Generate a new key and signed policy during the test

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2020-07-22 16:46:54 +02:00 · 2020-07-22 16:46:54 +02:00 · e22aedfe7a
commit e22aedfe7a
parent 5abd766c06
8 changed files with 40 additions and 33 deletions
--- a/.gitignore
+++ b/.gitignore
@ -16,3 +16,9 @@ Cargo.lock

 /target
 #**/*.rs.bk
+
+# Policy test files
+/tests/policy_broken.json
+/tests/policy_working.json
+/tests/privatekey.pem
+/tests/publickey.json
--- a/tests/policy_broken.json
+++ b/tests/policy_broken.json
@ -1 +1 @@
-[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"HdrIM41JwpxADslqUfr2lCCiTMkVeZvRz22W3hXtiNI="}}],"signature":"XXTFbbqnWKtBlRBUz4Rhlaec3rW6WmEs+td35BpXXFm0iejylscAWTmD4wYYLBj2y8hQmjHsuJGbmkx98m0WRsPmubbgPqtX5a6bSlS58hBPcSaerlGM18uBsG9Fqprtm7XX1gLlMWeiSvzzQtLxlhGfYptUdAW+hZMnRMx+nndJk7PhZvqeqXOFXhR35XSEJ6LQSU1urCWYB5AwwLX7WN73W3y50iLjutv5MWaXrp32N3LMoMEuPbJKfVuT8ydNecINDMU5EmXYQqRSf7O7LScMyBTJbXwdaoJYuMNM6R/amYIobfS7Beq5d6u82bGazPK0KEupVvllJ3rdnClbhg=="}]
+[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"HdrIM41JwpxADslqUfr2lCCiTMkVeZvRz22W3hXtiNI="}}],"signature":"S1xSGhrhLxS1LVjeuLjY/FoH0HLAgfpX9olFnxFA5wFXCGt106eIZmRBDscgqhXJN/nzipbQjrBZtPrVvkQX9jxwaUsPSIhXgt8TEUl0wq+XLI99ZtfkJmSJLUjyljr+9l/wagEEF//bHEod/iyWiqJb+ZU+QuWo+yD3i4hPLvz8uB6wBDEHZmS/JvWRLHCh/exVzI86KvEVlP3as2GRPWCxbD/dpae5XHEuKbzcoTUGupna6QsXP6VNdhRu2iDOsEEmcxhvihsQEMHBtMmeL+6A2mczGZGeNDbi5S5lNq+EqTHG/QONJ9T6mjb4G/e+fBn7fYpEkXRkbp9DmeEJXA=="}]
--- a/tests/policy_broken.yaml
+++ b/tests/policy_broken.yaml
@ -0,0 +1,10 @@
+---
+- policy_ref:
+  steps:
+    - PCRs:
+        hash_algorithm: sha256
+        selection:
+          - pcr_id: 21
+            value: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+          - pcr_id: 22
+            value: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
--- a/tests/policy_privkey.pem
+++ b/tests/policy_privkey.pem
@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDircjVAHSZ2f42
-sKum4lXway0DwVEBGAXV0L5y0rRQoJ1lvD+d4bCcTx03hcqrIQYOEA2cvT6mba6z
-63TIM4BELi1vdbqYF4DlIhNhRvKPu7kBXt+VFkjhKdYomS0x6o5voXSKItD08e/L
-tId115JtdLAKQyR+8mhYlisMfEg26HceqhE2//JQn3poqSvrvoDCZYYi+tk5jEX8
-5MdiUyZAyl6rZzrFxl839dN4sARL284/3ljTvjhfYExqmb4mO95KV7eNpQpD/1Ae
-bRHiK8jvdCQRDF8wtf+0WBBg2XCWs+As2hNgBxZot5Zqq+uyPTTO6XcKsrcf5VXi
-JuQsqRNhAgMBAAECggEAJ9afG0BPPdLgKMB4CoZw0CYl7SkGkYilTeS38/owEpOH
-1h91lsvZfD8zRVTQP684HzSXD9r6rclNEPXqulzCyDjNZ29rcdt/ncWVXl1XuAco
