1#!/bin/bash 2 3# Copyright 2010 The ChromiumOS Authors 4# Use of this source code is governed by a BSD-style license that can be 5# found in the LICENSE file. 6 7# Generate test cases for use for the RSA verify benchmark. 8 9set -e 10 11# Load common constants and variables. 12. "$(dirname "$0")/common.sh" 13 14# Use a different directory for fuzzing test cases. 15TESTKEY_DIR=${TESTKEY_DIR:-$(realpath "${SCRIPT_DIR}"/../tests/testkeys)} 16TESTCASE_DIR=${BUILD_RUN}/fuzz_testcases 17TEST_IMAGE_FILE=${TESTCASE_DIR}/testimage 18TEST_IMAGE_SIZE=500000 19TEST_BOOTLOADER_FILE=${TESTCASE_DIR}/testbootloader 20TEST_BOOTLOADER_SIZE=50000 21TEST_CONFIG_FILE=${TESTCASE_DIR}/testconfig 22# Config size must < 4096 23TEST_CONFIG_SIZE=3000 24 25function generate_fuzzing_images { 26 echo "Generating keyblocks..." 27 # Firmware keyblock - RSA8192/SHA512 root key, RSA4096/SHA512 firmware 28 # signing key. 29 "${FUTILITY}" vbutil_keyblock \ 30 --pack "${TESTCASE_DIR}/firmware.keyblock" \ 31 --datapubkey "${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk" \ 32 --signprivate "${TESTKEY_DIR}/key_rsa8192.sha1.vbprivk" 33 34 # Kernel keyblock - RSA4096/SHA512 kernel signing subkey, RSA4096/SHA512 35 # kernel signing key. 36 "${FUTILITY}" vbutil_keyblock \ 37 --pack "${TESTCASE_DIR}/kernel.keyblock" \ 38 --datapubkey "${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk" \ 39 --signprivate "${TESTKEY_DIR}/key_rsa4096.sha1.vbprivk" \ 40 --flags 15 41 42 echo "Generating signed firmware test image..." 43 "${FUTILITY}" sign \ 44 --signprivate "${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk" \ 45 --keyblock "${TESTCASE_DIR}/firmware.keyblock" \ 46 --kernelkey "${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk" \ 47 --version 1 \ 48 --fv "$1" \ 49 --outfile "${TESTCASE_DIR}/firmware.vblock" 50 # TODO(gauravsh): ALso test with (optional) flags. 51 cp "${TESTKEY_DIR}/key_rsa8192.sha512.vbpubk" \ 52 "${TESTCASE_DIR}/root_key.vbpubk" 53 54 echo "Generating signed kernel test image..." 55 "${FUTILITY}" sign \ 56 --signprivate "${TESTKEY_DIR}/key_rsa4096.sha256.vbprivk" \ 57 --keyblock "${TESTCASE_DIR}/kernel.keyblock" \ 58 --config "${TEST_CONFIG_FILE}" \ 59 --arch x86 \ 60 --version 1 \ 61 --bootloader "${TEST_BOOTLOADER_FILE}" \ 62 --vmlinuz "${TEST_IMAGE_FILE}" \ 63 --outfile "${TESTCASE_DIR}/kernel.vblock.image" 64 # TODO(gauravsh): Also test with (optional) padding. 65 cp "${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk" \ 66 "${TESTCASE_DIR}/firmware_key.vbpubk" 67} 68 69function pre_work { 70 # Generate a file to serve as random bytes for firmware/kernel contents. 71 # NOTE: The kernel and config file can't really be random, but the bootloader 72 # can. That's probably close enough. 73 echo "Generating test image file..." 74 dd if=/dev/urandom of="${TEST_IMAGE_FILE}" bs="${TEST_IMAGE_SIZE}" count=1 75 echo "Generating test bootloader file..." 76 # TODO(gauravsh): Use a valid bootloader here? 77 dd if=/dev/urandom of="${TEST_BOOTLOADER_FILE}" bs="${TEST_BOOTLOADER_SIZE}" \ 78 count=1 79 echo "Generating test config file..." 80 # TODO(gauravsh): Use a valid config file here? 81 dd if=/dev/urandom of="${TEST_CONFIG_FILE}" bs="${TEST_CONFIG_SIZE}" count=1 82} 83 84mkdir -p "${TESTCASE_DIR}" 85pre_work 86check_test_keys 87generate_fuzzing_images "${TEST_IMAGE_FILE}" 88