OLD | NEW |
1 #!/bin/bash | 1 #!/bin/bash |
2 | 2 |
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # Run verified boot firmware and kernel verification tests. | 7 # Run verified boot firmware and kernel verification tests. |
8 | 8 |
9 # Load common constants and variables. | 9 # Load common constants and variables. |
10 . "$(dirname "$0")/common.sh" | 10 . "$(dirname "$0")/common.sh" |
11 | 11 |
12 return_code=0 | 12 return_code=0 |
13 | 13 |
14 function test_vbutil_key { | 14 function test_vbutil_key { |
15 algorithmcounter=0 | 15 algorithmcounter=0 |
16 for keylen in ${key_lengths[@]} | 16 for keylen in ${key_lengths[@]} |
17 do | 17 do |
18 for hashalgo in ${hash_algos[@]} | 18 for hashalgo in ${hash_algos[@]} |
19 do | 19 do |
20 echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" | 20 echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" |
21 # Pack the key | 21 # Pack the key |
22 ${UTIL_DIR}/vbutil_key --pack \ | 22 ${UTIL_DIR}/vbutil_key --pack \ |
23 --in ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ | 23 --in ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ |
24 --out ${TESTKEY_DIR}/key_alg${algorithmcounter}.vbpubk \ | 24 --out ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk \ |
25 --version 1 \ | 25 --version 1 \ |
26 --algorithm $algorithmcounter | 26 --algorithm $algorithmcounter |
27 if [ $? -ne 0 ] | 27 if [ $? -ne 0 ] |
28 then | 28 then |
29 return_code=255 | 29 return_code=255 |
30 fi | 30 fi |
31 | 31 |
32 # Unpack the key | 32 # Unpack the key |
33 # TODO: should verify we get the same key back out? | 33 # TODO: should verify we get the same key back out? |
34 ${UTIL_DIR}/vbutil_key --unpack \ | 34 ${UTIL_DIR}/vbutil_key --unpack \ |
35 --in ${TESTKEY_DIR}/key_alg${algorithmcounter}.vbpubk | 35 --in ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk |
36 if [ $? -ne 0 ] | 36 if [ $? -ne 0 ] |
37 then | 37 then |
38 return_code=255 | 38 return_code=255 |
39 fi | 39 fi |
40 | 40 |
41 let algorithmcounter=algorithmcounter+1 | 41 let algorithmcounter=algorithmcounter+1 |
42 done | 42 done |
43 done | 43 done |
44 } | 44 } |
45 | 45 |
(...skipping 10 matching lines...) Expand all Loading... |
56 let data_algorithmcounter=0 | 56 let data_algorithmcounter=0 |
57 for datakeylen in ${key_lengths[@]} | 57 for datakeylen in ${key_lengths[@]} |
58 do | 58 do |
59 for datahashalgo in ${hash_algos[@]} | 59 for datahashalgo in ${hash_algos[@]} |
60 do | 60 do |
61 echo -e "For ${COL_YELLOW}signing algorithm \ | 61 echo -e "For ${COL_YELLOW}signing algorithm \ |
62 RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \ | 62 RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \ |
63 and ${COL_YELLOW}data key algorithm RSA-${datakeylen}/\ | 63 and ${COL_YELLOW}data key algorithm RSA-${datakeylen}/\ |
64 ${datahashalgo}${COL_STOP}" | 64 ${datahashalgo}${COL_STOP}" |
65 # Remove old file | 65 # Remove old file |
66 keyblockfile=${TESTKEY_DIR}/sign${signing_algorithmcounter}_data${data
_algorithmcounter}.keyblock | 66 keyblockfile="${TESTKEY_SCRATCH_DIR}/" |
| 67 keyblockfile+="sign${signing_algorithmcounter}_data" |
| 68 keyblockfile+="${data_algorithmcounter}.keyblock" |
67 rm -f ${keyblockfile} | 69 rm -f ${keyblockfile} |
68 | 70 |
69 # Pack | 71 # Pack |
70 ${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \ | 72 ${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \ |
71 --datapubkey \ | 73 --datapubkey \ |
72 ${TESTKEY_DIR}/key_alg${data_algorithmcounter}.vbpubk \ | 74 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ |
73 --signprivate ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ | 75 --signprivate ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ |
74 --algorithm $signing_algorithmcounter | 76 --algorithm $signing_algorithmcounter |
75 if [ $? -ne 0 ] | 77 if [ $? -ne 0 ] |
76 then | 78 then |
77 return_code=255 | 79 return_code=255 |
78 fi | 80 fi |
79 | 81 |
80 # Unpack | 82 # Unpack |
81 ${UTIL_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ | 83 ${UTIL_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ |
82 --signpubkey \ | 84 --signpubkey \ |
83 ${TESTKEY_DIR}/key_alg${signing_algorithmcounter}.vbpubk | 85 ${TESTKEY_SCRATCH_DIR}/key_alg${signing_algorithmcounter}.vbpubk |
84 # TODO: check data key against the packed one? | 86 # TODO: check data key against the packed one? |
85 if [ $? -ne 0 ] | 87 if [ $? -ne 0 ] |
86 then | 88 then |
87 return_code=255 | 89 return_code=255 |
88 fi | 90 fi |
89 | 91 |
90 let data_algorithmcounter=data_algorithmcounter+1 | 92 let data_algorithmcounter=data_algorithmcounter+1 |
91 done | 93 done |
92 done | 94 done |
93 let signing_algorithmcounter=signing_algorithmcounter+1 | 95 let signing_algorithmcounter=signing_algorithmcounter+1 |
94 done | 96 done |
95 done | 97 done |
96 } | 98 } |
97 | 99 |
98 | 100 |
99 check_test_keys | 101 check_test_keys |
100 | 102 |
101 echo | 103 echo |
102 echo "Testing vbutil_key..." | 104 echo "Testing vbutil_key..." |
103 test_vbutil_key | 105 test_vbutil_key |
104 | 106 |
105 echo | 107 echo |
106 echo "Testing vbutil_keyblock..." | 108 echo "Testing vbutil_keyblock..." |
107 test_vbutil_keyblock | 109 test_vbutil_keyblock |
108 | 110 |
109 | 111 |
110 exit $return_code | 112 exit $return_code |
111 | 113 |
OLD | NEW |