| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # Generate test cases for use for the RSA verify benchmark. | 7 # Generate test cases for use for the RSA verify benchmark. |
| 8 | 8 |
| 9 # Load common constants and variables. | 9 # Load common constants and variables. |
| 10 . "$(dirname "$0")/common.sh" | 10 . "$(dirname "$0")/common.sh" |
| 11 | 11 |
| 12 # Use a different directory for fuzzing test cases. | 12 # Use a different directory for fuzzing test cases. |
| 13 TESTCASE_DIR=${SCRIPT_DIR}/fuzz_testcases | 13 TESTCASE_DIR=${SCRIPT_DIR}/fuzz_testcases |
| 14 TEST_FILE=${TESTCASE_DIR}/testfile | 14 TEST_IMAGE_FILE=${TESTCASE_DIR}/testimage |
| 15 TEST_FILE_SIZE=500000 | 15 TEST_IMAGE_SIZE=500000 |
| 16 TEST_BOOTLOADER_FILE=${TESTCASE_DIR}/testbootloader |
| 17 TEST_BOOTLOADER_SIZE=50000 |
| 18 TEST_CONFIG_FILE=${TESTCASE_DIR}/testconfig |
| 19 # Config size must < 4096 |
| 20 TEST_CONFIG_SIZE=3000 |
| 16 | 21 |
| 17 # Generate public key signatures and digest on an input file for | |
| 18 # various combinations of message digest algorithms and RSA key sizes. | |
| 19 function generate_fuzzing_images { | 22 function generate_fuzzing_images { |
| 23 echo "Generating key blocks..." |
| 24 # Firmware key block - RSA8192/SHA512 root key, RSA4096/SHA512 firmware |
| 25 # signing key. |
| 26 ${UTIL_DIR}/vbutil_keyblock --pack ${TESTCASE_DIR}/firmware.keyblock \ |
| 27 --datapubkey ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk \ |
| 28 --signprivate ${TESTKEY_DIR}/key_rsa8192.pem \ |
| 29 --algorithm 11 |
| 30 |
| 31 # Kernel key block - RSA4096/SHA512 kernel signing subkey, RSA4096/SHA512 |
| 32 # kernel signing key. |
| 33 ${UTIL_DIR}/vbutil_keyblock --pack ${TESTCASE_DIR}/kernel.keyblock \ |
| 34 --datapubkey ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk \ |
| 35 --signprivate ${TESTKEY_DIR}/key_rsa4096.pem \ |
| 36 --flags 15 \ |
| 37 --algorithm 8 |
| 38 |
| 20 echo "Generating signed firmware test image..." | 39 echo "Generating signed firmware test image..." |
| 21 # Generate a test verified boot firmware image and copy root public key. | 40 ${UTIL_DIR}/vbutil_firmware \ |
| 22 ${UTIL_DIR}/firmware_utility --generate \ | 41 --vblock ${TESTCASE_DIR}/firmware.vblock \ |
| 23 --in $1 \ | 42 --keyblock ${TESTCASE_DIR}/firmware.keyblock\ |
| 24 --root_key ${TESTKEY_DIR}/key_rsa8192.pem \ | 43 --signprivate ${TESTKEY_DIR}/key_rsa4096.pem \ |
| 25 --firmware_sign_key ${TESTKEY_DIR}/key_rsa4096.pem \ | 44 --version 1 \ |
| 26 --firmware_sign_key_pub ${TESTKEY_DIR}/key_rsa4096.keyb \ | 45 --fv $1 \ |
| 27 --firmware_sign_algorithm 8 \ | 46 --kernelkey ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk |
| 28 --firmware_key_version 1 \ | 47 # TODO(gauravsh): ALso test with (optional) flags. |
| 29 --firmware_version 1 \ | 48 cp ${TESTKEY_DIR}/key_rsa8192.sha512.vbpubk ${TESTCASE_DIR}/root_key.vbpubk |
