Redo tests to add second PCR and commit privkey
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
parent
2313184c9e
commit
bf48fcbd07
5 changed files with 39 additions and 7 deletions
|
@ -1 +1 @@
|
||||||
[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[22],"hash_algorithm":"SHA256","value":"xAMnMY1mjmbJNCTyjgouD4pnnfqEBrHXx/T8YUdXL/s="}}],"signature":"LyFasUy+THxDnfYI3GkPEyttCYlKrcdziF2m+Fd7CpXIyBMVfhbieL8HX63U2o/EAIIWQ2/7OTkKSxIr+XEp+e+7GEek+w5HRfo1FymUINx/DrDkpHNITPeqY9a5Audf/wN+dwvrEl509RAMZDF9H1tjAu4t6ittXsiJrD5pCMg+WtfC1X1W6atf5tDLbD/Yz6BArg3ETIFPahR/aWD4a9VuG+dLtu+XKNfyZXOFXNNtZIZyV9JOK6bmjtWNfJwU9UTzfmW+8J9KlIxk94iKPQ/aUmJH3+yokpcRXpwji+CsEnsWPctCob2ZIVPlllZ0AT0NSGxGHws3584gR+VgOg=="}]
|
[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"HdrIM41JwpxADslqUfr2lCCiTMkVeZvRz22W3hXtiNI="}}],"signature":"XXTFbbqnWKtBlRBUz4Rhlaec3rW6WmEs+td35BpXXFm0iejylscAWTmD4wYYLBj2y8hQmjHsuJGbmkx98m0WRsPmubbgPqtX5a6bSlS58hBPcSaerlGM18uBsG9Fqprtm7XX1gLlMWeiSvzzQtLxlhGfYptUdAW+hZMnRMx+nndJk7PhZvqeqXOFXhR35XSEJ6LQSU1urCWYB5AwwLX7WN73W3y50iLjutv5MWaXrp32N3LMoMEuPbJKfVuT8ydNecINDMU5EmXYQqRSf7O7LScMyBTJbXwdaoJYuMNM6R/amYIobfS7Beq5d6u82bGazPK0KEupVvllJ3rdnClbhg=="}]
|
28
tests/policy_privkey.pem
Normal file
28
tests/policy_privkey.pem
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDircjVAHSZ2f42
|
||||||
|
sKum4lXway0DwVEBGAXV0L5y0rRQoJ1lvD+d4bCcTx03hcqrIQYOEA2cvT6mba6z
|
||||||
|
63TIM4BELi1vdbqYF4DlIhNhRvKPu7kBXt+VFkjhKdYomS0x6o5voXSKItD08e/L
|
||||||
|
tId115JtdLAKQyR+8mhYlisMfEg26HceqhE2//JQn3poqSvrvoDCZYYi+tk5jEX8
|
||||||
|
5MdiUyZAyl6rZzrFxl839dN4sARL284/3ljTvjhfYExqmb4mO95KV7eNpQpD/1Ae
|
||||||
|
bRHiK8jvdCQRDF8wtf+0WBBg2XCWs+As2hNgBxZot5Zqq+uyPTTO6XcKsrcf5VXi
|
||||||
|
JuQsqRNhAgMBAAECggEAJ9afG0BPPdLgKMB4CoZw0CYl7SkGkYilTeS38/owEpOH
|
||||||
|
1h91lsvZfD8zRVTQP684HzSXD9r6rclNEPXqulzCyDjNZ29rcdt/ncWVXl1XuAco
|
||||||
|
BqOj69HU0S3HI694D/PHQLtBfh2MV+BFYqnBvOY8J9yAK+2M9nqn+Bm8Sx90maGA
|
||||||
|
vz3yK7jdwBbqX5GyHY9tuipVungqiaKofzCn88gvLGuM2GuD/yOn3jEby542eOop
|
||||||
|
VTpeszksGSw/iDB3hUd5u9P3Qwns5mI4wT66ihcVopt+HBKRhP4TQ+O/v3faVlnM
|
||||||
|
gPubUKnruBpuaPZIBiptyLnNC3Bl/HDvS5dEOAQD+QKBgQDnQ2IOcxDJhldGQr7p
|
||||||
|
sFhwO4fDjHWB9CSZIkN8/6Fy3LBa58Wtk+NYIwUimVNjtpWaFk+TV82XMVuHO9w1
|
||||||
|
+LN/q7/439JZisHTfaSE2QjoI5NCQjxWWwRl137tGAAbsjk+5kWWrM6zkzfI3XcH
