#!/bin/bash -eux
# Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

me=${0##*/}
TMP="$me.tmp"

# Work in scratch directory
cd "$OUTDIR"

DEVKEYS=${SRCDIR}/tests/devkeys
TESTKEYS=${SRCDIR}/tests/testkeys

echo 'Creating test kernel'

# Dummy kernel data
echo "hi there" > ${TMP}.config.txt
dd if=/dev/urandom bs=16384 count=1 of=${TMP}.bootloader.bin
dd if=/dev/urandom bs=32768 count=1 of=${TMP}.kernel.bin

# Pack kernel data key using original vboot utilities.
${FUTILITY} vbutil_key --pack ${TMP}.datakey.test \
    --key ${TESTKEYS}/key_rsa2048.keyb --algorithm 4

# Keyblock with kernel data key is signed by kernel subkey
# Flags=5 means dev=0 rec=0
${FUTILITY} vbutil_keyblock --pack ${TMP}.keyblock.test \
    --datapubkey ${TMP}.datakey.test \
    --flags 5 \
    --signprivate ${DEVKEYS}/kernel_subkey.vbprivk

# Kernel preamble is signed with the kernel data key
${FUTILITY} vbutil_kernel \
    --pack ${TMP}.kernel.test \
    --keyblock ${TMP}.keyblock.test \
    --signprivate ${TESTKEYS}/key_rsa2048.sha256.vbprivk \
    --version 1 \
    --arch arm \
    --vmlinuz ${TMP}.kernel.bin \
    --bootloader ${TMP}.bootloader.bin \
    --config ${TMP}.config.txt

echo 'Verifying test kernel'

# Verify the kernel
${FUTILITY} show ${TMP}.kernel.test \
    --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
  | egrep 'Signature.*valid'

echo 'Test kernel blob looks good'

# Mess up the padding, make sure it fails.
rc=0
${FUTILITY} show ${TMP}.kernel.test \
    --pad 0x100 \
    --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
  || rc=$?
[ $rc -ne 0 ]
[ $rc -lt 128 ]

echo 'Invalid args are invalid'

# Look waaaaaay off the end of the file, make sure it fails.
rc=0
${FUTILITY} show ${TMP}.kernel.test \
    --pad 0x100000 \
    --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
  || rc=$?
[ $rc -ne 0 ]
[ $rc -lt 128 ]

echo 'Really invalid args are still invalid'

# cleanup
rm -rf ${TMP}*
exit 0