Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / vboot_reference / refs/heads/rel/p/fp2/21.01.0-rel / . / tests / run_vbutil_tests.sh
blob: 84f66d1a3ad73746f0b3d7d949b6cf090b1c226c [file] [log] [blame]
Randall Spangler6a97b3e2010-06-10 17:55:02 -0700[diff] [blame]1#!/bin/bash
2
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]3# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
Randall Spangler6a97b3e2010-06-10 17:55:02 -0700[diff] [blame]4# Use of this source code is governed by a BSD-style license that can be
5# found in the LICENSE file.
6
7# Run verified boot firmware and kernel verification tests.
8
9# Load common constants and variables.
10. "$(dirname "$0")/common.sh"
11
12return_code=0
13
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]14function test_vbutil_key_single {
15 local algonum=$1
16 local keylen=$2
17 local hashalgo=$3
18
19 echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:"
20 # Pack the key
Bill Richardsona1d9fe62014-09-05 12:52:27 -0700[diff] [blame]21 ${FUTILITY} vbutil_key \
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]22 --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk \
23 --key ${TESTKEY_DIR}/key_rsa${keylen}.keyb \
24 --version 1 \
25 --algorithm $algonum
26 if [ $? -ne 0 ]
27 then
28 return_code=255
29 fi
30
31 # Unpack the key
32 # TODO: should verify we get the same key back out?
Bill Richardsona1d9fe62014-09-05 12:52:27 -0700[diff] [blame]33 ${FUTILITY} vbutil_key \
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]34 --unpack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk
35 if [ $? -ne 0 ]
36 then
37 return_code=255
38 fi
39}
40
41function test_vbutil_key_all {
Randall Spangler6a97b3e2010-06-10 17:55:02 -0700[diff] [blame]42 algorithmcounter=0
43 for keylen in ${key_lengths[@]}
44 do
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]45 for hashalgo in ${hash_algos[@]}
46 do
47 test_vbutil_key_single $algorithmcounter $keylen $hashalgo
48 let algorithmcounter=algorithmcounter+1
49 done
Randall Spangler6a97b3e2010-06-10 17:55:02 -0700[diff] [blame]50 done
51}
52
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]53function test_vbutil_key {
54 test_vbutil_key_single 4 2048 sha256
55 test_vbutil_key_single 7 4096 sha256
56 test_vbutil_key_single 11 8192 sha512
57}
Randall Spangler6a97b3e2010-06-10 17:55:02 -0700[diff] [blame]58
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]59function test_vbutil_keyblock_single {
60 local signing_algonum=$1
61 local signing_keylen=$2
62 local signing_hashalgo=$3
63 local data_algonum=$4
64 local data_keylen=$5
65 local data_hashalgo=$6
66
67 echo -e "For ${COL_YELLOW}signing algorithm \
68RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \
69and ${COL_YELLOW}data key algorithm RSA-${datakeylen}/\
70${datahashalgo}${COL_STOP}"
71 # Remove old file
72 keyblockfile="${TESTKEY_SCRATCH_DIR}/"
73 keyblockfile+="sign${signing_algonum}_data"
74 keyblockfile+="${data_algonum}.keyblock"
75 rm -f ${keyblockfile}
76
77 # Wrap private key
Bill Richardsona1d9fe62014-09-05 12:52:27 -0700[diff] [blame]78 ${FUTILITY} vbutil_key \
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]79 --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbprivk \
80 --key ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \
81 --algorithm $signing_algonum
82 if [ $? -ne 0 ]
83 then
84 echo -e "${COL_RED}Wrap vbprivk${COL_STOP}"
85 return_code=255
86 fi
87
88 # Wrap public key
Bill Richardsona1d9fe62014-09-05 12:52:27 -0700[diff] [blame]89 ${FUTILITY} vbutil_key \
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]90 --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk \
91 --key ${TESTKEY_DIR}/key_rsa${signing_keylen}.keyb \
92 --algorithm $signing_algonum
93 if [ $? -ne 0 ]
94 then
95 echo -e "${COL_RED}Wrap vbpubk${COL_STOP}"
96 return_code=255
97 fi
98
99 # Pack
Bill Richardsona1d9fe62014-09-05 12:52:27 -0700[diff] [blame]100 ${FUTILITY} vbutil_keyblock --pack ${keyblockfile} \
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]101 --datapubkey \
102 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \
