coreboot-libre-fam15h-rdimm/3rdparty/vboot/tests/futility/test_create.sh

#!/bin/bash -eux
# Copyright 2015 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

me=${0##*/}
TMP="$me.tmp"

# Work in scratch directory
cd "$OUTDIR"

# Current vb1 keys, including original .pem files.
TESTKEYS=${SRCDIR}/tests/testkeys

# Demonstrate that we can recreate the same vb1 keys without the .keyb files
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
  for hash in sha1 sha256 sha512; do
    ${FUTILITY} --vb1 create --hash_alg "${hash}" \
      "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
    cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \
      "${TMP}_key_${sig}.${hash}.vbprivk"
    cmp "${TESTKEYS}/key_${sig}.${hash}.vbpubk" \
      "${TMP}_key_${sig}.${hash}.vbpubk"
  done
done


# Demonstrate that we can create some vb21 keypairs. This doesn't prove
# prove anything until we've used them to sign some stuff, though.
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
  for hash in sha1 sha256 sha512; do
    ${FUTILITY} --vb21 create --hash_alg "${hash}" \
      "${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
  done
done

# Demonstrate that the sha1sums are the same for all the keys created from the
# same .pem files, both public and private, vb1 and vb21.
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
  pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" |
    awk '/sha1sum/ {print $3}')
  # expect only one
  [ $(echo "$pem_sum" | wc -w) = 1 ]
  num_keys=$(echo ${TMP}_key_${sig}.* | wc -w)
  key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* |
    awk '/sha1sum:|ID:/ {print $NF}')
  num_sums=$(echo "$key_sums" | wc -w)
  # expect one sha1sum (or ID) line per file
  [ "$num_keys" = "$num_sums" ]
  uniq_sums=$(echo "$key_sums" | uniq)
  # note that this also tests that all the key_sums are the same
  [ "$pem_sum" = "$uniq_sums" ]
done

# Demonstrate that we can create some vb21 public key from PEM containing
# only the pubkeypairs and verify it's the same as the one generated from
# the private key.
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
  for hash in sha1 sha256 sha512; do
    ${FUTILITY} --vb21 create --hash_alg "${hash}" \
      "${TESTKEYS}/key_${sig}.pub.pem" "${TMP}_key_${sig}.pubonly.${hash}"
    cmp "${TMP}_key_${sig}.pubonly.${hash}.vbpubk2" \
      "${TMP}_key_${sig}.${hash}.vbpubk2"
  done
done

# cleanup
rm -rf ${TMP}*
exit 0
Initial commit 2024-03-04 11:14:53 +01:00			`#!/bin/bash -eux`
			`# Copyright 2015 The Chromium OS Authors. All rights reserved.`
			`# Use of this source code is governed by a BSD-style license that can be`
			`# found in the LICENSE file.`

			`me=${0##*/}`
			`TMP="$me.tmp"`

			`# Work in scratch directory`
			`cd "$OUTDIR"`

			`# Current vb1 keys, including original .pem files.`
			`TESTKEYS=${SRCDIR}/tests/testkeys`

			`# Demonstrate that we can recreate the same vb1 keys without the .keyb files`
			`for sig in rsa1024 rsa2048 rsa4096 rsa8192; do`
			`for hash in sha1 sha256 sha512; do`
			`${FUTILITY} --vb1 create --hash_alg "${hash}" \`
			`"${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"`
			`cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \`
			`"${TMP}_key_${sig}.${hash}.vbprivk"`
			`cmp "${TESTKEYS}/key_${sig}.${hash}.vbpubk" \`
			`"${TMP}_key_${sig}.${hash}.vbpubk"`
			`done`
			`done`


			`# Demonstrate that we can create some vb21 keypairs. This doesn't prove`
			`# prove anything until we've used them to sign some stuff, though.`
			`for sig in rsa1024 rsa2048 rsa4096 rsa8192; do`
			`for hash in sha1 sha256 sha512; do`
			`${FUTILITY} --vb21 create --hash_alg "${hash}" \`
			`"${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"`
			`done`
			`done`

			`# Demonstrate that the sha1sums are the same for all the keys created from the`
			`# same .pem files, both public and private, vb1 and vb21.`
			`for sig in rsa1024 rsa2048 rsa4096 rsa8192; do`
			`pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" \|`
			`awk '/sha1sum/ {print $3}')`
			`# expect only one`
			`[ $(echo "$pem_sum" \| wc -w) = 1 ]`
			`num_keys=$(echo ${TMP}_key_${sig}.* \| wc -w)`
			`key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* \|`
			`awk '/sha1sum:\|ID:/ {print $NF}')`
			`num_sums=$(echo "$key_sums" \| wc -w)`
			`# expect one sha1sum (or ID) line per file`
			`[ "$num_keys" = "$num_sums" ]`
			`uniq_sums=$(echo "$key_sums" \| uniq)`
			`# note that this also tests that all the key_sums are the same`
			`[ "$pem_sum" = "$uniq_sums" ]`
			`done`

			`# Demonstrate that we can create some vb21 public key from PEM containing`
			`# only the pubkeypairs and verify it's the same as the one generated from`
			`# the private key.`
			`for sig in rsa1024 rsa2048 rsa4096 rsa8192; do`
			`for hash in sha1 sha256 sha512; do`
			`${FUTILITY} --vb21 create --hash_alg "${hash}" \`
			`"${TESTKEYS}/key_${sig}.pub.pem" "${TMP}_key_${sig}.pubonly.${hash}"`
			`cmp "${TMP}_key_${sig}.pubonly.${hash}.vbpubk2" \`
			`"${TMP}_key_${sig}.${hash}.vbpubk2"`
			`done`
			`done`

			`# cleanup`
			`rm -rf ${TMP}*`
			`exit 0`