Add a script to generate a keypair for signing accessory RW firmware.firmware-twinkie-9628.B

BUG=b:35587169
TEST=None
BRANCH=None

Change-Id: Ibb309c34ca22d30138cb62d698eafb6ee77add8c
Reviewed-on: https://chromium-review.googlesource.com/520368
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

1 files changed, 66 insertions, 0 deletions

diff --git a/scripts/keygeneration/accessory/create_new_hammer_keys.sh b/scripts/keygeneration/accessory/create_new_hammer_keys.sh
new file mode 100644
index 00000000..684c0d37
--- /dev/null
+++ b/scripts/keygeneration/accessory/create_new_hammer_keys.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# Copyright 2017 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Load common constants and functions.
+. "$(dirname "$0")/../common.sh"
+
+usage() {
+  cat <<EOF
+Usage: ${PROG} DIR
+
+DIR: To generate a keypair from an RSA 3072 key (.pem file) for Hammer at DIR
+
+EOF
+
+  if [[ $# -ne 0 ]]; then
+    die "$*"
+  else
+    exit 0
+  fi
+}
+
+# Generate a keypair at the given directory.
+generate_key() {
+  local dir=$1
+
+  # Generate RSA key.
+  openssl genrsa -3 -out "${dir}/temp.pem" 3072
+
+  # Create a keypair from an RSA .pem file generated above.
+  futility create "${dir}/temp.pem" "${dir}/key_hammer"
+
+  # Best attempt to securely delete the temp.pem file.
+  shred --remove "${dir}/temp.pem"
+}
+
+main() {
+  set -e
+
+  local dir
+
+  while [[ $# -gt 0 ]]; do
+    case $1 in
+    -h|--help)
+      usage
+      ;;
+    -*)
+      usage "Unknown option: $1"
+      ;;
+    *)
+      break
+      ;;
+    esac
+  done
+
+  if [[ $# -ne 1 ]]; then
+    usage "Missing output directory"
+  fi
+  dir="$1"
+
+  generate_key "${dir}"
+}
+
+main "$@"