"
 	exit 1
-elif [ $ret == 0 -o "$res" != "" ]
+elif [ $ret == 0 ];
 then
-	echo "Something went wrong"
+	echo "Success returned but not decrypted"
 	exit 1
-else
+elif [[ $res =~ Esys_VerifySignature_Finish() ]]
+then
 	echo "Working: with policy with invalid digest"
+else
+	echo "Something went wrong: $res"
+	exit 1
 fi