#!/bin/bash # # Copyright (C) 2016 The Android Open Source Project # # Permission is hereby granted, free of charge, to any person # obtaining a copy of this software and associated documentation # files (the "Software"), to deal in the Software without # restriction, including without limitation the rights to use, copy, # modify, merge, publish, distribute, sublicense, and/or sell copies # of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be # included in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. # # This shell-script generates ATX test data in the working directory. # An avbtool executable is assumed to reside in the parent directory # of this script. # # The *atx* test data in the test/data/ directory was generated with # this script. It is consistent with the expectations of avbtool unit # tests and ATX unit tests. This script exists as a record of how the # data was generated and as a convenience if it ever needs to be # generated again. # # Typical usage: # # $ cd test/data; ../avb_atx_generate_test_data set -e TMP_FILE=$(mktemp /tmp/atx_generator.XXXXXXXXXX) trap "rm -f '${TMP_FILE}'" EXIT AVBTOOL=$(dirname "$0")/../avbtool echo AVBTOOL = ${AVBTOOL} # Get a zero product ID. echo 00000000000000000000000000000000 | xxd -r -p - atx_product_id.bin # Generate key pairs. if [ ! -f testkey_atx_prk.pem ]; then openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \ -out testkey_atx_prk.pem fi if [ ! -f testkey_atx_pik.pem ]; then openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \ -out testkey_atx_pik.pem fi if [ ! -f testkey_atx_psk.pem ]; then openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \ -out testkey_atx_psk.pem fi if [ ! -f testkey_atx_puk.pem ]; then openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \ -out testkey_atx_puk.pem fi # Construct permanent attributes. ${AVBTOOL} make_atx_permanent_attributes --output=atx_permanent_attributes.bin \ --product_id=atx_product_id.bin --root_authority_key=testkey_atx_prk.pem # Construct a PIK certificate. echo -n "fake PIK subject" > ${TMP_FILE} ${AVBTOOL} make_atx_certificate --output=atx_pik_certificate.bin \ --subject=${TMP_FILE} --subject_key=testkey_atx_pik.pem \ --subject_is_intermediate_authority --subject_key_version 42 \ --authority_key=testkey_atx_prk.pem # Construct a PSK certificate. ${AVBTOOL} make_atx_certificate --output=atx_psk_certificate.bin \ --subject=atx_product_id.bin --subject_key=testkey_atx_psk.pem \ --subject_key_version 42 --authority_key=testkey_atx_pik.pem # Construct metadata. ${AVBTOOL} make_atx_metadata --output=atx_metadata.bin \ --intermediate_key_certificate=atx_pik_certificate.bin \ --product_key_certificate=atx_psk_certificate.bin # Generate a random unlock challenge. head -c 16 /dev/urandom > atx_unlock_challenge.bin # Construct a PUK certificate. ${AVBTOOL} make_atx_certificate --output=atx_puk_certificate.bin \ --subject=atx_product_id.bin --subject_key=testkey_atx_puk.pem \ --usage=com.google.android.things.vboot.unlock --subject_key_version 42 \ --authority_key=testkey_atx_pik.pem # Construct an unlock credential. ${AVBTOOL} make_atx_unlock_credential --output=atx_unlock_credential.bin \ --intermediate_key_certificate=atx_pik_certificate.bin \ --unlock_key_certificate=atx_puk_certificate.bin \ --challenge=atx_unlock_challenge.bin --unlock_key=testkey_atx_puk.pem