vboot2: Move knowledge of vboot 2.1 data structures inside lib21/
Code which compiles against fwlib2 no longer knows or cares about the
new data structures. This should shrink fwlib2 a bit. This is part 3
of 4 changes which split vboot 2.0 struct handling (old vboot1
structs) from vboot 2.1 struct handling (new style structs).
No functional changes; just shuffling around code.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
And compile firmware for veyron_pinky.
Change-Id: Ibccd7d1974e07f38b90c19c924ef3b1ffcb77d62
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233020
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
diff --git a/Makefile b/Makefile
index ff00d34..b56818a 100644
--- a/Makefile
+++ b/Makefile
@@ -278,13 +278,12 @@
firmware/lib/region-kernel.c \
# Firmware library source needed for smaller library 2
-FWLIB20_SRCS = \
+FWLIB2_SRCS = \
firmware/2lib/2api.c \
firmware/2lib/2common.c \
firmware/2lib/2crc8.c \
firmware/2lib/2misc.c \
firmware/2lib/2nvstorage.c \
- firmware/2lib/2packed_key.c \
firmware/2lib/2rsa.c \
firmware/2lib/2secdata.c \
firmware/2lib/2sha1.c \
@@ -292,6 +291,9 @@
firmware/2lib/2sha512.c \
firmware/2lib/2sha_utility.c
+FWLIB20_SRCS = \
+ firmware/2lib/2packed_key.c
+
FWLIB21_SRCS = \
firmware/lib21/api.c \
firmware/lib21/common.c \
@@ -332,7 +334,7 @@
firmware/stub/vboot_api_stub_disk.c \
firmware/stub/vboot_api_stub_stream.c
-FWLIB20_SRCS += \
+FWLIB2_SRCS += \
firmware/2lib/2stub.c
endif
@@ -345,13 +347,14 @@
ALL_OBJS += ${VBINIT_OBJS} ${VBSF_OBJS}
FWLIB_OBJS = ${FWLIB_SRCS:%.c=${BUILD}/%.o}
+FWLIB2_OBJS = ${FWLIB2_SRCS:%.c=${BUILD}/%.o}
FWLIB20_OBJS = ${FWLIB20_SRCS:%.c=${BUILD}/%.o}
FWLIB21_OBJS = ${FWLIB21_SRCS:%.c=${BUILD}/%.o}
-ALL_OBJS += ${FWLIB_OBJS} ${FWLIB20_OBJS} ${FWLIB21_OBJS}
+ALL_OBJS += ${FWLIB_OBJS} ${FWLIB2_OBJS} ${FWLIB20_OBJS} ${FWLIB21_OBJS}
# Intermediate library for the vboot_reference utilities to link against.
UTILLIB = ${BUILD}/libvboot_util.a
-UTILLIB21 = ${BUILD}/libvboot_util20.a
+UTILLIB21 = ${BUILD}/libvboot_util21.a
UTILLIB_SRCS = \
cgpt/cgpt_create.c \
@@ -630,26 +633,30 @@
TEST20_NAMES = \
tests/vb2_api_tests \
- tests/vb2_api2_tests \
tests/vb2_common_tests \
tests/vb2_common2_tests \
tests/vb2_common3_tests \
- tests/vb2_host_fw_preamble_tests \
- tests/vb2_host_key_tests \
- tests/vb2_host_keyblock_tests \
- tests/vb2_host_misc_tests \
- tests/vb2_host_sig_tests \
tests/vb2_misc_tests \
tests/vb2_misc2_tests \
- tests/vb2_misc3_tests \
tests/vb2_nvstorage_tests \
tests/vb2_rsa_padding_tests \
tests/vb2_rsa_utility_tests \
tests/vb2_secdata_tests \
- tests/vb2_sha_tests \
+ tests/vb2_sha_tests
+
+TEST21_NAMES = \
+ tests/vb21_api_tests \
+ tests/vb21_common_tests \
+ tests/vb21_common2_tests \
+ tests/vb21_misc_tests \
+ tests/vb21_host_fw_preamble_tests \
+ tests/vb21_host_key_tests \
+ tests/vb21_host_keyblock_tests \
+ tests/vb21_host_misc_tests \
+ tests/vb21_host_sig_tests
ifneq (${VBOOT2},)
-TEST_NAMES += ${TEST20_NAMES}
+TEST_NAMES += ${TEST20_NAMES} ${TEST21_NAMES}
endif
# And a few more...
@@ -673,6 +680,7 @@
TEST_OBJS += $(addsuffix .o,${TEST_BINS})
TEST20_BINS = $(addprefix ${BUILD}/,${TEST20_NAMES})
+TEST21_BINS = $(addprefix ${BUILD}/,${TEST21_NAMES})
# Directory containing test keys
TEST_KEYS = ${SRC_RUN}/tests/testkeys
@@ -738,6 +746,7 @@
ifeq (${FIRMWARE_ARCH},i386)
# Unrolling loops in cryptolib makes it faster
${FWLIB_OBJS}: CFLAGS += -DUNROLL_LOOPS
+${FWLIB2_OBJS}: CFLAGS += -DUNROLL_LOOPS
${FWLIB20_OBJS}: CFLAGS += -DUNROLL_LOOPS
${FWLIB21_OBJS}: CFLAGS += -DUNROLL_LOOPS
@@ -763,6 +772,8 @@
${FWLIB_OBJS}: CFLAGS += -DDISABLE_ROLLBACK_TPM
endif
+${FWLIB21_OBJS}: INCLUDES += -Ifirmware/lib21/include
+
# Linktest ensures firmware lib doesn't rely on outside libraries
${BUILD}/firmware/linktest/main_vbinit: ${VBINIT_OBJS}
${BUILD}/firmware/linktest/main_vbinit: OBJS = ${VBINIT_OBJS}
@@ -792,7 +803,7 @@
.PHONY: fwlib2
fwlib2: ${FWLIB20}
-${FWLIB20}: ${FWLIB20_OBJS}
+${FWLIB20}: ${FWLIB2_OBJS} ${FWLIB20_OBJS}
@$(PRINTF) " RM $(subst ${BUILD}/,,$@)\n"
${Q}rm -f $@
@$(PRINTF) " AR $(subst ${BUILD}/,,$@)\n"
@@ -801,7 +812,7 @@
.PHONY: fwlib21
fwlib21: ${FWLIB21}
-${FWLIB21}: ${FWLIB21_OBJS}
+${FWLIB21}: ${FWLIB2_OBJS} ${FWLIB21_OBJS}
@$(PRINTF) " RM $(subst ${BUILD}/,,$@)\n"
${Q}rm -f $@
@$(PRINTF) " AR $(subst ${BUILD}/,,$@)\n"
@@ -829,10 +840,10 @@
.PHONY: utillib21
utillib21: ${UTILLIB21}
-${UTILLIB21}: INCLUDES += -Ihost/lib21/include
+${UTILLIB21}: INCLUDES += -Ihost/lib21/include -Ifirmware/lib21/include
# TODO: right now, firmware lib 2.1 isn't a complete standalone copy
-${UTILLIB21}: ${UTILLIB21_OBJS} ${FWLIB20_OBJS} ${FWLIB21_OBJS}
+${UTILLIB21}: ${UTILLIB21_OBJS} ${FWLIB2_OBJS} ${FWLIB20_OBJS} ${FWLIB21_OBJS}
@$(PRINTF) " RM $(subst ${BUILD}/,,$@)\n"
${Q}rm -f $@
@$(PRINTF) " AR $(subst ${BUILD}/,,$@)\n"
@@ -970,9 +981,12 @@
${TEST_BINS}: INCLUDES += -Itests
${TEST_BINS}: LIBS = ${TESTLIB} ${UTILLIB}
-${TEST20_BINS}: ${UTILLIB21}
-${TEST20_BINS}: INCLUDES += -Ihost/lib21/include
-${TEST20_BINS}: LIBS += ${UTILLIB21}
+${TEST20_BINS}: ${FWLIB20}
+${TEST20_BINS}: LIBS += ${FWLIB20}
+
+${TEST21_BINS}: ${UTILLIB21}
+${TEST21_BINS}: INCLUDES += -Ihost/lib21/include -Ifirmware/lib21/include
+${TEST21_BINS}: LIBS += ${UTILLIB21}
${TESTLIB}: ${TESTLIB_OBJS}
@$(PRINTF) " RM $(subst ${BUILD}/,,$@)\n"
@@ -1025,16 +1039,12 @@
${BUILD}/utility/signature_digest_utility: LDLIBS += ${CRYPTO_LIBS}
${BUILD}/host/linktest/main: LDLIBS += ${CRYPTO_LIBS}
-${BUILD}/tests/vb2_api2_tests: LDLIBS += ${CRYPTO_LIBS}
-${BUILD}/tests/vb2_common_tests: LDLIBS += ${CRYPTO_LIBS}
-${BUILD}/tests/vb2_common2_tests: LDLIBS += ${CRYPTO_LIBS}
-${BUILD}/tests/vb2_common3_tests: LDLIBS += ${CRYPTO_LIBS}
-${BUILD}/tests/vb2_host_fw_preamble_tests: LDLIBS += ${CRYPTO_LIBS}
-${BUILD}/tests/vb2_host_key_tests: LDLIBS += ${CRYPTO_LIBS}
-${BUILD}/tests/vb2_host_keyblock_tests: LDLIBS += ${CRYPTO_LIBS}
-${BUILD}/tests/vb2_host_sig_tests: LDLIBS += ${CRYPTO_LIBS}
${BUILD}/tests/vboot_common2_tests: LDLIBS += ${CRYPTO_LIBS}
${BUILD}/tests/vboot_common3_tests: LDLIBS += ${CRYPTO_LIBS}
+${BUILD}/tests/vb2_common2_tests: LDLIBS += ${CRYPTO_LIBS}
+${BUILD}/tests/vb2_common3_tests: LDLIBS += ${CRYPTO_LIBS}
+
+${TEST21_BINS}: LDLIBS += ${CRYPTO_LIBS}
${BUILD}/utility/bmpblk_utility: LD = ${CXX}
${BUILD}/utility/bmpblk_utility: LDLIBS = -llzma -lyaml
@@ -1208,22 +1218,24 @@
.PHONY: run2tests
run2tests: test_setup
${RUNTEST} ${BUILD_RUN}/tests/vb2_api_tests
- ${RUNTEST} ${BUILD_RUN}/tests/vb2_api2_tests
${RUNTEST} ${BUILD_RUN}/tests/vb2_common_tests
${RUNTEST} ${BUILD_RUN}/tests/vb2_common2_tests ${TEST_KEYS}
${RUNTEST} ${BUILD_RUN}/tests/vb2_common3_tests ${TEST_KEYS}
- ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_fw_preamble_tests ${TEST_KEYS}
- ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_key_tests ${TEST_KEYS}
- ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_keyblock_tests ${TEST_KEYS}
- ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_misc_tests
- ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_sig_tests ${TEST_KEYS}
${RUNTEST} ${BUILD_RUN}/tests/vb2_misc_tests
${RUNTEST} ${BUILD_RUN}/tests/vb2_misc2_tests
- ${RUNTEST} ${BUILD_RUN}/tests/vb2_misc3_tests
${RUNTEST} ${BUILD_RUN}/tests/vb2_nvstorage_tests
${RUNTEST} ${BUILD_RUN}/tests/vb2_rsa_utility_tests
${RUNTEST} ${BUILD_RUN}/tests/vb2_secdata_tests
${RUNTEST} ${BUILD_RUN}/tests/vb2_sha_tests
+ ${RUNTEST} ${BUILD_RUN}/tests/vb21_api_tests
+ ${RUNTEST} ${BUILD_RUN}/tests/vb21_common_tests
+ ${RUNTEST} ${BUILD_RUN}/tests/vb21_common2_tests ${TEST_KEYS}
+ ${RUNTEST} ${BUILD_RUN}/tests/vb21_misc_tests
+ ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_fw_preamble_tests ${TEST_KEYS}
+ ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_key_tests ${TEST_KEYS}
+ ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_keyblock_tests ${TEST_KEYS}
+ ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_misc_tests
+ ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_sig_tests ${TEST_KEYS}
.PHONY: runfutiltests
runfutiltests: test_setup
@@ -1240,6 +1252,7 @@
ifneq (${VBOOT2},)
${RUNTEST} ${BUILD_RUN}/tests/vb2_common2_tests ${TEST_KEYS} --all
${RUNTEST} ${BUILD_RUN}/tests/vb2_common3_tests ${TEST_KEYS} --all
+ ${RUNTEST} ${BUILD_RUN}/tests/vb21_common2_tests ${TEST_KEYS} --all
endif
tests/run_preamble_tests.sh --all
tests/run_vbutil_tests.sh --all
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index 1ea3f9e..672bd00 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -331,15 +331,6 @@
*/
const struct vb2_guid *vb2_hash_guid(enum vb2_hash_algorithm hash_alg);
-/**
- * Verify the integrity of a signature struct
- * @param sig Signature struct
- * @param size Size of buffer containing signature struct
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_verify_signature2(const struct vb2_signature2 *sig,
- uint32_t size);
-
/*
* Size of work buffer sufficient for vb2_verify_digest() or
* vb2_verify_digest2() worst case.
@@ -360,20 +351,6 @@
const uint8_t *digest,
const struct vb2_workbuf *wb);
-/**
- * Verify a signature against an expected hash digest.
- *
- * @param key Key to use in signature verification
- * @param sig Signature to verify (may be destroyed in process)
- * @param digest Digest of signed data
- * @param wb Work buffer
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_verify_digest2(const struct vb2_public_key *key,
- struct vb2_signature2 *sig,
- const uint8_t *digest,
- const struct vb2_workbuf *wb);
-
/*
* Size of work buffer sufficient for vb2_verify_data() or vb2_verify_data2()
* worst case.
