blob: 3a0a6e39fb25fa0a135c19cceb57917fa6d45920 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#!/bin/bash -eux
# Copyright 2017 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
me=${0##*/}
TMP="$me.tmp"
# Work in scratch directory
cd "$OUTDIR"
DATADIR="${SCRIPT_DIR}/futility/data"
TESTKEYS="${SRCDIR}/tests/testkeys"
SIGS="1024 2048 2048_exp3 3072_exp3 4096 8192"
HASHES="SHA1 SHA256 SHA512"
EC_RW="EC_RW.bin"
set -o pipefail
infile="${DATADIR}/hammer_dev.bin"
outfile="${TMP}.hammer_dev.bin"
cp "${infile}" "${outfile}"
# Signing without private key should extract EC_RW.bin
"${FUTILITY}" sign --type rwsig --version 2 "${outfile}"
cmp "${infile}" "${outfile}"
cmp "${EC_RW}" "${DATADIR}/${EC_RW}"
for s in $SIGS; do
echo -n "$s " 1>&3
for h in $HASHES; do
pemfile=${TESTKEYS}/key_rsa${s}.pem
outkeys=${TMP}.${s}_${h}
outfile=${TMP}.${s}_${h}.bin
"${FUTILITY}" create --desc "Test key" --hash_alg "${h}" \
"${pemfile}" "${outkeys}"
# The input file should be correctly signed to start with
"${FUTILITY}" show --type rwsig "${infile}"
# Using the wrong key to verify it should fail
if "${FUTILITY}" show --type rwsig --pubkey "${outkeys}.vbpubk2" \
"${infile}"; then
exit 1
fi
cp "${infile}" "${outfile}"
# Sign ec.bin with a new private key
"${FUTILITY}" sign --type rwsig --prikey "${outkeys}.vbprik2" \
--version 2 "${outfile}"
# Check EC_RW.bin is produced
[[ -e "${EC_RW}" ]]
"${FUTILITY}" show --type rwsig --pubkey "${outkeys}.vbpubk2" \
"${outfile}"
"${FUTILITY}" show --type rwsig "${outfile}"
done
done
# cleanup
rm -rf "${TMP}"*
exit 0
|