blob: 63fa4456ac66fdabb77d50ba35e5d49e25b34a9b [file] [log] [blame]
#!/bin/bash
##
# test is
# 1. create an EC private key with the curve parameters
# 2. wrap the private key to the TPM
# 3. Create a self signed x509 certificate
# 4. verify the certificate
for curve in $(${bindir}/create_tpm2_key --list-curves); do
if openssl ecparam -name ${curve} 2>&1 | egrep '(unknown|invalid) curve'; then
continue
fi
echo "Checking curve ${curve}"
openssl ecparam -param_enc named_curve -genkey -name ${curve} > tmp.param && \
openssl genpkey -paramfile tmp.param -out key.priv && \
${bindir}/create_tpm2_key -p 81000001 -w key.priv key.tpm && \
openssl req -new -x509 -subj '/CN=test/' -key key.tpm $ENGINE $KEYFORM -out tmp.crt && \
openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || \
exit 1
done
for curve in $(${bindir}/create_tpm2_key --list-curves); do
if openssl ecparam -name ${curve} 2>&1 | egrep '(invalid|unknown) curve'; then
continue
fi
echo "Checking curve ${curve}"
openssl ecparam -param_enc explicit -genkey -name ${curve} > tmp.param && \
openssl genpkey -paramfile tmp.param -out key.priv && \
${bindir}/create_tpm2_key -p 81000001 -w key.priv key.tpm && \
openssl req -new -x509 -subj '/CN=test/' -key key.tpm $ENGINE $KEYFORM -out tmp.crt && \
openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || \
exit 1
done