Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 1 | /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. |
| 2 | * Use of this source code is governed by a BSD-style license that can be |
| 3 | * found in the LICENSE file. |
| 4 | * |
| 5 | * Tests for firmware image library. |
| 6 | */ |
| 7 | |
| 8 | #include <stdint.h> |
| 9 | #include <stdio.h> |
| 10 | #include <string.h> |
| 11 | |
Randall Spangler | fc73f08 | 2014-11-21 15:33:07 -0800 | [diff] [blame] | 12 | #include "2sysincludes.h" |
Randall Spangler | fc73f08 | 2014-11-21 15:33:07 -0800 | [diff] [blame] | 13 | #include "2rsa.h" |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 14 | #include "file_keys.h" |
| 15 | #include "host_common.h" |
Randall Spangler | 6f1b82a | 2014-12-03 12:29:37 -0800 | [diff] [blame] | 16 | #include "vb2_common.h" |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 17 | #include "vboot_common.h" |
| 18 | #include "test_common.h" |
| 19 | |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 20 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 21 | static const uint8_t test_data[] = "This is some test data to sign."; |
| 22 | static const uint32_t test_size = sizeof(test_data); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 23 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 24 | static void test_unpack_key(const struct vb2_packed_key *key1) |
| 25 | { |
| 26 | struct vb2_public_key pubk; |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 27 | |
| 28 | /* |
| 29 | * Key data follows the header for a newly allocated key, so we can |
| 30 | * calculate the buffer size by looking at how far the key data goes. |
| 31 | */ |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 32 | uint32_t size = key1->key_offset + key1->key_size; |
| 33 | uint8_t *buf = malloc(size); |
| 34 | struct vb2_packed_key *key = (struct vb2_packed_key *)buf; |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 35 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 36 | memcpy(key, key1, size); |
| 37 | TEST_SUCC(vb2_unpack_key(&pubk, buf, size), "vb2_unpack_key() ok"); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 38 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 39 | TEST_EQ(pubk.sig_alg, vb2_crypto_to_signature(key->algorithm), |
Randall Spangler | c8c2f02 | 2014-10-23 09:48:20 -0700 | [diff] [blame] | 40 | "vb2_unpack_key() sig_alg"); |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 41 | TEST_EQ(pubk.hash_alg, vb2_crypto_to_hash(key->algorithm), |
Randall Spangler | 4eef812 | 2014-10-23 10:07:54 -0700 | [diff] [blame] | 42 | "vb2_unpack_key() hash_alg"); |
| 43 | |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 44 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 45 | memcpy(key, key1, size); |
| 46 | key->algorithm = VB2_ALG_COUNT; |
| 47 | TEST_EQ(vb2_unpack_key(&pubk, buf, size), |
Randall Spangler | c8c2f02 | 2014-10-23 09:48:20 -0700 | [diff] [blame] | 48 | VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, |
Randall Spangler | 224f5ac | 2014-06-06 09:42:30 -0700 | [diff] [blame] | 49 | "vb2_unpack_key() invalid algorithm"); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 50 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 51 | memcpy(key, key1, size); |
| 52 | key->key_size--; |
| 53 | TEST_EQ(vb2_unpack_key(&pubk, buf, size), |
Randall Spangler | 224f5ac | 2014-06-06 09:42:30 -0700 | [diff] [blame] | 54 | VB2_ERROR_UNPACK_KEY_SIZE, |
| 55 | "vb2_unpack_key() invalid size"); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 56 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 57 | memcpy(key, key1, size); |
| 58 | key->key_offset++; |
| 59 | TEST_EQ(vb2_unpack_key(&pubk, buf, size + 1), |
Randall Spangler | 224f5ac | 2014-06-06 09:42:30 -0700 | [diff] [blame] | 60 | VB2_ERROR_UNPACK_KEY_ALIGN, |
| 61 | "vb2_unpack_key() unaligned data"); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 62 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 63 | memcpy(key, key1, size); |
| 64 | *(uint32_t *)(buf + key->key_offset) /= 2; |
