1*8617a60dSAndroid Build Coastguard Worker#!/bin/bash -eux 2*8617a60dSAndroid Build Coastguard Worker# Copyright 2017 The ChromiumOS Authors 3*8617a60dSAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 4*8617a60dSAndroid Build Coastguard Worker# found in the LICENSE file. 5*8617a60dSAndroid Build Coastguard Worker 6*8617a60dSAndroid Build Coastguard Workerme=${0##*/} 7*8617a60dSAndroid Build Coastguard WorkerTMP="$me.tmp" 8*8617a60dSAndroid Build Coastguard Worker 9*8617a60dSAndroid Build Coastguard Worker# Work in scratch directory 10*8617a60dSAndroid Build Coastguard Workercd "$OUTDIR" 11*8617a60dSAndroid Build Coastguard Worker 12*8617a60dSAndroid Build Coastguard WorkerDATADIR="${SCRIPT_DIR}/futility/data" 13*8617a60dSAndroid Build Coastguard WorkerTESTKEYS="${SRCDIR}/tests/testkeys" 14*8617a60dSAndroid Build Coastguard Worker 15*8617a60dSAndroid Build Coastguard WorkerSIGS="1024 2048 2048_exp3 3072_exp3 4096 8192" 16*8617a60dSAndroid Build Coastguard WorkerHASHES="SHA1 SHA256 SHA512" 17*8617a60dSAndroid Build Coastguard WorkerEC_RW="EC_RW.bin" 18*8617a60dSAndroid Build Coastguard Worker 19*8617a60dSAndroid Build Coastguard Workerset -o pipefail 20*8617a60dSAndroid Build Coastguard Worker 21*8617a60dSAndroid Build Coastguard Workerinfile="${DATADIR}/hammer_dev.bin" 22*8617a60dSAndroid Build Coastguard Workeroutfile="${TMP}.hammer_dev.bin" 23*8617a60dSAndroid Build Coastguard Workerecrw_out="${TMP}.ec_rw.bin" 24*8617a60dSAndroid Build Coastguard Workercp "${infile}" "${outfile}" 25*8617a60dSAndroid Build Coastguard Worker 26*8617a60dSAndroid Build Coastguard Worker"${FUTILITY}" sign --type rwsig --version 2 \ 27*8617a60dSAndroid Build Coastguard Worker --ecrw_out "${ecrw_out}" "${outfile}" 28*8617a60dSAndroid Build Coastguard Workercmp "${infile}" "${outfile}" 29*8617a60dSAndroid Build Coastguard Workercmp "${ecrw_out}" "${DATADIR}/${EC_RW}" 30*8617a60dSAndroid Build Coastguard Worker 31*8617a60dSAndroid Build Coastguard Workerfor s in $SIGS; do 32*8617a60dSAndroid Build Coastguard Worker echo -n "$s " 1>&3 33*8617a60dSAndroid Build Coastguard Worker 34*8617a60dSAndroid Build Coastguard Worker for h in $HASHES; do 35*8617a60dSAndroid Build Coastguard Worker pemfile=${TESTKEYS}/key_rsa${s}.pem 36*8617a60dSAndroid Build Coastguard Worker outkeys=${TMP}.${s}_${h} 37*8617a60dSAndroid Build Coastguard Worker outfile=${TMP}.${s}_${h}.bin 38*8617a60dSAndroid Build Coastguard Worker 39*8617a60dSAndroid Build Coastguard Worker "${FUTILITY}" create --desc "Test key" --hash_alg "${h}" \ 40*8617a60dSAndroid Build Coastguard Worker "${pemfile}" "${outkeys}" 41*8617a60dSAndroid Build Coastguard Worker 42*8617a60dSAndroid Build Coastguard Worker # The input file should be correctly signed to start with 43*8617a60dSAndroid Build Coastguard Worker "${FUTILITY}" show --type rwsig "${infile}" 44*8617a60dSAndroid Build Coastguard Worker 45*8617a60dSAndroid Build Coastguard Worker # Using the wrong key to verify it should fail 46*8617a60dSAndroid Build Coastguard Worker if "${FUTILITY}" show --type rwsig --pubkey "${outkeys}.vbpubk2" \ 47*8617a60dSAndroid Build Coastguard Worker "${infile}"; then 48*8617a60dSAndroid Build Coastguard Worker exit 1 49*8617a60dSAndroid Build Coastguard Worker fi 50*8617a60dSAndroid Build Coastguard Worker 51*8617a60dSAndroid Build Coastguard Worker cp "${infile}" "${outfile}" 52*8617a60dSAndroid Build Coastguard Worker 53*8617a60dSAndroid Build Coastguard Worker # Sign ec.bin with a new private key 54*8617a60dSAndroid Build Coastguard Worker "${FUTILITY}" sign --type rwsig --prikey "${outkeys}.vbprik2" \ 55*8617a60dSAndroid Build Coastguard Worker --version 2 --ecrw_out "${ecrw_out}" "${outfile}" 56*8617a60dSAndroid Build Coastguard Worker [[ -e "${ecrw_out}" ]] 57*8617a60dSAndroid Build Coastguard Worker 58*8617a60dSAndroid Build Coastguard Worker "${FUTILITY}" show --type rwsig --pubkey "${outkeys}.vbpubk2" \ 59*8617a60dSAndroid Build Coastguard Worker "${outfile}" 60*8617a60dSAndroid Build Coastguard Worker "${FUTILITY}" show --type rwsig "${outfile}" 61*8617a60dSAndroid Build Coastguard Worker done 62*8617a60dSAndroid Build Coastguard Workerdone 63*8617a60dSAndroid Build Coastguard Worker 64*8617a60dSAndroid Build Coastguard Worker# cleanup 65*8617a60dSAndroid Build Coastguard Workerrm -rf "${TMP}"* 66*8617a60dSAndroid Build Coastguard Workerexit 0 67