#!/bin/bash

# Copyright 2014 The ChromiumOS Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# End-to-end test for vboot2 firmware verification

# Load common constants and variables.
. "$(dirname "$0")/common.sh"

set -e

echo 'Creating test firmware'

# Run tests in a dedicated directory for easy cleanup or debugging.
DIR="${TEST_DIR}/vb2fw_test_dir"
[ -d "$DIR" ] || mkdir -p "$DIR"
echo "Testing vb2_verify_fw in $DIR"
cd "$DIR"

# Dummy firmware body
echo 'This is a test firmware body.  This is only a test.  Lalalalala' \
    > body.test

algo_to_rsa()
{
  case $1 in
  0|1|2) printf "rsa1024";;
  3|4|5) printf "rsa2048";;
  6|7|8) printf "rsa4096";;
  9|10|11) printf "rsa8192";;
  *) exit 1;;
  esac
}

algo_to_sha()
{
  case $1 in
  0|3|6|9) printf "sha1";;
  1|4|7|10) printf "sha256";;
  2|5|8|11) printf "sha512";;
  *) exit 1;;
  esac
}

run_test()
{
  local root_algo=$1
  local fw_algo=$2
  local kern_algo=$3

  local root_rsa
  local fw_rsa
  local kern_rsa
  root_rsa="$(algo_to_rsa "${root_algo}")"
  fw_rsa="$(algo_to_rsa "${fw_algo}")"
  kern_rsa="$(algo_to_rsa "${kern_algo}")"

  local root_sha
  local fw_sha
  root_sha="$(algo_to_sha "${root_algo}")"
  fw_sha="$(algo_to_sha "${fw_algo}")"

  # Pack keys using original vboot utilities
  "${FUTILITY}" vbutil_key --pack rootkey.test \
      --key "${TESTKEY_DIR}/key_${root_rsa}.keyb" \
      --algorithm "${root_algo}"
  "${FUTILITY}" vbutil_key --pack fwsubkey.test \
      --key "${TESTKEY_DIR}/key_${fw_rsa}.keyb" \
      --algorithm "${fw_algo}"
  "${FUTILITY}" vbutil_key --pack kernkey.test \
      --key "${TESTKEY_DIR}/key_${kern_rsa}.keyb" \
      --algorithm "${kern_algo}"

  # Create a GBB with the root key
  "${FUTILITY}" gbb -c 128,2400,0,0 gbb.test
  "${FUTILITY}" gbb gbb.test -s --hwid='Test GBB' \
    --rootkey=rootkey.test

  # Keyblock with firmware subkey is signed by root key
  "${FUTILITY}" vbutil_keyblock --pack keyblock.test \
      --datapubkey fwsubkey.test \
      --signprivate "${TESTKEY_DIR}/key_${root_rsa}.${root_sha}.vbprivk"

  # Firmware preamble is signed with the firmware subkey
  "${FUTILITY}" sign \
    --version 1 \
    --signprivate "${TESTKEY_DIR}/key_${fw_rsa}.${fw_sha}.vbprivk" \
    --keyblock keyblock.test \
    --kernelkey kernkey.test \
    --fv body.test \
    --outfile vblock.test

  echo "Verifying test firmware using vb2_verify_fw" \
    "(root=${root_algo}, fw=${fw_algo}, kernel=${kern_algo})"

  # Verify the firmware using vboot2 checks
  "${TEST_DIR}/vb20_verify_fw" gbb.test vblock.test body.test
  if [ -e "${TEST_DIR}/vb20_hwcrypto_verify_fw" ]
  then
    echo "Verifying test firmware using vb20_hwcrypto_verify_fw" \
      "(root=${root_algo}, fw=${fw_algo}, kernel=${kern_algo})"
    "${TEST_DIR}/vb20_hwcrypto_verify_fw" gbb.test vblock.test body.test
  fi

  happy 'vb2_verify_fw succeeded'
}

run_test 11 7 4
run_test 11 11 11
run_test 1 1 1