@@ -400,12 +377,6 @@
const struct vb2_public_key *key,
const struct vb2_workbuf *wb);
-int vb2_verify_data2(const void *data,
- uint32_t size,
- struct vb2_signature2 *sig,
- const struct vb2_public_key *key,
- const struct vb2_workbuf *wb);
-
/*
* Size of work buffer sufficient for vb2_verify_keyblock() or
* vb2_verify_keyblock2() worst case.
@@ -429,11 +400,6 @@
const struct vb2_public_key *key,
const struct vb2_workbuf *wb);
-int vb2_verify_keyblock2(struct vb2_keyblock2 *block,
- uint32_t size,
- const struct vb2_public_key *key,
- const struct vb2_workbuf *wb);
-
/*
* Size of work buffer sufficient for vb2_verify_fw_preamble() or
* vb2_verify_fw_preamble2() worst case.
@@ -456,9 +422,4 @@
const struct vb2_public_key *key,
const struct vb2_workbuf *wb);
-int vb2_verify_fw_preamble2(struct vb2_fw_preamble2 *preamble,
- uint32_t size,
- const struct vb2_public_key *key,
- const struct vb2_workbuf *wb);
-
#endif /* VBOOT_REFERENCE_VBOOT_2COMMON_H_ */
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index e4aaf60..b2b35f2 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -12,6 +12,37 @@
#include "2guid.h"
+/* Algorithm types for signatures */
+enum vb2_signature_algorithm {
+ /* Invalid or unsupported signature type */
+ VB2_SIG_INVALID = 0,
+
+ /*
+ * No signature algorithm. The digest is unsigned. See
+ * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm.
+ */
+ VB2_SIG_NONE = 1,
+
+ /* RSA algorithms of the given length in bits (1024-8192) */
+ VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */
+ VB2_SIG_RSA2048 = 3,
+ VB2_SIG_RSA4096 = 4,
+ VB2_SIG_RSA8192 = 5,
+};
+
+/* Algorithm types for hash digests */
+enum vb2_hash_algorithm {
+ /* Invalid or unsupported digest type */
+ VB2_HASH_INVALID = 0,
+
+ /* SHA-1. Warning: This is likely to be deprecated soon! */
+ VB2_HASH_SHA1 = 1,
+
+ /* SHA-256 and SHA-512 */
+ VB2_HASH_SHA256 = 2,
+ VB2_HASH_SHA512 = 3,
+};
+
/****************************************************************************/
/*
* Vboot1-compatible data structures
@@ -190,365 +221,6 @@
#define EXPECTED_VB2_FW_PREAMBLE_SIZE 108
/****************************************************************************/
-/*
- * Vboot2 data structures
- *
- *
- * Offsets should be padded to 32-bit boundaries, since some architectures
- * have trouble with accessing unaligned integers.
- */
-
-/*
- * Magic numbers used by vb2_struct_common.magic.
- *
- * All valid numbers should be listed here to avoid accidental overlap.
- * Numbers start at a large value, so that previous parsers (which stored
- * things like lengths and offsets at that field) will detect and reject new
- * structs as invalid.
- */
-enum vb2_struct_common_magic {
- /* "Vb2B" = vb2_keyblock2.c.magic */
- VB2_MAGIC_KEYBLOCK2 = 0x42326256,
-
- /* "Vb2F" = vb2_fw_preamble.c.magic */
- VB2_MAGIC_FW_PREAMBLE2 = 0x46326256,
-
- /* "Vb2I" = vb2_packed_private_key2.c.magic */
- VB2_MAGIC_PACKED_PRIVATE_KEY2 = 0x49326256,
-
- /* "Vb2K" = vb2_kernel_preamble.c.magic */
- VB2_MAGIC_KERNEL_PREAMBLE2 = 0x4b326256,
-
- /* "Vb2P" = vb2_packed_key2.c.magic */
- VB2_MAGIC_PACKED_KEY2 = 0x50326256,
-
- /* "Vb2S" = vb2_signature.c.magic */
- VB2_MAGIC_SIGNATURE2 = 0x53326256,
-};
-
-
-/*
- * Generic struct header for all vboot2 structs. This makes it easy to
- * automatically parse and identify vboot structs (e.g., in futility). This
- * must be the first member of the parent vboot2 struct.
- */
-struct vb2_struct_common {
- /* Magic number; see vb2_struct_common_magic for expected values */
- uint32_t magic;
-
- /*
- * Parent struct version; see each struct for the expected value.
- *
- * How to handle struct version mismatches, if the parser is version
- * A.b and the data is version C.d:
- * 1) If A.b == C.d, we're good.
- * 2) If A != C, the data cannot be parsed at all.
- * 3) If b < d, C.d is a newer version of data which is backwards-
- * compatible to old parsers. We're good.
- * 4) If b > d, C.d is an older version of data. The parser should
- * use default values for fields added after version d. We're
- * good.
- *
- * Struct versions start at 3.0, since the highest version of the old
- * structures was 2.1. This way, there is no possibility of collision
- * for old code which depends on the version number.
- */
- uint16_t struct_version_major;
- uint16_t struct_version_minor;
-
- /*
- * Size of the parent structure and all its data, including the
- * description and any necessary padding. That is, all data must lie
- * in a contiguous region of <total_size> bytes starting at the first
- * byte of this header.
- */
- uint32_t total_size;
-
- /*
- * Size of the fixed portion of the parent structure. If a description
- * is present, it must start at this offset.
- */
- uint32_t fixed_size;
-
- /*
- * The object may contain an ASCII description following the fixed
- * portion of the structure. If it is present, it must be
- * null-terminated, and padded with 0 (null) bytes to a multiple of 32
- * bits.
- *
- * Size of ASCII description in bytes, counting null terminator and
- * padding (if any). Set 0 if no description is present. If non-zero,
- * there must be a null terminator (0) at offset (fixed_size +
- * desc_size - 1).
- */
- uint32_t desc_size;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_STRUCT_COMMON_SIZE 20
-
-/* Algorithm types for signatures */
-enum vb2_signature_algorithm {
- /* Invalid or unsupported signature type */
- VB2_SIG_INVALID = 0,
-
- /*
- * No signature algorithm. The digest is unsigned. See
- * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm.
- */
- VB2_SIG_NONE = 1,
-
- /* RSA algorithms of the given length in bits (1024-8192) */
- VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */
- VB2_SIG_RSA2048 = 3,
- VB2_SIG_RSA4096 = 4,
- VB2_SIG_RSA8192 = 5,
-};
-
-/* Algorithm types for hash digests */
-enum vb2_hash_algorithm {
- /* Invalid or unsupported digest type */
- VB2_HASH_INVALID = 0,
-
- /* SHA-1. Warning: This is likely to be deprecated soon! */
- VB2_HASH_SHA1 = 1,
-
- /* SHA-256 and SHA-512 */
- VB2_HASH_SHA256 = 2,
- VB2_HASH_SHA512 = 3,
-};
-
-/* Current version of vb2_packed_key2 struct */
-#define VB2_PACKED_KEY2_VERSION_MAJOR 3
-#define VB2_PACKED_KEY2_VERSION_MINOR 0
-
-/*
- * Packed public key data, version 2
- *
- * The key data must be arranged like this:
- * 1) vb2_packed_key2 header struct h
- * 2) Key description (pointed to by h.c.fixed_size)
- * 3) Key data key (pointed to by h.key_offset)
- */
-struct vb2_packed_key2 {
- /* Common header fields */
- struct vb2_struct_common c;
-
- /* Offset of key data from start of this struct */
- uint32_t key_offset;
-
- /* Size of key data in bytes (NOT strength of key in bits) */
- uint32_t key_size;
-
- /* Signature algorithm used by the key (enum vb2_signature_algorithm) */
- uint16_t sig_alg;
-
- /*
- * Hash digest algorithm used with the key (enum vb2_hash_algorithm).
- * This is explicitly specified as part of the key to prevent use of a
- * strong key with a weak hash.
- */
- uint16_t hash_alg;
-
- /* Key version */
- uint32_t key_version;
-
- /* Key GUID */
- struct vb2_guid guid;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_PACKED_KEY2_SIZE \
- (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16)
-
-/* Current version of vb2_packed_private_key2 struct */
-#define VB2_PACKED_PRIVATE_KEY2_VERSION_MAJOR 3
-#define VB2_PACKED_PRIVATE_KEY2_VERSION_MINOR 0
-
-/*
- * Packed private key data, version 2
- *
- * The key data must be arranged like this:
- * 1) vb2_packed_private_key2 header struct h
- * 2) Key description (pointed to by h.c.fixed_size)
- * 3) Key data key (pointed to by h.key_offset)
- */
-struct vb2_packed_private_key2 {
- /* Common header fields */
- struct vb2_struct_common c;
-
- /* Offset of key data from start of this struct */
- uint32_t key_offset;
-
- /* Size of key data in bytes (NOT strength of key in bits) */
- uint32_t key_size;
-
- /* Signature algorithm used by the key (enum vb2_signature_algorithm) */
- uint16_t sig_alg;
-
- /*
- * Hash digest algorithm used with the key (enum vb2_hash_algorithm).
- * This is explicitly specified as part of the key to prevent use of a
- * strong key with a weak hash.
- */
- uint16_t hash_alg;
-
- /* Key GUID */
- struct vb2_guid guid;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_PACKED_PRIVATE_KEY2_SIZE \
- (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 12)
-
-/* Current version of vb2_signature2 struct */
-#define VB2_SIGNATURE2_VERSION_MAJOR 3
-#define VB2_SIGNATURE2_VERSION_MINOR 0
-
-/*
- * Signature data, version 2
- *
- * The signature data must be arranged like this:
- * 1) vb2_signature2 header struct h
- * 2) Signature description (pointed to by h.c.fixed_size)
- * 3) Signature data (pointed to by h.sig_offset)
- */
-struct vb2_signature2 {
- /* Common header fields */
- struct vb2_struct_common c;
-
- /* Offset of signature data from start of this struct */
- uint32_t sig_offset;
-
- /* Size of signature data in bytes */
- uint32_t sig_size;
-
- /* Size of the data block which was signed in bytes */
- uint32_t data_size;
-
- /* Signature algorithm used (enum vb2_signature_algorithm) */
- uint16_t sig_alg;
-
- /* Hash digest algorithm used (enum vb2_hash_algorithm) */
- uint16_t hash_alg;
-
- /*
- * GUID for the signature.
- *
- * If this is a keyblock signature entry, this is the GUID of the key
- * used to generate this signature. This allows the firmware to
- * quickly determine which signature block (if any) goes with the key
- * being used by the firmware.
- *
- * If this is a preamble hash entry, this is the GUID of the data type
- * being hashed. There is no key GUID, because sig_alg=VB2_ALG_NONE.
- */
- struct vb2_guid guid;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_SIGNATURE2_SIZE \
- (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16)
-
-
-/* Current version of vb2_keyblock2 struct */
-#define VB2_KEYBLOCK2_VERSION_MAJOR 3
-#define VB2_KEYBLOCK2_VERSION_MINOR 0
-
-/*
- * Key block. This contains a signed, versioned key for use in the next stage
- * of verified boot.
- *
- * The key block data must be arranged like this:
- * 1) vb2_keyblock2 header struct h
- * 2) Keyblock description (pointed to by h.c.fixed_size)
- * 3) Data key (pointed to by h.data_key_offset)
- * 4) Signatures (first signature pointed to by h.sig_offset)
- *
- * The signatures from 4) must cover all the data from 1), 2), 3). That is,
- * signatures must sign all data up to sig_offset.
- */
-struct vb2_keyblock2 {
- /* Common header fields */
- struct vb2_struct_common c;
-
- /* Flags (VB2_KEY_BLOCK_FLAG_*) */
- uint32_t flags;
-
- /*
- * Offset of key (struct vb2_packed_key2) to use in next stage of
- * verification, from start of the keyblock.
- */
- uint32_t key_offset;
-
- /* Number of keyblock signatures which follow */
- uint32_t sig_count;
-
- /*
- * Offset of the first signature (struct vb2_signature2) from the start
- * of the keyblock.
- *
- * Signatures sign the contents of this struct and the data pointed to
- * by data_key_offset, but not themselves or other signatures.
- *
- * For the firmware, there may be only one signature.
- *
- * Kernels often have at least two signatures - one using the kernel
- * subkey from the RW firmware (for signed kernels) and one which is
- * simply a SHA-512 hash (for unsigned developer kernels).
- *
- * The GUID for each signature indicates which key was used to generate
- * the signature.
- */
- uint32_t sig_offset;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_KEYBLOCK2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 16)
-
-
-/* Current version of vb2_fw_preamble2 struct */
-#define VB2_FW_PREAMBLE2_VERSION_MAJOR 3
-#define VB2_FW_PREAMBLE2_VERSION_MINOR 0
-
-/*
- * Firmware preamble
- *
- * The preamble data must be arranged like this:
- * 1) vb2_fw_preamble2 header struct h
- * 2) Preamble description (pointed to by h.c.fixed_size)
- * 3) Hashes (pointed to by h.hash_offset)
- * 4) Signature (pointed to by h.sig_offset)
- *
- * The signature 4) must cover all the data from 1), 2), 3).
- */
-struct vb2_fw_preamble2 {
- /* Common header fields */
- struct vb2_struct_common c;
-
- /* Flags; see VB2_FIRMWARE_PREAMBLE_* */
- uint32_t flags;
-
- /* Firmware version */
- uint32_t firmware_version;
-
- /* Offset of signature (struct vb2_signature2) for this preamble */
- uint32_t sig_offset;
-
- /*
- * The preamble contains a list of hashes (struct vb2_signature2) for
- * the various firmware components. These have sig_alg=VB2_SIG_NONE,
- * and the GUID for each hash identifies the component being hashed.
