#!/bin/sh -ex

dir=$(mktemp -d)

mkdir -p "$dir/keys"

cd "$dir/keys"

/usr/share/libexec/imx-code-signing-tool/pki_scripts/hab4_pki_tree.sh -existing-ca n -kt ecc -kl p256 -num-srk 1 -duration 100 -srk-ca y

cd "$dir/crts"

srktool -h 4 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -d sha256 -c SRK1_sha256_secp256r1_v3_ca_crt.pem

cd "$dir"

cat > hab4.csf <<EOF
[Header]
  Version = 4.0
  Hash Algorithm = sha256
  Engine = ANY
  Engine Configuration = 0
  Certificate Format = X509
  Signature Format = CMS

[Install SRK]
  File = "crts/SRK_1_2_3_4_table.bin"
  Source Index = 0

[Install CSFK]
  File = "crts/CSF1_1_sha256_secp256r1_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
  Verification Index = 0
  Target Index = 2
  File = "crts/IMG1_1_sha256_secp256r1_v3_usr_crt.pem"
EOF

cst -i hab4.csf -o csf.bin

test -f csf.bin

cat > expected-csf.log <<EOF
SRK Table file created

CSF Certificate Detected

IMG Certificate Detected

Certificate file created

Certificate file created

Signature file created

EOF

csf_parser -c csf.bin > csf.log

cmp -l csf.log expected-csf.log