|
||||||
|
9Fp78yzpUJn5i+I2z7K+5xRXRwKBgQD67N5zMTgSlljc7BTOc1/Ep+/xgvbZbnPD
|
||||||
|
ZQdIa34dcMEgb73nG2bZsxRMILTRf/eyG99/hoW8u4CNyRQK1BKjROUcoOfOdIli
|
||||||
|
xM0W/ztVOTSokCoaiVV9jCUdWGqERiMscCPteB2pbGk1t2u4vx7HMNPDQ6Td1O+z
|
||||||
|
nplP1BbkFwKBgQDhjNif2x2uTvXjsslcRf+bRpQ85krc+e6P49kKmo8t5YuivZYQ
|
||||||
|
msIKfe1ON1gbUkJKTCREQkhjg2IPXRSDFxKKHEpZQoJ3jltIF6xTXRHQxpGi99K9
|
||||||
|
Lnv1j91dBCFm4cXvUMriD5xxi83GfCjRe0KczSkqTNA/kGyKpLticSFnlQKBgQCb
|
||||||
|
UzUAKV+EYfzwBFN82H5XxX0KCv+y6GRQd6Fieue+YaWq5oCvJo8sA2Z1GWnUpVo2
|
||||||
|
rnpS/nqasZaKLgZyDYTb/DG23wOfERRaR2iM68FWp+qozVTCyHBbHv16hNiquJ/d
|
||||||
|
Si1zOf9iePFHhxrvaZ8rvlXXcXAEwWL/1RUiDS9+UQKBgQDH7qXtbcW/eAe6LdeI
|
||||||
|
vMz+Or7V3O/Dm6UI/RhFwsMOwMUf6w5l0czGKhilLKRl+R2yEAx1WPzIzN7o4NA2
|
||||||
|
MVXLdJU7SSs4QBsuFiMWBtFS3iT+RC2muSEP5CUdFr9HMFMafH8zaxsm9t2jZitM
|
||||||
|
429LdZJETEHqHcAU6bexjxxSQQ==
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -1 +1 @@
|
||||||
{"RSA":{"scheme":"RSASSA","hashing_algo":"SHA256","exponent":65537,"modulus":"qadvv0A6SNW89h4Gum3Pdb2Gn4V4KBKSELvTh2f2SwIgh3+L+J2zHzmYcY/kCM2uTZorlF1BJ5q0Y+f86luqowvithKUKOsJB3Hj58qdFZTslKlDkWG6JK9GFbtNKSOXfUiIPLQ8l2cgAei+Ym0Ax7Csryd8QDp2oDwL6Sl8iAFkPS1vWcxEv/miJhA0hFDdXcsUUBOSATGnLrUxOQ9ISBMD9GPgZaEDt/LCY2yLpZIs1JvISWPSm5CpMcfTcmis6kyXIBfhB+dR1hEcDtZKoHxgxYhlSYa8g57D5KO5orwKuZqwFfRXSz+GGV/r/ezRZh1laCKFsp03S9fWsC9c1w=="}}
|
{"RSA":{"scheme":"RSASSA","hashing_algo":"SHA256","exponent":65537,"modulus":"4q3I1QB0mdn+NrCrpuJV8GstA8FRARgF1dC+ctK0UKCdZbw/neGwnE8dN4XKqyEGDhANnL0+pm2us+t0yDOARC4tb3W6mBeA5SITYUbyj7u5AV7flRZI4SnWKJktMeqOb6F0iiLQ9PHvy7SHddeSbXSwCkMkfvJoWJYrDHxINuh3HqoRNv/yUJ96aKkr676AwmWGIvrZOYxF/OTHYlMmQMpeq2c6xcZfN/XTeLAES9vOP95Y0744X2BMapm+JjveSle3jaUKQ/9QHm0R4ivI73QkEQxfMLX/tFgQYNlwlrPgLNoTYAcWaLeWaqvrsj00zul3CrK3H+VV4ibkLKkTYQ=="}}
|
|
@ -1 +1 @@
|
||||||
[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[22],"hash_algorithm":"SHA256","value":"r5YTdg9yY1+9tEpaCmPDnxKvMPlQpu5clxvhiOicQFE="}}],"signature":"VNnP6c2B+JNVIXY+gGsM8CqfCqtbFDEGHoNEvpO58h8aajybfjn9nlqUrsoGyWx5/ytXPYrw/WWlGoIq7t4ekPIiX27YAt6pNGxeSMGcR2do3MKSCdyJ5WxZ5xjPFqalFcFTt4qVnH0d5XJd7mxlCxTbsLIk4TGTe20CNdWVsSWY+H7R6Mh65eGWjAPorl+a/iSWHfB3zh8JBZe629wOlOMIdTt4c+bONPfa4kXIVqnIRau4UDXeq63wrXXHEGorSHjnMKhysN1piGAsYSe9DNVn3Ku3/cGyBNw3SoKUdo7DUBVQ99+guD2jMprbVd4wYt+9bhU/2aQVgrvDhgkhZQ=="}]
