-
Notifications
You must be signed in to change notification settings - Fork 39
/
cipher_aes256.sh
executable file
·37 lines (27 loc) · 1.05 KB
/
cipher_aes256.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/usr/bin/env bash
# SPDX-License-Identifier: BSD-3-Clause
set -eufx
# skip when the command is not supported
tpm2_getcap commands | grep EncryptDecrypt || exit 77
# skip when the algorithm is not supported
tpm2_getcap algorithms | grep ^aes: || exit 77
echo -n "abcde12345abcde12345" > testdata
# generate random key/iv
KEY=`openssl rand -provider tpm2 -hex 32`
IV=`openssl rand -provider tpm2 -hex 16`
for MODE in cbc ofb cfb ctr; do
# skip unsupported modes
tpm2_getcap algorithms | grep $MODE || continue
# encode using the tpm2 provider
openssl enc -provider tpm2 -aes-256-$MODE -e -K $KEY -iv $IV -in testdata -out testdata.enc
# decode using the default provider
openssl enc -aes-256-$MODE -d -K $KEY -iv $IV -in testdata.enc -out testdata2
# compare the results
cmp testdata testdata2
# decode using the tpm2 provider
openssl enc -provider tpm2 -aes-256-$MODE -d -K $KEY -iv $IV -in testdata.enc -out testdata3
# compare the results
cmp testdata testdata3
rm testdata.enc testdata2 testdata3
done
rm testdata