Gaurav Shah | 463be3f | 2010-03-29 16:13:45 -0700 | [diff] [blame] | 1 | /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 | * Use of this source code is governed by a BSD-style license that can be |
| 3 | * found in the LICENSE file. |
| 4 | * |
| 5 | * Splicing tests for the kernel image verification library. |
| 6 | */ |
| 7 | |
| 8 | #include <stdio.h> |
| 9 | #include <stdlib.h> |
| 10 | |
Gaurav Shah | 5411c7a | 2010-03-31 10:56:49 -0700 | [diff] [blame] | 11 | #include "cryptolib.h" |
Gaurav Shah | 463be3f | 2010-03-29 16:13:45 -0700 | [diff] [blame] | 12 | #include "file_keys.h" |
| 13 | #include "kernel_image.h" |
Gaurav Shah | 463be3f | 2010-03-29 16:13:45 -0700 | [diff] [blame] | 14 | #include "test_common.h" |
| 15 | #include "utility.h" |
| 16 | |
Gaurav Shah | e450be4 | 2010-03-29 21:27:08 -0700 | [diff] [blame] | 17 | #define FIRMWARE_KEY_BASE_NAME "testkeys/key_rsa2048" |
| 18 | #define KERNEL_KEY_BASE_NAME "testkeys/key_rsa1024" |
| 19 | |
| 20 | const char* kFirmwareKeyPublicFile = FIRMWARE_KEY_BASE_NAME ".keyb"; |
| 21 | const char* kFirmwareKeyFile = FIRMWARE_KEY_BASE_NAME ".pem"; |
| 22 | const char* kKernelKeyPublicFile = KERNEL_KEY_BASE_NAME ".keyb"; |
| 23 | const char* kKernelKeyFile = KERNEL_KEY_BASE_NAME ".pem"; |
| 24 | |
Gaurav Shah | 463be3f | 2010-03-29 16:13:45 -0700 | [diff] [blame] | 25 | void VerifyKernelSplicingTest() |
| 26 | { |
| 27 | uint64_t len; |
| 28 | KernelImage* image1 = NULL; |
| 29 | KernelImage* image2 = NULL; |
| 30 | uint8_t* kernel_blob = NULL; |
| 31 | uint8_t* kernel_sign_key_buf = NULL; |
Gaurav Shah | e450be4 | 2010-03-29 21:27:08 -0700 | [diff] [blame] | 32 | RSAPublicKey* firmware_key = RSAPublicKeyFromFile(kFirmwareKeyPublicFile); |
| 33 | uint8_t* firmware_key_blob = BufferFromFile(kFirmwareKeyPublicFile, &len); |
| 34 | kernel_sign_key_buf= BufferFromFile(kKernelKeyPublicFile, &len); |
Gaurav Shah | 463be3f | 2010-03-29 16:13:45 -0700 | [diff] [blame] | 35 | image1 = GenerateTestKernelImage(3, /* RSA2048/SHA1 */ |
| 36 | 0, /* RSA1024/SHA1 */ |
| 37 | kernel_sign_key_buf, |
| 38 | 1, /* Kernel Key Version. */ |
| 39 | 1, /* Kernel Version */ |
| 40 | 1000, /* Kernel Size. */ |
Gaurav Shah | e450be4 | 2010-03-29 21:27:08 -0700 | [diff] [blame] | 41 | kFirmwareKeyFile, |
| 42 | kKernelKeyFile, |
| 43 | 'K'); /* Kernel data fill. */ |
Gaurav Shah | 463be3f | 2010-03-29 16:13:45 -0700 | [diff] [blame] | 44 | image2 = GenerateTestKernelImage(3, /* RSA2058/SHA1 */ |
| 45 | 0, /* RSA1024/SHA1 */ |
| 46 | kernel_sign_key_buf, |
| 47 | 1, /* Kernel Key Version. */ |
| 48 | 2, /* Kernel Version */ |
| 49 | 1000, /* Kernel Size */ |
Gaurav Shah | e450be4 | 2010-03-29 21:27:08 -0700 | [diff] [blame] | 50 | kFirmwareKeyFile, |
| 51 | kKernelKeyFile, |
| 52 | 'L'); /* Different Kernel data fill. */ |
Gaurav Shah | 463be3f | 2010-03-29 16:13:45 -0700 | [diff] [blame] | 53 | /* Make sure the originals verify. */ |
| 54 | TEST_EQ(VerifyKernelImage(firmware_key, image1, 0), |
| 55 | VERIFY_KERNEL_SUCCESS, |
| 56 | "KernelImage kernel_data Original"); |
| 57 | TEST_EQ(VerifyKernelImage(firmware_key, image2, 0), |
| 58 | VERIFY_KERNEL_SUCCESS, |
| 59 | "KernelImage kernel_data Original"); |
| 60 | |
| 61 | /* Splice kernel_data + kernel signature from [image1] |
| 62 | * and put it into [image2]. */ |
| 63 | Memcpy(image2->kernel_signature, image1->kernel_signature, |
| 64 | siglen_map[0]); |
| 65 | Memcpy(image2->kernel_data, image1->kernel_data, |
Gaurav Shah | bd52fc7 | 2010-04-29 15:30:25 -0700 | [diff] [blame] | 66 | image2->kernel_len); |
Gaurav Shah | 463be3f | 2010-03-29 16:13:45 -0700 | [diff] [blame] | 67 | |
Gaurav Shah | bcd8f4a | 2010-05-26 13:19:00 -0700 | [diff] [blame] | 68 | TEST_NEQ(VerifyKernelImage(firmware_key, image2, 0), |
| 69 | VERIFY_KERNEL_SUCCESS, |
| 70 | "KernelImage kernel_data Splicing"); |
Gaurav Shah | 463be3f | 2010-03-29 16:13:45 -0700 | [diff] [blame] | 71 | kernel_blob = GetKernelBlob(image2, &len); |
Gaurav Shah | bcd8f4a | 2010-05-26 13:19:00 -0700 | [diff] [blame] | 72 | TEST_NEQ(VerifyKernel(firmware_key_blob, kernel_blob, 0), |
| 73 | VERIFY_KERNEL_SUCCESS, |
Gaurav Shah | 463be3f | 2010-03-29 16:13:45 -0700 | [diff] [blame] | 74 | "Kernel Blob kernel_data Splicing"); |
| 75 | } |
| 76 | |
| 77 | int main(int argc, char* argv[]) |
| 78 | { |
| 79 | int error_code = 0; |
| 80 | VerifyKernelSplicingTest(); |
| 81 | if (!gTestSuccess) |
| 82 | error_code = 255; |
| 83 | return error_code; |
| 84 | } |