diff options
| author | Randall Spangler <rspangler@chromium.org> | 2013-01-22 15:34:07 -0800 |
|---|---|---|
| committer | ChromeBot <chrome-bot@google.com> | 2013-01-23 12:40:15 -0800 |
| commit | e061a256549607a56d771eb8ddae5d0dd90d519c (patch) | |
| tree | c39ac1ae3eaddaabfaf5ae4878e7326e8648428f | |
| parent | eecc18fc953bd367d3cb5aa006df4b153d20a45e (diff) | |
| download | vboot-e061a256549607a56d771eb8ddae5d0dd90d519c.tar.gz | |
Convert common tests from shell scripts to running directly
So they can run under qemu.
Also, mount /proc and /dev before running qemu in the chroot.
BUG=chromium-os:37916
BRANCH=none
TEST=manual
make runtests
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-daisy vboot_reference
FEATURES=test emerge-link vboot_reference
Change-Id: I940ce370bd149621e666250b07cf9219f9e22bac
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41786
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
| -rw-r--r-- | Makefile | 27 | ||||
| -rwxr-xr-x | tests/test_using_qemu.sh | 40 | ||||
| -rw-r--r-- | tests/vboot_common2_tests.c | 433 | ||||
| -rw-r--r-- | tests/vboot_common3_tests.c | 156 |
4 files changed, 392 insertions, 264 deletions
@@ -36,8 +36,8 @@ # changed or appended. They must be defined before being used anywhere. # we should only run pwd once, not every time we refer to ${BUILD}. -_whereami := $(shell pwd) -BUILD ?= $(_whereami)/build +SRCDIR := $(shell pwd) +BUILD ?= $(SRCDIR)/build export BUILD # Target for 'make install' @@ -152,21 +152,21 @@ endif ifeq (${QEMU_ARCH},) # Path to build output for running tests is same as for building BUILD_RUN = ${BUILD} + SRC_RUN = ${SRCDIR} else $(info Using qemu for testing.) # Path to build output for running tests is different in the chroot BUILD_RUN = $(subst ${SYSROOT},,${BUILD}) + SRC_RUN = $(subst ${SYSROOT},,${SRCDIR}) QEMU_BIN = qemu-${QEMU_ARCH} - QEMU_OPTS = -drop-ld-preload \ - -E LD_LIBRARY_PATH=/lib64:/lib:/usr/lib64:/usr/lib \ - -E HOME=${HOME} \ - -E BUILD=${BUILD_RUN} - QEMU_CMD = sudo chroot ${SYSROOT} ${BUILD_RUN}/${QEMU_BIN} ${QEMU_OPTS} -- - RUNTEST = ${QEMU_CMD} -endif + QEMU_RUN = ${BUILD_RUN}/${QEMU_BIN} + export QEMU_RUN + RUNTEST = tests/test_using_qemu.sh +endif +export BUILD_RUN # Some things only compile inside the Chromium OS chroot. # TODO: Those things should be in their own repo, not part of vboot_reference @@ -465,6 +465,8 @@ TEST_NAMES += ${TLCL_TEST_NAMES} TEST_BINS = $(addprefix ${BUILD}/tests/,${TEST_NAMES}) ALL_DEPS += $(addsuffix .d,${TEST_BINS}) +# Directory containing test keys +TEST_KEYS = ${SRC_RUN}/tests/testkeys # ---------------------------------------------------------------------------- # TODO: why not make this include *all* the cgpt files, and simply have @@ -930,7 +932,6 @@ runtestscripts: test_setup genfuzztestcases tests/run_cgpt_tests.sh ${BUILD_RUN}/cgpt/cgpt tests/run_preamble_tests.sh tests/run_rsa_tests.sh - tests/run_vboot_common_tests.sh tests/run_vbutil_kernel_arg_tests.sh tests/run_vbutil_tests.sh @@ -947,6 +948,9 @@ runmisctests: test_setup ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_init_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_firmware_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_audio_tests + ${RUNTEST} ${BUILD_RUN}/tests/vboot_common_tests + ${RUNTEST} ${BUILD_RUN}/tests/vboot_common2_tests ${TEST_KEYS} + ${RUNTEST} ${BUILD_RUN}/tests/vboot_common3_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vboot_firmware_tests .PHONY: runfutiltests @@ -959,8 +963,9 @@ runfutiltests: test_setup install # Not run by automated build. .PHONY: runlongtests runlongtests: test_setup genkeys genfuzztestcases + ${RUNTEST} ${BUILD_RUN}/tests/vboot_common2_tests ${TEST_KEYS} --all + ${RUNTEST} ${BUILD_RUN}/tests/vboot_common3_tests ${TEST_KEYS} --all tests/run_preamble_tests.sh --all - tests/run_vboot_common_tests.sh --all tests/run_vboot_ec_tests.sh tests/run_vbutil_tests.sh --all diff --git a/tests/test_using_qemu.sh b/tests/test_using_qemu.sh new file mode 100755 index 00000000..6b3f0733 --- /dev/null +++ b/tests/test_using_qemu.sh @@ -0,0 +1,40 @@ +#!/bin/bash +# +# Copyright (c) 2013 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# +# Script to run a test under qemu +# +# Usage: +# test_using_qemu.sh (command line to run) +# +# Required environment variables: +# BUILD_RUN - path to build directory inside chroot +# HOME - home directory inside chroot +# QEMU_RUN - path to QEMU binary inside chroot +# SYSROOT - path to root for target platform, outside chroot + +set -e + +# Set up mounts +sudo mkdir -p "${SYSROOT}/proc" "${SYSROOT}/dev" +sudo mount --bind /proc "${SYSROOT}/proc" +sudo mount --bind /dev "${SYSROOT}/dev" + +# Don't exit on error, so we can capture the error code +set +e +sudo chroot ${SYSROOT} ${QEMU_RUN} -drop-ld-preload \ + -E LD_LIBRARY_PATH=/lib64:/lib:/usr/lib64:/usr/lib \ + -E HOME=${HOME} \ + -E BUILD=${BUILD_RUN} \ + -- $* +exit_code=$? +set -e + +# Clean up mounts +sudo umount -l "${SYSROOT}/proc" +sudo umount -l "${SYSROOT}/dev" + +# Pass through exit code from command +exit $exit_code diff --git a/tests/vboot_common2_tests.c b/tests/vboot_common2_tests.c index 54a3f316..f2ed5260 100644 --- a/tests/vboot_common2_tests.c +++ b/tests/vboot_common2_tests.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. +/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * @@ -7,6 +7,7 @@ #include <stdio.h> #include <stdlib.h> +#include <string.h> #include "cryptolib.h" #include "file_keys.h" @@ -14,231 +15,261 @@ #include "test_common.h" #include "vboot_common.h" - -static void VerifyPublicKeyToRSA(const VbPublicKey* orig_key) { - - RSAPublicKey *rsa; - VbPublicKey *key = PublicKeyAlloc(orig_key->key_size, 0, 0); - - PublicKeyCopy(key, orig_key); - key->algorithm = kNumAlgorithms; - TEST_EQ((size_t)PublicKeyToRSA(key), 0, - "PublicKeyToRSA() invalid algorithm"); - - PublicKeyCopy(key, orig_key); - key->key_size -= 1; - TEST_EQ((size_t)PublicKeyToRSA(key), 0, - "PublicKeyToRSA() invalid size"); - - rsa = PublicKeyToRSA(orig_key); - TEST_NEQ((size_t)rsa, 0, "PublicKeyToRSA() ok"); - if (rsa) { - TEST_EQ((int)rsa->algorithm, (int)key->algorithm, - "PublicKeyToRSA() algorithm"); - RSAPublicKeyFree(rsa); - } +static void VerifyPublicKeyToRSA(const VbPublicKey *orig_key) +{ + RSAPublicKey *rsa; + VbPublicKey *key = PublicKeyAlloc(orig_key->key_size, 0, 0); + + PublicKeyCopy(key, orig_key); + key->algorithm = kNumAlgorithms; + TEST_EQ((size_t)PublicKeyToRSA(key), 0, + "PublicKeyToRSA() invalid algorithm"); + + PublicKeyCopy(key, orig_key); + key->key_size -= 1; + TEST_EQ((size_t)PublicKeyToRSA(key), 0, + "PublicKeyToRSA() invalid size"); + + rsa = PublicKeyToRSA(orig_key); + TEST_NEQ((size_t)rsa, 0, "PublicKeyToRSA() ok"); + if (rsa) { + TEST_EQ((int)rsa->algorithm, (int)key->algorithm, + "PublicKeyToRSA() algorithm"); + RSAPublicKeyFree(rsa); + } } +static