blob: 4cc0172a4bcf3696fc91169e3c477329a5e51737 [file] [log] [blame]
#!/bin/bash
##
# test is
# 1. create an EC private key with the curve parameters
# 2. wrap the private key to the TPM
# 3. Create a self signed x509 certificate
# 4. verify the certificate
for curve in $(${bindir}/create_tpm2_key --list-curves); do
if openssl ecparam -name ${curve} 2>&1 | egrep '(invalid|unknown) curve'; then
continue
fi
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:${curve} -out key.priv && \
${bindir}/create_tpm2_key -p 81000001 -w key.priv key.tpm && \
openssl req -new -x509 -subj '/CN=test/' -key key.tpm $ENGINE $KEYFORM -out tmp.crt && \
openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || \
exit 1
done