File: test_create.sh

package info (click to toggle)
vboot-utils 0~R106-15054.B%2Bdfsg-0.1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 28,592 kB
  • sloc: ansic: 48,956; sh: 9,637; makefile: 1,006; pascal: 77; python: 61
file content (69 lines) | stat: -rwxr-xr-x 2,430 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
#!/bin/bash -eux
# Copyright 2015 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

me=${0##*/}
TMP="$me.tmp"

# Work in scratch directory
cd "$OUTDIR"

# Current vb1 keys, including original .pem files.
TESTKEYS=${SRCDIR}/tests/testkeys

# Demonstrate that we can recreate the same vb1 keys without the .keyb files
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
  for hash in sha1 sha256 sha512; do
    "${FUTILITY}" --vb1 create --hash_alg "${hash}" \
      "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
    cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \
      "${TMP}_key_${sig}.${hash}.vbprivk"
    cmp "${TESTKEYS}/key_${sig}.${hash}.vbpubk" \
      "${TMP}_key_${sig}.${hash}.vbpubk"
  done
done


# Demonstrate that we can create some vb21 keypairs. This doesn't prove
# prove anything until we've used them to sign some stuff, though.
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
  for hash in sha1 sha256 sha512; do
    "${FUTILITY}" --vb21 create --hash_alg "${hash}" \
      "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
  done
done

# Demonstrate that the sha1sums are the same for all the keys created from the
# same .pem files, both public and private, vb1 and vb21.
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
  pem_sum=$("${FUTILITY}" show "${TESTKEYS}/key_${sig}.pem" |
    awk '/sha1sum/ {print $3}')
  # expect only one
  [ "$(echo "$pem_sum" | wc -w)" = 1 ]
  num_keys=$(echo "${TMP}_key_${sig}".* | wc -w)
  key_sums=$("${FUTILITY}" show "${TMP}_key_${sig}".* |
    awk '/sha1sum:|ID:/ {print $NF}')
  num_sums=$(echo "$key_sums" | wc -w)
  # expect one sha1sum (or ID) line per file
  [ "$num_keys" = "$num_sums" ]
  uniq_sums=$(echo "$key_sums" | uniq)
  # note that this also tests that all the key_sums are the same
  [ "$pem_sum" = "$uniq_sums" ]
done

# Demonstrate that we can create some vb21 public key from PEM containing
# only the pubkeypairs and verify it's the same as the one generated from
# the private key.
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
  for hash in sha1 sha256 sha512; do
    "${FUTILITY}" --vb21 create --hash_alg "${hash}" \
      "${TESTKEYS}/key_${sig}.pub.pem" "${TMP}_key_${sig}.pubonly.${hash}"
    cmp "${TMP}_key_${sig}.pubonly.${hash}.vbpubk2" \
      "${TMP}_key_${sig}.${hash}.vbpubk2"
  done
done

# cleanup
rm -rf "${TMP}"*
exit 0