void VerifyDataTest(const VbPublicKey *public_key, + const VbPrivateKey *private_key) +{ + const uint8_t test_data[] = "This is some test data to sign."; + const uint64_t test_size = sizeof(test_data); + VbSignature *sig; + RSAPublicKey *rsa; -static void VerifyDataTest(const VbPublicKey* public_key, - const VbPrivateKey* private_key) { + sig = CalculateSignature(test_data, test_size, private_key); + TEST_PTR_NEQ(sig, 0, "VerifyData() calculate signature"); - const uint8_t test_data[] = "This is some test data to sign."; - const uint64_t test_size = sizeof(test_data); - VbSignature* sig; - RSAPublicKey* rsa; + rsa = PublicKeyToRSA(public_key); + TEST_PTR_NEQ(rsa, 0, "VerifyData() calculate rsa"); - sig = CalculateSignature(test_data, test_size, private_key); - rsa = PublicKeyToRSA(public_key); - TEST_NEQ(sig && rsa, 0, "VerifyData() prerequisites"); - if (!sig || !rsa) - return; + if (!sig || !rsa) + return; - TEST_EQ(VerifyData(test_data, test_size, sig, rsa), 0, "VerifyData() ok"); + TEST_EQ(VerifyData(test_data, test_size, sig, rsa), 0, + "VerifyData() ok"); - sig->sig_size -= 16; - TEST_EQ(VerifyData(test_data, test_size, sig, rsa), 1, - "VerifyData() wrong sig size"); - sig->sig_size += 16; + sig->sig_size -= 16; + TEST_EQ(VerifyData(test_data, test_size, sig, rsa), 1, + "VerifyData() wrong sig size"); + sig->sig_size += 16; - TEST_EQ(VerifyData(test_data, test_size - 1, sig, rsa), 1, - "VerifyData() input buffer too small"); + TEST_EQ(VerifyData(test_data, test_size - 1, sig, rsa), 1, + "VerifyData() input buffer too small"); - GetSignatureData(sig)[0] ^= 0x5A; - TEST_EQ(VerifyData(test_data, test_size, sig, rsa), 1, - "VerifyData() wrong sig"); + GetSignatureData(sig)[0] ^= 0x5A; + TEST_EQ(VerifyData(test_data, test_size, sig, rsa), 1, + "VerifyData() wrong sig"); - RSAPublicKeyFree(rsa); - free(sig); + RSAPublicKeyFree(rsa); + free(sig); } - -static void VerifyDigestTest(const VbPublicKey* public_key, - const VbPrivateKey* private_key) { - - const uint8_t test_data[] = "This is some other test data to sign."; - VbSignature* sig; - RSAPublicKey* rsa; - uint8_t* digest; - - sig = CalculateSignature(test_data, sizeof(test_data), private_key); - rsa = PublicKeyToRSA(public_key); - digest = DigestBuf(test_data, sizeof(test_data), (int)public_key->algorithm); - TEST_NEQ(sig && rsa && digest, 0, "VerifyData() prerequisites"); - if (!sig || !rsa || !digest) - return; - - TEST_EQ(VerifyDigest(digest, sig, rsa), 0, "VerifyDigest() ok"); - - GetSignatureData(sig)[0] ^= 0x5A; - TEST_EQ(VerifyDigest(digest, sig, rsa), 1, "VerifyDigest() wrong sig"); - - RSAPublicKeyFree(rsa); - free(sig); - free(digest); +static void VerifyDigestTest(const VbPublicKey *public_key, + const VbPrivateKey *private_key) +{ + const uint8_t test_data[] = "This is some other test data to sign."; + VbSignature *sig; + RSAPublicKey *rsa; + uint8_t *digest; + + sig = CalculateSignature(test_data, sizeof(test_data), private_key); + rsa = PublicKeyToRSA(public_key); + digest = DigestBuf(test_data, sizeof(test_data), + (int)public_key->algorithm); + TEST_NEQ(sig && rsa && digest, 0, "VerifyData() prerequisites"); + if (!sig || !rsa || !digest) + return; + + TEST_EQ(VerifyDigest(digest, sig, rsa), 0, "VerifyDigest() ok"); + + GetSignatureData(sig)[0] ^= 0x5A; + TEST_EQ(VerifyDigest(digest, sig, rsa), 1, "VerifyDigest() wrong sig"); + + RSAPublicKeyFree(rsa); + free(sig); + free(digest); } - static