diff --git a/.gitignore b/.gitignore index 154e80c..f4a898c 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,9 @@ Cargo.lock /target #**/*.rs.bk + +# Policy test files +/tests/policy_broken.json +/tests/policy_working.json +/tests/privatekey.pem +/tests/publickey.json diff --git a/tests/policy_broken.json b/tests/policy_broken.json index add5b91..e32816a 100644 --- a/tests/policy_broken.json +++ b/tests/policy_broken.json @@ -1 +1 @@ -[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"HdrIM41JwpxADslqUfr2lCCiTMkVeZvRz22W3hXtiNI="}}],"signature":"XXTFbbqnWKtBlRBUz4Rhlaec3rW6WmEs+td35BpXXFm0iejylscAWTmD4wYYLBj2y8hQmjHsuJGbmkx98m0WRsPmubbgPqtX5a6bSlS58hBPcSaerlGM18uBsG9Fqprtm7XX1gLlMWeiSvzzQtLxlhGfYptUdAW+hZMnRMx+nndJk7PhZvqeqXOFXhR35XSEJ6LQSU1urCWYB5AwwLX7WN73W3y50iLjutv5MWaXrp32N3LMoMEuPbJKfVuT8ydNecINDMU5EmXYQqRSf7O7LScMyBTJbXwdaoJYuMNM6R/amYIobfS7Beq5d6u82bGazPK0KEupVvllJ3rdnClbhg=="}] \ No newline at end of file +[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"HdrIM41JwpxADslqUfr2lCCiTMkVeZvRz22W3hXtiNI="}}],"signature":"S1xSGhrhLxS1LVjeuLjY/FoH0HLAgfpX9olFnxFA5wFXCGt106eIZmRBDscgqhXJN/nzipbQjrBZtPrVvkQX9jxwaUsPSIhXgt8TEUl0wq+XLI99ZtfkJmSJLUjyljr+9l/wagEEF//bHEod/iyWiqJb+ZU+QuWo+yD3i4hPLvz8uB6wBDEHZmS/JvWRLHCh/exVzI86KvEVlP3as2GRPWCxbD/dpae5XHEuKbzcoTUGupna6QsXP6VNdhRu2iDOsEEmcxhvihsQEMHBtMmeL+6A2mczGZGeNDbi5S5lNq+EqTHG/QONJ9T6mjb4G/e+fBn7fYpEkXRkbp9DmeEJXA=="}] \ No newline at end of file diff --git a/tests/policy_broken.yaml b/tests/policy_broken.yaml new file mode 100644 index 0000000..91f3ec7 --- /dev/null +++ b/tests/policy_broken.yaml @@ -0,0 +1,10 @@ +--- +- policy_ref: + steps: + - PCRs: + hash_algorithm: sha256 + selection: + - pcr_id: 21 + value: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + - pcr_id: 22 + value: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" diff --git a/tests/policy_privkey.pem b/tests/policy_privkey.pem deleted file mode 100644 index dd5c488..0000000 --- a/tests/policy_privkey.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDircjVAHSZ2f42 -sKum4lXway0DwVEBGAXV0L5y0rRQoJ1lvD+d4bCcTx03hcqrIQYOEA2cvT6mba6z -63TIM4BELi1vdbqYF4DlIhNhRvKPu7kBXt+VFkjhKdYomS0x6o5voXSKItD08e/L -tId115JtdLAKQyR+8mhYlisMfEg26HceqhE2//JQn3poqSvrvoDCZYYi+tk5jEX8 -5MdiUyZAyl6rZzrFxl839dN4sARL284/3ljTvjhfYExqmb4mO95KV7eNpQpD/1Ae -bRHiK8jvdCQRDF8wtf+0WBBg2XCWs+As2hNgBxZot5Zqq+uyPTTO6XcKsrcf5VXi -JuQsqRNhAgMBAAECggEAJ9afG0BPPdLgKMB4CoZw0CYl7SkGkYilTeS38/owEpOH -1h91lsvZfD8zRVTQP684HzSXD9r6rclNEPXqulzCyDjNZ29rcdt/ncWVXl1XuAco -BqOj69HU0S3HI694D/PHQLtBfh2MV+BFYqnBvOY8J9yAK+2M9nqn+Bm8Sx90maGA -vz3yK7jdwBbqX5GyHY9tuipVungqiaKofzCn88gvLGuM2GuD/yOn3jEby542eOop -VTpeszksGSw/iDB3hUd5u9P3Qwns5mI4wT66ihcVopt+HBKRhP4TQ+O/v3faVlnM -gPubUKnruBpuaPZIBiptyLnNC3Bl/HDvS5dEOAQD+QKBgQDnQ2IOcxDJhldGQr7p -sFhwO4fDjHWB9CSZIkN8/6Fy3LBa58Wtk+NYIwUimVNjtpWaFk+TV82XMVuHO9w1 -+LN/q7/439JZisHTfaSE2QjoI5NCQjxWWwRl137tGAAbsjk+5kWWrM6zkzfI3XcH -9Fp78yzpUJn5i+I2z7K+5xRXRwKBgQD67N5zMTgSlljc7BTOc1/Ep+/xgvbZbnPD -ZQdIa34dcMEgb73nG2bZsxRMILTRf/eyG99/hoW8u4CNyRQK1BKjROUcoOfOdIli -xM0W/ztVOTSokCoaiVV9jCUdWGqERiMscCPteB2pbGk1t2u4vx7HMNPDQ6Td1O+z -nplP1BbkFwKBgQDhjNif2x2uTvXjsslcRf+bRpQ85krc+e6P49kKmo8t5YuivZYQ -msIKfe1ON1gbUkJKTCREQkhjg2IPXRSDFxKKHEpZQoJ3jltIF6xTXRHQxpGi99K9 -Lnv1j91dBCFm4cXvUMriD5xxi83GfCjRe0KczSkqTNA/kGyKpLticSFnlQKBgQCb -UzUAKV+EYfzwBFN82H5XxX0KCv+y6GRQd6Fieue+YaWq5oCvJo8sA2Z1GWnUpVo2 -rnpS/nqasZaKLgZyDYTb/DG23wOfERRaR2iM68FWp+qozVTCyHBbHv16hNiquJ/d -Si1zOf9iePFHhxrvaZ8rvlXXcXAEwWL/1RUiDS9+UQKBgQDH7qXtbcW/eAe6LdeI -vMz+Or7V3O/Dm6UI/RhFwsMOwMUf6w5l0czGKhilLKRl+R2yEAx1WPzIzN7o4NA2 -MVXLdJU7SSs4QBsuFiMWBtFS3iT+RC2muSEP5CUdFr9HMFMafH8zaxsm9t2jZitM -429LdZJETEHqHcAU6bexjxxSQQ== ------END PRIVATE KEY----- diff --git a/tests/policy_pubkey.json b/tests/policy_pubkey.json deleted file mode 100644 index 81a01e3..0000000 --- a/tests/policy_pubkey.json +++ /dev/null @@ -1 +0,0 @@ -{"RSA":{"scheme":"RSASSA","hashing_algo":"SHA256","exponent":65537,"modulus":"4q3I1QB0mdn+NrCrpuJV8GstA8FRARgF1dC+ctK0UKCdZbw/neGwnE8dN4XKqyEGDhANnL0+pm2us+t0yDOARC4tb3W6mBeA5SITYUbyj7u5AV7flRZI4SnWKJktMeqOb6F0iiLQ9PHvy7SHddeSbXSwCkMkfvJoWJYrDHxINuh3HqoRNv/yUJ96aKkr676AwmWGIvrZOYxF/OTHYlMmQMpeq2c6xcZfN/XTeLAES9vOP95Y0744X2BMapm+JjveSle3jaUKQ/9QHm0R4ivI73QkEQxfMLX/tFgQYNlwlrPgLNoTYAcWaLeWaqvrsj00zul3CrK3H+VV4ibkLKkTYQ=="}} \ No newline at end of file diff --git a/tests/policy_working.json b/tests/policy_working.json index 033041d..c978ee9 100644 --- a/tests/policy_working.json +++ b/tests/policy_working.json @@ -1 +1 @@ -[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"hmfnGClOng3x0wYAuj7rIB92Sq0trXJ0hkPkooXh0fc="}}],"signature":"LF3IOinkotJFbuPTNTW36izk3UA+wFugnxTW8QfemVVxCYSbEcLzabxZzxHSHPvjvu8ZaVfqdC0C+xKzvh0i7HEQ5qYEF7Q4jOmBXeLUOjKsO9EsglZ2Dgg2ii1MvZWAwp/8DYACpMUdw0nF/VCLTe/MMdppFGbrZS7HB6a33TiApBN2AGxF17AsZ9CG5IZpTSUOeJuAxM1R8JDEbiGLDzQAqhohdOf6GNZD19Ry/jhgeqkYoWx+LhIzsqcHlN5k/xHKUdgNifTL+Zc4URJJjt4WVhJqzU+8+nu9LpdP3Q5wLxQp1r/bhL3fKbFPqYNaj7AlLUFWhaPe92XbzoLiRQ=="}] \ No newline at end of file +[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"hmfnGClOng3x0wYAuj7rIB92Sq0trXJ0hkPkooXh0fc="}}],"signature":"tHgQE6iuijrtJPTDa97cc+lyL4GQ0dfnxyn/k30w1KKCYJFSKM8PGBdzkUpk+PskCO9iH7SUahEOzgrsgMmlhS+rmFUxnjNm5JyJRlOmaRCkRo34JxSX/DWAfzIRIq8gI6gBRRyCdYVgySpyAWISdwJyajtmaVVl1ESnNmfXnbMmwpgQQmOi2x9eTZIheu/JJSpkSZ5xEcmzXJcSABl6l7fMP9xgbPsL8FP2TqwMcH2nHaEnAsX2LhriCvM16W2KMcdS7k6UyLLi9DUmuT40wvPyN5PxcNlAVdFW3WcWfe88FvmJNHdPNJGhaPgDPTDsI2yVoIEf9XPSMetuNVzmjQ=="}] \ No newline at end of file diff --git a/tests/policy_working.yaml b/tests/policy_working.yaml new file mode 100644 index 0000000..424c8cc --- /dev/null +++ b/tests/policy_working.yaml @@ -0,0 +1,10 @@ +--- +- policy_ref: + steps: + - PCRs: + hash_algorithm: sha256 + selection: + - pcr_id: 21 + value: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + - pcr_id: 22 + value: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" diff --git a/tests/test_policy b/tests/test_policy index b4dd38d..6d42e41 100755 --- a/tests/test_policy +++ b/tests/test_policy @@ -1,8 +1,18 @@ #!/bin/bash cargo build || (echo "Failed to build"; exit 1) -echo "Working: with Policy" | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/policy_pubkey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' | ./target/debug/clevis-pin-tpm2 decrypt +( + cd ../clevis-pin-tpm2-signtool + go build +) +( + cd tests + rm -f policy_broken.json policy_working.json privatekey.pem publickey.json + ../../clevis-pin-tpm2-signtool/clevis-pin-tpm2-signtool policy_working.json + ../../clevis-pin-tpm2-signtool/clevis-pin-tpm2-signtool policy_broken.json +) +echo "Working: with Policy" | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/publickey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' | ./target/debug/clevis-pin-tpm2 decrypt # Negative test (non-valid policy) -token=$(echo Failed | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/policy_pubkey.json", "policy_ref": "", "policy_path": "./tests/policy_broken.json"}') +token=$(echo Failed | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/publickey.json", "policy_ref": "", "policy_path": "./tests/policy_broken.json"}') res=$(echo "$token" | ./target/debug/clevis-pin-tpm2 decrypt 2>&1) ret=$? if [ $ret == 0 -a "$res" == "Failed" ]