- * The calling firmware is responsible for knowing where to find those
- * components, which may be on a different storage device than this
- * preamble.
- */
-
- /* Number of hash entries */
- uint32_t hash_count;
-
- /* Offset of first hash entry from start of preamble */
- uint32_t hash_offset;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_FW_PREAMBLE2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 20)
-
-/****************************************************************************/
/* Flags for vb2_shared_data.flags */
enum vb2_shared_data_flags {
diff --git a/firmware/lib21/api.c b/firmware/lib21/api.c
index 0df2cf6..99bc443 100644
--- a/firmware/lib21/api.c
+++ b/firmware/lib21/api.c
@@ -14,6 +14,7 @@
#include "2secdata.h"
#include "2sha.h"
#include "2rsa.h"
+#include "vb2_common.h"
int vb2api_fw_phase3_2(struct vb2_context *ctx)
{
diff --git a/firmware/lib21/common.c b/firmware/lib21/common.c
index a5ebc70..cf1ec41 100644
--- a/firmware/lib21/common.c
+++ b/firmware/lib21/common.c
@@ -9,6 +9,7 @@
#include "2common.h"
#include "2rsa.h"
#include "2sha.h"
+#include "vb2_common.h"
const char *vb2_common_desc(const void *buf)
{
diff --git a/firmware/lib21/include/vb2_common.h b/firmware/lib21/include/vb2_common.h
new file mode 100644
index 0000000..5abac4c
--- /dev/null
+++ b/firmware/lib21/include/vb2_common.h
@@ -0,0 +1,91 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Common functions between firmware and kernel verified boot.
+ */
+
+#ifndef VBOOT_REFERENCE_VB2_COMMON_H_
+#define VBOOT_REFERENCE_VB2_COMMON_H_
+
+#include "2api.h"
+#include "2common.h"
+#include "2return_codes.h"
+#include "2sha.h"
+#include "2struct.h"
+#include "vb2_struct.h"
+
+/**
+ * Verify the integrity of a signature struct
+ * @param sig Signature struct
+ * @param size Size of buffer containing signature struct
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+int vb2_verify_signature2(const struct vb2_signature2 *sig,
+ uint32_t size);
+
+/**
+ * Verify a signature against an expected hash digest.
+ *
+ * @param key Key to use in signature verification
+ * @param sig Signature to verify (may be destroyed in process)
+ * @param digest Digest of signed data
+ * @param wb Work buffer
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+int vb2_verify_digest2(const struct vb2_public_key *key,
+ struct vb2_signature2 *sig,
+ const uint8_t *digest,
+ const struct vb2_workbuf *wb);
+
+/**
+ * Verify data matches signature.
+ *
+ * @param data Data to verify
+ * @param size Size of data buffer. Note that amount of data to
+ * actually validate is contained in sig->data_size.
+ * @param sig Signature of data (destroyed in process)
+ * @param key Key to use to validate signature
+ * @param wb Work buffer
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+int vb2_verify_data2(const void *data,
+ uint32_t size,
+ struct vb2_signature2 *sig,
+ const struct vb2_public_key *key,
+ const struct vb2_workbuf *wb);
+
+/**
+ * Check the sanity of a key block using a public key.
+ *
+ * Header fields are also checked for sanity. Does not verify key index or key
+ * block flags. Signature inside block is destroyed during check.
+ *
+ * @param block Key block to verify
+ * @param size Size of key block buffer
+ * @param key Key to use to verify block
+ * @param wb Work buffer
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+int vb2_verify_keyblock2(struct vb2_keyblock2 *block,
+ uint32_t size,
+ const struct vb2_public_key *key,
+ const struct vb2_workbuf *wb);
+
+/**
+ * Check the sanity of a firmware preamble using a public key.
+ *
+ * The signature in the preamble is destroyed during the check.
+ *
+ * @param preamble Preamble to verify
+ * @param size Size of preamble buffer
+ * @param key Key to use to verify preamble
+ * @param wb Work buffer
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+int vb2_verify_fw_preamble2(struct vb2_fw_preamble2 *preamble,
+ uint32_t size,
+ const struct vb2_public_key *key,
+ const struct vb2_workbuf *wb);
+
+#endif /* VBOOT_REFERENCE_VB2_COMMON_H_ */
diff --git a/firmware/lib21/include/vb2_struct.h b/firmware/lib21/include/vb2_struct.h
new file mode 100644
index 0000000..4bf4da7
--- /dev/null
+++ b/firmware/lib21/include/vb2_struct.h
@@ -0,0 +1,336 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Vboot 2.1 data structures
+ *
+ * Offsets should be padded to 32-bit boundaries, since some architectures
+ * have trouble with accessing unaligned integers.
+ */
+
+#ifndef VBOOT_REFERENCE_VB2_STRUCT_H_
+#define VBOOT_REFERENCE_VB2_STRUCT_H_
+#include <stdint.h>
+
+#include "2guid.h"
+
+/*
+ * Magic numbers used by vb2_struct_common.magic.
+ *
+ * All valid numbers should be listed here to avoid accidental overlap.
+ * Numbers start at a large value, so that previous parsers (which stored
+ * things like lengths and offsets at that field) will detect and reject new
+ * structs as invalid.
+ */
+enum vb2_struct_common_magic {
+ /* "Vb2B" = vb2_keyblock2.c.magic */
+ VB2_MAGIC_KEYBLOCK2 = 0x42326256,
+
+ /* "Vb2F" = vb2_fw_preamble.c.magic */
+ VB2_MAGIC_FW_PREAMBLE2 = 0x46326256,
+
+ /* "Vb2I" = vb2_packed_private_key2.c.magic */
+ VB2_MAGIC_PACKED_PRIVATE_KEY2 = 0x49326256,
+
+ /* "Vb2K" = vb2_kernel_preamble.c.magic */
+ VB2_MAGIC_KERNEL_PREAMBLE2 = 0x4b326256,
+
+ /* "Vb2P" = vb2_packed_key2.c.magic */
+ VB2_MAGIC_PACKED_KEY2 = 0x50326256,
+
+ /* "Vb2S" = vb2_signature.c.magic */
+ VB2_MAGIC_SIGNATURE2 = 0x53326256,
+};
+
+
+/*
+ * Generic struct header for all vboot2 structs. This makes it easy to
+ * automatically parse and identify vboot structs (e.g., in futility). This
+ * must be the first member of the parent vboot2 struct.
+ */
+struct vb2_struct_common {
+ /* Magic number; see vb2_struct_common_magic for expected values */
+ uint32_t magic;
+
+ /*
+ * Parent struct version; see each struct for the expected value.
+ *
+ * How to handle struct version mismatches, if the parser is version
+ * A.b and the data is version C.d:
+ * 1) If A.b == C.d, we're good.
+ * 2) If A != C, the data cannot be parsed at all.
+ * 3) If b < d, C.d is a newer version of data which is backwards-
+ * compatible to old parsers. We're good.
+ * 4) If b > d, C.d is an older version of data. The parser should
+ * use default values for fields added after version d. We're
+ * good.
+ *
+ * Struct versions start at 3.0, since the highest version of the old
+ * structures was 2.1. This way, there is no possibility of collision
+ * for old code which depends on the version number.
+ */
+ uint16_t struct_version_major;
+ uint16_t struct_version_minor;
+
+ /*
+ * Size of the parent structure and all its data, including the
+ * description and any necessary padding. That is, all data must lie
+ * in a contiguous region of <total_size> bytes starting at the first
+ * byte of this header.
+ */
+ uint32_t total_size;
+
+ /*
+ * Size of the fixed portion of the parent structure. If a description
+ * is present, it must start at this offset.
+ */
+ uint32_t fixed_size;
+
+ /*
+ * The object may contain an ASCII description following the fixed
+ * portion of the structure. If it is present, it must be
+ * null-terminated, and padded with 0 (null) bytes to a multiple of 32
+ * bits.
+ *
+ * Size of ASCII description in bytes, counting null terminator and
+ * padding (if any). Set 0 if no description is present. If non-zero,
+ * there must be a null terminator (0) at offset (fixed_size +
+ * desc_size - 1).
+ */
+ uint32_t desc_size;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_STRUCT_COMMON_SIZE 20
+
+/* Current version of vb2_packed_key2 struct */
+#define VB2_PACKED_KEY2_VERSION_MAJOR 3
+#define VB2_PACKED_KEY2_VERSION_MINOR 0
+
+/*
+ * Packed public key data, version 2
+ *
+ * The key data must be arranged like this:
+ * 1) vb2_packed_key2 header struct h
+ * 2) Key description (pointed to by h.c.fixed_size)
+ * 3) Key data key (pointed to by h.key_offset)
+ */
+struct vb2_packed_key2 {
+ /* Common header fields */
+ struct vb2_struct_common c;
+
+ /* Offset of key data from start of this struct */
+ uint32_t key_offset;
+
+ /* Size of key data in bytes (NOT strength of key in bits) */
+ uint32_t key_size;
+
+ /* Signature algorithm used by the key (enum vb2_signature_algorithm) */
+ uint16_t sig_alg;
+
+ /*
+ * Hash digest algorithm used with the key (enum vb2_hash_algorithm).
+ * This is explicitly specified as part of the key to prevent use of a
+ * strong key with a weak hash.
+ */
+ uint16_t hash_alg;
+
+ /* Key version */
+ uint32_t key_version;
+
+ /* Key GUID */
+ struct vb2_guid guid;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_PACKED_KEY2_SIZE \
+ (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16)
+
+/* Current version of vb2_packed_private_key2 struct */
+#define VB2_PACKED_PRIVATE_KEY2_VERSION_MAJOR 3
+#define VB2_PACKED_PRIVATE_KEY2_VERSION_MINOR 0
+
+/*
+ * Packed private key data, version 2
+ *
+ * The key data must be arranged like this:
+ * 1) vb2_packed_private_key2 header struct h
+ * 2) Key description (pointed to by h.c.fixed_size)
+ * 3) Key data key (pointed to by h.key_offset)
+ */
+struct vb2_packed_private_key2 {
+ /* Common header fields */
+ struct vb2_struct_common c;
+
+ /* Offset of key data from start of this struct */
+ uint32_t key_offset;
+
+ /* Size of key data in bytes (NOT strength of key in bits) */
+ uint32_t key_size;
+
+ /* Signature algorithm used by the key (enum vb2_signature_algorithm) */
+ uint16_t sig_alg;
+
+ /*
+ * Hash digest algorithm used with the key (enum vb2_hash_algorithm).
+ * This is explicitly specified as part of the key to prevent use of a
+ * strong key with a weak hash.
+ */
+ uint16_t hash_alg;
+
+ /* Key GUID */
+ struct vb2_guid guid;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_PACKED_PRIVATE_KEY2_SIZE \
+ (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 12)
+
+/* Current version of vb2_signature2 struct */
+#define VB2_SIGNATURE2_VERSION_MAJOR 3
+#define VB2_SIGNATURE2_VERSION_MINOR 0
+
+/*
+ * Signature data, version 2
+ *
+ * The signature data must be arranged like this:
+ * 1) vb2_signature2 header struct h
+ * 2) Signature description (pointed to by h.c.fixed_size)
+ * 3) Signature data (pointed to by h.sig_offset)
+ */
+struct vb2_signature2 {
+ /* Common header fields */
+ struct vb2_struct_common c;
+
+ /* Offset of signature data from start of this struct */
+ uint32_t sig_offset;
+
+ /* Size of signature data in bytes */
+ uint32_t sig_size;
+
+ /* Size of the data block which was signed in bytes */
+ uint32_t data_size;
+
+ /* Signature algorithm used (enum vb2_signature_algorithm) */
+ uint16_t sig_alg;
+
+ /* Hash digest algorithm used (enum vb2_hash_algorithm) */
+ uint16_t hash_alg;
+
+ /*
+ * GUID for the signature.
+ *
+ * If this is a keyblock signature entry, this is the GUID of the key
+ * used to generate this signature. This allows the firmware to
+ * quickly determine which signature block (if any) goes with the key
+ * being used by the firmware.
+ *
+ * If this is a preamble hash entry, this is the GUID of the data type
+ * being hashed. There is no key GUID, because sig_alg=VB2_ALG_NONE.
+ */
+ struct vb2_guid guid;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_SIGNATURE2_SIZE \
+ (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16)
+
+
+/* Current version of vb2_keyblock2 struct */
+#define VB2_KEYBLOCK2_VERSION_MAJOR 3
+#define VB2_KEYBLOCK2_VERSION_MINOR 0
+
+/*
+ * Key block. This contains a signed, versioned key for use in the next stage
+ * of verified boot.
+ *
+ * The key block data must be arranged like this:
+ * 1) vb2_keyblock2 header struct h
+ * 2) Keyblock description (pointed to by h.c.fixed_size)
+ * 3) Data key (pointed to by h.data_key_offset)
+ * 4) Signatures (first signature pointed to by h.sig_offset)
+ *
+ * The signatures from 4) must cover all the data from 1), 2), 3). That is,
+ * signatures must sign all data up to sig_offset.
+ */
+struct vb2_keyblock2 {
+ /* Common header fields */
+ struct vb2_struct_common c;
+
+ /* Flags (VB2_KEY_BLOCK_FLAG_*) */
+ uint32_t flags;
+
+ /*
+ * Offset of key (struct vb2_packed_key2) to use in next stage of
+ * verification, from start of the keyblock.
+ */
+ uint32_t key_offset;
+
+ /* Number of keyblock signatures which follow */
+ uint32_t sig_count;
+
+ /*
+ * Offset of the first signature (struct vb2_signature2) from the start
+ * of the keyblock.
+ *
+ * Signatures sign the contents of this struct and the data pointed to
+ * by data_key_offset, but not themselves or other signatures.
+ *
+ * For the firmware, there may be only one signature.