void ReSignKernelPreamble(VbKernelPreambleHeader *h, - const VbPrivateKey *key) { - VbSignature *sig = CalculateSignature((const uint8_t*)h, - h->preamble_signature.data_size, key); + const VbPrivateKey *key) +{ + VbSignature *sig = CalculateSignature((const uint8_t *)h, + h->preamble_signature.data_size, key); - SignatureCopy(&h->preamble_signature, sig); - free(sig); + SignatureCopy(&h->preamble_signature, sig); + free(sig); } - -static void VerifyKernelPreambleTest(const VbPublicKey* public_key, - const VbPrivateKey* private_key) { - - VbKernelPreambleHeader *hdr; - VbKernelPreambleHeader *h; - RSAPublicKey* rsa; - unsigned hsize; - - /* Create a dummy signature */ - VbSignature *body_sig = SignatureAlloc(56, 78); - - rsa = PublicKeyToRSA(public_key); - hdr = CreateKernelPreamble(0x1234, 0x100000, 0x300000, 0x4000, body_sig, - 0, private_key); - TEST_NEQ(hdr && rsa, 0, "VerifyKernelPreamble() prerequisites"); - if (!hdr) - return; - hsize = (unsigned) hdr->preamble_size; - h = (VbKernelPreambleHeader*)malloc(hsize + 16384); - - TEST_EQ(VerifyKernelPreamble(hdr, hsize, rsa), 0, - "VerifyKernelPreamble() ok using key"); - TEST_NEQ(VerifyKernelPreamble(hdr, hsize - 1, rsa), 0, - "VerifyKernelPreamble() size--"); - TEST_EQ(VerifyKernelPreamble(hdr, hsize + 1, rsa), 0, - "VerifyKernelPreamble() size++"); - - /* Care about major version but not minor */ - Memcpy(h, hdr, hsize); - h->header_version_major++; - ReSignKernelPreamble(h, private_key); - TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, - "VerifyKernelPreamble() major++"); - - Memcpy(h, hdr, hsize); - h->header_version_major--; - ReSignKernelPreamble(h, private_key); - TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, - "VerifyKernelPreamble() major--"); - - Memcpy(h, hdr, hsize); - h->header_version_minor++; - ReSignKernelPreamble(h, private_key); - TEST_EQ(VerifyKernelPreamble(h, hsize, rsa), 0, - "VerifyKernelPreamble() minor++"); - - Memcpy(h, hdr, hsize); - h->header_version_minor--; - ReSignKernelPreamble(h, private_key); - TEST_EQ(VerifyKernelPreamble(h, hsize, rsa), 0, - "VerifyKernelPreamble() minor--"); - - /* Check signature */ - Memcpy(h, hdr, hsize); - h->preamble_signature.sig_offset = hsize; - ReSignKernelPreamble(h, private_key); - TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, - "VerifyKernelPreamble() sig off end"); - - Memcpy(h, hdr, hsize); - h->preamble_signature.sig_size--; - ReSignKernelPreamble(h, private_key); - TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, - "VerifyKernelPreamble() sig too small"); - - Memcpy(h, hdr, hsize); - GetSignatureData(&h->body_signature)[0] ^= 0x34; - TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, - "VerifyKernelPreamble() sig mismatch"); - - /* Check that we signed header and body sig */ - Memcpy(h, hdr, hsize); - h->preamble_signature.data_size = 4; - h->body_signature.sig_offset = 0; - h->body_signature.sig_size = 0; - ReSignKernelPreamble(h, private_key); - TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, - "VerifyKernelPreamble() didn't sign header"); - - Memcpy(h, hdr, hsize); - h->body_signature.sig_offset = hsize; - ReSignKernelPreamble(h, private_key); - TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, - "VerifyKernelPreamble() body sig off end"); - - /* TODO: verify parser can support a bigger header. */ - - free(h); - RSAPublicKeyFree(rsa); - free(hdr); +static void