| 30 --out ${TESTCASE_DIR}/firmware.signed | |
| 31 cp ${TESTKEY_DIR}/key_rsa8192.keyb ${TESTCASE_DIR}/root_key.keyb | |
| 32 | 49 |
| 33 echo "Generating signed kernel test image..." | 50 echo "Generating signed kernel test image..." |
| 34 # Generate a test verified boot kernel image and copy firmware public key. | 51 ${UTIL_DIR}/vbutil_kernel \ |
| 35 ${UTIL_DIR}/kernel_utility --generate \ | 52 --pack ${TESTCASE_DIR}/kernel.vblock.image \ |
| 36 --firmware_key ${TESTKEY_DIR}/key_rsa4096.pem \ | 53 --keyblock ${TESTCASE_DIR}/kernel.keyblock \ |
| 37 --kernel_key ${TESTKEY_DIR}/key_rsa1024.pem \ | 54 --signprivate ${TESTKEY_DIR}/key_rsa4096.pem \ |
| 38 --kernel_key_pub ${TESTKEY_DIR}/key_rsa1024.keyb \ | 55 --version 1 \ |
| 39 --firmware_sign_algorithm 8 \ | 56 --vmlinuz ${TEST_IMAGE_FILE} \ |
| 40 --kernel_sign_algorithm 2 \ | 57 --bootloader ${TEST_BOOTLOADER_FILE} \ |
| 41 --kernel_key_version 1 \ | 58 --config ${TEST_CONFIG_FILE} |
| 42 --kernel_version 1 \ | 59 # TODO(gauravsh): Also test with (optional) padding. |
| 43 --vmlinuz /dev/null \ | 60 cp ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk \ |
| 44 --config /dev/null \ | 61 ${TESTCASE_DIR}/firmware_key.vbpubk |
| 45 --bootloader ${TEST_FILE} \ | |
| 46 --out ${TESTCASE_DIR}/kernel.signed | |
| 47 cp ${TESTKEY_DIR}/key_rsa4096.keyb ${TESTCASE_DIR}/firmware_key.keyb | |
| 48 } | 62 } |
| 49 | 63 |
| 50 function pre_work { | 64 function pre_work { |
| 51 # Generate a file to serve as random bytes for firmware/kernel contents. | 65 # Generate a file to serve as random bytes for firmware/kernel contents. |
| 52 # NOTE: The kernel and config file can't really be random, but the bootloader | 66 # NOTE: The kernel and config file can't really be random, but the bootloader |
| 53 # can. That's probably close enough. | 67 # can. That's probably close enough. |
| 54 echo "Generating test file..." | 68 echo "Generating test image file..." |
| 55 dd if=/dev/urandom of=${TEST_FILE} bs=${TEST_FILE_SIZE} count=1 | 69 dd if=/dev/urandom of=${TEST_IMAGE_FILE} bs=${TEST_IMAGE_SIZE} count=1 |
| 70 echo "Generating test bootloader file..." |
| 71 # TODO(gauravsh): Use a valid bootloader here? |
| 72 dd if=/dev/urandom of=${TEST_BOOTLOADER_FILE} bs=${TEST_BOOTLOADER_SIZE} \ |
| 73 count=1 |
| 74 echo "Generating test config file..." |
| 75 # TODO(gauravsh): Use a valid config file here? |
| 76 dd if=/dev/urandom of=${TEST_CONFIG_FILE} bs=${TEST_CONFIG_SIZE} count=1 |
| 56 } | 77 } |
| 78 |
| 57 mkdir -p ${TESTCASE_DIR} | 79 mkdir -p ${TESTCASE_DIR} |
| 58 pre_work | 80 pre_work |
| 59 check_test_keys | 81 check_test_keys |
| 60 generate_fuzzing_images ${TEST_FILE} | 82 generate_fuzzing_images ${TEST_IMAGE_FILE} |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2836036:
Rewrite gen_fuzz_test_cases.sh script to use new signing utilities. (Closed)
Base URL: ssh://git@chromiumos-git/vboot_reference.git