The tests in generate_test.go tests minimal output parsing (eg, if the key is an actual rsa key or if it has enableAuth set) and then on to a more complete validation of the key parameters (eg is it an rsa key, etc)
The genkey tests also verifies if the auth values are set or not for the key, parent and owner.
TODO: setup tests for AES-CBC when the block size isn't even multiple
The basis for this test is the following run done on a real tpm and using openssl1.1 tpm2tss-genkey.
The test cases in convert_test.go will attempt to read key.pub, key.prv and create the same private.pem bytes
printf '\x00\x00' > /tmp/unique.dat
tpm2_createprimary -C o -G ecc -g sha256 \
-c primary.ctx \
-a "fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda|restricted|decrypt" -u /tmp/unique.dat
tpm2_create -G rsa2048:rsassa:null -g sha256 -u key.pub -r key.prv -C primary.ctx
tpm2_flushcontext -t
## note, we're using openssl1.1 tpm2tss-genkey to do the initial key generation.
tpm2tss-genkey --public=key.pub --private=key.prv private.pem$ cat private.pem
-----BEGIN TSS2 PRIVATE KEY-----
MIICFAYGZ4EFCgEDoAMBAf8CBEAAAAEEggEaARgAAQALAAQAcgAAABAAFAALCAAA
AAAAAQDxY0Q6mO4DmC47qHWrKueDrhZduhihgl/D4+gUGNu9nAI8rwZyYrrQ+wJQ
2fpDbVb+CFLebUWMbL/FKM1TIY/BQbRgp6cdQZISxb+9lpajJt8iXQaA/T6NVL7x
3Qa6Rjj27FEZJUPDRThWCXHGUgRcBNBhjdDsTfAOzMiAc47J5jbXtLqdx5PtYh9A
3D1NgqlrH+1RyEYUt1rD6aekoEOAnd0U/gU/TJ0KUXKD4GMaqabj9PXAwdPKk9/r
MxotZbmMi66V0iq0D+2l0oyJ2gBF4nbjzvmHbCUAzETAeT9LR/5NgT4iKIimKVCK
6AHDguhG7HKXUJqBaOYgI3LVRX25BIHgAN4AIG3dgZSDUFRRJDUEpMFuImaiYNGg
/RQ41HKcLqknolp7ABC6IXqc5nNlTzPio+iJD0xqqbqOS3lxkHWolFwcpqdABE/E
hmQHOSh2EPZTVUs40LAPJoj6grcZRGNEidu/kycvPbnMLJTbzOrsxHJW8RZr/F+S
6stmsXULZefRlD5vVUOfZpzIaGX1dF5tge2/Frq/liBNi04ZRcHzQkPRtXz7APcA
0KSZIy3EAlJnvejen+vhhKwvYCGnh/aYuKEShwLrhXg76MKQffarA36GbKycO1bp
ThhsGuHLA9U=
-----END TSS2 PRIVATE KEY-----openssl asn1parse -inform PEM -in private.pem
0:d=0 hl=4 l= 532 cons: SEQUENCE
4:d=1 hl=2 l= 6 prim: OBJECT :2.23.133.10.1.3
12:d=1 hl=2 l= 3 cons: cont [ 0 ]
14:d=2 hl=2 l= 1 prim: BOOLEAN :255
17:d=1 hl=2 l= 4 prim: INTEGER :40000001
23:d=1 hl=4 l= 282 prim: OCTET STRING [HEX DUMP]:01180001000B00040072000000100014000B0800000000000100F163443A98EE03982E3BA875AB2AE783AE165DBA18A1825FC3E3E81418DBBD9C023CAF067262BAD0FB0250D9FA436D56FE0852DE6D458C6CBFC528CD53218FC141B460A7A71D419212C5BFBD9696A326DF225D0680FD3E8D54BEF1DD06BA4638F6EC51192543C34538560971C652045C04D0618DD0EC4DF00ECCC880738EC9E636D7B4BA9DC793ED621F40DC3D4D82A96B1FED51C84614B75AC3E9A7A4A043809DDD14FE053F4C9D0A517283E0631AA9A6E3F4F5C0C1D3CA93DFEB331A2D65B98C8BAE95D22AB40FEDA5D28C89DA0045E276E3CEF9876C2500CC44C0793F4B47FE4D813E222888A629508AE801C382E846EC7297509A8168E6202372D5457DB9
