xref: /aosp_15_r20/external/vboot_reference/tests/futility/test_create.sh (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1#!/bin/bash -eux
2# Copyright 2015 The ChromiumOS Authors
3# Use of this source code is governed by a BSD-style license that can be
4# found in the LICENSE file.
5
6me=${0##*/}
7TMP="$me.tmp"
8
9# Work in scratch directory
10cd "$OUTDIR"
11
12# Current vb1 keys, including original .pem files.
13TESTKEYS=${SRCDIR}/tests/testkeys
14
15# Demonstrate that we can recreate the same vb1 keys without the .keyb files
16for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
17  for hash in sha1 sha256 sha512; do
18    "${FUTILITY}" --vb1 create --hash_alg "${hash}" \
19      "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
20    cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \
21      "${TMP}_key_${sig}.${hash}.vbprivk"
22    cmp "${TESTKEYS}/key_${sig}.${hash}.vbpubk" \
23      "${TMP}_key_${sig}.${hash}.vbpubk"
24  done
25done
26
27
28# Demonstrate that we can create some vb21 keypairs. This doesn't prove
29# prove anything until we've used them to sign some stuff, though.
30for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
31  for hash in sha1 sha256 sha512; do
32    "${FUTILITY}" --vb21 create --hash_alg "${hash}" \
33      "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
34  done
35done
36
37# Demonstrate that the sha1sums are the same for all the keys created from the
38# same .pem files, both public and private, vb1 and vb21.
39for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
40  pem_sum=$("${FUTILITY}" show "${TESTKEYS}/key_${sig}.pem" |
41    awk '/sha1sum/ {print $3}')
42  # expect only one
43  [ "$(echo "$pem_sum" | wc -w)" = 1 ]
44  num_keys=$(echo "${TMP}_key_${sig}".* | wc -w)
45  key_sums=$("${FUTILITY}" show "${TMP}_key_${sig}".* |
46    awk '/sha1sum:|ID:/ {print $NF}')
47  num_sums=$(echo "$key_sums" | wc -w)
48  # expect one sha1sum (or ID) line per file
49  [ "$num_keys" = "$num_sums" ]
50  uniq_sums=$(echo "$key_sums" | uniq)
51  # note that this also tests that all the key_sums are the same
52  [ "$pem_sum" = "$uniq_sums" ]
53done
54
55# Demonstrate that we can create some vb21 public key from PEM containing
56# only the pubkeypairs and verify it's the same as the one generated from
57# the private key.
58for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
59  for hash in sha1 sha256 sha512; do
60    "${FUTILITY}" --vb21 create --hash_alg "${hash}" \
61      "${TESTKEYS}/key_${sig}.pub.pem" "${TMP}_key_${sig}.pubonly.${hash}"
62    cmp "${TMP}_key_${sig}.pubonly.${hash}.vbpubk2" \
63      "${TMP}_key_${sig}.${hash}.vbpubk2"
64  done
65done
66
67# cleanup
68rm -rf "${TMP}"*
69exit 0
70