bdb: Add --ignore_key_digest option to futility bdb --verify

When --ignore_key_digest is specified, futility bdb --verify command
returns success even if the key digest didn't match. Warning message
will be printed to remind the digest wasn't checked.

BUG=chromium:649554
BRANCH=none
TEST=Tested as follows:
$ build/futility/futility bdb --verify tests/futility/data/bdb.bin \
--ignore_key_digest
BDB is valid. Key digest doesn't match but ignored.
$ echo $?
0

Change-Id: I996b0a4f7bbbcf546e2d958f28c5ee8fb251fb99
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392946
Reviewed-by: Randall Spangler <rspangler@chromium.org>

1 files changed, 11 insertions, 1 deletions

diff --git a/tests/futility/test_bdb.sh b/tests/futility/test_bdb.sh
index c84c6d6e..426b3970 100755
--- a/tests/futility/test_bdb.sh
+++ b/tests/futility/test_bdb.sh
@@ -21,9 +21,15 @@ BDBKEY_DIGEST=${TESTDATA_DIR}/bdbkey_digest.bin
 DATAKEY_DIGEST=${TESTDATA_DIR}/datakey_digest.bin
 DATA_FILE=${TESTDATA_DIR}/sp-rw.bin
 
+# Verify a BDB
+#
+# $1: Key digest file
+# $2: Any remaining option passed to futility bdb --verify
 verify() {
 	local key_digest=${1:-${BDBKEY_DIGEST}}
-	${FUTILITY} bdb --verify ${BDB_FILE} --key_digest ${key_digest}
+	local extra_option=${2:-}
+	${FUTILITY} bdb --verify ${BDB_FILE} --key_digest ${key_digest} \
+		${extra_option}
 }
 
 # Demonstrate bdb --create can create a valid BDB
@@ -53,6 +59,10 @@ ${FUTILITY} bdb --resign ${BDB_FILE} \
 	--bdbkey_pri ${DATAKEY_PRI} --bdbkey_pub ${DATAKEY_PUB}
 verify ${DATAKEY_DIGEST}
 
+# Demonstrate futility bdb --verify can return success when key digest doesn't
+# match but --ignore_key_digest is specified.
+verify ${BDBKEY_DIGEST} --ignore_key_digest
+
 # cleanup
 rm -rf ${TMP}*
 exit 0