Sākums Izpētīt Palīdzība
Pierakstīties
SoftwareDesign
/
csu3_am335x
8
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Atzars: master
Atzari Tagi
csu3_am335x
/
EVSE
/
GPL
/
tpm2-tools-5.1
/
test
/
integration
/
fapi
/
fapi-policy_signed_ecc.sh

fapi-policy_signed_ecc.sh 6.0 KB
Patstāvīgā saite Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204 
  1. 

  2. # set -e
    3. 

  3. source helpers.sh
    4. 

  4. 

  5. start_up
    6. 

  6. 

  7. CRYPTO_PROFILE="ECC"
    8. 

  8. setup_fapi $CRYPTO_PROFILE
    9. 

  9. 

  10. function cleanup {
    11. 

  11.     tss2 delete --path=/
    12. 

  12.     shut_down
    13. 

  13. }
    14. 

  14. 

  15. trap cleanup EXIT
    16. 

  16. 

  17. # openssl ecparam -name secp256r1 -genkey -noout -out key_priv.pem
    18. 

  18. # openssl ec -in key_priv.pem -pubout -out key_pub.pem
    19. 

  19. 

  20. # -----BEGIN PUBLIC KEY-----
    21. 

  21. # MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAw+PKFksCw+ikD76l6BMeXfebcZx
    22. 

  22. # Gf8QGWT2MOy8tOfpe6m+6MUUm2GUijGPkvCTjtJPOJz//XMom+k+7OaWmA==
    23. 

  23. # -----END PUBLIC KEY-----
    24. 

  24. 

  25. # -----BEGIN EC PRIVATE KEY-----
    26. 

  26. # MHcCAQEEICf0OXKKsPkEVR1jsPOKSQQJnJVimamLYwLDZwJDj7etoAoGCCqGSM49
    27. 

  27. # AwEHoUQDQgAEAw+PKFksCw+ikD76l6BMeXfebcZxGf8QGWT2MOy8tOfpe6m+6MUU
    28. 

  28. # m2GUijGPkvCTjtJPOJz//XMom+k+7OaWmA==
    29. 

  29. # -----END EC PRIVATE KEY-----
    30. 

  30. 

  31. 

  32. KEY_PATH_1=HS/SRK/mySignKey1
    33. 

  33. KEY_PATH_2=HS/SRK/mySignKey2
    34. 

  34. SIGN_POLICY_DATA=pol_signed.json
    35. 

  35. SIGN_POLICY_DATA_KEY_HINT=pol_signed_key_hint.json
    36. 

  36. POLICY_SIGNED=policy/policy-signed
    37. 

  37. POLICY_SIGNED_KEY_HINT=policy/policy-signed_key_hint
    38. 

  38. TEST_SIGNATURE_FILE=test_signature.file
    39. 

  39. SIGNATURE_FILE=signature.file
    40. 

  40. DIGEST_FILE=digest.file
    41. 

  41. PRIV_KEY_FILE=priv_key.file
    42. 

  42. 

  43. LOG_FILE=$TEMP_DIR/log.file
    44. 

  44. touch $LOG_FILE
    45. 

  45. 

  46. EMPTY_FILE=$TEMP_DIR/empty.file
    47. 

  47. BIG_FILE=$TEMP_DIR/big_file.file
    48. 

  48. 

  49. # Setup Policy Signed
    50. 

  50. cat > $SIGN_POLICY_DATA_KEY_HINT <<EOF
    51. 

  51. {
    52. 

  52.     "description":"Description pol_signed",
    53. 

  53.     "policy":[
    54. 

  54.         {
    55. 

  55.             "type": "POLICYSIGNED",
    56. 

  56.             "keyPEM": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAw+PKFksCw+ikD76l6BMeXfebcZx\nGf8QGWT2MOy8tOfpe6m+6MUUm2GUijGPkvCTjtJPOJz//XMom+k+7OaWmA==\n-----END PUBLIC KEY-----",
    57. 

  57.             "keyPEMhashAlg": "SHA1",
    58. 

  58.             "publicKeyHint": "My Signature Key"
    59. 

  59.         }
    60. 

  60.     ]
    61. 

  61. }
    62. 

  62. EOF
    63. 

  63. 

