diff options
author | Bill Richardson <wfrichar@chromium.org> | 2015-02-03 17:07:15 -0800 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-03-10 20:44:43 +0000 |
commit | 4e4c19602edf3834b50d66d3ba067e895aca6fa0 (patch) | |
tree | 11b9408e5e6a9c3e3fde95c21656e67562bb3faf /tests/futility | |
parent | 26af0da4f7e0fd5cc9410011ca05ff6539bbf42d (diff) | |
download | vboot-4e4c19602edf3834b50d66d3ba067e895aca6fa0.tar.gz |
futility: Add create command to make keypairs from RSA files
This command reads a single .pem file and emits the public and
private keys generated from it. It can produce both the old-style
vboot 1.0 keys (.vbpubk and .vbprivk), or the new vboot 2.1
format keys (.vbpubk2 and .vbprik2). The default is the new
format, but you can give futility the --vb1 arg to force the old
format.
A test is included.
BUG=chromium:231547
BRANCH=ToT
TEST=make runtests
Change-Id: I4713dc5bf34151052870f88ba52ddccf9d4dab50
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246766
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'tests/futility')
-rwxr-xr-x | tests/futility/run_test_scripts.sh | 9 | ||||
-rwxr-xr-x | tests/futility/test_create.sh | 39 |
2 files changed, 44 insertions, 4 deletions
diff --git a/tests/futility/run_test_scripts.sh b/tests/futility/run_test_scripts.sh index f6bbe885..0f654d89 100755 --- a/tests/futility/run_test_scripts.sh +++ b/tests/futility/run_test_scripts.sh @@ -40,16 +40,17 @@ export OUTDIR # These are the scripts to run. Binaries are invoked directly by the Makefile. TESTS=" -${SCRIPTDIR}/test_main.sh +${SCRIPTDIR}/test_create.sh ${SCRIPTDIR}/test_dump_fmap.sh -${SCRIPTDIR}/test_load_fmap.sh ${SCRIPTDIR}/test_gbb_utility.sh +${SCRIPTDIR}/test_load_fmap.sh +${SCRIPTDIR}/test_main.sh ${SCRIPTDIR}/test_show_kernel.sh ${SCRIPTDIR}/test_show_vs_verify.sh -${SCRIPTDIR}/test_sign_keyblocks.sh -${SCRIPTDIR}/test_sign_fw_main.sh ${SCRIPTDIR}/test_sign_firmware.sh +${SCRIPTDIR}/test_sign_fw_main.sh ${SCRIPTDIR}/test_sign_kernel.sh +${SCRIPTDIR}/test_sign_keyblocks.sh " # Get ready... diff --git a/tests/futility/test_create.sh b/tests/futility/test_create.sh new file mode 100755 index 00000000..e1d8d334 --- /dev/null +++ b/tests/futility/test_create.sh @@ -0,0 +1,39 @@ +#!/bin/bash -eux +# Copyright 2015 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +me=${0##*/} +TMP="$me.tmp" + +# Work in scratch directory +cd "$OUTDIR" + +# Current vb1 keys, including original .pem files. +TESTKEYS=${SRCDIR}/tests/testkeys + +# Demonstrate that we can recreate the same vb1 keys without the .keyb files +for sig in rsa1024 rsa2048 rsa4096 rsa8192; do + for hash in sha1 sha256 sha512; do + ${FUTILITY} --vb1 create --hash_alg "${hash}" \ + "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}" + cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \ + "${TMP}_key_${sig}.${hash}.vbprivk" + cmp "${TESTKEYS}/key_${sig}.${hash}.vbpubk" \ + "${TMP}_key_${sig}.${hash}.vbpubk" + done +done + + +# Demonstrate that we can create some vb21 keypairs. This doesn't prove +# prove anything until we've used them to sign some stuff, though. +for sig in rsa1024 rsa2048 rsa4096 rsa8192; do + for hash in sha1 sha256 sha512; do + ${FUTILITY} --vb21 create --hash_alg "${hash}" \ + "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}" + done +done + +# cleanup +rm -rf ${TMP}* +exit 0 |