• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2
3#
4# Copyright (C) 2016 The Android Open Source Project
5#
6# Permission is hereby granted, free of charge, to any person
7# obtaining a copy of this software and associated documentation
8# files (the "Software"), to deal in the Software without
9# restriction, including without limitation the rights to use, copy,
10# modify, merge, publish, distribute, sublicense, and/or sell copies
11# of the Software, and to permit persons to whom the Software is
12# furnished to do so, subject to the following conditions:
13#
14# The above copyright notice and this permission notice shall be
15# included in all copies or substantial portions of the Software.
16#
17# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
21# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
22# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
23# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24# SOFTWARE.
25#
26
27# This shell-script generates ATX test data in the working directory.
28# An avbtool executable is assumed to reside in the parent directory
29# of this script.
30#
31# The *atx* test data in the test/data/ directory was generated with
32# this script. It is consistent with the expectations of avbtool unit
33# tests and ATX unit tests. This script exists as a record of how the
34# data was generated and as a convenience if it ever needs to be
35# generated again.
36#
37# Typical usage:
38#
39#  $ cd test/data; ../avb_atx_generate_test_data
40
41set -e
42
43TMP_FILE=$(mktemp /tmp/atx_generator.XXXXXXXXXX)
44trap "rm -f '${TMP_FILE}'" EXIT
45
46AVBTOOL=$(dirname "$0")/../avbtool
47
48echo AVBTOOL = ${AVBTOOL}
49
50# Get a zero product ID.
51echo 00000000000000000000000000000000 | xxd -r -p - atx_product_id.bin
52
53# Generate key pairs.
54if [ ! -f testkey_atx_prk.pem ]; then
55  openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \
56    -out testkey_atx_prk.pem
57fi
58if [ ! -f testkey_atx_pik.pem ]; then
59  openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \
60    -out testkey_atx_pik.pem
61fi
62if [ ! -f testkey_atx_psk.pem ]; then
63  openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \
64    -out testkey_atx_psk.pem
65fi
66if [ ! -f testkey_atx_puk.pem ]; then
67  openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \
68    -out testkey_atx_puk.pem
69fi
70
71# Construct permanent attributes.
72${AVBTOOL} make_atx_permanent_attributes --output=atx_permanent_attributes.bin \
73  --product_id=atx_product_id.bin --root_authority_key=testkey_atx_prk.pem
74
75# Construct a PIK certificate.
76echo -n "fake PIK subject" > ${TMP_FILE}
77${AVBTOOL} make_atx_certificate --output=atx_pik_certificate.bin \
78  --subject=${TMP_FILE} --subject_key=testkey_atx_pik.pem \
79  --subject_is_intermediate_authority --subject_key_version 42 \
80  --authority_key=testkey_atx_prk.pem
81
82# Construct a PSK certificate.
83${AVBTOOL} make_atx_certificate --output=atx_psk_certificate.bin \
84  --subject=atx_product_id.bin --subject_key=testkey_atx_psk.pem \
85  --subject_key_version 42 --authority_key=testkey_atx_pik.pem
86
87# Construct metadata.
88${AVBTOOL} make_atx_metadata --output=atx_metadata.bin \
89  --intermediate_key_certificate=atx_pik_certificate.bin \
90  --product_key_certificate=atx_psk_certificate.bin
91
92# Generate a random unlock challenge.
93head -c 16 /dev/urandom > atx_unlock_challenge.bin
94
95# Construct a PUK certificate.
96${AVBTOOL} make_atx_certificate --output=atx_puk_certificate.bin \
97  --subject=atx_product_id.bin --subject_key=testkey_atx_puk.pem \
98  --usage=com.google.android.things.vboot.unlock --subject_key_version 42 \
99  --authority_key=testkey_atx_pik.pem
100
101# Construct an unlock credential.
102${AVBTOOL} make_atx_unlock_credential --output=atx_unlock_credential.bin \
103  --intermediate_key_certificate=atx_pik_certificate.bin \
104  --unlock_key_certificate=atx_puk_certificate.bin \
105  --challenge=atx_unlock_challenge.bin --unlock_key=testkey_atx_puk.pem
106