Index: tests/run_vbutil_tests.sh |
diff --git a/tests/run_vbutil_tests.sh b/tests/run_vbutil_tests.sh |
new file mode 100755 |
index 0000000000000000000000000000000000000000..0e8beef8d907f6d48fbe5bfafa166dabec6b8af8 |
--- /dev/null |
+++ b/tests/run_vbutil_tests.sh |
@@ -0,0 +1,111 @@ |
+#!/bin/bash |
+ |
+# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
+# Use of this source code is governed by a BSD-style license that can be |
+# found in the LICENSE file. |
+ |
+# Run verified boot firmware and kernel verification tests. |
+ |
+# Load common constants and variables. |
+. "$(dirname "$0")/common.sh" |
+ |
+return_code=0 |
+ |
+function test_vbutil_key { |
+ algorithmcounter=0 |
+ for keylen in ${key_lengths[@]} |
+ do |
+ for hashalgo in ${hash_algos[@]} |
+ do |
+ echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" |
+ # Pack the key |
+ ${UTIL_DIR}/vbutil_key --pack \ |
+ --in ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ |
+ --out ${TESTKEY_DIR}/key_alg${algorithmcounter}.vbpubk \ |
+ --version 1 \ |
+ --algorithm $algorithmcounter |
+ if [ $? -ne 0 ] |
+ then |
+ return_code=255 |
+ fi |
+ |
+ # Unpack the key |
+ # TODO: should verify we get the same key back out? |
+ ${UTIL_DIR}/vbutil_key --unpack \ |
+ --in ${TESTKEY_DIR}/key_alg${algorithmcounter}.vbpubk |
+ if [ $? -ne 0 ] |
+ then |
+ return_code=255 |
+ fi |
+ |
+ let algorithmcounter=algorithmcounter+1 |
+ done |
+ done |
+} |
+ |
+ |
+function test_vbutil_keyblock { |
+# Test for various combinations of firmware signing algorithm and |
+# kernel signing algorithm |
+ signing_algorithmcounter=0 |
+ data_algorithmcounter=0 |
+ for signing_keylen in ${key_lengths[@]} |
+ do |
+ for signing_hashalgo in ${hash_algos[@]} |
+ do |
+ let data_algorithmcounter=0 |
+ for datakeylen in ${key_lengths[@]} |
+ do |
+ for datahashalgo in ${hash_algos[@]} |
+ do |
+ echo -e "For ${COL_YELLOW}signing algorithm \ |
+RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \ |
+and ${COL_YELLOW}data key algorithm RSA-${datakeylen}/\ |
+${datahashalgo}${COL_STOP}" |
+ # Remove old file |
+ keyblockfile=${TESTKEY_DIR}/sign${signing_algorithmcounter}_data${data_algorithmcounter}.keyblock |
+ rm -f ${keyblockfile} |
+ |
+ # Pack |
+ ${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \ |
+ --datapubkey \ |
+ tests/testkeys/key_alg${data_algorithmcounter}.vbpubk \ |
+ --signprivate ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ |
+ --algorithm $signing_algorithmcounter |
+ if [ $? -ne 0 ] |
+ then |
+ return_code=255 |
+ fi |
+ |
+ # Unpack |
+ ${UTIL_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ |
+ --signpubkey \ |
+ tests/testkeys/key_alg${signing_algorithmcounter}.vbpubk |
+ # TODO: check data key against the packed one? |
+ if [ $? -ne 0 ] |
+ then |
+ return_code=255 |
+ fi |
+ |
+ let data_algorithmcounter=data_algorithmcounter+1 |
+ done |
+ done |
+ let signing_algorithmcounter=signing_algorithmcounter+1 |
+ done |
+ done |
+} |
+ |
+ |
+check_test_keys |
+ |
+echo |
+echo "Testing vbutil_key..." |
+test_vbutil_key |
+ |
+echo |
+echo "Testing vbutil_keyblock..." |
+test_vbutil_keyblock |
+ |
+ |
+exit $return_code |
+ |