Accueil Explorer Aide
Connexion
seokj
/
vboot
Suivre 1
Voter 0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: a609478d1a
Branches Tags
vboot
/
tests
/
futility
/
test_create.sh

test_create.sh 2.4 KB
Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. #!/bin/bash -eux
    2. 

  2. # Copyright 2015 The Chromium OS Authors. All rights reserved.
    3. 

  3. # Use of this source code is governed by a BSD-style license that can be
    4. 

  4. # found in the LICENSE file.
    5. 

  5. 

  6. me=${0##*/}
    7. 

  7. TMP="$me.tmp"
    8. 

  8. 

  9. # Work in scratch directory
    10. 

  10. cd "$OUTDIR"
    11. 

  11. 

  12. # Current vb1 keys, including original .pem files.
    13. 

  13. TESTKEYS=${SRCDIR}/tests/testkeys
    14. 

  14. 

  15. # Demonstrate that we can recreate the same vb1 keys without the .keyb files
    16. 

  16. for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
    17. 

  17.   for hash in sha1 sha256 sha512; do
    18. 

  18.     ${FUTILITY} --vb1 create --hash_alg "${hash}" \
    19. 

  19.       "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
    20. 

  20.     cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \
    21. 

  21.       "${TMP}_key_${sig}.${hash}.vbprivk"
    22. 

  22.     cmp "${TESTKEYS}/key_${sig}.${hash}.vbpubk" \
    23. 

  23.       "${TMP}_key_${sig}.${hash}.vbpubk"
    24. 

  24.   done
    25. 

  25. done
    26. 

  26. 

  27. 

  28. # Demonstrate that we can create some vb21 keypairs. This doesn't prove
    29. 

  29. # prove anything until we've used them to sign some stuff, though.
    30. 

  30. for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
    31. 

  31.   for hash in sha1 sha256 sha512; do
    32. 

  32.     ${FUTILITY} --vb21 create --hash_alg "${hash}" \
    33. 

  33.       "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
    34. 

  34.   done
    35. 

  35. done
    36. 

  36. 

  37. # Demonstrate that the sha1sums are the same for all the keys created from the
    38. 

  38. # same .pem files, both public and private, vb1 and vb21.
    39. 

  39. for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
    40. 

  40.   pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" |
    41. 

  41.     awk '/sha1sum/ {print $3}')
    42. 

  42.   # expect only one
    43. 

  43.   [ $(echo "$pem_sum" | wc -w) = 1 ]
    44. 

  44.   num_keys=$(echo ${TMP}_key_${sig}.* | wc -w)
    45. 

  45.   key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* |
    46. 

  46.     awk '/sha1sum:|ID:/ {print $NF}')
    47. 

  47.   num_sums=$(echo "$key_sums" | wc -w)
    48. 

  48.   # expect one sha1sum (or ID) line per file
    49. 

  49.   [ "$num_keys" = "$num_sums" ]
    50. 

  50.   uniq_sums=$(echo "$key_sums" | uniq)
    51. 

  51.   # note that this also tests that all the key_sums are the same
    52. 

  52.   [ "$pem_sum" = "$uniq_sums" ]
    53. 

  53. done
    54. 

  54. 

  55. # Demonstrate that we can create some vb21 public key from PEM containing
    56. 

  56. # only the pubkeypairs and verify it's the same as the one generated from
    57. 

  57. # the private key.
    58. 

  58. for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
    59. 

  59.   for hash in sha1 sha256 sha512; do
    60. 

  60.     ${FUTILITY} --vb21 create --hash_alg "${hash}" \
    61. 

  61.       "${TESTKEYS}/key_${sig}.pub.pem" "${TMP}_key_${sig}.pubonly.${hash}"
    62. 

  62.     cmp "${TMP}_key_${sig}.pubonly.${hash}.vbpubk2" \
    63. 

  63.       "${TMP}_key_${sig}.${hash}.vbpubk2"
    64. 

  64.   done
    65. 

  65. done
    66. 

  66. 

  67. # cleanup
    68. 

  68. rm -rf ${TMP}*
    69. 

  69. exit 0
    70. 

  70.