-BqOj69HU0S3HI694D/PHQLtBfh2MV+BFYqnBvOY8J9yAK+2M9nqn+Bm8Sx90maGA
-vz3yK7jdwBbqX5GyHY9tuipVungqiaKofzCn88gvLGuM2GuD/yOn3jEby542eOop
-VTpeszksGSw/iDB3hUd5u9P3Qwns5mI4wT66ihcVopt+HBKRhP4TQ+O/v3faVlnM
-gPubUKnruBpuaPZIBiptyLnNC3Bl/HDvS5dEOAQD+QKBgQDnQ2IOcxDJhldGQr7p
-sFhwO4fDjHWB9CSZIkN8/6Fy3LBa58Wtk+NYIwUimVNjtpWaFk+TV82XMVuHO9w1
-+LN/q7/439JZisHTfaSE2QjoI5NCQjxWWwRl137tGAAbsjk+5kWWrM6zkzfI3XcH
-9Fp78yzpUJn5i+I2z7K+5xRXRwKBgQD67N5zMTgSlljc7BTOc1/Ep+/xgvbZbnPD
-ZQdIa34dcMEgb73nG2bZsxRMILTRf/eyG99/hoW8u4CNyRQK1BKjROUcoOfOdIli
-xM0W/ztVOTSokCoaiVV9jCUdWGqERiMscCPteB2pbGk1t2u4vx7HMNPDQ6Td1O+z
-nplP1BbkFwKBgQDhjNif2x2uTvXjsslcRf+bRpQ85krc+e6P49kKmo8t5YuivZYQ
-msIKfe1ON1gbUkJKTCREQkhjg2IPXRSDFxKKHEpZQoJ3jltIF6xTXRHQxpGi99K9
-Lnv1j91dBCFm4cXvUMriD5xxi83GfCjRe0KczSkqTNA/kGyKpLticSFnlQKBgQCb
-UzUAKV+EYfzwBFN82H5XxX0KCv+y6GRQd6Fieue+YaWq5oCvJo8sA2Z1GWnUpVo2
-rnpS/nqasZaKLgZyDYTb/DG23wOfERRaR2iM68FWp+qozVTCyHBbHv16hNiquJ/d
-Si1zOf9iePFHhxrvaZ8rvlXXcXAEwWL/1RUiDS9+UQKBgQDH7qXtbcW/eAe6LdeI
-vMz+Or7V3O/Dm6UI/RhFwsMOwMUf6w5l0czGKhilLKRl+R2yEAx1WPzIzN7o4NA2
-MVXLdJU7SSs4QBsuFiMWBtFS3iT+RC2muSEP5CUdFr9HMFMafH8zaxsm9t2jZitM
-429LdZJETEHqHcAU6bexjxxSQQ==
-----END PRIVATE KEY-----
--- a/tests/policy_pubkey.json
+++ b/tests/policy_pubkey.json
@ -1 +0,0 @@
-{"RSA":{"scheme":"RSASSA","hashing_algo":"SHA256","exponent":65537,"modulus":"4q3I1QB0mdn+NrCrpuJV8GstA8FRARgF1dC+ctK0UKCdZbw/neGwnE8dN4XKqyEGDhANnL0+pm2us+t0yDOARC4tb3W6mBeA5SITYUbyj7u5AV7flRZI4SnWKJktMeqOb6F0iiLQ9PHvy7SHddeSbXSwCkMkfvJoWJYrDHxINuh3HqoRNv/yUJ96aKkr676AwmWGIvrZOYxF/OTHYlMmQMpeq2c6xcZfN/XTeLAES9vOP95Y0744X2BMapm+JjveSle3jaUKQ/9QHm0R4ivI73QkEQxfMLX/tFgQYNlwlrPgLNoTYAcWaLeWaqvrsj00zul3CrK3H+VV4ibkLKkTYQ=="}}
--- a/tests/policy_working.json
+++ b/tests/policy_working.json
@ -1 +1 @@
-[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"hmfnGClOng3x0wYAuj7rIB92Sq0trXJ0hkPkooXh0fc="}}],"signature":"LF3IOinkotJFbuPTNTW36izk3UA+wFugnxTW8QfemVVxCYSbEcLzabxZzxHSHPvjvu8ZaVfqdC0C+xKzvh0i7HEQ5qYEF7Q4jOmBXeLUOjKsO9EsglZ2Dgg2ii1MvZWAwp/8DYACpMUdw0nF/VCLTe/MMdppFGbrZS7HB6a33TiApBN2AGxF17AsZ9CG5IZpTSUOeJuAxM1R8JDEbiGLDzQAqhohdOf6GNZD19Ry/jhgeqkYoWx+LhIzsqcHlN5k/xHKUdgNifTL+Zc4URJJjt4WVhJqzU+8+nu9LpdP3Q5wLxQp1r/bhL3fKbFPqYNaj7AlLUFWhaPe92XbzoLiRQ=="}]