| 65 | TEST_EQ(vb2_unpack_key(&pubk, buf, size), |
Randall Spangler | 224f5ac | 2014-06-06 09:42:30 -0700 | [diff] [blame] | 66 | VB2_ERROR_UNPACK_KEY_ARRAY_SIZE, |
| 67 | "vb2_unpack_key() invalid key array size"); |
| 68 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 69 | memcpy(key, key1, size); |
| 70 | TEST_EQ(vb2_unpack_key(&pubk, buf, size - 1), |
Randall Spangler | 224f5ac | 2014-06-06 09:42:30 -0700 | [diff] [blame] | 71 | VB2_ERROR_INSIDE_DATA_OUTSIDE, |
| 72 | "vb2_unpack_key() buffer too small"); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 73 | |
| 74 | free(key); |
| 75 | } |
| 76 | |
Randall Spangler | fc73f08 | 2014-11-21 15:33:07 -0800 | [diff] [blame] | 77 | static void test_verify_data(const struct vb2_packed_key *key1, |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 78 | const struct vb2_signature *sig) |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 79 | { |
Bill Richardson | 73e5eb3 | 2015-01-26 12:18:25 -0800 | [diff] [blame] | 80 | uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES] |
| 81 | __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 82 | struct vb2_workbuf wb; |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 83 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 84 | uint32_t pubkey_size = key1->key_offset + key1->key_size; |
| 85 | struct vb2_public_key pubk, pubk_orig; |
| 86 | uint32_t sig_total_size = sig->sig_offset + sig->sig_size; |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 87 | struct vb2_signature *sig2; |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 88 | |
| 89 | vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); |
| 90 | |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 91 | /* Allocate signature copy for tests */ |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 92 | sig2 = (struct vb2_signature *)malloc(sig_total_size); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 93 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 94 | TEST_EQ(vb2_unpack_key(&pubk, (uint8_t *)key1, pubkey_size), |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 95 | 0, "vb2_verify_data() unpack key"); |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 96 | pubk_orig = pubk; |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 97 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 98 | memcpy(sig2, sig, sig_total_size); |
| 99 | pubk.sig_alg = VB2_SIG_INVALID; |
| 100 | TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), |
Randall Spangler | c8c2f02 | 2014-10-23 09:48:20 -0700 | [diff] [blame] | 101 | 0, "vb2_verify_data() bad sig alg"); |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 102 | pubk.sig_alg = pubk_orig.sig_alg; |
Randall Spangler | c8c2f02 | 2014-10-23 09:48:20 -0700 | [diff] [blame] | 103 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 104 | memcpy(sig2, sig, sig_total_size); |
| 105 | pubk.hash_alg = VB2_HASH_INVALID; |
| 106 | TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), |
Randall Spangler | c8c2f02 | 2014-10-23 09:48:20 -0700 | [diff] [blame] | 107 | 0, "vb2_verify_data() bad hash alg"); |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 108 | pubk.hash_alg = pubk_orig.hash_alg; |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 109 | |
| 110 | vb2_workbuf_init(&wb, workbuf, 4); |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 111 | memcpy(sig2, sig, sig_total_size); |
| 112 | TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 113 | 0, "vb2_verify_data() workbuf too small"); |
| 114 | vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); |
| 115 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 116 | memcpy(sig2, sig, sig_total_size); |
| 117 | TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 118 | 0, "vb2_verify_data() ok"); |
| 119 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 120 | memcpy(sig2, sig, sig_total_size); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 121 | sig2->sig_size -= 16; |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 122 | TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 123 | 0, "vb2_verify_data() wrong sig size"); |
