1#!/bin/bash -eux 2# Copyright 2017 The ChromiumOS Authors 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5 6me=${0##*/} 7TMP="$me.tmp" 8 9# Work in scratch directory 10cd "$OUTDIR" 11 12DATADIR="${SCRIPT_DIR}/futility/data" 13TESTKEYS="${SRCDIR}/tests/testkeys" 14 15SIGS="1024 2048 2048_exp3 3072_exp3 4096 8192" 16HASHES="SHA1 SHA256 SHA512" 17EC_RW="EC_RW.bin" 18 19set -o pipefail 20 21infile="${DATADIR}/hammer_dev.bin" 22outfile="${TMP}.hammer_dev.bin" 23ecrw_out="${TMP}.ec_rw.bin" 24cp "${infile}" "${outfile}" 25 26"${FUTILITY}" sign --type rwsig --version 2 \ 27 --ecrw_out "${ecrw_out}" "${outfile}" 28cmp "${infile}" "${outfile}" 29cmp "${ecrw_out}" "${DATADIR}/${EC_RW}" 30 31for s in $SIGS; do 32 echo -n "$s " 1>&3 33 34 for h in $HASHES; do 35 pemfile=${TESTKEYS}/key_rsa${s}.pem 36 outkeys=${TMP}.${s}_${h} 37 outfile=${TMP}.${s}_${h}.bin 38 39 "${FUTILITY}" create --desc "Test key" --hash_alg "${h}" \ 40 "${pemfile}" "${outkeys}" 41 42 # The input file should be correctly signed to start with 43 "${FUTILITY}" show --type rwsig "${infile}" 44 45 # Using the wrong key to verify it should fail 46 if "${FUTILITY}" show --type rwsig --pubkey "${outkeys}.vbpubk2" \ 47 "${infile}"; then 48 exit 1 49 fi 50 51 cp "${infile}" "${outfile}" 52 53 # Sign ec.bin with a new private key 54 "${FUTILITY}" sign --type rwsig --prikey "${outkeys}.vbprik2" \ 55 --version 2 --ecrw_out "${ecrw_out}" "${outfile}" 56 [[ -e "${ecrw_out}" ]] 57 58 "${FUTILITY}" show --type rwsig --pubkey "${outkeys}.vbpubk2" \ 59 "${outfile}" 60 "${FUTILITY}" show --type rwsig "${outfile}" 61 done 62done 63 64# cleanup 65rm -rf "${TMP}"* 66exit 0 67