diff options
Diffstat (limited to 'util/broadcom/secimage/test/hmac.sh')
| -rwxr-xr-x | util/broadcom/secimage/test/hmac.sh | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/util/broadcom/secimage/test/hmac.sh b/util/broadcom/secimage/test/hmac.sh new file mode 100755 index 0000000000..21176bded9 --- /dev/null +++ b/util/broadcom/secimage/test/hmac.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +## +## This file is part of the coreboot project. +## +## Copyright (C) 2003-2018 Alex Thiessen <alex.thiessen.de+coreboot@gmail.com> +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 3 or later of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## SPDX-License-Identifier: GPL-3.0-or-later +## <https://spdx.org/licenses/GPL-3.0-or-later.html> +## + +set -o errexit +set -o nounset +set -o pipefail + +# static analysis +if command -v shellcheck 1>/dev/null; then + shellcheck "${BASH_SOURCE[0]}" +else + echo "shellcheck not found, running unchecked" >&2 +fi + +# dependency check +dependencies=(basename diff dirname head mkdir mktemp openssl rm tail xxd) +for dependency in "${dependencies[@]}"; do + if ! command -v "${dependency}" 1>/dev/null; then + echo "missing ${dependency}, test skipped" >&2 + exit 0 + fi +done + +# parameters +if [ ${#} -ne 1 ]; then + echo "usage: '${0}' <testee>" + exit 1 +fi + +# setup +testee="${1}" +declare -i header_len=16 signature_len=32 +tmp_dir="$(mktemp --directory --tmpdir secimage-test-XXXXXXXX)" +shopt -s globstar nullglob +for dump_file in test/data/**/*.xxdump; do + bin_file_dir="${tmp_dir}/$(dirname "${dump_file#test/data/}")" + mkdir --parents "${bin_file_dir}" + xxd -r "${dump_file}" \ + "${bin_file_dir}/$(basename "${dump_file}" .xxdump)" +done +tail --bytes=+$((header_len + 1)) "${tmp_dir}/expected/binary" \ + | head --bytes=-${signature_len} \ + | openssl dgst -sha256 -mac hmac \ + -macopt hexkey:"$(xxd -c$((signature_len * 2)) -ps \ + "${tmp_dir}/input/hmac_binary_key")" \ + -binary \ + > "${tmp_dir}/expected/signature" +mkdir "${tmp_dir}/actual" + +# test +"${testee}" \ + -out "${tmp_dir}/actual/binary" \ + -config "${tmp_dir}/input/configfile" \ + -hmac "${tmp_dir}/input/hmac_binary_key" \ + -bl "${tmp_dir}/input/binary" +tail --bytes=${signature_len} "${tmp_dir}/actual/binary" \ + > "${tmp_dir}/actual/signature" +diff --recursive "${tmp_dir}/actual" "${tmp_dir}/expected" 1>/dev/null + +# teardown +rm --force --recursive "${tmp_dir}" |