+ *
+ * Kernels often have at least two signatures - one using the kernel
+ * subkey from the RW firmware (for signed kernels) and one which is
+ * simply a SHA-512 hash (for unsigned developer kernels).
+ *
+ * The GUID for each signature indicates which key was used to generate
+ * the signature.
+ */
+ uint32_t sig_offset;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_KEYBLOCK2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 16)
+
+
+/* Current version of vb2_fw_preamble2 struct */
+#define VB2_FW_PREAMBLE2_VERSION_MAJOR 3
+#define VB2_FW_PREAMBLE2_VERSION_MINOR 0
+
+/*
+ * Firmware preamble
+ *
+ * The preamble data must be arranged like this:
+ * 1) vb2_fw_preamble2 header struct h
+ * 2) Preamble description (pointed to by h.c.fixed_size)
+ * 3) Hashes (pointed to by h.hash_offset)
+ * 4) Signature (pointed to by h.sig_offset)
+ *
+ * The signature 4) must cover all the data from 1), 2), 3).
+ */
+struct vb2_fw_preamble2 {
+ /* Common header fields */
+ struct vb2_struct_common c;
+
+ /* Flags; see VB2_FIRMWARE_PREAMBLE_* */
+ uint32_t flags;
+
+ /* Firmware version */
+ uint32_t firmware_version;
+
+ /* Offset of signature (struct vb2_signature2) for this preamble */
+ uint32_t sig_offset;
+
+ /*
+ * The preamble contains a list of hashes (struct vb2_signature2) for
+ * the various firmware components. These have sig_alg=VB2_SIG_NONE,
+ * and the GUID for each hash identifies the component being hashed.
+ * The calling firmware is responsible for knowing where to find those
+ * components, which may be on a different storage device than this
+ * preamble.
+ */
+
+ /* Number of hash entries */
+ uint32_t hash_count;
+
+ /* Offset of first hash entry from start of preamble */
+ uint32_t hash_offset;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_FW_PREAMBLE2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 20)
+
+#endif /* VBOOT_REFERENCE_VB2_STRUCT_H_ */
diff --git a/firmware/lib21/misc.c b/firmware/lib21/misc.c
index dbdf95c..16648a7 100644
--- a/firmware/lib21/misc.c
+++ b/firmware/lib21/misc.c
@@ -13,6 +13,7 @@
#include "2secdata.h"
#include "2sha.h"
#include "2rsa.h"
+#include "vb2_common.h"
/**
* Read an object with a common struct header from a verified boot resource.
diff --git a/firmware/lib21/packed_key.c b/firmware/lib21/packed_key.c
index d872d44..3974b5f 100644
--- a/firmware/lib21/packed_key.c
+++ b/firmware/lib21/packed_key.c
@@ -8,6 +8,7 @@
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
+#include "vb2_common.h"
int vb2_unpack_key2_data(struct vb2_public_key *key,
const uint8_t *key_data,
diff --git a/host/lib21/host_fw_preamble.c b/host/lib21/host_fw_preamble.c
index 87c4ecd..557c157 100644
--- a/host/lib21/host_fw_preamble.c
+++ b/host/lib21/host_fw_preamble.c
@@ -14,6 +14,7 @@
#include "host_keyblock2.h"
#include "host_misc.h"
#include "host_signature2.h"
+#include "vb2_common.h"
int vb2_fw_preamble_create(struct vb2_fw_preamble2 **fp_ptr,
const struct vb2_private_key *signing_key,
diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c
index adda9da..5fc4188 100644
--- a/host/lib21/host_key.c
+++ b/host/lib21/host_key.c
@@ -15,6 +15,7 @@
#include "2common.h"
#include "2rsa.h"
#include "2sha.h"
+#include "vb2_common.h"
#include "host_common.h"
#include "host_key2.h"
#include "host_misc.h"
diff --git a/host/lib21/host_keyblock.c b/host/lib21/host_keyblock.c
index 570d3c8..f242cdd 100644
--- a/host/lib21/host_keyblock.c
+++ b/host/lib21/host_keyblock.c
@@ -8,6 +8,7 @@
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
+#include "vb2_common.h"
#include "host_common.h"
#include "host_key2.h"
#include "host_keyblock2.h"
diff --git a/host/lib21/host_misc.c b/host/lib21/host_misc.c
index a78a713..555867a 100644
--- a/host/lib21/host_misc.c
+++ b/host/lib21/host_misc.c
@@ -11,6 +11,7 @@
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
+#include "vb2_common.h"
#include "host_common.h"
int vb2_read_file(const char *filename, uint8_t **data_ptr, uint32_t *size_ptr)
diff --git a/host/lib21/host_signature.c b/host/lib21/host_signature.c
index b81428d..9ffb3a8 100644
--- a/host/lib21/host_signature.c
+++ b/host/lib21/host_signature.c
@@ -14,6 +14,7 @@
#include "2common.h"
#include "2rsa.h"
#include "2sha.h"
+#include "vb2_common.h"
#include "host_common.h"
#include "host_key2.h"
#include "host_signature2.h"
diff --git a/host/lib21/include/host_fw_preamble2.h b/host/lib21/include/host_fw_preamble2.h
index d8c5383..5264449 100644
--- a/host/lib21/include/host_fw_preamble2.h
+++ b/host/lib21/include/host_fw_preamble2.h
@@ -8,7 +8,7 @@
#ifndef VBOOT_REFERENCE_HOST_FW_PREAMBLE2_H_
#define VBOOT_REFERENCE_HOST_FW_PREAMBLE2_H_
-#include "2struct.h"
+#include "vb2_struct.h"
struct vb2_private_key;
diff --git a/tests/vb2_api2_tests.c b/tests/vb21_api_tests.c
similarity index 99%
rename from tests/vb2_api2_tests.c
rename to tests/vb21_api_tests.c
index cc1e12a..052d89b 100644
--- a/tests/vb2_api2_tests.c
+++ b/tests/vb21_api_tests.c
@@ -15,6 +15,8 @@
#include "2rsa.h"
#include "2secdata.h"
+#include "vb2_common.h"
+
#include "host_key2.h"
#include "host_signature2.h"
diff --git a/tests/vb21_common2_tests.c b/tests/vb21_common2_tests.c
new file mode 100644
index 0000000..510665e
--- /dev/null
+++ b/tests/vb21_common2_tests.c
@@ -0,0 +1,316 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Tests for firmware image library.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2rsa.h"
+#include "vb2_common.h"
+#include "host_common.h"
+#include "host_key2.h"
+#include "host_signature2.h"
+#include "test_common.h"
+
+
+static const uint8_t test_data[] = "This is some test data to sign.";
+static const uint32_t test_size = sizeof(test_data);
+
+static void test_unpack_key2(const struct vb2_packed_key2 *key)
+{
+ struct vb2_public_key pubk;
+ struct vb2_packed_key2 *key2;
+ uint32_t size = key->c.total_size;
+
+ /* Make a copy of the key for testing */
+ key2 = (struct vb2_packed_key2 *)malloc(size);
+
+ memcpy(key2, key, size);
+ TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ "vb2_unpack_key2() ok");
+
+ memcpy(key2, key, size);
+ key2->key_offset += 4;
+ TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ VB2_ERROR_COMMON_MEMBER_SIZE,
+ "vb2_unpack_key2() buffer too small");
+
+ memcpy(key2, key, size);
+ key2->c.fixed_size += size;
+ TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ VB2_ERROR_COMMON_FIXED_SIZE,
+ "vb2_unpack_key2() buffer too small for desc");
+
+ memcpy(key2, key, size);
+ key2->c.desc_size = 0;
+ TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ "vb2_unpack_key2() no desc");
+ TEST_EQ(strcmp(pubk.desc, ""), 0, " empty desc string");
+
+ memcpy(key2, key, size);
+ key2->c.magic++;
+ TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ VB2_ERROR_UNPACK_KEY_MAGIC,
+ "vb2_unpack_key2() bad magic");
+
+ memcpy(key2, key, size);
+ key2->c.struct_version_major++;
+ TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ VB2_ERROR_UNPACK_KEY_STRUCT_VERSION,
+ "vb2_unpack_key2() bad major version");
+
+ /*
+ * Minor version changes are ok. Note that this test assumes that the
+ * source key struct version is the highest actually known to the
+ * reader. If the reader does know about minor version + 1 and that
+ * adds fields, this test will likely fail. But at that point, we
+ * should have already added a test for minor version compatibility to
+ * handle both old and new struct versions, so someone will have
+ * noticed this comment.
+ */
+ memcpy(key2, key, size);
+ key2->c.struct_version_minor++;
+ TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ "vb2_unpack_key2() minor version change ok");
+
+ memcpy(key2, key, size);
+ key2->sig_alg = VB2_SIG_INVALID;
+ TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM,
+ "vb2_unpack_key2() bad sig algorithm");
+
+ memcpy(key2, key, size);
+ key2->hash_alg = VB2_HASH_INVALID;
+ TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM,
+ "vb2_unpack_key2() bad hash algorithm");
+
+ memcpy(key2, key, size);
+ key2->key_size -= 4;
+ TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ VB2_ERROR_UNPACK_KEY_SIZE,
+ "vb2_unpack_key2() invalid size");
+
+ memcpy(key2, key, size);
+ key2->key_offset--;
+ TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ VB2_ERROR_COMMON_MEMBER_UNALIGNED,
+ "vb2_unpack_key2() unaligned data");
+
+ memcpy(key2, key, size);
+ *(uint32_t *)((uint8_t *)key2 + key2->key_offset) /= 2;
+ TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+ VB2_ERROR_UNPACK_KEY_ARRAY_SIZE,
+ "vb2_unpack_key2() invalid key array size");
+
+ free(key2);
+}
+
+static void test_verify_signature2(const struct vb2_signature2 *sig)
+{
+ struct vb2_signature2 *sig2;
+ uint8_t *buf2;
+ uint32_t size;
+
+ /* Make a copy of the signature */
+ size = sig->c.total_size;
+ buf2 = malloc(size);
+ sig2 = (struct vb2_signature2 *)buf2;
+
+ memcpy(buf2, sig, size);
+ TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig ok");
+ sig2->c.magic = VB2_MAGIC_PACKED_KEY2;
+ TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_MAGIC,
+ "verify_sig magic");
+
+ memcpy(buf2, sig, size);
+ sig2->c.total_size += 4;
+ TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_TOTAL_SIZE,
+ "verify_sig common header");
+
+ memcpy(buf2, sig, size);
+ sig2->c.struct_version_minor++;
+ TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig minor ver");
+ sig2->c.struct_version_major++;
+ TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_VERSION,
+ "verify_sig major ver");
+
+ memcpy(buf2, sig, size);
+ sig2->c.fixed_size -= 4;
+ sig2->c.desc_size += 4;
+ TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_HEADER_SIZE,
+ "verify_sig header size");
+
+ memcpy(buf2, sig, size);
+ sig2->sig_size += 4;
+ TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_MEMBER_SIZE,
+ "verify_sig sig size");
+
+ memcpy(buf2, sig, size);
+ sig2->sig_alg = VB2_SIG_INVALID;
+ TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_ALGORITHM,
+ "verify_sig sig alg");
+
+ memcpy(buf2, sig, size);
+ sig2->sig_alg = (sig2->sig_alg == VB2_SIG_NONE ?
+ VB2_SIG_RSA1024 : VB2_SIG_NONE);
+ TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_SIZE,
+ "verify_sig sig size");
+
+ free(buf2);
+}
+
+static void test_verify_data2(const struct vb2_public_key *pubk_orig,
+ const struct vb2_signature2 *sig)
+{
+ uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES];
+ struct vb2_workbuf wb;
+
+ struct vb2_public_key pubk;
+ struct vb2_signature2 *sig2;
+ uint8_t *buf2;
+ uint32_t size;
+
+ vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+
+ pubk = *pubk_orig;
+
+ /* Allocate signature copy for tests */
+ size = sig->c.total_size;
+ buf2 = malloc(size);
+ sig2 = (struct vb2_signature2 *)buf2;
+
+ memcpy(buf2, sig, size);
+ pubk.sig_alg = VB2_SIG_INVALID;
+ TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+ VB2_ERROR_VDATA_ALGORITHM, "vb2_verify_data2() bad sig alg");
+ pubk = *pubk_orig;
+
+ memcpy(buf2, sig, size);
+ pubk.hash_alg = VB2_HASH_INVALID;
+ TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+ VB2_ERROR_VDATA_DIGEST_SIZE,
+ "vb2_verify_data2() bad hash alg");
+ pubk = *pubk_orig;
+
+ vb2_workbuf_init(&wb, workbuf, 4);
+ memcpy(buf2, sig, size);
+ TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+ VB2_ERROR_VDATA_WORKBUF_DIGEST,
+ "vb2_verify_data2() workbuf too small");
+ vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+
+ memcpy(buf2, sig, size);
+ TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+ 0, "vb2_verify_data2() ok");
+
+ memcpy(buf2, sig, size);
+ sig2->sig_size -= 16;
+ TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+ VB2_ERROR_VDATA_SIG_SIZE, "vb2_verify_data2() wrong sig size");
+
+ memcpy(buf2, sig, size);
+ TEST_EQ(vb2_verify_data2(test_data, test_size - 1, sig2, &pubk, &wb),
+ VB2_ERROR_VDATA_SIZE, "vb2_verify_data2() wrong data size");
+
+ memcpy(buf2, sig, size);
+ sig2->hash_alg = (sig2->hash_alg == VB2_HASH_SHA1 ?
