70 lines
2.4 KiB
Bash
Executable File
70 lines
2.4 KiB
Bash
Executable File
#!/bin/bash -eux
|
|
# Copyright 2015 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
me=${0##*/}
|
|
TMP="$me.tmp"
|
|
|
|
# Work in scratch directory
|
|
cd "$OUTDIR"
|
|
|
|
# Current vb1 keys, including original .pem files.
|
|
TESTKEYS=${SRCDIR}/tests/testkeys
|
|
|
|
# Demonstrate that we can recreate the same vb1 keys without the .keyb files
|
|
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
|
|
for hash in sha1 sha256 sha512; do
|
|
${FUTILITY} --vb1 create --hash_alg "${hash}" \
|
|
"${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
|
|
cmp "${TESTKEYS}/key_${sig}.${hash}.vbprivk" \
|
|
"${TMP}_key_${sig}.${hash}.vbprivk"
|
|
cmp "${TESTKEYS}/key_${sig}.${hash}.vbpubk" \
|
|
"${TMP}_key_${sig}.${hash}.vbpubk"
|
|
done
|
|
done
|
|
|
|
|
|
# Demonstrate that we can create some vb21 keypairs. This doesn't prove
|
|
# prove anything until we've used them to sign some stuff, though.
|
|
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
|
|
for hash in sha1 sha256 sha512; do
|
|
${FUTILITY} --vb21 create --hash_alg "${hash}" \
|
|
"${TESTKEYS}/key_${sig}.pem" "${TMP}_key_${sig}.${hash}"
|
|
done
|
|
done
|
|
|
|
# Demonstrate that the sha1sums are the same for all the keys created from the
|
|
# same .pem files, both public and private, vb1 and vb21.
|
|
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
|
|
pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" |
|
|
awk '/sha1sum/ {print $3}')
|
|
# expect only one
|
|
[ $(echo "$pem_sum" | wc -w) = 1 ]
|
|
num_keys=$(echo ${TMP}_key_${sig}.* | wc -w)
|
|
key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* |
|
|
awk '/sha1sum:|ID:/ {print $NF}')
|
|
num_sums=$(echo "$key_sums" | wc -w)
|
|
# expect one sha1sum (or ID) line per file
|
|
[ "$num_keys" = "$num_sums" ]
|
|
uniq_sums=$(echo "$key_sums" | uniq)
|
|
# note that this also tests that all the key_sums are the same
|
|
[ "$pem_sum" = "$uniq_sums" ]
|
|
done
|
|
|
|
# Demonstrate that we can create some vb21 public key from PEM containing
|
|
# only the pubkeypairs and verify it's the same as the one generated from
|
|
# the private key.
|
|
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
|
|
for hash in sha1 sha256 sha512; do
|
|
${FUTILITY} --vb21 create --hash_alg "${hash}" \
|
|
"${TESTKEYS}/key_${sig}.pub.pem" "${TMP}_key_${sig}.pubonly.${hash}"
|
|
cmp "${TMP}_key_${sig}.pubonly.${hash}.vbpubk2" \
|
|
"${TMP}_key_${sig}.${hash}.vbpubk2"
|
|
done
|
|
done
|
|
|
|
# cleanup
|
|
rm -rf ${TMP}*
|
|
exit 0
|