309:d=1 hl=3 l= 224 prim: OCTET STRING [HEX DUMP]:00DE00206DDD819483505451243504A4C16E2266A260D1A0FD1438D4729C2EA927A25A7B0010BA217A9CE673654F33E2A3E8890F4C6AA9BA8E4B79719075A8945C1CA6A740044FC486640739287610F653554B38D0B00F2688FA82B71944634489DBBF93272F3DB9CC2C94DBCCEAECC47256F1166BFC5F92EACB66B1750B65E7D1943E6F55439F669CC86865F5745E6D81EDBF16BABF96204D8B4E1945C1F34243D1B57CFB00F700D0A499232DC4025267BDE8DE9FEBE184AC2F6021A787F698B8A1128702EB85783BE8C2907DF6AB037E866CAC9C3B56E94E186C1AE1CB03D5printf '\x00\x00' > /tmp/unique.dat
tpm2_createprimary -C o -G ecc -g sha256 \
-c primary.ctx \
-a "fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda|restricted|decrypt" -u /tmp/unique.dat
tpm2_create -G rsa2048:rsassa:null -g sha256 -u key.pub -r key.prv -C primary.ctx -p foo
# tpm2tss-genkey --public=key.pub --private key.prv --password foo private.pem
tpm2-genkey --public=key.pub --private=key.prv --password=foo --out=private.pemcat private.pem
-----BEGIN TSS2 PRIVATE KEY-----
MIICDwYGZ4EFCgEDAgRAAAABBIIBGgEYAAEACwAEAHIAAAAQABQACwgAAAAAAAEA
7f5tuMpoUvcIgzgB24hh2mZFSK6w0TjCGXNNZCK3qLQsL1xuUNSk6p8v4r44n8FX
csr4uvyARP3usxOGvywRln0+vcWW1dnJl1OlFVcjFvZuhU5HcwS7KFXpMemgLG0s
egSOpRNgUFXXHuByGoRB9GdlXcEY8COjiriZNymMA1NgmNbFiAc1Kien/5uy1MeB
RyMzxLPJC4YY88BWtXvChSdoKZ2fUdzXw+8KYCDZCXgcwxqfdosPyuzyetPHOzMX
K7BwIseBLFs7/B41KNCrZds+QlmQVYOD24IcKppn8eTdl3jDlK4mHb8PiAO26iJd
MrgvBTAWRpjBLjKwQ4g0lQSB4ADeACCIire6cAqXgm6DdG4VAaEfqYkLVWpUML+l
xnu9HcPrJAAQJMEE62y8q78OvNC4Ao1ntZiJB8JN/fAaSSmfCBekhMjOUBNjKeTE
oXwK/G6LjhGRmd6zpZg+0sTpnJg0+K08SH2oZGsWdDC+y01KU3U1EjncWTBLUjhh
ke/O5nuY9FM67JF9xojl/XBmEeM8dEVFz7ICxC26Ew4D8nV0AnXstueQxgDZTO4k
MrzRRxKEQj3nBWEzpLN8VQtdUTNIarVviiMrH92itpltts0+Q4crUTtOltsJKzPJ
ygNm
-----END TSS2 PRIVATE KEY-----openssl asn1parse -inform PEM -in private.pem
0:d=0 hl=4 l= 527 cons: SEQUENCE
4:d=1 hl=2 l= 6 prim: OBJECT :2.23.133.10.1.3
12:d=1 hl=2 l= 4 prim: INTEGER :40000001
18:d=1 hl=4 l= 282 prim: OCTET STRING [HEX DUMP]:01180001000B00040072000000100014000B0800000000000100EDFE6DB8CA6852F708833801DB8861DA664548AEB0D138C219734D6422B7A8B42C2F5C6E50D4A4EA9F2FE2BE389FC15772CAF8BAFC8044FDEEB31386BF2C11967D3EBDC596D5D9C99753A515572316F66E854E477304BB2855E931E9A02C6D2C7A048EA513605055D71EE0721A8441F467655DC118F023A38AB89937298C03536098D6C58807352A27A7FF9BB2D4C781472333C4B3C90B8618F3C056B57BC2852768299D9F51DCD7C3EF0A6020D909781CC31A9F768B0FCAECF27AD3C73B33172BB07022C7812C5B3BFC1E3528D0AB65DB3E425990558383DB821C2A9A67F1E4DD9778C394AE261DBF0F8803B6EA225D32B82F0530164698C12E32B043883495
304:d=1 hl=3 l= 224 prim: OCTET STRING [HEX DUMP]:00DE0020888AB7BA700A97826E83746E1501A11FA9890B556A5430BFA5C67BBD1DC3EB24001024C104EB6CBCABBF0EBCD0B8028D67B5988907C24DFDF01A49299F0817A484C8CE50136329E4C4A17C0AFC6E8B8E119199DEB3A5983ED2C4E99C9834F8AD3C487DA8646B167430BECB4D4A5375351239DC59304B52386191EFCEE67B98F4533AEC917DC688E5FD706611E33C744545CFB202C42DBA130E03F275740275ECB6E790C600D94CEE2432BCD1471284423DE7056133A4B37C550B5D5133486AB56F8A232B1FDDA2B6996DB6CD3E43872B513B4E96DB092B33C9CA0366