+ VB2_HASH_SHA256 : VB2_HASH_SHA1);
+ TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+ VB2_ERROR_VDATA_ALGORITHM_MISMATCH,
+ "vb2_verify_data2() alg mismatch");
+
+
+ memcpy(buf2, sig, size);
+ buf2[sig2->sig_offset] ^= 0x5A;
+ TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+ VB2_ERROR_RSA_PADDING, "vb2_verify_data2() wrong sig");
+
+ free(buf2);
+}
+
+int test_algorithm(int key_algorithm, const char *keys_dir)
+{
+ char filename[1024];
+ int rsa_len = siglen_map[key_algorithm] * 8;
+
+ enum vb2_signature_algorithm sig_alg =
+ vb2_crypto_to_signature(key_algorithm);
+ enum vb2_hash_algorithm hash_alg = vb2_crypto_to_hash(key_algorithm);
+
+ struct vb2_private_key *prik = NULL;
+ struct vb2_signature2 *sig2 = NULL;
+ struct vb2_public_key *pubk = NULL;
+ struct vb2_packed_key2 *key2 = NULL;
+
+ printf("***Testing algorithm: %s\n", algo_strings[key_algorithm]);
+
+ sprintf(filename, "%s/key_rsa%d.pem", keys_dir, rsa_len);
+ TEST_SUCC(vb2_private_key_read_pem(&prik, filename),
+ "Read private key");
+ prik->hash_alg = hash_alg;
+ prik->sig_alg = sig_alg;
+ vb2_private_key_set_desc(prik, "private key");
+
+ sprintf(filename, "%s/key_rsa%d.keyb", keys_dir, rsa_len);
+ TEST_SUCC(vb2_public_key_read_keyb(&pubk, filename),
+ "Read public key");
+ pubk->hash_alg = hash_alg;
+ vb2_public_key_set_desc(pubk, "public key");
+ TEST_SUCC(vb2_public_key_pack(&key2, pubk), "Pack public key");
+
+ /* Calculate good signatures */
+ TEST_SUCC(vb2_sign_data(&sig2, test_data, test_size, prik, ""),
+ "Make test signature");
+
+ test_unpack_key2(key2);
+ test_verify_data2(pubk, sig2);
+ test_verify_signature2(sig2);
+
+ free(key2);
+ free(sig2);
+ vb2_private_key_free(prik);
+ vb2_public_key_free(pubk);
+
+ return 0;
+}
+
+/* Test only the algorithms we use */
+const int key_algs[] = {
+ VB2_ALG_RSA2048_SHA256,
+ VB2_ALG_RSA4096_SHA256,
+ VB2_ALG_RSA8192_SHA512,
+};
+
+int main(int argc, char *argv[]) {
+
+ if (argc == 2) {
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(key_algs); i++) {
+ if (test_algorithm(key_algs[i], argv[1]))
+ return 1;
+ }
+
+ } else if (argc == 3 && !strcasecmp(argv[2], "--all")) {
+ /* Test all the algorithms */
+ int alg;
+
+ for (alg = 0; alg < kNumAlgorithms; alg++) {
+ if (test_algorithm(alg, argv[1]))
+ return 1;
+ }
+
+ } else {
+ fprintf(stderr, "Usage: %s <keys_dir> [--all]", argv[0]);
+ return -1;
+ }
+
+ return gTestSuccess ? 0 : 255;
+}
diff --git a/tests/vb21_common_tests.c b/tests/vb21_common_tests.c
new file mode 100644
index 0000000..39df168
--- /dev/null
+++ b/tests/vb21_common_tests.c
@@ -0,0 +1,521 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Tests for firmware 2common.c
+ */
+
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2rsa.h"
+#include "vb2_common.h"
+#include "host_fw_preamble2.h"
+#include "host_key2.h"
+#include "host_keyblock2.h"
+#include "host_signature2.h"
+
+#include "test_common.h"
+
+static const uint8_t test_data[] = "This is some test data to sign.";
+static const uint8_t test_data2[] = "Some more test data";
+static const uint8_t test_data3[] = "Even more test data";
+
+/*
+ * Test struct packing for vboot_struct.h structs which are passed between
+ * firmware and OS, or passed between different phases of firmware.
+ */
+static void test_struct_packing(void)
+{
+ /* Test new struct sizes */
+ TEST_EQ(EXPECTED_GUID_SIZE,
+ sizeof(struct vb2_guid),
+ "sizeof(vb2_guid)");
+ TEST_EQ(EXPECTED_VB2_STRUCT_COMMON_SIZE,
+ sizeof(struct vb2_struct_common),
+ "sizeof(vb2_struct_common)");
+ TEST_EQ(EXPECTED_VB2_PACKED_KEY2_SIZE,
+ sizeof(struct vb2_packed_key2),
+ "sizeof(vb2_packed_key2)");
+ TEST_EQ(EXPECTED_VB2_SIGNATURE2_SIZE,
+ sizeof(struct vb2_signature2),
+ "sizeof(vb2_signature2)");
+ TEST_EQ(EXPECTED_VB2_KEYBLOCK2_SIZE,
+ sizeof(struct vb2_keyblock2),
+ "sizeof(vb2_keyblock2)");
+ TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_SIZE,
+ sizeof(struct vb2_fw_preamble2),
+ "sizeof(vb2_fw_preamble2)");
+}
+
+/**
+ * Common header functions
+ */
+static void test_common_header_functions(void)
+{
+ uint8_t cbuf[sizeof(struct vb2_struct_common) + 128];
+ uint8_t cbufgood[sizeof(cbuf)];
+ struct vb2_struct_common *c = (struct vb2_struct_common *)cbuf;
+ struct vb2_struct_common *c2;
+ const char test_desc[32] = "test desc";
+ uint32_t desc_end, m;
+
+ c->total_size = sizeof(cbuf);
+ c->fixed_size = sizeof(*c);
+ c->desc_size = sizeof(test_desc);
+ memcpy(cbuf + c->fixed_size, test_desc, sizeof(test_desc));
+ desc_end = c->fixed_size + c->desc_size;
+
+ c2 = (struct vb2_struct_common *)(cbuf + desc_end);
+ c2->total_size = c->total_size - desc_end;
+ c2->fixed_size = sizeof(*c2);
+ c2->desc_size = 0;
+
+ /* Description helper */
+ TEST_EQ(0, strcmp(vb2_common_desc(c), test_desc), "vb2_common_desc()");
+ TEST_EQ(0, strcmp(vb2_common_desc(c2), ""), "vb2_common_desc() empty");
+
+ TEST_SUCC(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+ "vb2_verify_common_header() good");
+ memcpy(cbufgood, cbuf, sizeof(cbufgood));
+
+ memcpy(cbuf, cbufgood, sizeof(cbuf));
+ c->total_size += 4;
+ TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+ VB2_ERROR_COMMON_TOTAL_SIZE,
+ "vb2_verify_common_header() total size");
+
+ memcpy(cbuf, cbufgood, sizeof(cbuf));
+ c->fixed_size = c->total_size + 4;
+ TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+ VB2_ERROR_COMMON_FIXED_SIZE,
+ "vb2_verify_common_header() fixed size");
+
+ memcpy(cbuf, cbufgood, sizeof(cbuf));
+ c->desc_size = c->total_size - c->fixed_size + 4;
+ TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+ VB2_ERROR_COMMON_DESC_SIZE,
+ "vb2_verify_common_header() desc size");
+
+ memcpy(cbuf, cbufgood, sizeof(cbuf));
+ c->total_size--;
+ TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+ VB2_ERROR_COMMON_TOTAL_UNALIGNED,
+ "vb2_verify_common_header() total unaligned");
+
+ memcpy(cbuf, cbufgood, sizeof(cbuf));
+ c->fixed_size++;
+ TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+ VB2_ERROR_COMMON_FIXED_UNALIGNED,
+ "vb2_verify_common_header() fixed unaligned");
+
+ memcpy(cbuf, cbufgood, sizeof(cbuf));
+ c->desc_size--;
+ TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+ VB2_ERROR_COMMON_DESC_UNALIGNED,
+ "vb2_verify_common_header() desc unaligned");
+
+ memcpy(cbuf, cbufgood, sizeof(cbuf));
+ c->desc_size = -4;
+ TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+ VB2_ERROR_COMMON_DESC_WRAPS,
+ "vb2_verify_common_header() desc wraps");
+
+ memcpy(cbuf, cbufgood, sizeof(cbuf));
+ cbuf[desc_end - 1] = 1;
+ TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+ VB2_ERROR_COMMON_DESC_TERMINATOR,
+ "vb2_verify_common_header() desc not terminated");
+
+ /* Member checking function */
+ memcpy(cbuf, cbufgood, sizeof(cbuf));
+ m = 0;
+ TEST_SUCC(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 4),
+ "vb2_verify_common_member()");
+ TEST_EQ(m, c->total_size - 4, " new minimum");
+
+ m = desc_end;
+ TEST_SUCC(vb2_verify_common_member(cbuf, &m, desc_end, 4),
+ "vb2_verify_common_member() good offset");
+ TEST_EQ(m, desc_end + 4, " new minimum");
+
+ m = 0;
+ TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, -4),
+ VB2_ERROR_COMMON_MEMBER_WRAPS,
+ "vb2_verify_common_member() wraps");
+
+ m = 0;
+ TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 7, 4),
+ VB2_ERROR_COMMON_MEMBER_UNALIGNED,
+ "vb2_verify_common_member() offset unaligned");
+
+ m = 0;
+ TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 5),
+ VB2_ERROR_COMMON_MEMBER_UNALIGNED,
+ "vb2_verify_common_member() size unaligned");
+
+ m = 0;
+ TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end - 4, 4),
+ VB2_ERROR_COMMON_MEMBER_OVERLAP,
+ "vb2_verify_common_member() overlap");
+
+ m = desc_end + 4;
+ TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end, 4),
+ VB2_ERROR_COMMON_MEMBER_OVERLAP,
+ "vb2_verify_common_member() overlap 2");
+
+ m = 0;
+ TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 4, 8),
+ VB2_ERROR_COMMON_MEMBER_SIZE,
+ "vb2_verify_common_member() size");
+
+ /* Subobject checking */
+ m = 0;
+ TEST_SUCC(vb2_verify_common_subobject(cbuf, &m, desc_end),
+ "vb2_verify_common_subobject() good offset");
+ TEST_EQ(m, sizeof(cbuf), " new minimum");
+
+ m = desc_end + 4;
+ TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end),
+ VB2_ERROR_COMMON_MEMBER_OVERLAP,
+ "vb2_verify_common_subobject() overlap");
+
+ m = 0;
+ c2->total_size += 4;
+ TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end),
+ VB2_ERROR_COMMON_TOTAL_SIZE,
+ "vb2_verify_common_subobject() size");
+}
+
+/**
+ * Signature size
+ */
+static void test_sig_size(void)
+{
+ TEST_EQ(vb2_sig_size(VB2_SIG_INVALID, VB2_HASH_SHA256), 0,
+ "vb2_sig_size() sig invalid");
+
+ TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_INVALID), 0,
+ "vb2_sig_size() hash invalid");
+
+ TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_SHA256), 2048 / 8,
+ "vb2_sig_size() RSA2048");
+ TEST_EQ(vb2_sig_size(VB2_SIG_RSA4096, VB2_HASH_SHA256), 4096 / 8,
+ "vb2_sig_size() RSA4096");
+ TEST_EQ(vb2_sig_size(VB2_SIG_RSA8192, VB2_HASH_SHA512), 8192 / 8,
+ "vb2_sig_size() RSA8192");
+
+ TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA1),
+ VB2_SHA1_DIGEST_SIZE, "vb2_sig_size() SHA1");
+ TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA256),
+ VB2_SHA256_DIGEST_SIZE, "vb2_sig_size() SHA256");
+ TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA512),
+ VB2_SHA512_DIGEST_SIZE, "vb2_sig_size() SHA512");
+}
+
+/**
+ * Verify data on bare hash
+ */
+static void test_verify_hash(void)
+{
+ struct vb2_signature2 *sig;
+ const struct vb2_private_key *prik;
+ struct vb2_public_key pubk;
+ uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES];
+ struct vb2_workbuf wb;
+
+ vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+
+ TEST_SUCC(vb2_private_key_hash(&prik, VB2_HASH_SHA256),
+ "create private hash key");
+ TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
+ "create hash key");
+
+ /* Create the signature */
+ TEST_SUCC(vb2_sign_data(&sig, test_data, sizeof(test_data),
+ prik, NULL),
+ "create hash sig");
+
+ TEST_SUCC(vb2_verify_data2(test_data, sizeof(test_data),
+ sig, &pubk, &wb),
+ "vb2_verify_data2() hash ok");
+
+ *((uint8_t *)sig + sig->sig_offset) ^= 0xab;
+ TEST_EQ(vb2_verify_data2(test_data, sizeof(test_data), sig, &pubk, &wb),
+ VB2_ERROR_VDATA_VERIFY_DIGEST, "vb2_verify_data2() hash bad");
+
+ free(sig);
+}
+
+/**
+ * Verify keyblock
+ */
+static void test_verify_keyblock(void)
+{
+ const char desc[16] = "test keyblock";
+ const struct vb2_private_key *prik[2];
+ struct vb2_public_key pubk, pubk2, pubk3;
+ struct vb2_signature2 *sig;
+ struct vb2_keyblock2 *kbuf;
+ uint32_t buf_size;
+ uint8_t *buf, *buf2;
+
+ uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES];
+ struct vb2_workbuf wb;
+
+ TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
+ "create hash key 1");
+ TEST_SUCC(vb2_public_key_hash(&pubk2, VB2_HASH_SHA512),
+ "create hash key 2");
+ TEST_SUCC(vb2_public_key_hash(&pubk3, VB2_HASH_SHA1),
+ "create hash key 3");
+
+ TEST_SUCC(vb2_private_key_hash(prik + 0, VB2_HASH_SHA256),
+ "create private key 1");
+ TEST_SUCC(vb2_private_key_hash(prik + 1, VB2_HASH_SHA512),
+ "create private key 2");
+
+ /* Create the test keyblock */
+ TEST_SUCC(vb2_keyblock_create(&kbuf, &pubk3, prik, 2, 0x4321, desc),
+ "create keyblock");
+
+ buf = (uint8_t *)kbuf;
+ buf_size = kbuf->c.total_size;
+
+ /* Make a copy of the buffer, so we can mangle it for tests */
+ buf2 = malloc(buf_size);
+ memcpy(buf2, buf, buf_size);
+
+ vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+ kbuf = (struct vb2_keyblock2 *)buf;
+
+ TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ "vb2_verify_keyblock2()");
+
+ memcpy(buf, buf2, buf_size);
+ TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk2, &wb),
+ "vb2_verify_keyblock2() key 2");
+
+ memcpy(buf, buf2, buf_size);
+ TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk3, &wb),
