OLD | NEW |
(Empty) | |
| 1 #!/bin/bash |
| 2 |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. |
| 6 |
| 7 # Run verified boot firmware and kernel verification tests. |
| 8 |
| 9 # Load common constants and variables. |
| 10 . "$(dirname "$0")/common.sh" |
| 11 |
| 12 return_code=0 |
| 13 |
| 14 function test_vbutil_key { |
| 15 algorithmcounter=0 |
| 16 for keylen in ${key_lengths[@]} |
| 17 do |
| 18 for hashalgo in ${hash_algos[@]} |
| 19 do |
| 20 echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" |
| 21 # Pack the key |
| 22 ${UTIL_DIR}/vbutil_key --pack \ |
| 23 --in ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ |
| 24 --out ${TESTKEY_DIR}/key_alg${algorithmcounter}.vbpubk \ |
| 25 --version 1 \ |
| 26 --algorithm $algorithmcounter |
| 27 if [ $? -ne 0 ] |
| 28 then |
| 29 return_code=255 |
| 30 fi |
| 31 |
| 32 # Unpack the key |
| 33 # TODO: should verify we get the same key back out? |
| 34 ${UTIL_DIR}/vbutil_key --unpack \ |
| 35 --in ${TESTKEY_DIR}/key_alg${algorithmcounter}.vbpubk |
| 36 if [ $? -ne 0 ] |
| 37 then |
| 38 return_code=255 |
| 39 fi |
| 40 |
| 41 let algorithmcounter=algorithmcounter+1 |
| 42 done |
| 43 done |
| 44 } |
| 45 |
| 46 |
| 47 function test_vbutil_keyblock { |
| 48 # Test for various combinations of firmware signing algorithm and |
| 49 # kernel signing algorithm |
| 50 signing_algorithmcounter=0 |
| 51 data_algorithmcounter=0 |
| 52 for signing_keylen in ${key_lengths[@]} |
| 53 do |
| 54 for signing_hashalgo in ${hash_algos[@]} |
| 55 do |
| 56 let data_algorithmcounter=0 |
| 57 for datakeylen in ${key_lengths[@]} |
| 58 do |
| 59 for datahashalgo in ${hash_algos[@]} |
| 60 do |
| 61 echo -e "For ${COL_YELLOW}signing algorithm \ |
| 62 RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \ |
| 63 and ${COL_YELLOW}data key algorithm RSA-${datakeylen}/\ |
| 64 ${datahashalgo}${COL_STOP}" |
| 65 # Remove old file |
| 66 keyblockfile=${TESTKEY_DIR}/sign${signing_algorithmcounter}_data${data
_algorithmcounter}.keyblock |
| 67 rm -f ${keyblockfile} |
| 68 |
| 69 # Pack |
| 70 ${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \ |
| 71 --datapubkey \ |
| 72 tests/testkeys/key_alg${data_algorithmcounter}.vbpubk \ |
| 73 --signprivate ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ |
| 74 --algorithm $signing_algorithmcounter |
| 75 if [ $? -ne 0 ] |
| 76 then |
| 77 return_code=255 |
| 78 fi |
| 79 |
| 80 # Unpack |
| 81 ${UTIL_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ |
| 82 --signpubkey \ |
| 83 tests/testkeys/key_alg${signing_algorithmcounter}.vbpubk |
| 84 # TODO: check data key against the packed one? |
| 85 if [ $? -ne 0 ] |
| 86 then |
| 87 return_code=255 |
| 88 fi |
| 89 |
| 90 let data_algorithmcounter=data_algorithmcounter+1 |
| 91 done |
| 92 done |
| 93 let signing_algorithmcounter=signing_algorithmcounter+1 |
| 94 done |
| 95 done |
| 96 } |
| 97 |
| 98 |
| 99 check_test_keys |
| 100 |
| 101 echo |
| 102 echo "Testing vbutil_key..." |
| 103 test_vbutil_key |
| 104 |
| 105 echo |
| 106 echo "Testing vbutil_keyblock..." |
| 107 test_vbutil_keyblock |
| 108 |
| 109 |
| 110 exit $return_code |
| 111 |
OLD | NEW |