|
[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"hmfnGClOng3x0wYAuj7rIB92Sq0trXJ0hkPkooXh0fc="}}],"signature":"LF3IOinkotJFbuPTNTW36izk3UA+wFugnxTW8QfemVVxCYSbEcLzabxZzxHSHPvjvu8ZaVfqdC0C+xKzvh0i7HEQ5qYEF7Q4jOmBXeLUOjKsO9EsglZ2Dgg2ii1MvZWAwp/8DYACpMUdw0nF/VCLTe/MMdppFGbrZS7HB6a33TiApBN2AGxF17AsZ9CG5IZpTSUOeJuAxM1R8JDEbiGLDzQAqhohdOf6GNZD19Ry/jhgeqkYoWx+LhIzsqcHlN5k/xHKUdgNifTL+Zc4URJJjt4WVhJqzU+8+nu9LpdP3Q5wLxQp1r/bhL3fKbFPqYNaj7AlLUFWhaPe92XbzoLiRQ=="}]
|
|
@ -3,16 +3,20 @@ cargo build || (echo "Failed to build"; exit 1)
|
||||||
echo "Working: with Policy" | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/policy_pubkey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' | ./target/debug/clevis-pin-tpm2 decrypt
|
echo "Working: with Policy" | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/policy_pubkey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' | ./target/debug/clevis-pin-tpm2 decrypt
|
||||||
# Negative test (non-valid policy)
|
# Negative test (non-valid policy)
|
||||||
token=$(echo Failed | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/policy_pubkey.json", "policy_ref": "", "policy_path": "./tests/policy_broken.json"}')
|
token=$(echo Failed | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/policy_pubkey.json", "policy_ref": "", "policy_path": "./tests/policy_broken.json"}')
|
||||||
res=$(echo "$token" | ./target/debug/clevis-pin-tpm2 decrypt 2>/dev/null)
|
res=$(echo "$token" | ./target/debug/clevis-pin-tpm2 decrypt 2>&1)
|
||||||
ret=$?
|
ret=$?
|
||||||
if [ $ret == 0 -a "$res" == "Failed" ]
|
if [ $ret == 0 -a "$res" == "Failed" ]
|
||||||
then
|
then
|
||||||
echo "Managed to decrypt with invalid policy"
|
echo "Managed to decrypt with invalid policy"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ $ret == 0 -o "$res" != "" ]
|
elif [ $ret == 0 ];
|
||||||
then
|
then
|
||||||
echo "Something went wrong"
|
echo "Success returned but not decrypted"
|
||||||
exit 1
|
exit 1
|
||||||
else
|
elif [[ $res =~ Esys_VerifySignature_Finish() ]]
|
||||||
|
then
|
||||||
echo "Working: with policy with invalid digest"
|
echo "Working: with policy with invalid digest"
|
||||||
|
else
|
||||||
|
echo "Something went wrong: $res"
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in a new issue