blob: 6e72dc31768da08fc55e401b97abaf7f739ee484 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
#!/usr/bin/env gpgscm
;; Copyright (C) 2021 [email protected]
;;
;; SPDX-License-Identifier: GPL-3.0-or-later
;;
(load (in-srcdir "tests" "tpm2dtests" "defs.scm"))
(setup-environment)
;;
;; Check that a key with a long passphrase can be created and check
;; the passphrase can be truncated and still work
;;
(define name "ecc <[email protected]>")
(define name1 "ecc1 <[email protected]>")
(define algo "nistp256")
(setenv "PINENTRY_USER_DATA" "this is a password longer than the TPM max of the name algorithm (i.e. 32)" #t)
(quick-gen name algo)
(setenv "PINENTRY_USER_DATA" "this is a password longer than the TPM max of the name" #t)
(check-sig name)
;; exactly the TPM limit (sha256 hash name algorithm: 32)
(setenv "PINENTRY_USER_DATA" "12345678901234567890123456789012" #t)
(quick-gen name1 algo)
(info "checking TPM signing failure with truncated passphrase")
;; passphrase one character shorter, should fail with bad passphrase
(setenv "PINENTRY_USER_DATA" "1234567890123456789012345678901" #t)
(let ((result (call-with-io `(,@GPG --default-key ,name1 --sign msg.txt) "")))
(if (= 0 (:retcode result))
(throw "Signing Key succeeded with wrong passphrase")
(unless (string-contains? (:stderr result) "Bad passphrase")
(throw "Unexpected signing error:" (:stderr result)))))
|
