tests/futility/test_create.sh - mirrors/cros/chromiumos/platform/vboot_reference - Git at Google

 #!/bin/bash -eux
 # Copyright 2015 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 me=${0##*/}
 TMP="$me.tmp"

 # Work in scratch directory
 cd "$OUTDIR"

 # Current vb1 keys, including original .pem files.
 TESTKEYS=${SRCDIR}/tests/testkeys

 # Demonstrate that we can recreate the same vb1 keys without the .keyb files
 for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
   for hash in sha1 sha256 sha512; do
     ${FUTILITY} --vb1 create --hash_alg "${hash}" \
       "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
     cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \
       "${TMP}_key_${sig}.${hash}.vbprivk"
     cmp "${TESTKEYS}/key_${sig}.${hash}.vbpubk" \
       "${TMP}_key_${sig}.${hash}.vbpubk"
   done
 done


 # Demonstrate that we can create some vb21 keypairs. This doesn't prove
 # prove anything until we've used them to sign some stuff, though.
 for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
   for hash in sha1 sha256 sha512; do
     ${FUTILITY} --vb21 create --hash_alg "${hash}" \
       "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
   done
 done

 # Demonstrate that the sha1sums are the same for all the keys created from the
 # same .pem files, both public and private, vb1 and vb21.
 for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
   pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" |
     awk '/sha1sum/ {print $3}')
   # expect only one
   [ $(echo "$pem_sum" | wc -w) = 1 ]
   num_keys=$(echo ${TMP}_key_${sig}.* | wc -w)
   key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* |
     awk '/sha1sum:|ID:/ {print $NF}')
   num_sums=$(echo "$key_sums" | wc -w)
   # expect one sha1sum (or ID) line per file
   [ "$num_keys" = "$num_sums" ]
   uniq_sums=$(echo "$key_sums" | uniq)
   # note that this also tests that all the key_sums are the same
   [ "$pem_sum" = "$uniq_sums" ]
 done

 # Demonstrate that we can create some vb21 public key from PEM containing
 # only the pubkeypairs and verify it's the same as the one generated from
 # the private key.
 for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
   for hash in sha1 sha256 sha512; do
     ${FUTILITY} --vb21 create --hash_alg "${hash}" \
       "${TESTKEYS}/key_${sig}.pub.pem" "${TMP}_key_${sig}.pubonly.${hash}"
     cmp "${TMP}_key_${sig}.pubonly.${hash}.vbpubk2" \
       "${TMP}_key_${sig}.${hash}.vbpubk2"
   done
 done

 # cleanup
 rm -rf ${TMP}*
 exit 0
	#!/bin/bash -eux
	# Copyright 2015 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	me=${0##*/}
	TMP="$me.tmp"

	# Work in scratch directory
	cd "$OUTDIR"

	# Current vb1 keys, including original .pem files.
	TESTKEYS=${SRCDIR}/tests/testkeys

	# Demonstrate that we can recreate the same vb1 keys without the .keyb files
	for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
	for hash in sha1 sha256 sha512; do
	${FUTILITY} --vb1 create --hash_alg "${hash}" \
	"${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
	cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \
	"${TMP}_key_${sig}.${hash}.vbprivk"
	cmp "${TESTKEYS}/key_${sig}.${hash}.vbpubk" \
	"${TMP}_key_${sig}.${hash}.vbpubk"
	done
	done


	# Demonstrate that we can create some vb21 keypairs. This doesn't prove
	# prove anything until we've used them to sign some stuff, though.
	for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
	for hash in sha1 sha256 sha512; do
	${FUTILITY} --vb21 create --hash_alg "${hash}" \
	"${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
	done
	done

	# Demonstrate that the sha1sums are the same for all the keys created from the
	# same .pem files, both public and private, vb1 and vb21.
	for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
	pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" \|
	awk '/sha1sum/ {print $3}')
	# expect only one
	[ $(echo "$pem_sum" \| wc -w) = 1 ]
	num_keys=$(echo ${TMP}_key_${sig}.* \| wc -w)
	key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* \|
	awk '/sha1sum:\|ID:/ {print $NF}')
	num_sums=$(echo "$key_sums" \| wc -w)
	# expect one sha1sum (or ID) line per file
	[ "$num_keys" = "$num_sums" ]
	uniq_sums=$(echo "$key_sums" \| uniq)
	# note that this also tests that all the key_sums are the same
	[ "$pem_sum" = "$uniq_sums" ]
	done

	# Demonstrate that we can create some vb21 public key from PEM containing
	# only the pubkeypairs and verify it's the same as the one generated from
	# the private key.
	for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
	for hash in sha1 sha256 sha512; do
	${FUTILITY} --vb21 create --hash_alg "${hash}" \
	"${TESTKEYS}/key_${sig}.pub.pem" "${TMP}_key_${sig}.pubonly.${hash}"
	cmp "${TMP}_key_${sig}.pubonly.${hash}.vbpubk2" \
	"${TMP}_key_${sig}.${hash}.vbpubk2"
	done
	done

	# cleanup
	rm -rf ${TMP}*
	exit 0