From faa8c7f6223701613965a89123227676d142ca9e Mon Sep 17 00:00:00 2001
From: Vincent Palatin <vpalatin@chromium.org>
Date: Wed, 28 Oct 2015 09:21:43 -0700
Subject: sign_official_build: fix support for signing standalone accessories

My previous patch using futility to re-sign standalone accessory
firmware images had a mistake in the key directory path : fix it.

Also add RSA-2048 'accessory' keys for signer unit testing.

BRANCH=smaug, samus
BUG=chrome-os-partner:46635
TEST=run cros-signing unittests (./signing_unittests.py)

Change-Id: Ia2f641c85337c67f81968be4730643a6ad5f22cf
Reviewed-on: https://chromium-review.googlesource.com/309530
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
---
 scripts/image_signing/sign_official_build.sh |   4 ++--
 tests/devkeys/key_accessory.pem              |  27 +++++++++++++++++++++++++++
 tests/devkeys/key_accessory.vbprik2          | Bin 0 -> 1276 bytes
 tests/devkeys/key_accessory.vbpubk2          | Bin 0 -> 604 bytes
 4 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 tests/devkeys/key_accessory.pem
 create mode 100644 tests/devkeys/key_accessory.vbprik2
 create mode 100644 tests/devkeys/key_accessory.vbpubk2

diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index 145e92d3..aa3dc24e 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -882,11 +882,11 @@ elif [[ "${TYPE}" == "recovery_kernel" ]]; then
 elif [[ "${TYPE}" == "update_payload" ]]; then
   sign_update_payload ${INPUT_IMAGE} ${KEY_DIR} ${OUTPUT_IMAGE}
 elif [[ "${TYPE}" == "accessory_usbpd" ]]; then
-  KEY_NAME="key_$(basename $(dirname ${INPUT_IMAGE}))"
+  KEY_NAME="${KEY_DIR}/key_$(basename $(dirname ${INPUT_IMAGE}))"
   cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}"
   futility sign --type usbpd1 --pem "${KEY_NAME}.pem" "${OUTPUT_IMAGE}"
 elif [[ "${TYPE}" == "accessory_rwsig" ]]; then
-  KEY_NAME="key_$(basename $(dirname ${INPUT_IMAGE}))"
+  KEY_NAME="${KEY_DIR}/key_$(basename $(dirname ${INPUT_IMAGE}))"
   cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}"
   futility sign --type rwsig --prikey "${KEY_NAME}.vbprik2" "${OUTPUT_IMAGE}"
 else
diff --git a/tests/devkeys/key_accessory.pem b/tests/devkeys/key_accessory.pem
new file mode 100644
index 00000000..2199a47c
--- /dev/null
+++ b/tests/devkeys/key_accessory.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA7K6enHYIpVKR0/J973NpdL5cgRMh+KqRvRASe0//adnH4bRY
+Wp0mXhl4tgQ/30264KmyKWPxEj+Pl6wqYTh+plwEqco2IO7MX9O2YgYMbZiAPby4
+r5fSrjTJYvzQKCrcSagW1HAlbQv5QmpZcDcLR8Z0t3PhdKFWfaAy2JW3mlQxoTqt
+ovhrn1TH1bIRJape4/mU+/+AOQ5zAzkaMJeo0v5L6naVbuwjCJUrAK6BdP8/x3A7
+6GhstZ5QlkLKH/uNBnR80YMs3AlOygDSddRthOm7WMG7YkivsszwsWgl/aHXoFVE
+EQfl7aPpoAO9bvydyf+6DGUUJJPZpOnJeOPquwIDAQABAoIBAHWCNOmFiMFb/171
+dCUgbekyYgcLksA9H2J4ylRC4ZKSN7UNrxg+EcCCcPYdogCiPPgyCGyYXCYtPIOX
+TOs7+1VpNj9+T+WF6h5hpJmCW0VGg9UjD6bOgCFRv/LPhiGLNhezxrHuhAZh/X1G
+A+W8znLySxySAgu/1otEsDnsC14pHoI0aFLQ+djE14uEbqnV1WZyXX2BL7rOU3Fb
+fAL4bau0LkqJ2WR0zh9wMpkXb7yC7F3mDoZy7QIZLoW+lkpwYM/a+zVOBTeE+Ml0
+GAKwi59X6gAlmqBV+vRw+YbKnxfFd5QhpZhbJ6LOIL7wlNo1dr+o8wkN/rG54oBA
+W8kHfAECgYEA/HwXZIXp7M4bchfB/zi8lnhd2MQ/s5rZz1EhBDdcl7nj/r2p934e
+uRBxnn+5eErKu/6kwEf/pgvwtlkOX+rMCpSLS24rYCj6wFl/f0+3ovDqIppARLyp
+2Rvyl6z4uO4bsAdOnVEl8BnmJi01dKHFYiaemPjv81KjSdJr3N4FnbsCgYEA7/o0
+TqSLWddK3JuOVfKfBGra2cEVN6KERkrkyxG6NEQHu9ItgCqxCdLj+jN9xTQxI/b5
+nayTvPIrey+NqoKtai3XSxj3svnBNtpFnO0dQsw9lXBx/UuwBuTOj+eHL/z/v2KS
+WlKL/2D8CDxFo67wMhP0A56E8b3nZui0HeivlwECgYEAvNgrvvoSXxZBnPJ8HWLY
+W0soFkuiwblelBvAMCEgVjOpfg1qJTzlydGsyboKhRibzkTGATNY2V8w6ZJul/tM
+JdW44fBC7Sd5dYj7PcPoPC0pUjxBOahK+aJXrm6nkdo2R1EP0cayM4WLiJ5jzxp4
+QdNU6GG5RytWCo8iMg618KUCgYEA4itHfQ7rHsMflQcugKZnZDxpAm1NV9/dFnqj
+YxfUDEpJl6SgqXiS3hVaM4av9FoaLjEoVIg/vQXoIPNSau86DSYjEG35lT558P6K
+OTnoJ/ph2CPf6r+YqQaf/1RQPtQNHQ0Drgi6VPfM0N4tK/VF/4x6n6aY2VUHcB/F
+EaMpSgECgYEA291EHQ7JxnXAG7GkT+b9g7klHZPjl6yB21rSXdphb27AY9K8U7l3
+3A3T4eubhPjXn6W9JXLHYwubShkmA8kFXXzZlvuXKlraP/0lh3DAB+xEASUGHOS+
+S/U4X23nMkj7EktYqPcwMM6BOFbhOy2W+v9JoJSayPhuYJEOdjOGNWU=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/devkeys/key_accessory.vbprik2 b/tests/devkeys/key_accessory.vbprik2
new file mode 100644
index 00000000..ebe81d64
Binary files /dev/null and b/tests/devkeys/key_accessory.vbprik2 differ
diff --git a/tests/devkeys/key_accessory.vbpubk2 b/tests/devkeys/key_accessory.vbpubk2
new file mode 100644
index 00000000..53047564
Binary files /dev/null and b/tests/devkeys/key_accessory.vbpubk2 differ
-- 
cgit v1.2.1