+[{"policy_ref":"","steps":[{"PCRs":{"pcr_ids":[21,22],"hash_algorithm":"SHA256","value":"hmfnGClOng3x0wYAuj7rIB92Sq0trXJ0hkPkooXh0fc="}}],"signature":"tHgQE6iuijrtJPTDa97cc+lyL4GQ0dfnxyn/k30w1KKCYJFSKM8PGBdzkUpk+PskCO9iH7SUahEOzgrsgMmlhS+rmFUxnjNm5JyJRlOmaRCkRo34JxSX/DWAfzIRIq8gI6gBRRyCdYVgySpyAWISdwJyajtmaVVl1ESnNmfXnbMmwpgQQmOi2x9eTZIheu/JJSpkSZ5xEcmzXJcSABl6l7fMP9xgbPsL8FP2TqwMcH2nHaEnAsX2LhriCvM16W2KMcdS7k6UyLLi9DUmuT40wvPyN5PxcNlAVdFW3WcWfe88FvmJNHdPNJGhaPgDPTDsI2yVoIEf9XPSMetuNVzmjQ=="}]
--- a/tests/policy_working.yaml
+++ b/tests/policy_working.yaml
@ -0,0 +1,10 @@
+---
+- policy_ref:
+  steps:
+    - PCRs:
+        hash_algorithm: sha256
+        selection:
+          - pcr_id: 21
+            value: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+          - pcr_id: 22
+            value: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
--- a/tests/test_policy
+++ b/tests/test_policy
@ -1,8 +1,18 @@
 #!/bin/bash
 cargo build || (echo "Failed to build"; exit 1)
-echo "Working: with Policy" | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/policy_pubkey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' | ./target/debug/clevis-pin-tpm2 decrypt
+(
+	cd ../clevis-pin-tpm2-signtool
+	go build
+)
+(
+	cd tests
+	rm -f policy_broken.json policy_working.json privatekey.pem publickey.json
+	../../clevis-pin-tpm2-signtool/clevis-pin-tpm2-signtool <policy_working.yaml >policy_working.json
+	../../clevis-pin-tpm2-signtool/clevis-pin-tpm2-signtool <policy_broken.yaml >policy_broken.json
+)
+echo "Working: with Policy" | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/publickey.json", "policy_ref": "", "policy_path": "./tests/policy_working.json"}' | ./target/debug/clevis-pin-tpm2 decrypt
 # Negative test (non-valid policy)
-token=$(echo Failed | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/policy_pubkey.json", "policy_ref": "", "policy_path": "./tests/policy_broken.json"}')
+token=$(echo Failed | ./target/debug/clevis-pin-tpm2 encrypt '{"policy_pubkey_path":"./tests/publickey.json", "policy_ref": "", "policy_path": "./tests/policy_broken.json"}')
 res=$(echo "$token" | ./target/debug/clevis-pin-tpm2 decrypt 2>&1)
 ret=$?
 if [ $ret == 0 -a "$res" == "Failed" ]
				`@ -1 +0,0 @@`
				`{"RSA":{"scheme":"RSASSA","hashing_algo":"SHA256","exponent":65537,"modulus":"4q3I1QB0mdn+NrCrpuJV8GstA8FRARgF1dC+ctK0UKCdZbw/neGwnE8dN4XKqyEGDhANnL0+pm2us+t0yDOARC4tb3W6mBeA5SITYUbyj7u5AV7flRZI4SnWKJktMeqOb6F0iiLQ9PHvy7SHddeSbXSwCkMkfvJoWJYrDHxINuh3HqoRNv/yUJ96aKkr676AwmWGIvrZOYxF/OTHYlMmQMpeq2c6xcZfN/XTeLAES9vOP95Y0744X2BMapm+JjveSle3jaUKQ/9QHm0R4ivI73QkEQxfMLX/tFgQYNlwlrPgLNoTYAcWaLeWaqvrsj00zul3CrK3H+VV4ibkLKkTYQ=="}}`