diff options
author | Gaurav Shah <gauravsh@chromium.org> | 2010-10-29 10:59:50 -0700 |
---|---|---|
committer | Gaurav Shah <gauravsh@chromium.org> | 2010-10-29 10:59:50 -0700 |
commit | 068fc6f251bc80190ad976d18ffe4726a3f33026 (patch) | |
tree | d9e49579d2ca23b3ec38c829207cda70b634acc7 /tests/run_vbutil_tests.sh | |
parent | 10fce4aa5d30f5cfcff5371f0a097165dd5901a7 (diff) | |
download | vboot-068fc6f251bc80190ad976d18ffe4726a3f33026.tar.gz |
Add support for using external signing application and .pem private key files to vbutil_keyblock.
This allows signing using a .pem file using an external program.
It is assumed that the external program reads input from stdin, and outputs signed data on stdout. It takes one argument - the file name for the .pem private key reference. See external_rsa_signer.sh for an example external program.
Example usage:
vbutil_keyblock --pack 4096.keyblock \
--datapubkey 4096.vbpubk \
--signprivate_pem 4096.pem \
--pem_algorithm 8 \
--externalsigner "external_rsa_signer.sh"
I have tried to make the change such that it doesn't impact existing tools/interfaces (since these are used at various places). That said, I am aware of the places where we could just extend an old interface an avoid code duplication but thought I'd put that re-factoring in as a TODO for now. Let me know if you disagree and I can merge them (and changing the existing interface).
BUG=7576
TEST=Extended run_vbutil_tests.sh to test vbutil_keyblock packing using an external signer.
To test, make && make runtests (or just run tests/gen_test_keys.sh; tests/run_vbutils_tests.sh)
Review URL: http://codereview.chromium.org/4194003
Change-Id: I7cc52c8293c04ef9ba074794d046c9a4f19f6bdd
Diffstat (limited to 'tests/run_vbutil_tests.sh')
-rwxr-xr-x | tests/run_vbutil_tests.sh | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/tests/run_vbutil_tests.sh b/tests/run_vbutil_tests.sh index b8811305..b56f4c12 100755 --- a/tests/run_vbutil_tests.sh +++ b/tests/run_vbutil_tests.sh @@ -124,6 +124,46 @@ ${datahashalgo}${COL_STOP}" exit 1 fi + echo -e "${COL_YELLOW}Testing keyblock creation using \ +external signer.${COL_STOP}" + # Pack using external signer + # Pack + ${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \ + --datapubkey \ + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ + --signprivate_pem \ + ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ + --pem_algorithm "${signing_algorithmcounter}" \ + --externalsigner "${SCRIPT_DIR}/external_rsa_signer.sh" + + if [ $? -ne 0 ] + then + echo -e "${COL_RED}Pack${COL_STOP}" + return_code=255 + fi + + # Unpack + ${UTIL_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ + --datapubkey \ + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk2 \ + --signpubkey \ + ${TESTKEY_SCRATCH_DIR}/key_alg${signing_algorithmcounter}.vbpubk + if [ $? -ne 0 ] + then + echo -e "${COL_RED}Unpack${COL_STOP}" + return_code=255 + fi + + # Check + if ! cmp -s \ + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk2 + then + echo -e "${COL_RED}Check${COL_STOP}" + return_code=255 + exit 1 + fi + let data_algorithmcounter=data_algorithmcounter+1 done done |