blob: f3e759403d151ed47371da908e423b105ca1ac21 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
#!/bin/bash
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Run verified boot firmware and kernel verification tests.
# Load common constants and variables.
. "$(dirname "$0")/common.sh"
return_code=0
function test_vbutil_key {
algorithmcounter=0
for keylen in ${key_lengths[@]}
do
for hashalgo in ${hash_algos[@]}
do
echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:"
# Pack the key
${UTIL_DIR}/vbutil_key --pack \
--in ${TESTKEY_DIR}/key_rsa${keylen}.keyb \
--out ${TESTKEY_DIR}/key_alg${algorithmcounter}.vbpubk \
--version 1 \
--algorithm $algorithmcounter
if [ $? -ne 0 ]
then
return_code=255
fi
# Unpack the key
# TODO: should verify we get the same key back out?
${UTIL_DIR}/vbutil_key --unpack \
--in ${TESTKEY_DIR}/key_alg${algorithmcounter}.vbpubk
if [ $? -ne 0 ]
then
return_code=255
fi
let algorithmcounter=algorithmcounter+1
done
done
}
function test_vbutil_keyblock {
# Test for various combinations of firmware signing algorithm and
# kernel signing algorithm
signing_algorithmcounter=0
data_algorithmcounter=0
for signing_keylen in ${key_lengths[@]}
do
for signing_hashalgo in ${hash_algos[@]}
do
let data_algorithmcounter=0
for datakeylen in ${key_lengths[@]}
do
for datahashalgo in ${hash_algos[@]}
do
echo -e "For ${COL_YELLOW}signing algorithm \
RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \
and ${COL_YELLOW}data key algorithm RSA-${datakeylen}/\
${datahashalgo}${COL_STOP}"
# Remove old file
keyblockfile=${TESTKEY_DIR}/sign${signing_algorithmcounter}_data${data_algorithmcounter}.keyblock
rm -f ${keyblockfile}
# Pack
${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \
--datapubkey \
${TESTKEY_DIR}/key_alg${data_algorithmcounter}.vbpubk \
--signprivate ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \
--algorithm $signing_algorithmcounter
if [ $? -ne 0 ]
then
return_code=255
fi
# Unpack
${UTIL_DIR}/vbutil_keyblock --unpack ${keyblockfile} \
--signpubkey \
${TESTKEY_DIR}/key_alg${signing_algorithmcounter}.vbpubk
# TODO: check data key against the packed one?
if [ $? -ne 0 ]
then
return_code=255
fi
let data_algorithmcounter=data_algorithmcounter+1
done
done
let signing_algorithmcounter=signing_algorithmcounter+1
done
done
}
check_test_keys
echo
echo "Testing vbutil_key..."
test_vbutil_key
echo
echo "Testing vbutil_keyblock..."
test_vbutil_keyblock
exit $return_code
|
