| /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| * Use of this source code is governed by a BSD-style license that can be |
| * found in the LICENSE file. |
| * |
| * Tests for firmware image library. |
| */ |
| |
| #include <stdio.h> |
| #include <stdlib.h> |
| |
| #include "file_keys.h" |
| #include "firmware_image.h" |
| #include "rsa_utility.h" |
| #include "utility.h" |
| #include "rollback_index.h" |
| |
| /* ANSI Color coding sequences. */ |
| #define COL_GREEN "\e[1;32m" |
| #define COL_RED "\e[0;31m" |
| #define COL_STOP "\e[m" |
| |
| int TEST_EQ(int result, int expected_result, char* testname) { |
| if (result == expected_result) { |
| fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); |
| return 1; |
| } else { |
| fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); |
| return 0; |
| } |
| } |
| |
| FirmwareImage* GenerateTestFirmwareImage(int algorithm, |
| uint8_t* firmware_sign_key, |
| int firmware_key_version, |
| int firmware_version, |
| int firmware_len, |
| const char* root_key_file, |
| const char* firmware_key_file) { |
| FirmwareImage* image = FirmwareImageNew(); |
| |
| Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); |
| image->firmware_sign_algorithm = algorithm; |
| image->firmware_sign_key = (uint8_t*) Malloc( |
| RSAProcessedKeySize(image->firmware_sign_algorithm)); |
| Memcpy(image->firmware_sign_key, firmware_sign_key, |
| RSAProcessedKeySize(image->firmware_sign_algorithm)); |
| image->firmware_key_version = firmware_key_version; |
| |
| /* Update correct header length. */ |
| image->header_len = GetFirmwareHeaderLen(image); |
| |
| /* Calculate SHA-512 digest on header and populate header_checksum. */ |
| CalculateFirmwareHeaderChecksum(image, image->header_checksum); |
| |
| /* Populate firmware and preamble with dummy data. */ |
| image->firmware_version = firmware_version; |
| image->firmware_len = firmware_len; |
| image->preamble_signature = image->firmware_signature = NULL; |
| Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); |
| image->firmware_data = Malloc(image->firmware_len); |
| Memset(image->firmware_data, 'F', image->firmware_len); |
| |
| /* Generate and populate signatures. */ |
| if (!AddFirmwareKeySignature(image, root_key_file)) { |
| fprintf(stderr, "Couldn't create key signature.\n"); |
| FirmwareImageFree(image); |
| return NULL; |
| } |
| |
| if (!AddFirmwareSignature(image, firmware_key_file)) { |
| fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); |
| FirmwareImageFree(image); |
| return NULL; |
| } |
| return image; |
| } |
| |
| #define DEV_MODE_ENABLED 1 |
| #define DEV_MODE_DISABLED 0 |
| |
| /* Normal Firmware Blob Verification Tests. */ |
| int VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { |
| int success = 1; |
| if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_ENABLED), |
| VERIFY_FIRMWARE_SUCCESS, |
| "Normal Firmware Blob Verification (Dev Mode)")) |
| success = 0; |
| |
| if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_DISABLED), |
| VERIFY_FIRMWARE_SUCCESS, |
| "Normal Firmware Blob Verification (Trusted)")) |
| success = 0; |
| return success; |
| } |
| |
| /* Normal FirmwareImage Verification Tests. */ |
| int VerifyFirmwareImageTest(FirmwareImage* image, |
| RSAPublicKey* root_key) { |
| int success = 1; |
| if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
| VERIFY_FIRMWARE_SUCCESS, |
| "Normal FirmwareImage Verification (Dev Mode)")) |
| success = 0; |
| |
| if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
| VERIFY_FIRMWARE_SUCCESS, |
| "Normal FirmwareImage Verification (Trusted)")) |
| success = 0; |
| return success; |
| } |
| |
| /* Tampered FirmwareImage Verification Tests. */ |
| int VerifyFirmwareImageTamperTest(FirmwareImage* image, |
| RSAPublicKey* root_key) { |
| int success = 1; |
| fprintf(stderr, "[[Tampering with firmware preamble....]]\n"); |
| image->firmware_version = 0; |
| if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
| VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, |
| "FirmwareImage Preamble Tamper Verification (Dev Mode)")) |
| success = 0; |
| |
| if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
| VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, |
| "FirmwareImage Preamble Tamper Verification (Trusted)")) |
| success = 0; |
| image->firmware_version = 1; |
| |
| image->firmware_data[0] = 'T'; |
| if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
| VERIFY_FIRMWARE_SIGNATURE_FAILED, |
| "FirmwareImage Tamper Verification (Dev Mode)")) |
| success = 0; |
| if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
| VERIFY_FIRMWARE_SIGNATURE_FAILED, |
| "FirmwareImage Tamper Verification (Trusted)")) |
| success = 0; |
| image->firmware_data[0] = 'F'; |
| |
| |
| fprintf(stderr, "[[Tampering with root key signature...]]\n"); |
| image->firmware_key_signature[0] = 0xFF; |
| image->firmware_key_signature[1] = 0x00; |
| if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
| VERIFY_FIRMWARE_SUCCESS, |
| "FirmwareImage Root Signature Tamper Verification (Dev Mode)")) |
| success = 0; |
| if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
| VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, |
| "FirmwareImage Root Signature Tamper Verification (Trusted)")) |
| success = 0; |
| |
| return success; |
| } |
| |
| int main(int argc, char* argv[]) { |
| uint64_t len; |
| const char* root_key_file = NULL; |
| const char* firmware_key_file = NULL; |
| uint8_t* firmware_sign_key_buf = NULL; |
| uint8_t* root_key_blob = NULL; |
| uint8_t* firmware_blob = NULL; |
| uint64_t firmware_blob_len = 0; |
| FirmwareImage* image = NULL; |
| RSAPublicKey* root_key_pub = NULL; |
| int error_code = 0; |
| int algorithm; |
| SetupTPM(); |
| if(argc != 6) { |
| fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" |
| " <signing key> <processed signing key>\n", argv[0]); |
| return -1; |
| } |
| |
| /* Read verification keys and create a test image. */ |
| algorithm = atoi(argv[1]); |
| root_key_pub = RSAPublicKeyFromFile(argv[3]); |
| root_key_blob = BufferFromFile(argv[3], &len); |
| firmware_sign_key_buf = BufferFromFile(argv[5], &len); |
| root_key_file = argv[2]; |
| firmware_key_file = argv[4]; |
| image = GenerateTestFirmwareImage(algorithm, |
| firmware_sign_key_buf, |
| 1, /* Firmware Key Version. */ |
| 1, /* Firmware Version. */ |
| 1000, /* Firmware length. */ |
| root_key_file, |
| firmware_key_file); |
| |
| if (!root_key_pub || !firmware_sign_key_buf || !image) { |
| error_code = 1; |
| goto failure; |
| } |
| firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); |
| |
| /* Test Firmware blob verify operations. */ |
| if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) |
| error_code = 255; |
| |
| /* Test FirmwareImage verify operations. */ |
| if (!VerifyFirmwareImageTest(image, root_key_pub)) |
| error_code = 255; |
| if (!VerifyFirmwareImageTamperTest(image, root_key_pub)) |
| error_code = 255; |
| |
| failure: |
| Free(firmware_blob); |
| FirmwareImageFree(image); |
| Free(firmware_sign_key_buf); |
| Free(root_key_blob); |
| RSAPublicKeyFree(root_key_pub); |
| |
| return error_code; |
| } |