From f3101060309281da2095744ca77a84e3d9703755 Mon Sep 17 00:00:00 2001
From: Nicolas Boichat <drinkcat@google.com>
Date: Wed, 8 Feb 2017 12:44:42 +0800
Subject: [PATCH] tests: Add simple test for rwsig images

This tests that futility can correctly create and verify rwsig images.
Note that we do not test RSA 8192, as the signature is longer than
1024 bytes, and the test logic would need to be changed.

BRANCH=none
BUG=chromium:684354
TEST=make runfutiltests

Change-Id: I690e59fe8fa3e273dd81176211c58e1677fa720f
Reviewed-on: https://chromium-review.googlesource.com/438950
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
---
 tests/futility/run_test_scripts.sh |  1 +
 tests/futility/test_show_rwsig.sh  | 46 ++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100755 tests/futility/test_show_rwsig.sh

diff --git a/tests/futility/run_test_scripts.sh b/tests/futility/run_test_scripts.sh
index fe19f15b44..b817c43066 100755
--- a/tests/futility/run_test_scripts.sh
+++ b/tests/futility/run_test_scripts.sh
@@ -48,6 +48,7 @@ ${SCRIPTDIR}/test_load_fmap.sh
 ${SCRIPTDIR}/test_main.sh
 ${SCRIPTDIR}/test_show_contents.sh
 ${SCRIPTDIR}/test_show_kernel.sh
+${SCRIPTDIR}/test_show_rwsig.sh
 ${SCRIPTDIR}/test_show_vs_verify.sh
 ${SCRIPTDIR}/test_show_usbpd1.sh
 ${SCRIPTDIR}/test_sign_firmware.sh
diff --git a/tests/futility/test_show_rwsig.sh b/tests/futility/test_show_rwsig.sh
new file mode 100755
index 0000000000..7ff2557174
--- /dev/null
+++ b/tests/futility/test_show_rwsig.sh
@@ -0,0 +1,46 @@
+#!/bin/bash -eux
+# Copyright 2017 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+me=${0##*/}
+TMP="$me.tmp"
+
+# Work in scratch directory
+cd "$OUTDIR"
+
+DATADIR="${SCRIPTDIR}/data"
+TESTKEYS=${SRCDIR}/tests/testkeys
+
+# Do not test 8192 as the signature length is > 1024 bytes
+SIGS="1024 2048 4096"
+HASHES="SHA1 SHA256 SHA512"
+
+set -o pipefail
+
+for s in $SIGS; do
+    echo -n "$s " 1>&3
+
+    for h in $HASHES; do
+        pemfile=${TESTKEYS}/key_rsa${s}.pem
+        outfile=${TMP}.${s}_${h}.new
+        infile=${DATADIR}/random_noise.bin
+        outkeys=${TMP}.${s}_${h}
+        outsig=${TMP}.${s}_${h}.signature
+
+        ${FUTILITY} create --desc "Test key" --hash_alg ${h} \
+                    ${pemfile} ${outkeys}
+
+        ${FUTILITY} sign --type rwsig --prikey ${outkeys}.vbprik2 \
+                ${infile} ${outsig}
+        dd if=/dev/zero bs=$((4096 + 1024)) count=1 of=${outfile}
+        dd if=${infile} of=${outfile} conv=notrunc
+        dd if=${outsig} of=${outfile} bs=4096 seek=1 conv=notrunc
+
+        ${FUTILITY} show --type rwsig --pubkey ${outkeys}.vbpubk2 ${outfile}
+    done
+done
+
+# cleanup
+rm -rf ${TMP}*
+exit 0