OLD | NEW |
1 #!/bin/bash | 1 #!/bin/bash |
2 | 2 |
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # Run verified boot firmware and kernel verification tests. | 7 # Run verified boot firmware and kernel verification tests. |
8 | 8 |
9 # Load common constants and variables. | 9 # Load common constants and variables. |
10 . "$(dirname "$0")/common.sh" | 10 . "$(dirname "$0")/common.sh" |
11 | 11 |
12 return_code=0 | 12 return_code=0 |
13 | 13 |
14 function test_vbutil_key { | 14 function test_vbutil_key { |
15 algorithmcounter=0 | 15 algorithmcounter=0 |
16 for keylen in ${key_lengths[@]} | 16 for keylen in ${key_lengths[@]} |
17 do | 17 do |
18 for hashalgo in ${hash_algos[@]} | 18 for hashalgo in ${hash_algos[@]} |
19 do | 19 do |
20 echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" | 20 echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" |
21 # Pack the key | 21 # Pack the key |
22 ${UTIL_DIR}/vbutil_key --pack \ | 22 ${UTIL_DIR}/vbutil_key \ |
23 --in ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ | 23 --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk \ |
24 --out ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk \ | 24 --key ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ |
25 --version 1 \ | 25 --version 1 \ |
26 --algorithm $algorithmcounter | 26 --algorithm $algorithmcounter |
27 if [ $? -ne 0 ] | 27 if [ $? -ne 0 ] |
28 then | 28 then |
29 return_code=255 | 29 return_code=255 |
30 fi | 30 fi |
31 | 31 |
32 # Unpack the key | 32 # Unpack the key |
33 # TODO: should verify we get the same key back out? | 33 # TODO: should verify we get the same key back out? |
34 ${UTIL_DIR}/vbutil_key --unpack \ | 34 ${UTIL_DIR}/vbutil_key \ |
35 --in ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk | 35 --unpack ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk |
36 if [ $? -ne 0 ] | 36 if [ $? -ne 0 ] |
37 then | 37 then |
38 return_code=255 | 38 return_code=255 |
39 fi | 39 fi |
40 | 40 |
41 let algorithmcounter=algorithmcounter+1 | 41 let algorithmcounter=algorithmcounter+1 |
42 done | 42 done |
43 done | 43 done |
44 } | 44 } |
45 | 45 |
(...skipping 15 matching lines...) Expand all Loading... |
61 echo -e "For ${COL_YELLOW}signing algorithm \ | 61 echo -e "For ${COL_YELLOW}signing algorithm \ |
62 RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \ | 62 RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \ |
63 and ${COL_YELLOW}data key algorithm RSA-${datakeylen}/\ | 63 and ${COL_YELLOW}data key algorithm RSA-${datakeylen}/\ |
64 ${datahashalgo}${COL_STOP}" | 64 ${datahashalgo}${COL_STOP}" |
65 # Remove old file | 65 # Remove old file |
66 keyblockfile="${TESTKEY_SCRATCH_DIR}/" | 66 keyblockfile="${TESTKEY_SCRATCH_DIR}/" |
67 keyblockfile+="sign${signing_algorithmcounter}_data" | 67 keyblockfile+="sign${signing_algorithmcounter}_data" |
68 keyblockfile+="${data_algorithmcounter}.keyblock" | 68 keyblockfile+="${data_algorithmcounter}.keyblock" |
69 rm -f ${keyblockfile} | 69 rm -f ${keyblockfile} |
70 | 70 |
| 71 # Wrap |
| 72 ${UTIL_DIR}/vbutil_key \ |
| 73 --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbprivk \ |
| 74 --key ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ |
| 75 --algorithm $signing_algorithmcounter |
| 76 if [ $? -ne 0 ] |
| 77 then |
| 78 return_code=255 |
| 79 fi |
| 80 |
71 # Pack | 81 # Pack |
72 ${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \ | 82 ${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \ |
73 --datapubkey \ | 83 --datapubkey \ |
74 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ | 84 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ |
75 --signprivate ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ | 85 --signprivate \ |
76 --algorithm $signing_algorithmcounter | 86 ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbprivk |
77 if [ $? -ne 0 ] | 87 if [ $? -ne 0 ] |
78 then | 88 then |
79 return_code=255 | 89 return_code=255 |
80 fi | 90 fi |
81 | 91 |
82 # Unpack | 92 # Unpack |
83 ${UTIL_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ | 93 ${UTIL_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ |
84 --signpubkey \ | 94 --signpubkey \ |
85 ${TESTKEY_SCRATCH_DIR}/key_alg${signing_algorithmcounter}.vbpubk | 95 ${TESTKEY_SCRATCH_DIR}/key_alg${signing_algorithmcounter}.vbpubk |
86 # TODO: check data key against the packed one? | 96 # TODO: check data key against the packed one? |
(...skipping 17 matching lines...) Expand all Loading... |
104 echo "Testing vbutil_key..." | 114 echo "Testing vbutil_key..." |
105 test_vbutil_key | 115 test_vbutil_key |
106 | 116 |
107 echo | 117 echo |
108 echo "Testing vbutil_keyblock..." | 118 echo "Testing vbutil_keyblock..." |
109 test_vbutil_keyblock | 119 test_vbutil_keyblock |
110 | 120 |
111 | 121 |
112 exit $return_code | 122 exit $return_code |
113 | 123 |
OLD | NEW |