103 --signprivate \
104 ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbprivk
105 if [ $? -ne 0 ]
106 then
107 echo -e "${COL_RED}Pack${COL_STOP}"
108 return_code=255
109 fi
110
111 # Unpack
Bill Richardsona1d9fe62014-09-05 12:52:27 -0700[diff] [blame]112 ${FUTILITY} vbutil_keyblock --unpack ${keyblockfile} \
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]113 --datapubkey \
114 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2 \
115 --signpubkey \
116 ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk
117 if [ $? -ne 0 ]
118 then
119 echo -e "${COL_RED}Unpack${COL_STOP}"
120 return_code=255
121 fi
122
123 # Check
124 if ! cmp -s \
125 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \
126 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2
127 then
128 echo -e "${COL_RED}Check${COL_STOP}"
129 return_code=255
130 exit 1
131 fi
132
133 echo -e "${COL_YELLOW}Testing keyblock creation using \
134external signer.${COL_STOP}"
135 # Pack using external signer
136 # Pack
Bill Richardsona1d9fe62014-09-05 12:52:27 -0700[diff] [blame]137 ${FUTILITY} vbutil_keyblock --pack ${keyblockfile} \
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]138 --datapubkey \
139 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \
140 --signprivate_pem \
141 ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \
142 --pem_algorithm "${signing_algonum}" \
143 --externalsigner "${SCRIPT_DIR}/external_rsa_signer.sh"
144
145 if [ $? -ne 0 ]
146 then
147 echo -e "${COL_RED}Pack${COL_STOP}"
148 return_code=255
149 fi
150
151 # Unpack
Bill Richardsona1d9fe62014-09-05 12:52:27 -0700[diff] [blame]152 ${FUTILITY} vbutil_keyblock --unpack ${keyblockfile} \
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]153 --datapubkey \
154 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2 \
155 --signpubkey \
156 ${TESTKEY_SCRATCH_DIR}/key_alg${signing_algonum}.vbpubk
157 if [ $? -ne 0 ]
158 then
159 echo -e "${COL_RED}Unpack${COL_STOP}"
160 return_code=255
161 fi
162
163 # Check
164 if ! cmp -s \
165 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \
166 ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2
167 then
168 echo -e "${COL_RED}Check${COL_STOP}"
169 return_code=255
170 exit 1
171 fi
172}
173
174
175function test_vbutil_keyblock_all {
Randall Spangler6a97b3e2010-06-10 17:55:02 -0700[diff] [blame]176# Test for various combinations of firmware signing algorithm and
177# kernel signing algorithm
178 signing_algorithmcounter=0
179 data_algorithmcounter=0
180 for signing_keylen in ${key_lengths[@]}
181 do
182 for signing_hashalgo in ${hash_algos[@]}
183 do
184 let data_algorithmcounter=0
185 for datakeylen in ${key_lengths[@]}
186 do
187 for datahashalgo in ${hash_algos[@]}
188 do
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]189 test_vbutil_keyblock_single \
190 $signing_algorithmcounter $signing_keylen $signing_hashalgo \
191 $data_algorithmcounter $data_keylen $data_hashalgo
Randall Spangler6a97b3e2010-06-10 17:55:02 -0700[diff] [blame]192 let data_algorithmcounter=data_algorithmcounter+1
193 done
194 done
195 let signing_algorithmcounter=signing_algorithmcounter+1
196 done
197 done
198}
199
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]200function test_vbutil_keyblock {
201 test_vbutil_keyblock_single 7 4096 sha256 4 2048 sha256
202 test_vbutil_keyblock_single 11 8192 sha512 4 2048 sha256
203 test_vbutil_keyblock_single 11 8192 sha512 7 4096 sha256
204}
205
Randall Spangler6a97b3e2010-06-10 17:55:02 -0700[diff] [blame]206
207check_test_keys
208
209echo
210echo "Testing vbutil_key..."
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]211if [ "$1" == "--all" ] ; then
212 test_vbutil_key_all
213else
214 test_vbutil_key
215fi
Randall Spangler6a97b3e2010-06-10 17:55:02 -0700[diff] [blame]216
217echo
218echo "Testing vbutil_keyblock..."
Randall Spanglere8cfa312013-01-02 16:49:38 -0800[diff] [blame]219if [ "$1" == "--all" ] ; then
220 test_vbutil_keyblock_all
221else
222 test_vbutil_keyblock
223fi
Randall Spangler6a97b3e2010-06-10 17:55:02 -0700[diff] [blame]224
225exit $return_code
226