  64. cat > $SIGN_POLICY_DATA <<EOF
    65. 

  65. {
    66. 

  66.     "description":"Description pol_signed",
    67. 

  67.     "policy":[
    68. 

  68.         {
    69. 

  69.             "type": "POLICYSIGNED",
    70. 

  70.             "keyPEM": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAw+PKFksCw+ikD76l6BMeXfebcZx\nGf8QGWT2MOy8tOfpe6m+6MUUm2GUijGPkvCTjtJPOJz//XMom+k+7OaWmA==\n-----END PUBLIC KEY-----",
    71. 

  71.             "keyPEMhashAlg": "SHA1",
    72. 

  72.         }
    73. 

  73.     ]
    74. 

  74. }
    75. 

  75. EOF
    76. 

  76. 

  77. # Write private pem key to file
    78. 

  78. cat > $PRIV_KEY_FILE <<EOF
    79. 

  79. -----BEGIN EC PRIVATE KEY-----
    80. 

  80. MHcCAQEEICf0OXKKsPkEVR1jsPOKSQQJnJVimamLYwLDZwJDj7etoAoGCCqGSM49
    81. 

  81. AwEHoUQDQgAEAw+PKFksCw+ikD76l6BMeXfebcZxGf8QGWT2MOy8tOfpe6m+6MUU
    82. 

  82. m2GUijGPkvCTjtJPOJz//XMom+k+7OaWmA==
    83. 

  83. -----END EC PRIVATE KEY-----
    84. 

  84. EOF
    85. 

  85. 

  86. echo -n 01234567890123456789 > $DIGEST_FILE
    87. 

  87. 

  88. tss2 provision
    89. 

  89. 

  90. tss2 import --path=$POLICY_SIGNED --importData=$SIGN_POLICY_DATA
    91. 

  91. 

  92. tss2 import --path=$POLICY_SIGNED_KEY_HINT --importData=$SIGN_POLICY_DATA_KEY_HINT
    93. 

  93. 

  94. tss2 createkey --path $KEY_PATH_1 --type="sign, noda" \
    95. 

  95.   --policyPath $POLICY_SIGNED --authValue ""
    96. 

  96. 

  97. tss2 createkey --path $KEY_PATH_2 --type="sign, noda" \
    98. 

  98.   --policyPath $POLICY_SIGNED_KEY_HINT --authValue ""
    99. 

  99. 

  100. OUTPUT_FILE=$TEMP_DIR/data2sign.file
    101. 

  101. 

  102. expect <<EOF
    103. 

  103.     spawn sh -c "tss2 sign --keyPath=$KEY_PATH_1 --digest=$DIGEST_FILE --signature=$TEST_SIGNATURE_FILE --force 2> $LOG_FILE"
    104. 

  104.     expect "Filename for nonce output: " {
    105. 

  105.         send "$OUTPUT_FILE\r"
    106. 

  106.         expect "Filename for signature input: " {
    107. 

  107.             exec openssl dgst -sha1 -sign $PRIV_KEY_FILE -out $SIGNATURE_FILE $OUTPUT_FILE
    108. 

  108.             send "$SIGNATURE_FILE\r"
    109. 

  109.             exp_continue
    110. 

  110.         }
    111. 

  111.     }
    112. 

  112. EOF
    113. 

  113. 

  114. if grep "ERROR" $LOG_FILE > /dev/null
    115. 

  115. then
    116. 

  116.   cat $LOG_FILE
    117. 

  117.   exit 1
    118. 

  118. fi
    119. 

  119. 

  120. expect <<EOF
    121. 

  121.     spawn sh -c "tss2 sign --keyPath=$KEY_PATH_2 --digest=$DIGEST_FILE --signature=$TEST_SIGNATURE_FILE --force 2> $LOG_FILE"
    122. 

  122.     expect "Filename for nonce output: " {
    123. 

  123.         send "$OUTPUT_FILE\r"
    124. 

  124.         expect "Filename for signature input: " {
    125. 

  125.             exec openssl dgst -sha1 -sign $PRIV_KEY_FILE -out $SIGNATURE_FILE $OUTPUT_FILE
    126. 

  126.             send "$SIGNATURE_FILE\r"
    127. 