| 124 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 125 | memcpy(sig2, sig, sig_total_size); |
| 126 | TEST_NEQ(vb2_verify_data(test_data, test_size - 1, sig2, &pubk, &wb), |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 127 | 0, "vb2_verify_data() input buffer too small"); |
| 128 | |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 129 | memcpy(sig2, sig, sig_total_size); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 130 | vb2_signature_data(sig2)[0] ^= 0x5A; |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 131 | TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 132 | 0, "vb2_verify_data() wrong sig"); |
| 133 | |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 134 | free(sig2); |
| 135 | } |
| 136 | |
Randall Spangler | b885c3b | 2014-11-01 17:56:46 -0700 | [diff] [blame] | 137 | |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 138 | int test_algorithm(int key_algorithm, const char *keys_dir) |
| 139 | { |
| 140 | char filename[1024]; |
| 141 | int rsa_len = siglen_map[key_algorithm] * 8; |
| 142 | |
Randall Spangler | fc73f08 | 2014-11-21 15:33:07 -0800 | [diff] [blame] | 143 | VbPrivateKey *private_key = NULL; |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 144 | struct vb2_signature *sig = NULL; |
| 145 | struct vb2_packed_key *key1; |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 146 | |
| 147 | printf("***Testing algorithm: %s\n", algo_strings[key_algorithm]); |
| 148 | |
| 149 | sprintf(filename, "%s/key_rsa%d.pem", keys_dir, rsa_len); |
| 150 | private_key = PrivateKeyReadPem(filename, key_algorithm); |
| 151 | if (!private_key) { |
| 152 | fprintf(stderr, "Error reading private_key: %s\n", filename); |
| 153 | return 1; |
| 154 | } |
| 155 | |
| 156 | sprintf(filename, "%s/key_rsa%d.keyb", keys_dir, rsa_len); |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 157 | key1 = (struct vb2_packed_key *) |
| 158 | PublicKeyReadKeyb(filename, key_algorithm, 1); |
| 159 | if (!key1) { |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 160 | fprintf(stderr, "Error reading public_key: %s\n", filename); |
| 161 | return 1; |
| 162 | } |
| 163 | |
Randall Spangler | fc73f08 | 2014-11-21 15:33:07 -0800 | [diff] [blame] | 164 | /* Calculate good signatures */ |
Randall Spangler | 3c6ec76 | 2014-11-01 17:49:08 -0700 | [diff] [blame] | 165 | sig = (struct vb2_signature *) |
| 166 | CalculateSignature(test_data, sizeof(test_data), private_key); |
| 167 | TEST_PTR_NEQ(sig, 0, "Calculate signature"); |
| 168 | if (!sig) |
| 169 | return 1; |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 170 | |
Randall Spangler | fc73f08 | 2014-11-21 15:33:07 -0800 | [diff] [blame] | 171 | test_unpack_key(key1); |
| 172 | test_verify_data(key1, sig); |
| 173 | |
Randall Spangler | fc73f08 | 2014-11-21 15:33:07 -0800 | [diff] [blame] | 174 | free(key1); |
Randall Spangler | fc73f08 | 2014-11-21 15:33:07 -0800 | [diff] [blame] | 175 | free(private_key); |
| 176 | free(sig); |
Randall Spangler | 7141d73 | 2014-05-15 15:34:54 -0700 | [diff] [blame] | 177 | |
| 178 | return 0; |
| 179 | } |
| 180 | |
| 181 | /* Test only the algorithms we use */ |
| 182 | const int key_algs[] = { |
| 183 | VB2_ALG_RSA2048_SHA256, |
| 184 | VB2_ALG_RSA4096_SHA256, |
| 185 | VB2_ALG_RSA8192_SHA512, |
| 186 | }; |
| 187 | |
| 188 | int main(int argc, char *argv[]) { |
| 189 | |
| 190 | if (argc == 2) { |
| 191 | int i; |
| 192 | |
| 193 | for (i = 0; i < ARRAY_SIZE(key_algs); i++) { |
| 194 | if (test_algorithm(key_algs[i], argv[1])) |
| 195 | return 1; |
| 196 | } |
| 197 | |
| 198 | } else if (argc == 3 && !strcasecmp(argv[2], "--all")) { |
| 199 | /* Test all the algorithms */ |
| 200 | int alg; |
| 201 | |
| 202 | for (alg = 0; alg < kNumAlgorithms; alg++) { |
| 203 | if (test_algorithm(alg, argv[1])) |
| 204 | return 1; |
| 205 | } |
| 206 | |
| 207 | } else { |
| 208 | fprintf(stderr, "Usage: %s <keys_dir> [--all]", argv[0]); |
| 209 | return -1; |
| 210 | } |
| 211 | |
| 212 | return gTestSuccess ? 0 : 255; |
| 213 | } |