blob: 0f0c0249c83afdf65d5a8ce41ee6a1ba05c4b43a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
#!/bin/bash -eux
# Copyright 2015 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
me=${0##*/}
TMP="$me.tmp"
# Work in scratch directory
cd "$OUTDIR"
BDB_FILE=bdb.bin
TESTKEY_DIR=${SRCDIR}/tests/testkeys
TESTDATA_DIR=${SRCDIR}/tests/testdata
BDBKEY_PUB=${TESTKEY_DIR}/bdbkey.keyb
BDBKEY_PRI=${TESTKEY_DIR}/bdbkey.pem
DATAKEY_PUB=${TESTKEY_DIR}/datakey.keyb
DATAKEY_PRI=${TESTKEY_DIR}/datakey.pem
BDBKEY_DIGEST=${TESTDATA_DIR}/bdbkey_digest.bin
DATAKEY_DIGEST=${TESTDATA_DIR}/datakey_digest.bin
DATA_FILE=${TESTDATA_DIR}/sp-rw.bin
declare -i num_hash
# Verify a BDB
#
# $1: Key digest file
# $2: Any remaining option passed to futility bdb --verify
verify() {
local key_digest=${1:-${BDBKEY_DIGEST}}
local extra_option=${2:-}
${FUTILITY} bdb --verify ${BDB_FILE} --key_digest ${key_digest} \
${extra_option}
}
get_num_hash() {
printf "%d" \
$(${FUTILITY} show ${BDB_FILE} \
| grep '# of Hashes' | cut -d':' -f 2)
}
# Tests field matches a specified value in a BDB
# e.g. check_field 'Data Version:' 2 returns error if the data version isn't 2.
check_field() {
# Find the field
x=$(${FUTILITY} show ${BDB_FILE} | grep "${1}")
[ "${x}" ] || return 1
# Remove the field name
x=${x##*:}
[ "${x}" ] || return 1
# Remove the leading and trailing spaces
x=${x//[[:blank:]]/}
[ "${x}" == "${2}" ] || return 1
}
# Demonstrate bdb --create can create a valid BDB
load_address=0x60061ec0de
${FUTILITY} bdb --create ${BDB_FILE} \
--bdbkey_pri ${BDBKEY_PRI} --bdbkey_pub ${BDBKEY_PUB} \
--datakey_pub ${DATAKEY_PUB} --datakey_pri ${DATAKEY_PRI} \
--load_address ${load_address}
verify
check_field "Load Address:" ${load_address}
# Demonstrate bdb --add can add a new hash
num_hash=$(get_num_hash)
${FUTILITY} bdb --add ${BDB_FILE} \
--data ${DATA_FILE} --partition 1 --type 2 --offset 3 --load_address 4
# Use futility show command to verify the hash is added
num_hash+=1
[ $(get_num_hash) -eq $num_hash ]
# TODO: verify partition, type, offset, and load_address
# Demonstrate futility bdb --resign can resign the BDB
data_version=2
${FUTILITY} bdb --resign ${BDB_FILE} --datakey_pri ${DATAKEY_PRI} \
--data_version $data_version
verify
check_field "Data Version:" $data_version
# Demonstrate futility bdb --resign can resign with a new data key
# Note resigning with a new data key requires a private BDB key as well
${FUTILITY} bdb --resign ${BDB_FILE} \
--bdbkey_pri ${BDBKEY_PRI} \
--datakey_pri ${BDBKEY_PRI} --datakey_pub ${BDBKEY_PUB}
verify
# Demonstrate futility bdb --resign can resign with a new BDB key
${FUTILITY} bdb --resign ${BDB_FILE} \
--bdbkey_pri ${DATAKEY_PRI} --bdbkey_pub ${DATAKEY_PUB}
verify ${DATAKEY_DIGEST}
# Demonstrate futility bdb --verify can return success when key digest doesn't
# match but --ignore_key_digest is specified.
verify ${BDBKEY_DIGEST} --ignore_key_digest
# cleanup
rm -rf ${TMP}*
exit 0
|