  127.             exp_continue
    128. 

  128.         }
    129. 

  129.     }
    130. 

  130. EOF
    131. 

  131. 

  132. if grep "ERROR" $LOG_FILE > /dev/null
    133. 

  133. then
    134. 

  134.   cat $LOG_FILE
    135. 

  135.   exit 1
    136. 

  136. fi
    137. 

  137. 

  138. echo "sign callback with BIG_FILE" # Expected to fail
    139. 

  139. expect <<EOF
    140. 

  140.     spawn sh -c "tss2 sign --keyPath=$KEY_PATH_1 --digest=$DIGEST_FILE --signature=$TEST_SIGNATURE_FILE --force 2> $LOG_FILE"
    141. 

  141.     expect "Filename for nonce output: " {
    142. 

  142.         send "$OUTPUT_FILE\r"
    143. 

  143.         expect "Filename for signature input: " {
    144. 

  144.             exec openssl dgst -sha1 -sign $PRIV_KEY_FILE -out $SIGNATURE_FILE $OUTPUT_FILE
    145. 

  145.             send "$BIG_FILE\r"
    146. 

  146.             set ret [wait]
    147. 

  147.             if {[lindex \$ret 2] || [lindex \$ret 3] == 0} {
    148. 

  148.                 send_user "\n[lindex \$ret]\n"
    149. 

  149.                 send_user "Command not failed as expected\n"
    150. 

  150.                 exit 1
    151. 

  151.             }
    152. 

  152.         }
    153. 

  153.         set ret [wait]
    154. 

  154.         if {[lindex \$ret 2] || [lindex \$ret 3] == 0} {
    155. 

  155.             set file [open $LOG_FILE r]
    156. 

  156.             set log [read \$file]
    157. 

  157.             close $file
    158. 

  158.             send_user "\n[lindex \$ret]\n"
    159. 

  159.             send_user "Command has not failed as expected\n"
    160. 

  160.             exit 1
    161. 

  161.         }
    162. 

  162.     }          
    163. 

  163. EOF
    164. 

  164. 

  165. if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then
    166. 

  166.   echo "Error: AddressSanitizer triggered."
    167. 

  167.   cat $LOG_FILE
    168. 

  168.   exit 1
    169. 

  169. fi
    170. 

  170. 

  171. echo "sign callback with EMPTY_FILE" # Expected to fail
    172. 

  172. expect <<EOF  
    173. 

  173.     spawn sh -c "tss2 sign --keyPath=$KEY_PATH_1 --digest=$DIGEST_FILE --signature=$TEST_SIGNATURE_FILE --force 2> $LOG_FILE"
    174. 

  174.     expect "Filename for nonce output: " {
    175. 

  175.         send "$OUTPUT_FILE\r"
    176. 

  176.         expect "Filename for signature input: " {
    177. 

  177.             exec openssl dgst -sha1 -sign $PRIV_KEY_FILE -out $SIGNATURE_FILE $OUTPUT_FILE
    178. 

  178.             send "$EMPTY_FILE\r"
    179. 

  179.             set ret [wait]
    180. 

  180.             if {[lindex \$ret 2] || [lindex \$ret 3] == 0} {
    181. 

  181.                 send_user "\n[lindex \$ret]\n"
    182. 

  182.                 send_user "Command has not failed as expected\n"
    183. 

  183.                 exit 1
    184. 

  184.             }
    185. 

  185.         }
    186. 

  186.         set ret [wait]
    187. 

  187.         if {[lindex \$ret 2] || [lindex \$ret 3] == 0} {
    188. 

  188.             set file [open $LOG_FILE r]
    189. 

  189.             set log [read \$file]
    190. 

  190.             close $file
    191. 

  191.             send_user "\n[lindex \$ret]\n"
    192. 

  192.             send_user "Command has not failed as expected\n"
    193. 

  193.             exit 1
    194. 

  194.         }
    195. 

  195.     }          
    196. 

  196. EOF
    197. 

  197. 

  198. if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then
    199. 

  199.   echo "Error: AddressSanitizer triggered."
    200. 

  200.   cat $LOG_FILE
    201. 

  201.   exit 1
    202. 

  202. fi
    203. 

  203. 

  204. exit 0
    205.