1*8617a60dSAndroid Build Coastguard Worker#!/bin/bash -eux 2*8617a60dSAndroid Build Coastguard Worker# Copyright 2015 The ChromiumOS Authors 3*8617a60dSAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 4*8617a60dSAndroid Build Coastguard Worker# found in the LICENSE file. 5*8617a60dSAndroid Build Coastguard Worker 6*8617a60dSAndroid Build Coastguard Workerme=${0##*/} 7*8617a60dSAndroid Build Coastguard WorkerTMP="$me.tmp" 8*8617a60dSAndroid Build Coastguard Worker 9*8617a60dSAndroid Build Coastguard Worker# Work in scratch directory 10*8617a60dSAndroid Build Coastguard Workercd "$OUTDIR" 11*8617a60dSAndroid Build Coastguard Worker 12*8617a60dSAndroid Build Coastguard Worker# Current vb1 keys, including original .pem files. 13*8617a60dSAndroid Build Coastguard WorkerTESTKEYS=${SRCDIR}/tests/testkeys 14*8617a60dSAndroid Build Coastguard Worker 15*8617a60dSAndroid Build Coastguard Worker# Demonstrate that we can recreate the same vb1 keys without the .keyb files 16*8617a60dSAndroid Build Coastguard Workerfor sig in rsa1024 rsa2048 rsa4096 rsa8192; do 17*8617a60dSAndroid Build Coastguard Worker for hash in sha1 sha256 sha512; do 18*8617a60dSAndroid Build Coastguard Worker "${FUTILITY}" --vb1 create --hash_alg "${hash}" \ 19*8617a60dSAndroid Build Coastguard Worker "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}" 20*8617a60dSAndroid Build Coastguard Worker cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \ 21*8617a60dSAndroid Build Coastguard Worker "${TMP}_key_${sig}.${hash}.vbprivk" 22*8617a60dSAndroid Build Coastguard Worker cmp "${TESTKEYS}/key_${sig}.${hash}.vbpubk" \ 23*8617a60dSAndroid Build Coastguard Worker "${TMP}_key_${sig}.${hash}.vbpubk" 24*8617a60dSAndroid Build Coastguard Worker done 25*8617a60dSAndroid Build Coastguard Workerdone 26*8617a60dSAndroid Build Coastguard Worker 27*8617a60dSAndroid Build Coastguard Worker 28*8617a60dSAndroid Build Coastguard Worker# Demonstrate that we can create some vb21 keypairs. This doesn't prove 29*8617a60dSAndroid Build Coastguard Worker# prove anything until we've used them to sign some stuff, though. 30*8617a60dSAndroid Build Coastguard Workerfor sig in rsa1024 rsa2048 rsa4096 rsa8192; do 31*8617a60dSAndroid Build Coastguard Worker for hash in sha1 sha256 sha512; do 32*8617a60dSAndroid Build Coastguard Worker "${FUTILITY}" --vb21 create --hash_alg "${hash}" \ 33*8617a60dSAndroid Build Coastguard Worker "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}" 34*8617a60dSAndroid Build Coastguard Worker done 35*8617a60dSAndroid Build Coastguard Workerdone 36*8617a60dSAndroid Build Coastguard Worker 37*8617a60dSAndroid Build Coastguard Worker# Demonstrate that the sha1sums are the same for all the keys created from the 38*8617a60dSAndroid Build Coastguard Worker# same .pem files, both public and private, vb1 and vb21. 39*8617a60dSAndroid Build Coastguard Workerfor sig in rsa1024 rsa2048 rsa4096 rsa8192; do 40*8617a60dSAndroid Build Coastguard Worker pem_sum=$("${FUTILITY}" show "${TESTKEYS}/key_${sig}.pem" | 41*8617a60dSAndroid Build Coastguard Worker awk '/sha1sum/ {print $3}') 42*8617a60dSAndroid Build Coastguard Worker # expect only one 43*8617a60dSAndroid Build Coastguard Worker [ "$(echo "$pem_sum" | wc -w)" = 1 ] 44*8617a60dSAndroid Build Coastguard Worker num_keys=$(echo "${TMP}_key_${sig}".* | wc -w) 45*8617a60dSAndroid Build Coastguard Worker key_sums=$("${FUTILITY}" show "${TMP}_key_${sig}".* | 46*8617a60dSAndroid Build Coastguard Worker awk '/sha1sum:|ID:/ {print $NF}') 47*8617a60dSAndroid Build Coastguard Worker num_sums=$(echo "$key_sums" | wc -w) 48*8617a60dSAndroid Build Coastguard Worker # expect one sha1sum (or ID) line per file 49*8617a60dSAndroid Build Coastguard Worker [ "$num_keys" = "$num_sums" ] 50*8617a60dSAndroid Build Coastguard Worker uniq_sums=$(echo "$key_sums" | uniq) 51*8617a60dSAndroid Build Coastguard Worker # note that this also tests that all the key_sums are the same 52*8617a60dSAndroid Build Coastguard Worker [ "$pem_sum" = "$uniq_sums" ] 53*8617a60dSAndroid Build Coastguard Workerdone 54*8617a60dSAndroid Build Coastguard Worker 55*8617a60dSAndroid Build Coastguard Worker# Demonstrate that we can create some vb21 public key from PEM containing 56*8617a60dSAndroid Build Coastguard Worker# only the pubkeypairs and verify it's the same as the one generated from 57*8617a60dSAndroid Build Coastguard Worker# the private key. 58*8617a60dSAndroid Build Coastguard Workerfor sig in rsa1024 rsa2048 rsa4096 rsa8192; do 59*8617a60dSAndroid Build Coastguard Worker for hash in sha1 sha256 sha512; do 60*8617a60dSAndroid Build Coastguard Worker "${FUTILITY}" --vb21 create --hash_alg "${hash}" \ 61*8617a60dSAndroid Build Coastguard Worker "${TESTKEYS}/key_${sig}.pub.pem" "${TMP}_key_${sig}.pubonly.${hash}" 62*8617a60dSAndroid Build Coastguard Worker cmp "${TMP}_key_${sig}.pubonly.${hash}.vbpubk2" \ 63*8617a60dSAndroid Build Coastguard Worker "${TMP}_key_${sig}.${hash}.vbpubk2" 64*8617a60dSAndroid Build Coastguard Worker done 65*8617a60dSAndroid Build Coastguard Workerdone 66*8617a60dSAndroid Build Coastguard Worker 67*8617a60dSAndroid Build Coastguard Worker# cleanup 68*8617a60dSAndroid Build Coastguard Workerrm -rf "${TMP}"* 69*8617a60dSAndroid Build Coastguard Workerexit 0 70