| #!/bin/bash |
| |
| # Copyright (c) 2013 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Run verified boot firmware and kernel verification tests. |
| |
| # Load common constants and variables. |
| . "$(dirname "$0")/common.sh" |
| |
| return_code=0 |
| |
| function test_vboot_common { |
| ${TEST_DIR}/vboot_common_tests |
| if [ $? -ne 0 ] |
| then |
| return_code=255 |
| fi |
| } |
| |
| # Test a single key+hash algorithm |
| function test_vboot_common2_single { |
| local algonum=$1 |
| local keylen=$2 |
| local hashalgo=$3 |
| echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" |
| echo ${TEST_DIR}/vboot_common2_tests $algonum \ |
| ${TESTKEY_DIR}/key_rsa${keylen}.pem \ |
| ${TESTKEY_DIR}/key_rsa${keylen}.keyb |
| ${TEST_DIR}/vboot_common2_tests $algonum \ |
| ${TESTKEY_DIR}/key_rsa${keylen}.pem \ |
| ${TESTKEY_DIR}/key_rsa${keylen}.keyb |
| if [ $? -ne 0 ] |
| then |
| return_code=255 |
| fi |
| } |
| |
| # Test all key+hash algorithms |
| function test_vboot_common2_all { |
| algorithmcounter=0 |
| for keylen in ${key_lengths[@]} |
| do |
| for hashalgo in ${hash_algos[@]} |
| do |
| test_vboot_common2_single $algorithmcounter $keylen $hashalgo |
| let algorithmcounter=algorithmcounter+1 |
| done |
| done |
| } |
| |
| # Test only the algorithms we actually use |
| function test_vboot_common2 { |
| test_vboot_common2_single 4 2048 sha256 |
| test_vboot_common2_single 7 4096 sha256 |
| test_vboot_common2_single 11 8192 sha512 |
| } |
| |
| # Test a single block algorithm + data algorithm |
| function test_vboot_common3_single { |
| local signing_algonum=$1 |
| local signing_keylen=$2 |
| local signing_hashalgo=$3 |
| local data_algonum=$4 |
| local data_keylen=$5 |
| local data_hashalgo=$6 |
| |
| echo -e "For ${COL_YELLOW}signing algorithm \ |
| RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \ |
| and ${COL_YELLOW}data signing algorithm RSA-${data_keylen}/\ |
| ${data_hashalgo}${COL_STOP}" |
| ${TEST_DIR}/vboot_common3_tests \ |
| $signing_algonum $data_algonum \ |
| ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ |
| ${TESTKEY_DIR}/key_rsa${signing_keylen}.keyb \ |
| ${TESTKEY_DIR}/key_rsa${data_keylen}.pem \ |
| ${TESTKEY_DIR}/key_rsa${data_keylen}.keyb |
| if [ $? -ne 0 ] |
| then |
| return_code=255 |
| fi |
| } |
| |
| # Test all combinations of key block signing algorithm and data signing |
| # algorithm |
| function test_vboot_common3_all { |
| signing_algorithmcounter=0 |
| data_algorithmcounter=0 |
| for signing_keylen in ${key_lengths[@]} |
| do |
| for signing_hashalgo in ${hash_algos[@]} |
| do |
| let data_algorithmcounter=0 |
| for data_keylen in ${key_lengths[@]} |
| do |
| for data_hashalgo in ${hash_algos[@]} |
| do |
| test_vboot_common3_single \ |
| $signing_algorithmcounter $signing_keylen $signing_hashalgo \ |
| $data_algorithmcounter $data_keylen $data_hashalgo |
| let data_algorithmcounter=data_algorithmcounter+1 |
| done |
| done |
| let signing_algorithmcounter=signing_algorithmcounter+1 |
| done |
| done |
| } |
| |
| # Test only the combinations of key block signing algorithm and data signing |
| # algorithm that we actually use |
| function test_vboot_common3 { |
| test_vboot_common3_single 7 4096 sha256 4 2048 sha256 |
| test_vboot_common3_single 11 8192 sha512 4 2048 sha256 |
| test_vboot_common3_single 11 8192 sha512 7 4096 sha256 |
| } |
| |
| check_test_keys |
| echo |
| echo "Testing vboot_common tests which don't depend on keys..." |
| test_vboot_common |
| |
| echo |
| echo "Testing vboot_common tests which depend on one key..." |
| if [ "$1" == "--all" ] ; then |
| test_vboot_common2_all |
| else |
| test_vboot_common2 |
| fi |
| |
| echo |
| echo "Testing vboot_common tests which depend on two keys..." |
| if [ "$1" == "--all" ] ; then |
| test_vboot_common3_all |
| else |
| test_vboot_common3 |
| fi |
| |
| exit $return_code |