+ VB2_ERROR_KEYBLOCK_SIG_GUID,
+ "vb2_verify_keyblock2() key not present");
+
+ memcpy(buf, buf2, buf_size);
+ kbuf->c.magic = VB2_MAGIC_PACKED_KEY2;
+ TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ VB2_ERROR_KEYBLOCK_MAGIC,
+ "vb2_verify_keyblock2() magic");
+
+ memcpy(buf, buf2, buf_size);
+ kbuf->c.fixed_size++;
+ TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ VB2_ERROR_COMMON_FIXED_UNALIGNED,
+ "vb2_verify_keyblock2() header");
+
+ memcpy(buf, buf2, buf_size);
+ kbuf->c.struct_version_major++;
+ TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ VB2_ERROR_KEYBLOCK_HEADER_VERSION,
+ "vb2_verify_keyblock2() major version");
+
+ memcpy(buf, buf2, buf_size);
+ kbuf->c.struct_version_minor++;
+ /* That changes the signature, so resign the keyblock */
+ vb2_sign_data(&sig, buf, kbuf->sig_offset, prik[0], NULL);
+ memcpy(buf + kbuf->sig_offset, sig, sig->c.total_size);
+ free(sig);
+ TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ "vb2_verify_keyblock2() minor version");
+
+ memcpy(buf, buf2, buf_size);
+ kbuf->c.fixed_size -= 4;
+ kbuf->c.desc_size += 4;
+ TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ VB2_ERROR_KEYBLOCK_SIZE,
+ "vb2_verify_keyblock2() header size");
+
+ memcpy(buf, buf2, buf_size);
+ kbuf->key_offset = kbuf->c.total_size - 4;
+ TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ VB2_ERROR_COMMON_MEMBER_SIZE,
+ "vb2_verify_keyblock2() data key outside");
+
+ memcpy(buf, buf2, buf_size);
+ sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
+ sig->data_size--;
+ TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ VB2_ERROR_KEYBLOCK_SIGNED_SIZE,
+ "vb2_verify_keyblock2() signed wrong size");
+
+ memcpy(buf, buf2, buf_size);
+ sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
+ sig->c.total_size = kbuf->c.total_size - 4;
+ TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ VB2_ERROR_COMMON_TOTAL_SIZE,
+ "vb2_verify_keyblock2() key outside keyblock");
+
+ memcpy(buf, buf2, buf_size);
+ sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
+ sig->c.struct_version_major++;
+ TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ VB2_ERROR_SIG_VERSION,
+ "vb2_verify_keyblock2() corrupt key");
+
+ memcpy(buf, buf2, buf_size);
+ kbuf->c.struct_version_minor++;
+ TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+ VB2_ERROR_VDATA_VERIFY_DIGEST,
+ "vb2_verify_keyblock2() corrupt");
+
+ free(buf);
+ free(buf2);
+}
+
+/**
+ * Verify firmware preamble
+ */
+static void test_verify_fw_preamble(void)
+{
+ const char desc[16] = "test preamble";
+ const struct vb2_private_key *prikhash;
+ struct vb2_signature2 *hashes[3];
+ struct vb2_public_key pubk;
+ struct vb2_signature2 *sig;
+ struct vb2_fw_preamble2 *pre;
+ uint32_t buf_size;
+ uint8_t *buf, *buf2;
+
+ uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES];
+ struct vb2_workbuf wb;
+
+ /*
+ * Preambles will usually be signed with a real key not a bare hash,
+ * but the call to vb2_verify_data2() inside the preamble check is the
+ * same (and its functionality is verified separately), and using a
+ * bare hash here saves us from needing to have a private key to do
+ * this test.
+ */
+ TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
+ "create hash key");
+ TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA256),
+ "Create private hash key");
+
+ /* Create some signatures */
+ TEST_SUCC(vb2_sign_data(hashes + 0, test_data, sizeof(test_data),
+ prikhash, "Hash 1"),
+ "Hash 1");
+ TEST_SUCC(vb2_sign_data(hashes + 1, test_data2, sizeof(test_data2),
+ prikhash, "Hash 2"),
+ "Hash 2");
+ TEST_SUCC(vb2_sign_data(hashes + 2, test_data3, sizeof(test_data3),
+ prikhash, "Hash 3"),
+ "Hash 3");
+
+ /* Test good preamble */
+ TEST_SUCC(vb2_fw_preamble_create(&pre, prikhash,
+ (const struct vb2_signature2 **)hashes,
+ 3, 0x1234, 0x5678, desc),
+ "Create preamble good");
+
+ buf = (uint8_t *)pre;
+ buf_size = pre->c.total_size;
+
+ /* Make a copy of the buffer, so we can mangle it for tests */
+ buf2 = malloc(buf_size);
+ memcpy(buf2, buf, buf_size);
+
+ vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+ pre = (struct vb2_fw_preamble2 *)buf;
+
+ TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ "vb2_verify_fw_preamble2()");
+
+ memcpy(buf, buf2, buf_size);
+ pre->c.magic = VB2_MAGIC_PACKED_KEY2;
+ TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ VB2_ERROR_PREAMBLE_MAGIC,
+ "vb2_verify_fw_preamble2() magic");
+
+ memcpy(buf, buf2, buf_size);
+ pre->c.fixed_size++;
+ TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ VB2_ERROR_COMMON_FIXED_UNALIGNED,
+ "vb2_verify_fw_preamble2() header");
+
+ memcpy(buf, buf2, buf_size);
+ pre->c.struct_version_major++;
+ TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ VB2_ERROR_PREAMBLE_HEADER_VERSION,
+ "vb2_verify_fw_preamble2() major version");
+
+ memcpy(buf, buf2, buf_size);
+ pre->c.struct_version_minor++;
+ /* That changes the signature, so resign the fw_preamble */
+ vb2_sign_data(&sig, buf, pre->sig_offset, prikhash, NULL);
+ memcpy(buf + pre->sig_offset, sig, sig->c.total_size);
+ free(sig);
+ TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ "vb2_verify_fw_preamble2() minor version");
+
+ memcpy(buf, buf2, buf_size);
+ pre->c.fixed_size -= 4;
+ pre->c.desc_size += 4;
+ TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ VB2_ERROR_PREAMBLE_SIZE,
+ "vb2_verify_fw_preamble2() header size");
+
+ memcpy(buf, buf2, buf_size);
+ sig = (struct vb2_signature2 *)(buf + pre->hash_offset);
+ sig->c.total_size += pre->c.total_size;
+ TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ VB2_ERROR_COMMON_TOTAL_SIZE,
+ "vb2_verify_fw_preamble2() hash size");
+
+ memcpy(buf, buf2, buf_size);
+ sig = (struct vb2_signature2 *)(buf + pre->hash_offset);
+ sig->sig_size /= 2;
+ TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ VB2_ERROR_SIG_SIZE,
+ "vb2_verify_fw_preamble2() hash integrity");
+
+ memcpy(buf, buf2, buf_size);
+ pre->hash_count++;
+ TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ VB2_ERROR_COMMON_MEMBER_OVERLAP,
+ "vb2_verify_fw_preamble2() hash count");
+
+ memcpy(buf, buf2, buf_size);
+ sig = (struct vb2_signature2 *)(buf + pre->sig_offset);
+ sig->c.total_size += 4;
+ TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ VB2_ERROR_COMMON_TOTAL_SIZE,
+ "vb2_verify_fw_preamble2() sig inside");
+
+ memcpy(buf, buf2, buf_size);
+ sig = (struct vb2_signature2 *)(buf + pre->sig_offset);
+ buf[pre->sig_offset + sig->sig_offset]++;
+ TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ VB2_ERROR_VDATA_VERIFY_DIGEST,
+ "vb2_verify_fw_preamble2() sig corrupt");
+
+ memcpy(buf, buf2, buf_size);
+ pre->flags++;
+ TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+ VB2_ERROR_VDATA_VERIFY_DIGEST,
+ "vb2_verify_fw_preamble2() preamble corrupt");
+
+ free(buf);
+ free(buf2);
+}
+
+int main(int argc, char* argv[])
+{
+ test_struct_packing();
+ test_common_header_functions();
+ test_sig_size();
+ test_verify_hash();
+ test_verify_keyblock();
+ test_verify_fw_preamble();
+
+ return gTestSuccess ? 0 : 255;
+}
diff --git a/tests/vb2_host_fw_preamble_tests.c b/tests/vb21_host_fw_preamble_tests.c
similarity index 99%
rename from tests/vb2_host_fw_preamble_tests.c
rename to tests/vb21_host_fw_preamble_tests.c
index 0063ba8..1cd0a9a 100644
--- a/tests/vb2_host_fw_preamble_tests.c
+++ b/tests/vb21_host_fw_preamble_tests.c
@@ -11,6 +11,9 @@
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
+
+#include "vb2_common.h"
+
#include "host_common.h"
#include "host_fw_preamble2.h"
#include "host_key2.h"
diff --git a/tests/vb2_host_key_tests.c b/tests/vb21_host_key_tests.c
similarity index 99%
rename from tests/vb2_host_key_tests.c
rename to tests/vb21_host_key_tests.c
index 451366f..ed4c44b 100644
--- a/tests/vb2_host_key_tests.c
+++ b/tests/vb21_host_key_tests.c
@@ -11,6 +11,7 @@
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
+#include "vb2_common.h"
#include "host_common.h"
#include "host_key2.h"
diff --git a/tests/vb2_host_keyblock_tests.c b/tests/vb21_host_keyblock_tests.c
similarity index 99%
rename from tests/vb2_host_keyblock_tests.c
rename to tests/vb21_host_keyblock_tests.c
index c30f370..11a75d7 100644
--- a/tests/vb2_host_keyblock_tests.c
+++ b/tests/vb21_host_keyblock_tests.c
@@ -11,6 +11,7 @@
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
+#include "vb2_common.h"
#include "host_common.h"
#include "host_key2.h"
#include "host_keyblock2.h"
diff --git a/tests/vb2_host_misc_tests.c b/tests/vb21_host_misc_tests.c
similarity index 98%
rename from tests/vb2_host_misc_tests.c
rename to tests/vb21_host_misc_tests.c
index a78c745..638977e 100644
--- a/tests/vb2_host_misc_tests.c
+++ b/tests/vb21_host_misc_tests.c
@@ -9,6 +9,7 @@
#include "2sysincludes.h"
#include "2common.h"
+#include "vb2_common.h"
#include "host_common.h"
#include "host_misc.h"
diff --git a/tests/vb2_host_sig_tests.c b/tests/vb21_host_sig_tests.c
similarity index 99%
rename from tests/vb2_host_sig_tests.c
rename to tests/vb21_host_sig_tests.c
index 809c7b0..5c1176a 100644
--- a/tests/vb2_host_sig_tests.c
+++ b/tests/vb21_host_sig_tests.c
@@ -11,6 +11,7 @@
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
+#include "vb2_common.h"
#include "host_common.h"
#include "host_key2.h"
#include "host_signature2.h"
diff --git a/tests/vb2_misc3_tests.c b/tests/vb21_misc_tests.c
similarity index 99%
rename from tests/vb2_misc3_tests.c
rename to tests/vb21_misc_tests.c
index c607d24..9f6489f 100644
--- a/tests/vb2_misc3_tests.c
+++ b/tests/vb21_misc_tests.c
@@ -14,6 +14,8 @@
#include "2nvstorage.h"
#include "2secdata.h"
+#include "vb2_common.h"
+
#include "test_common.h"
/* Common context for tests */
diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c
index 88dbf23..ec9ef18 100644
--- a/tests/vb2_common2_tests.c
+++ b/tests/vb2_common2_tests.c
@@ -12,11 +12,8 @@
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
-
#include "file_keys.h"
#include "host_common.h"
-#include "host_key2.h"
-#include "host_signature2.h"
#include "vboot_common.h"
#include "test_common.h"
@@ -77,97 +74,6 @@
free(key);
}
-static void test_unpack_key2(const struct vb2_packed_key *key1,
- const struct vb2_packed_key2 *key)
-{
- struct vb2_public_key pubk;
- struct vb2_packed_key2 *key2;
- uint32_t size = key->c.total_size;
-
- /* Make a copy of the key for testing */
- key2 = (struct vb2_packed_key2 *)malloc(size);
-
- memcpy(key2, key, size);
- TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- "vb2_unpack_key2() ok");
-
- memcpy(key2, key, size);
- key2->key_offset += 4;
- TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- VB2_ERROR_COMMON_MEMBER_SIZE,
- "vb2_unpack_key2() buffer too small");
-
- memcpy(key2, key, size);
- key2->c.fixed_size += size;
- TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- VB2_ERROR_COMMON_FIXED_SIZE,
- "vb2_unpack_key2() buffer too small for desc");
-
- memcpy(key2, key, size);
- key2->c.desc_size = 0;
- TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- "vb2_unpack_key2() no desc");
- TEST_EQ(strcmp(pubk.desc, ""), 0, " empty desc string");
-
- memcpy(key2, key, size);
- key2->c.magic++;
- TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- VB2_ERROR_UNPACK_KEY_MAGIC,
- "vb2_unpack_key2() bad magic");
-
- memcpy(key2, key, size);
- key2->c.struct_version_major++;
- TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- VB2_ERROR_UNPACK_KEY_STRUCT_VERSION,
- "vb2_unpack_key2() bad major version");
-
- /*
- * Minor version changes are ok. Note that this test assumes that the
- * source key struct version is the highest actually known to the
- * reader. If the reader does know about minor version + 1 and that
- * adds fields, this test will likely fail. But at that point, we
- * should have already added a test for minor version compatibility to
- * handle both old and new struct versions, so someone will have
- * noticed this comment.
