Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 1 | /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 | * Use of this source code is governed by a BSD-style license that can be |
| 3 | * found in the LICENSE file. |
| 4 | */ |
| 5 | |
| 6 | |
| 7 | #include <stdint.h> |
| 8 | #include <stdio.h> |
| 9 | |
| 10 | #include "cryptolib.h" |
| 11 | #include "file_keys.h" |
| 12 | #include "rsa_padding_test.h" |
| 13 | #include "test_common.h" |
| 14 | #include "utility.h" |
| 15 | |
| 16 | #include "2sysincludes.h" |
| 17 | #include "2common.h" |
| 18 | #include "2rsa.h" |
| 19 | |
| 20 | /** |
| 21 | * Convert an old-style RSA public key struct to a new one. |
| 22 | * |
| 23 | * The new one does not allocate memory, so you must keep the old one around |
| 24 | * until you're done with the new one. |
| 25 | * |
| 26 | * @param k2 Destination new key |
| 27 | * @param key Source old key |
| 28 | */ |
| 29 | void vb2_public_key_to_vb2(struct vb2_public_key *k2, |
| 30 | const struct RSAPublicKey *key) |
| 31 | { |
| 32 | k2->arrsize = key->len; |
| 33 | k2->n0inv = key->n0inv; |
| 34 | k2->n = key->n; |
| 35 | k2->rr = key->rr; |
| 36 | k2->algorithm = key->algorithm; |
| 37 | } |
| 38 | |
| 39 | /** |
| 40 | * Test valid and invalid signatures. |
| 41 | */ |
| 42 | static void test_signatures(const struct vb2_public_key *key) |
| 43 | { |
| 44 | uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]; |
| 45 | uint8_t sig[RSA1024NUMBYTES]; |
| 46 | struct vb2_workbuf wb; |
| 47 | int unexpected_success; |
| 48 | int i; |
| 49 | |
| 50 | vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); |
| 51 | |
| 52 | /* The first test signature is valid. */ |
| 53 | Memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 54 | TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
Randall Spangler | b9be536 | 2014-06-05 13:32:11 -0700 | [diff] [blame] | 55 | "RSA Padding Test valid sig"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 56 | |
| 57 | /* All other signatures should fail verification. */ |
| 58 | unexpected_success = 0; |
| 59 | for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) { |
| 60 | Memcpy(sig, signatures[i], sizeof(sig)); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 61 | if (!vb2_rsa_verify_digest(key, sig, |
| 62 | test_message_sha1_hash, &wb)) { |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 63 | fprintf(stderr, |
| 64 | "RSA Padding Test vector %d FAILED!\n", i); |
| 65 | unexpected_success++; |
| 66 | } |
| 67 | } |
| 68 | TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs"); |
| 69 | } |
| 70 | |
| 71 | |
| 72 | /** |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 73 | * Test other error conditions in vb2_rsa_verify_digest(). |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 74 | */ |
| 75 | static void test_verify_digest(struct vb2_public_key *key) { |
| 76 | uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]; |
| 77 | uint8_t sig[RSA1024NUMBYTES]; |
| 78 | struct vb2_workbuf wb; |
| 79 | |
| 80 | vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); |
| 81 | |
| 82 | Memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 83 | TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
| 84 | "vb2_rsa_verify_digest() good"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 85 | |
| 86 | Memcpy(sig, signatures[0], sizeof(sig)); |
| 87 | vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 88 | TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
Randall Spangler | b9be536 | 2014-06-05 13:32:11 -0700 | [diff] [blame] | 89 | VB2_ERROR_RSA_VERIFY_WORKBUF, |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 90 | "vb2_rsa_verify_digest() small workbuf"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 91 | vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); |
| 92 | |
| 93 | key->algorithm += VB2_ALG_COUNT; |
| 94 | Memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 95 | TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
Randall Spangler | b9be536 | 2014-06-05 13:32:11 -0700 | [diff] [blame] | 96 | VB2_ERROR_RSA_VERIFY_ALGORITHM, |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 97 | "vb2_rsa_verify_digest() bad key alg"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 98 | key->algorithm -= VB2_ALG_COUNT; |
| 99 | |
| 100 | key->arrsize *= 2; |
| 101 | Memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 102 | TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
Randall Spangler | b9be536 | 2014-06-05 13:32:11 -0700 | [diff] [blame] | 103 | VB2_ERROR_RSA_VERIFY_SIG_LEN, |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 104 | "vb2_rsa_verify_digest() bad sig len"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 105 | key->arrsize /= 2; |
| 106 | |
| 107 | /* Corrupt the signature near start and end */ |
| 108 | Memcpy(sig, signatures[0], sizeof(sig)); |
| 109 | sig[3] ^= 0x42; |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 110 | TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
| 111 | VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 112 | |
| 113 | Memcpy(sig, signatures[0], sizeof(sig)); |
| 114 | sig[RSA1024NUMBYTES - 3] ^= 0x56; |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame^] | 115 | TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
| 116 | VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 117 | } |
| 118 | |
| 119 | int main(int argc, char *argv[]) |
| 120 | { |
| 121 | int error = 0; |
| 122 | RSAPublicKey *key; |
| 123 | struct vb2_public_key k2; |
| 124 | |
| 125 | /* Read test key */ |
| 126 | if (argc != 2) { |
| 127 | fprintf(stderr, "Usage: %s <test public key>\n", argv[0]); |
| 128 | return 1; |
| 129 | } |
| 130 | key = RSAPublicKeyFromFile(argv[1]); |
| 131 | |
| 132 | if (!key) { |
| 133 | fprintf(stderr, "Couldn't read RSA public key for the test.\n"); |
| 134 | return 1; |
| 135 | } |
| 136 | |
| 137 | // TODO: why is test key algorithm wrong? |
| 138 | key->algorithm = 0; |
| 139 | |
| 140 | /* Convert test key to Vb2 format */ |
| 141 | vb2_public_key_to_vb2(&k2, key); |
| 142 | |
| 143 | /* Run tests */ |
| 144 | test_signatures(&k2); |
| 145 | test_verify_digest(&k2); |
| 146 | |
| 147 | /* Clean up and exit */ |
| 148 | RSAPublicKeyFree(key); |
| 149 | |
| 150 | if (!gTestSuccess) |
| 151 | error = 255; |
| 152 | |
| 153 | return error; |
| 154 | } |