Add tests/run_preamble_tests.sh and associated data.
This change prepares for modifying VbFirmwarePreambleHeader and
VbKernelPreambleHeader by adding a bunch of current-version data and tests
of that data. Once we change the structs, we'll still need to be sure that
we can still generate, sign, and verify things using the old-style structs
too so that we can release updates to existing devices.
If we changed the structs and then created the test data, we couldn't be
certain that we're still doing it right.
BUG=chromium-os:20124
TEST=manual
make
make runtests
Change-Id: I39310a0d853dbf63a8ca8ff9a0fb4440017c692a
Reviewed-on: https://gerrit.chromium.org/gerrit/17530
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
diff --git a/tests/run_preamble_tests.sh b/tests/run_preamble_tests.sh
new file mode 100755
index 0000000..ffbd9af
--- /dev/null
+++ b/tests/run_preamble_tests.sh
@@ -0,0 +1,103 @@
+#!/bin/bash -u
+#
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+#
+# This tests that vblocks using pre-3.0 versions of VbFirmwarePreambleHeader
+# and VbKernelPreambleHeader will still verify (or not) correctly. We need to
+# keep the old versions around to make sure that we can still sign images in
+# the ways that existing devices can validate.
+
+# Load common constants and variables for tests.
+. "$(dirname "$0")/common.sh"
+
+# all algs
+algs="0 1 2 3 4 5 6 7 8 9 10 11"
+
+# output directories
+PREAMBLE_DIR="${SCRIPT_DIR}/preamble_tests"
+DATADIR="${PREAMBLE_DIR}/data"
+V2DIR="${PREAMBLE_DIR}/preamble_v2x"
+
+tests=0
+errs=0
+
+# Check the firmware results
+for d in $algs; do
+ for r in $algs; do
+ for rr in $algs; do
+ if [ "$r" = "$rr" ]; then
+ what="verify"
+ cmp="-ne"
+ else
+ what="reject"
+ cmp="-eq"
+ fi
+ : $(( tests++ ))
+ echo -n "${what} fw_${d}_${r}.vblock with root_${rr}.vbpubk ... "
+ "${UTIL_DIR}/vbutil_firmware" --verify "${V2DIR}/fw_${d}_${r}.vblock" \
+ --signpubkey "${DATADIR}/root_${rr}.vbpubk" \
+ --fv "${DATADIR}/FWDATA" >/dev/null 2>&1
+ if [ "$?" "$cmp" 0 ]; then
+ echo -e "${COL_RED}FAILED${COL_STOP}"
+ : $(( errs++ ))
+ else
+ echo -e "${COL_GREEN}PASSED${COL_STOP}"
+ fi
+ done
+ done
+done
+
+
+# Check the kernel results
+for d in $algs; do
+ for r in $algs; do
+ for rr in $algs; do
+ if [ "$r" = "$rr" ]; then
+ what="verify"
+ cmp="-ne"
+ else
+ what="reject"
+ cmp="-eq"
+ fi
+ : $(( tests++ ))
+ echo -n "${what} kern_${d}_${r}.vblock with root_${rr}.vbpubk ... "
+ "${UTIL_DIR}/vbutil_kernel" --verify "${V2DIR}/kern_${d}_${r}.vblock" \
+ --signpubkey "${DATADIR}/root_${rr}.vbpubk" >/dev/null 2>&1
+ if [ "$?" "$cmp" 0 ]; then
+ echo -e "${COL_RED}FAILED${COL_STOP}"
+ : $(( errs++ ))
+ else
+ echo -e "${COL_GREEN}PASSED${COL_STOP}"
+ fi
+ done
+ done
+done
+
+
+# Check the kernel results
+for d in $algs; do
+ for r in $algs; do
+ : $(( tests++ ))
+ echo -n "verify kern_${d}_${r}.vblock with hash only ... "
+ "${UTIL_DIR}/vbutil_kernel" \
+ --verify "${V2DIR}/kern_${d}_${r}.vblock" >/dev/null 2>&1
+ if [ "$?" -ne 0 ]; then
+ echo -e "${COL_RED}FAILED${COL_STOP}"
+ : $(( errs++ ))
+ else
+ echo -e "${COL_GREEN}PASSED${COL_STOP}"
+ fi
+ done
+done
+
+
+# Summary
+ME=$(basename "$0")
+if [ "$errs" -ne 0 ]; then
+ echo -e "${COL_RED}${ME}: ${errs}/${tests} tests failed${COL_STOP}"
+ exit 1
+fi
+happy "${ME}: All ${tests} tests passed"
+exit 0