- */
- memcpy(key2, key, size);
- key2->c.struct_version_minor++;
- TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- "vb2_unpack_key2() minor version change ok");
-
- memcpy(key2, key, size);
- key2->sig_alg = VB2_SIG_INVALID;
- TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM,
- "vb2_unpack_key2() bad sig algorithm");
-
- memcpy(key2, key, size);
- key2->hash_alg = VB2_HASH_INVALID;
- TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM,
- "vb2_unpack_key2() bad hash algorithm");
-
- memcpy(key2, key, size);
- key2->key_size -= 4;
- TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- VB2_ERROR_UNPACK_KEY_SIZE,
- "vb2_unpack_key2() invalid size");
-
- memcpy(key2, key, size);
- key2->key_offset--;
- TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- VB2_ERROR_COMMON_MEMBER_UNALIGNED,
- "vb2_unpack_key2() unaligned data");
-
- memcpy(key2, key, size);
- *(uint32_t *)((uint8_t *)key2 + key2->key_offset) /= 2;
- TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
- VB2_ERROR_UNPACK_KEY_ARRAY_SIZE,
- "vb2_unpack_key2() invalid key array size");
-
- free(key2);
-}
-
static void test_verify_data(const struct vb2_packed_key *key1,
const struct vb2_signature *sig)
{
@@ -227,145 +133,15 @@
free(sig2);
}
-static void test_verify_signature2(const struct vb2_signature2 *sig)
-{
- struct vb2_signature2 *sig2;
- uint8_t *buf2;
- uint32_t size;
-
- /* Make a copy of the signature */
- size = sig->c.total_size;
- buf2 = malloc(size);
- sig2 = (struct vb2_signature2 *)buf2;
-
- memcpy(buf2, sig, size);
- TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig ok");
- sig2->c.magic = VB2_MAGIC_PACKED_KEY2;
- TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_MAGIC,
- "verify_sig magic");
-
- memcpy(buf2, sig, size);
- sig2->c.total_size += 4;
- TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_TOTAL_SIZE,
- "verify_sig common header");
-
- memcpy(buf2, sig, size);
- sig2->c.struct_version_minor++;
- TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig minor ver");
- sig2->c.struct_version_major++;
- TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_VERSION,
- "verify_sig major ver");
-
- memcpy(buf2, sig, size);
- sig2->c.fixed_size -= 4;
- sig2->c.desc_size += 4;
- TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_HEADER_SIZE,
- "verify_sig header size");
-
- memcpy(buf2, sig, size);
- sig2->sig_size += 4;
- TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_MEMBER_SIZE,
- "verify_sig sig size");
-
- memcpy(buf2, sig, size);
- sig2->sig_alg = VB2_SIG_INVALID;
- TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_ALGORITHM,
- "verify_sig sig alg");
-
- memcpy(buf2, sig, size);
- sig2->sig_alg = (sig2->sig_alg == VB2_SIG_NONE ?
- VB2_SIG_RSA1024 : VB2_SIG_NONE);
- TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_SIZE,
- "verify_sig sig size");
-
- free(buf2);
-}
-
-static void test_verify_data2(const struct vb2_public_key *pubk_orig,
- const struct vb2_signature2 *sig)
-{
- uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES];
- struct vb2_workbuf wb;
-
- struct vb2_public_key pubk;
- struct vb2_signature2 *sig2;
- uint8_t *buf2;
- uint32_t size;
-
- vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
-
- pubk = *pubk_orig;
-
- /* Allocate signature copy for tests */
- size = sig->c.total_size;
- buf2 = malloc(size);
- sig2 = (struct vb2_signature2 *)buf2;
-
- memcpy(buf2, sig, size);
- pubk.sig_alg = VB2_SIG_INVALID;
- TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
- VB2_ERROR_VDATA_ALGORITHM, "vb2_verify_data2() bad sig alg");
- pubk = *pubk_orig;
-
- memcpy(buf2, sig, size);
- pubk.hash_alg = VB2_HASH_INVALID;
- TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
- VB2_ERROR_VDATA_DIGEST_SIZE,
- "vb2_verify_data2() bad hash alg");
- pubk = *pubk_orig;
-
- vb2_workbuf_init(&wb, workbuf, 4);
- memcpy(buf2, sig, size);
- TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
- VB2_ERROR_VDATA_WORKBUF_DIGEST,
- "vb2_verify_data2() workbuf too small");
- vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
-
- memcpy(buf2, sig, size);
- TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
- 0, "vb2_verify_data2() ok");
-
- memcpy(buf2, sig, size);
- sig2->sig_size -= 16;
- TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
- VB2_ERROR_VDATA_SIG_SIZE, "vb2_verify_data2() wrong sig size");
-
- memcpy(buf2, sig, size);
- TEST_EQ(vb2_verify_data2(test_data, test_size - 1, sig2, &pubk, &wb),
- VB2_ERROR_VDATA_SIZE, "vb2_verify_data2() wrong data size");
-
- memcpy(buf2, sig, size);
- sig2->hash_alg = (sig2->hash_alg == VB2_HASH_SHA1 ?
- VB2_HASH_SHA256 : VB2_HASH_SHA1);
- TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
- VB2_ERROR_VDATA_ALGORITHM_MISMATCH,
- "vb2_verify_data2() alg mismatch");
-
-
- memcpy(buf2, sig, size);
- buf2[sig2->sig_offset] ^= 0x5A;
- TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
- VB2_ERROR_RSA_PADDING, "vb2_verify_data2() wrong sig");
-
- free(buf2);
-}
int test_algorithm(int key_algorithm, const char *keys_dir)
{
char filename[1024];
int rsa_len = siglen_map[key_algorithm] * 8;
- enum vb2_signature_algorithm sig_alg =
- vb2_crypto_to_signature(key_algorithm);
- enum vb2_hash_algorithm hash_alg = vb2_crypto_to_hash(key_algorithm);
-
VbPrivateKey *private_key = NULL;
- struct vb2_private_key *prik = NULL;
struct vb2_signature *sig = NULL;
- struct vb2_signature2 *sig2 = NULL;
- struct vb2_public_key *pubk = NULL;
struct vb2_packed_key *key1;
- struct vb2_packed_key2 *key2 = NULL;
printf("***Testing algorithm: %s\n", algo_strings[key_algorithm]);
@@ -376,12 +152,6 @@
return 1;
}
- TEST_SUCC(vb2_private_key_read_pem(&prik, filename),
- "Read private key");
- prik->hash_alg = hash_alg;
- prik->sig_alg = sig_alg;
- vb2_private_key_set_desc(prik, "private key");
-
sprintf(filename, "%s/key_rsa%d.keyb", keys_dir, rsa_len);
key1 = (struct vb2_packed_key *)
PublicKeyReadKeyb(filename, key_algorithm, 1);
@@ -390,12 +160,6 @@
return 1;
}
- TEST_SUCC(vb2_public_key_read_keyb(&pubk, filename),
- "Read public key");
- pubk->hash_alg = hash_alg;
- vb2_public_key_set_desc(pubk, "public key");
- TEST_SUCC(vb2_public_key_pack(&key2, pubk), "Pack public key");
-
/* Calculate good signatures */
sig = (struct vb2_signature *)
CalculateSignature(test_data, sizeof(test_data), private_key);
@@ -403,23 +167,12 @@
if (!sig)
return 1;
- TEST_SUCC(vb2_sign_data(&sig2, test_data, test_size, prik, ""),
- "Make test signature");
-
test_unpack_key(key1);
test_verify_data(key1, sig);
- test_unpack_key2(key1, key2);
- test_verify_data2(pubk, sig2);
- test_verify_signature2(sig2);
-
free(key1);
- free(key2);
free(private_key);
free(sig);
- free(sig2);
- vb2_private_key_free(prik);
- vb2_public_key_free(pubk);
return 0;
}
diff --git a/tests/vb2_common_tests.c b/tests/vb2_common_tests.c
index d520f1c..f850295 100644
--- a/tests/vb2_common_tests.c
+++ b/tests/vb2_common_tests.c
@@ -8,18 +8,10 @@
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
-#include "host_fw_preamble2.h"
-#include "host_key2.h"
-#include "host_keyblock2.h"
-#include "host_signature2.h"
#include "vboot_struct.h" /* For old struct sizes */
#include "test_common.h"
-static const uint8_t test_data[] = "This is some test data to sign.";
-static const uint8_t test_data2[] = "Some more test data";
-static const uint8_t test_data3[] = "Even more test data";
-
/**
* Test memory compare functions
*/
@@ -152,26 +144,6 @@
TEST_EQ(EXPECTED_VB2_FW_PREAMBLE_SIZE,
EXPECTED_VBFIRMWAREPREAMBLEHEADER2_1_SIZE,
"vboot1->2 firmware preamble sizes same");
-
- /* Test new struct sizes */
- TEST_EQ(EXPECTED_GUID_SIZE,
- sizeof(struct vb2_guid),
- "sizeof(vb2_guid)");
- TEST_EQ(EXPECTED_VB2_STRUCT_COMMON_SIZE,
- sizeof(struct vb2_struct_common),
- "sizeof(vb2_struct_common)");
- TEST_EQ(EXPECTED_VB2_PACKED_KEY2_SIZE,
- sizeof(struct vb2_packed_key2),
- "sizeof(vb2_packed_key2)");
- TEST_EQ(EXPECTED_VB2_SIGNATURE2_SIZE,
- sizeof(struct vb2_signature2),
- "sizeof(vb2_signature2)");
- TEST_EQ(EXPECTED_VB2_KEYBLOCK2_SIZE,
- sizeof(struct vb2_keyblock2),
- "sizeof(vb2_keyblock2)");
- TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_SIZE,
- sizeof(struct vb2_fw_preamble2),
- "sizeof(vb2_fw_preamble2)");
}
/**
@@ -291,467 +263,6 @@
}
}
-/**
- * Common header functions
- */
-static void test_common_header_functions(void)
-{
- uint8_t cbuf[sizeof(struct vb2_struct_common) + 128];
- uint8_t cbufgood[sizeof(cbuf)];
- struct vb2_struct_common *c = (struct vb2_struct_common *)cbuf;
- struct vb2_struct_common *c2;
- const char test_desc[32] = "test desc";
- uint32_t desc_end, m;
-
- c->total_size = sizeof(cbuf);
- c->fixed_size = sizeof(*c);
- c->desc_size = sizeof(test_desc);
- memcpy(cbuf + c->fixed_size, test_desc, sizeof(test_desc));
- desc_end = c->fixed_size + c->desc_size;
-
- c2 = (struct vb2_struct_common *)(cbuf + desc_end);
- c2->total_size = c->total_size - desc_end;
- c2->fixed_size = sizeof(*c2);
- c2->desc_size = 0;
-
- /* Description helper */
- TEST_EQ(0, strcmp(vb2_common_desc(c), test_desc), "vb2_common_desc()");
- TEST_EQ(0, strcmp(vb2_common_desc(c2), ""), "vb2_common_desc() empty");
-
- TEST_SUCC(vb2_verify_common_header(cbuf, sizeof(cbuf)),
- "vb2_verify_common_header() good");
- memcpy(cbufgood, cbuf, sizeof(cbufgood));
-
- memcpy(cbuf, cbufgood, sizeof(cbuf));
- c->total_size += 4;
- TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
- VB2_ERROR_COMMON_TOTAL_SIZE,
- "vb2_verify_common_header() total size");
-
- memcpy(cbuf, cbufgood, sizeof(cbuf));
- c->fixed_size = c->total_size + 4;
- TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
- VB2_ERROR_COMMON_FIXED_SIZE,
- "vb2_verify_common_header() fixed size");
-
- memcpy(cbuf, cbufgood, sizeof(cbuf));
- c->desc_size = c->total_size - c->fixed_size + 4;
- TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
- VB2_ERROR_COMMON_DESC_SIZE,
- "vb2_verify_common_header() desc size");
-
- memcpy(cbuf, cbufgood, sizeof(cbuf));
- c->total_size--;
- TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
- VB2_ERROR_COMMON_TOTAL_UNALIGNED,
- "vb2_verify_common_header() total unaligned");
-
- memcpy(cbuf, cbufgood, sizeof(cbuf));
- c->fixed_size++;
- TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
- VB2_ERROR_COMMON_FIXED_UNALIGNED,
- "vb2_verify_common_header() fixed unaligned");
-
- memcpy(cbuf, cbufgood, sizeof(cbuf));
- c->desc_size--;
- TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
- VB2_ERROR_COMMON_DESC_UNALIGNED,
- "vb2_verify_common_header() desc unaligned");
-
- memcpy(cbuf, cbufgood, sizeof(cbuf));
- c->desc_size = -4;
- TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
- VB2_ERROR_COMMON_DESC_WRAPS,
- "vb2_verify_common_header() desc wraps");
-
- memcpy(cbuf, cbufgood, sizeof(cbuf));
- cbuf[desc_end - 1] = 1;
- TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
- VB2_ERROR_COMMON_DESC_TERMINATOR,
- "vb2_verify_common_header() desc not terminated");
-
- /* Member checking function */
- memcpy(cbuf, cbufgood, sizeof(cbuf));
- m = 0;
- TEST_SUCC(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 4),
- "vb2_verify_common_member()");
- TEST_EQ(m, c->total_size - 4, " new minimum");
-
- m = desc_end;
- TEST_SUCC(vb2_verify_common_member(cbuf, &m, desc_end, 4),
- "vb2_verify_common_member() good offset");
- TEST_EQ(m, desc_end + 4, " new minimum");
-
- m = 0;
- TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, -4),
- VB2_ERROR_COMMON_MEMBER_WRAPS,
- "vb2_verify_common_member() wraps");
-
- m = 0;
- TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 7, 4),
- VB2_ERROR_COMMON_MEMBER_UNALIGNED,
- "vb2_verify_common_member() offset unaligned");
-
- m = 0;
- TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 5),
- VB2_ERROR_COMMON_MEMBER_UNALIGNED,
- "vb2_verify_common_member() size unaligned");
-
- m = 0;
- TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end - 4, 4),
- VB2_ERROR_COMMON_MEMBER_OVERLAP,
- "vb2_verify_common_member() overlap");
-
- m = desc_end + 4;
- TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end, 4),
- VB2_ERROR_COMMON_MEMBER_OVERLAP,
- "vb2_verify_common_member() overlap 2");
-
- m = 0;
- TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 4, 8),
- VB2_ERROR_COMMON_MEMBER_SIZE,
- "vb2_verify_common_member() size");
-
- /* Subobject checking */
- m = 0;
- TEST_SUCC(vb2_verify_common_subobject(cbuf, &m, desc_end),
- "vb2_verify_common_subobject() good offset");
- TEST_EQ(m, sizeof(cbuf), " new minimum");
-
- m = desc_end + 4;
- TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end),
- VB2_ERROR_COMMON_MEMBER_OVERLAP,
- "vb2_verify_common_subobject() overlap");
-
- m = 0;
- c2->total_size += 4;
- TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end),
- VB2_ERROR_COMMON_TOTAL_SIZE,
- "vb2_verify_common_subobject() size");
-}
-
-/**
- * Signature size
- */
-static void test_sig_size(void)
-{
- TEST_EQ(vb2_sig_size(VB2_SIG_INVALID, VB2_HASH_SHA256), 0,
- "vb2_sig_size() sig invalid");
-
- TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_INVALID), 0,
- "vb2_sig_size() hash invalid");
-
- TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_SHA256), 2048 / 8,
- "vb2_sig_size() RSA2048");
- TEST_EQ(vb2_sig_size(VB2_SIG_RSA4096, VB2_HASH_SHA256), 4096 / 8,
- "vb2_sig_size() RSA4096");
- TEST_EQ(vb2_sig_size(VB2_SIG_RSA8192, VB2_HASH_SHA512), 8192 / 8,
- "vb2_sig_size() RSA8192");
-
- TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA1),
- VB2_SHA1_DIGEST_SIZE, "vb2_sig_size() SHA1");
- TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA256),
- VB2_SHA256_DIGEST_SIZE, "vb2_sig_size() SHA256");
- TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA512),
- VB2_SHA512_DIGEST_SIZE, "vb2_sig_size() SHA512");
-}
-
-/**
- * Verify data on bare hash
- */
-static void test_verify_hash(void)
-{
- struct vb2_signature2 *sig;
- const struct vb2_private_key *prik;
- struct vb2_public_key pubk;
- uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES];
- struct vb2_workbuf wb;
-
- vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
-
- TEST_SUCC(vb2_private_key_hash(&prik, VB2_HASH_SHA256),
- "create private hash key");
- TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
- "create hash key");
-
- /* Create the signature */
- TEST_SUCC(vb2_sign_data(&sig, test_data, sizeof(test_data),
- prik, NULL),
- "create hash sig");
-
- TEST_SUCC(vb2_verify_data2(test_data, sizeof(test_data),
- sig, &pubk, &wb),
- "vb2_verify_data2() hash ok");
-
- *((uint8_t *)sig + sig->sig_offset) ^= 0xab;
- TEST_EQ(vb2_verify_data2(test_data, sizeof(test_data), sig, &pubk, &wb),
- VB2_ERROR_VDATA_VERIFY_DIGEST, "vb2_verify_data2() hash bad");
-
- free(sig);
-}
-
-/**
- * Verify keyblock
- */
-static void test_verify_keyblock(void)
-{
- const char desc[16] = "test keyblock";
- const struct vb2_private_key *prik[2];
- struct vb2_public_key pubk, pubk2, pubk3;
- struct vb2_signature2 *sig;
- struct vb2_keyblock2 *kbuf;
- uint32_t buf_size;
- uint8_t *buf, *buf2;
-
- uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES];
- struct vb2_workbuf wb;
-
- TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
- "create hash key 1");
- TEST_SUCC(vb2_public_key_hash(&pubk2, VB2_HASH_SHA512),
- "create hash key 2");
- TEST_SUCC(vb2_public_key_hash(&pubk3, VB2_HASH_SHA1),
- "create hash key 3");
-
- TEST_SUCC(vb2_private_key_hash(prik + 0, VB2_HASH_SHA256),
- "create private key 1");
- TEST_SUCC(vb2_private_key_hash(prik + 1, VB2_HASH_SHA512),
- "create private key 2");
-
- /* Create the test keyblock */
- TEST_SUCC(vb2_keyblock_create(&kbuf, &pubk3, prik, 2, 0x4321, desc),
- "create keyblock");
-
- buf = (uint8_t *)kbuf;
- buf_size = kbuf->c.total_size;
-
- /* Make a copy of the buffer, so we can mangle it for tests */
- buf2 = malloc(buf_size);
- memcpy(buf2, buf, buf_size);
-
- vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
- kbuf = (struct vb2_keyblock2 *)buf;
-
- TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- "vb2_verify_keyblock2()");
-
- memcpy(buf, buf2, buf_size);
- TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk2, &wb),
- "vb2_verify_keyblock2() key 2");
-
- memcpy(buf, buf2, buf_size);
- TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk3, &wb),
- VB2_ERROR_KEYBLOCK_SIG_GUID,
- "vb2_verify_keyblock2() key not present");
-
- memcpy(buf, buf2, buf_size);
- kbuf->c.magic = VB2_MAGIC_PACKED_KEY2;
- TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- VB2_ERROR_KEYBLOCK_MAGIC,
- "vb2_verify_keyblock2() magic");
-
- memcpy(buf, buf2, buf_size);
- kbuf->c.fixed_size++;
- TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- VB2_ERROR_COMMON_FIXED_UNALIGNED,
- "vb2_verify_keyblock2() header");
-
- memcpy(buf, buf2, buf_size);
- kbuf->c.struct_version_major++;
- TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- VB2_ERROR_KEYBLOCK_HEADER_VERSION,
- "vb2_verify_keyblock2() major version");
-
- memcpy(buf, buf2, buf_size);
- kbuf->c.struct_version_minor++;
- /* That changes the signature, so resign the keyblock */
- vb2_sign_data(&sig, buf, kbuf->sig_offset, prik[0], NULL);
- memcpy(buf + kbuf->sig_offset, sig, sig->c.total_size);
- free(sig);
- TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- "vb2_verify_keyblock2() minor version");
-
- memcpy(buf, buf2, buf_size);
- kbuf->c.fixed_size -= 4;
- kbuf->c.desc_size += 4;
- TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- VB2_ERROR_KEYBLOCK_SIZE,
- "vb2_verify_keyblock2() header size");
-
- memcpy(buf, buf2, buf_size);
- kbuf->key_offset = kbuf->c.total_size - 4;
- TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- VB2_ERROR_COMMON_MEMBER_SIZE,
- "vb2_verify_keyblock2() data key outside");
-
- memcpy(buf, buf2, buf_size);
- sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
- sig->data_size--;
- TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- VB2_ERROR_KEYBLOCK_SIGNED_SIZE,
- "vb2_verify_keyblock2() signed wrong size");
-
- memcpy(buf, buf2, buf_size);
- sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
- sig->c.total_size = kbuf->c.total_size - 4;
- TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- VB2_ERROR_COMMON_TOTAL_SIZE,
- "vb2_verify_keyblock2() key outside keyblock");
-
- memcpy(buf, buf2, buf_size);
- sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
- sig->c.struct_version_major++;
- TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- VB2_ERROR_SIG_VERSION,
- "vb2_verify_keyblock2() corrupt key");
-
- memcpy(buf, buf2, buf_size);
- kbuf->c.struct_version_minor++;
- TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
- VB2_ERROR_VDATA_VERIFY_DIGEST,
- "vb2_verify_keyblock2() corrupt");
-
- free(buf);
- free(buf2);
-}
-
-/**
- * Verify firmware preamble
- */
-static void test_verify_fw_preamble(void)
-{
- const char desc[16] = "test preamble";
- const struct vb2_private_key *prikhash;
- struct vb2_signature2 *hashes[3];
- struct vb2_public_key pubk;
- struct vb2_signature2 *sig;
- struct vb2_fw_preamble2 *pre;
- uint32_t buf_size;
- uint8_t *buf, *buf2;
-
- uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES];
- struct vb2_workbuf wb;
-
- /*
- * Preambles will usually be signed with a real key not a bare hash,
- * but the call to vb2_verify_data2() inside the preamble check is the
- * same (and its functionality is verified separately), and using a
- * bare hash here saves us from needing to have a private key to do
- * this test.
- */
- TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
- "create hash key");
- TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA256),
- "Create private hash key");
-
- /* Create some signatures */
- TEST_SUCC(vb2_sign_data(hashes + 0, test_data, sizeof(test_data),
- prikhash, "Hash 1"),
- "Hash 1");
- TEST_SUCC(vb2_sign_data(hashes + 1, test_data2, sizeof(test_data2),
- prikhash, "Hash 2"),
- "Hash 2");
- TEST_SUCC(vb2_sign_data(hashes + 2, test_data3, sizeof(test_data3),
- prikhash, "Hash 3"),
- "Hash 3");
-
- /* Test good preamble */
- TEST_SUCC(vb2_fw_preamble_create(&pre, prikhash,
- (const struct vb2_signature2 **)hashes,
- 3, 0x1234, 0x5678, desc),
- "Create preamble good");
-
- buf = (uint8_t *)pre;
- buf_size = pre->c.total_size;
-
- /* Make a copy of the buffer, so we can mangle it for tests */
- buf2 = malloc(buf_size);
- memcpy(buf2, buf, buf_size);
-
- vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
- pre = (struct vb2_fw_preamble2 *)buf;
-
- TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- "vb2_verify_fw_preamble2()");
-
- memcpy(buf, buf2, buf_size);
- pre->c.magic = VB2_MAGIC_PACKED_KEY2;
- TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- VB2_ERROR_PREAMBLE_MAGIC,
- "vb2_verify_fw_preamble2() magic");
-
- memcpy(buf, buf2, buf_size);
- pre->c.fixed_size++;
- TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- VB2_ERROR_COMMON_FIXED_UNALIGNED,
- "vb2_verify_fw_preamble2() header");
-
- memcpy(buf, buf2, buf_size);
- pre->c.struct_version_major++;
- TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- VB2_ERROR_PREAMBLE_HEADER_VERSION,
- "vb2_verify_fw_preamble2() major version");
-
- memcpy(buf, buf2, buf_size);
- pre->c.struct_version_minor++;
- /* That changes the signature, so resign the fw_preamble */
- vb2_sign_data(&sig, buf, pre->sig_offset, prikhash, NULL);
- memcpy(buf + pre->sig_offset, sig, sig->c.total_size);
- free(sig);
- TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- "vb2_verify_fw_preamble2() minor version");
-
- memcpy(buf, buf2, buf_size);
- pre->c.fixed_size -= 4;
- pre->c.desc_size += 4;
- TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- VB2_ERROR_PREAMBLE_SIZE,
- "vb2_verify_fw_preamble2() header size");
-
- memcpy(buf, buf2, buf_size);
- sig = (struct vb2_signature2 *)(buf + pre->hash_offset);
- sig->c.total_size += pre->c.total_size;
- TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- VB2_ERROR_COMMON_TOTAL_SIZE,
- "vb2_verify_fw_preamble2() hash size");
-
- memcpy(buf, buf2, buf_size);
- sig = (struct vb2_signature2 *)(buf + pre->hash_offset);
- sig->sig_size /= 2;
- TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- VB2_ERROR_SIG_SIZE,
- "vb2_verify_fw_preamble2() hash integrity");
-
- memcpy(buf, buf2, buf_size);
- pre->hash_count++;
- TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- VB2_ERROR_COMMON_MEMBER_OVERLAP,
- "vb2_verify_fw_preamble2() hash count");
-
- memcpy(buf, buf2, buf_size);
- sig = (struct vb2_signature2 *)(buf + pre->sig_offset);
- sig->c.total_size += 4;
- TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- VB2_ERROR_COMMON_TOTAL_SIZE,
- "vb2_verify_fw_preamble2() sig inside");
-
- memcpy(buf, buf2, buf_size);
- sig = (struct vb2_signature2 *)(buf + pre->sig_offset);
- buf[pre->sig_offset + sig->sig_offset]++;
- TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- VB2_ERROR_VDATA_VERIFY_DIGEST,
- "vb2_verify_fw_preamble2() sig corrupt");
-
- memcpy(buf, buf2, buf_size);
- pre->flags++;
- TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
- VB2_ERROR_VDATA_VERIFY_DIGEST,
- "vb2_verify_fw_preamble2() preamble corrupt");
-
- free(buf);
- free(buf2);
-}
-
int main(int argc, char* argv[])
{
test_memcmp();
@@ -759,11 +270,6 @@
test_workbuf();
test_struct_packing();
test_helper_functions();
- test_common_header_functions();
- test_sig_size();
- test_verify_hash();
- test_verify_keyblock();
- test_verify_fw_preamble();
return gTestSuccess ? 0 : 255;
}