VerifyKernelPreambleTest(const VbPublicKey *public_key, + const VbPrivateKey *private_key) +{ + VbKernelPreambleHeader *hdr; + VbKernelPreambleHeader *h; + RSAPublicKey *rsa; + unsigned hsize; + + /* Create a dummy signature */ + VbSignature *body_sig = SignatureAlloc(56, 78); + + rsa = PublicKeyToRSA(public_key); + hdr = CreateKernelPreamble(0x1234, 0x100000, 0x300000, 0x4000, body_sig, + 0, private_key); + TEST_NEQ(hdr && rsa, 0, "VerifyKernelPreamble() prerequisites"); + if (!hdr) + return; + hsize = (unsigned) hdr->preamble_size; + h = (VbKernelPreambleHeader *)malloc(hsize + 16384); + + TEST_EQ(VerifyKernelPreamble(hdr, hsize, rsa), 0, + "VerifyKernelPreamble() ok using key"); + TEST_NEQ(VerifyKernelPreamble(hdr, hsize - 1, rsa), 0, + "VerifyKernelPreamble() size--"); + TEST_EQ(VerifyKernelPreamble(hdr, hsize + 1, rsa), 0, + "VerifyKernelPreamble() size++"); + + /* Care about major version but not minor */ + Memcpy(h, hdr, hsize); + h->header_version_major++; + ReSignKernelPreamble(h, private_key); + TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, + "VerifyKernelPreamble() major++"); + + Memcpy(h, hdr, hsize); + h->header_version_major--; + ReSignKernelPreamble(h, private_key); + TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, + "VerifyKernelPreamble() major--"); + + Memcpy(h, hdr, hsize); + h->header_version_minor++; + ReSignKernelPreamble(h, private_key); + TEST_EQ(VerifyKernelPreamble(h, hsize, rsa), 0, + "VerifyKernelPreamble() minor++"); + + Memcpy(h, hdr, hsize); + h->header_version_minor--; + ReSignKernelPreamble(h, private_key); + TEST_EQ(VerifyKernelPreamble(h, hsize, rsa), 0, + "VerifyKernelPreamble() minor--"); + + /* Check signature */ + Memcpy(h, hdr, hsize); + h->preamble_signature.sig_offset = hsize; + ReSignKernelPreamble(h, private_key); + TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, + "VerifyKernelPreamble() sig off end"); + + Memcpy(h, hdr, hsize); + h->preamble_signature.sig_size--; + ReSignKernelPreamble(h, private_key); + TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, + "VerifyKernelPreamble() sig too small"); + + Memcpy(h, hdr, hsize); + GetSignatureData(&h->body_signature)[0] ^= 0x34; + TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, + "VerifyKernelPreamble() sig mismatch"); + + /* Check that we signed header and body sig */ + Memcpy(h, hdr, hsize); + h->preamble_signature.data_size = 4; + h->body_signature.sig_offset = 0; + h->body_signature.sig_size = 0; + ReSignKernelPreamble(h, private_key); + TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, + "VerifyKernelPreamble() didn't sign header"); + + Memcpy(h, hdr, hsize); + h->body_signature.sig_offset = hsize; + ReSignKernelPreamble(h, private_key); + TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0, + "VerifyKernelPreamble() body sig off end"); + + /* TODO: verify parser can support a bigger header. */ + + free(h); + RSAPublicKeyFree(rsa); + free(hdr); } +int test_algorithm(int key_algorithm, const char *keys_dir) +{ + char filename[1024]; + int rsa_len = siglen_map[key_algorithm] * 8; + + VbPrivateKey *private_key = NULL; + VbPublicKey *public_key = NULL; + + printf("***Testing algorithm: %s\n", algo_strings[key_algorithm]); + + sprintf(filename, "%s/key_rsa%d.pem", keys_dir, rsa_len); + private_key = PrivateKeyReadPem(filename, key_algorithm); + if (!private_key) { + fprintf(stderr, "Error reading private_key: %s\n", filename); + return 1; + } + + sprintf(filename, "%s/key_rsa%d.keyb", keys_dir, rsa_len); + public_key = PublicKeyReadKeyb(filename, key_algorithm, 1); + if (!public_key) { + fprintf(stderr, "Error reading public_key: %s\n", filename); + return 1; + } + + VerifyPublicKeyToRSA(public_key); + VerifyDataTest(public_key, private_key); + VerifyDigestTest(public_key, private_key); + VerifyKernelPreambleTest(public_key, private_key); + + if (public_key) + free(public_key); + if (private_key) + free(private_key); + + return 0; +} -int main(int argc, char* argv[]) { - VbPrivateKey* private_key = NULL; - VbPublicKey* public_key = NULL; - int key_algorithm; - - int error_code = 0; - - if(argc != 4) { - fprintf(stderr, "Usage: %s <key_algorithm> <key> <processed pubkey>" - " <signing key> <processed signing key>\n", argv[0]); - return -1; - } +/* + * Test only the algorithms we use: + * 4 (rsa2048 sha256) + * 7 (rsa4096 sha256) + * 11 (rsa8192 sha512) + */ +const int key_algs[] = {4, 7, 11}; - /* Read verification keys and create a test image. */ - key_algorithm = atoi(argv[1]); +int main(int argc, char *argv[]) { + if (argc == 2) { + int i; - private_key = PrivateKeyReadPem(argv[2], key_algorithm); - if (!private_key) { - fprintf(stderr, "Error reading private_key"); - return 1; - } + for (i = 0; i < ARRAY_SIZE(key_algs); i++) { + if (test_algorithm(key_algs[i], argv[1])) + return 1; + } - public_key = PublicKeyReadKeyb(argv[3], key_algorithm, 1); - if (!public_key) { - fprintf(stderr, "Error reading public_key"); - return 1; - } + } else if (argc == 3 && !strcasecmp(argv[2], "--all")) { + /* Test all the algorithms */ + int alg; - VerifyPublicKeyToRSA(public_key); - VerifyDataTest(public_key, private_key); - VerifyDigestTest(public_key, private_key); - VerifyKernelPreambleTest(public_key, private_key); + for (alg = 0; alg < kNumAlgorithms; alg++) { + if (test_algorithm(alg, argv[1])) + return 1; + } - if (public_key) - free(public_key); - if (private_key) - free(private_key); + } else { + fprintf(stderr, "Usage: %s <keys_dir> [--all]", argv[0]); + return -1; + } - return error_code; + return gTestSuccess ? 0 : 255; } diff --git a/tests/vboot_common3_tests.c b/tests/vboot_common3_tests.c index a63e477c..ce818a4c 100644 --- a/tests/vboot_common3_tests.c +++ b/tests/vboot_common3_tests.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. +/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * @@ -7,6 +7,7 @@ #include <stdio.h> #include <stdlib.h> +#include <string.h> #include "cryptolib.h" #include "file_keys.h" @@ -254,56 +255,107 @@ static void VerifyFirmwarePreambleTest(const VbPublicKey* public_key, free(hdr); } +int test_permutation(int signing_key_algorithm, int data_key_algorithm, + const char *keys_dir) +{ + char filename[1024]; + int signing_rsa_len = siglen_map[signing_key_algorithm] * 8;; + int data_rsa_len = siglen_map[data_key_algorithm] * 8;; + + VbPrivateKey* signing_private_key = NULL; + VbPublicKey* signing_public_key = NULL; + VbPublicKey* data_public_key = NULL; + + printf("***Testing signing algorithm: %s\n", + algo_strings[signing_key_algorithm]); + printf("***With data key algorithm: %s\n", + algo_strings[data_key_algorithm]); + + sprintf(filename, "%s/key_rsa%d.pem", keys_dir, signing_rsa_len); + signing_private_key = PrivateKeyReadPem(filename, + signing_key_algorithm); + if (!signing_private_key) { + fprintf(stderr, "Error reading signing_private_key: %s\n", + filename); + return 1; + } + + sprintf(filename, "%s/key_rsa%d.keyb", keys_dir, signing_rsa_len); + signing_public_key = PublicKeyReadKeyb(filename, + signing_key_algorithm, 1); + if (!signing_public_key) { + fprintf(stderr, "Error reading signing_public_key: %s\n", + filename); + return 1; + } + + sprintf(filename, "%s/key_rsa%d.keyb", keys_dir, data_rsa_len); + data_public_key = PublicKeyReadKeyb(filename, + data_key_algorithm, 1); + if (!data_public_key) { + fprintf(stderr, "Error reading data_public_key: %s\n", + filename); + return 1; + } + + KeyBlockVerifyTest(signing_public_key, signing_private_key, + data_public_key); + VerifyFirmwarePreambleTest(signing_public_key, signing_private_key, + data_public_key); + + if (signing_public_key) + free(signing_public_key); + if (signing_private_key) + free(signing_private_key); + if (data_public_key) + free(data_public_key); + + return 0; +} -int main(int argc, char* argv[]) { - VbPrivateKey* signing_private_key = NULL; - VbPublicKey* signing_public_key = NULL; - int signing_key_algorithm; - - VbPublicKey* data_public_key = NULL; - int data_key_algorithm; - - int error_code = 0; - - if(argc != 7) { - fprintf(stderr, "Usage: %s <signing_key_algorithm> <data_key_algorithm>" - " <signing key> <processed signing pubkey>" - " <data key> <processed data pubkey>\n", argv[0]); - return -1; - } - - /* Read verification keys and create a test image. */ - signing_key_algorithm = atoi(argv[1]); - data_key_algorithm = atoi(argv[2]); - - signing_private_key = PrivateKeyReadPem(argv[3], signing_key_algorithm); - if (!signing_private_key) { - fprintf(stderr, "Error reading signing_private_key"); - return 1; - } - - signing_public_key = PublicKeyReadKeyb(argv[4], signing_key_algorithm, 1); - if (!signing_public_key) { - fprintf(stderr, "Error reading signing_public_key"); - return 1; - } - - data_public_key = PublicKeyReadKeyb(argv[6], data_key_algorithm, 1); - if (!data_public_key) { - fprintf(stderr, "Error reading data_public_key"); - return 1; - } - - KeyBlockVerifyTest(signing_public_key, signing_private_key, data_public_key); - VerifyFirmwarePreambleTest(signing_public_key, signing_private_key, - data_public_key); - - if (signing_public_key) - free(signing_public_key); - if (signing_private_key) - free(signing_private_key); - if (data_public_key) - free(data_public_key); - - return error_code; +struct test_perm +{ + int signing_algorithm; + int data_key_algorithm; +}; + +/* + * Permutations of signing and data key algorithms in active use: + * 7 (rsa4096 sha256) - 4 (rsa2048 sha256) + * 11 (rsa8192 sha512) - 4 (rsa2048 sha256) + * 11 (rsa8192 sha512) - 7 (rsa4096 sha256) + */ +const struct test_perm test_perms[] = {{7, 4}, {11, 4}, {11, 7}}; + +int main(int argc, char* argv[]) +{ + if (argc == 2) { + /* Test only the algorithms we use */ + int i; + + for (i = 0; i < ARRAY_SIZE(test_perms); i++) { + if (test_permutation(test_perms[i].signing_algorithm, + test_perms[i].data_key_algorithm, + argv[1])) + return 1; + } + + } else if (argc == 3 && !strcasecmp(argv[2], "--all")) { + /* Test all the algorithms */ + int sign_alg, data_alg; + + for (sign_alg = 0; sign_alg < kNumAlgorithms; sign_alg++) { + for (data_alg = 0; data_alg < kNumAlgorithms; + data_alg++) { + if (test_permutation(sign_alg, data_alg, + argv[1])) + return 1; + } + } + } else { + fprintf(stderr, "Usage: %s <keys_dir> [--all]", argv[0]); + return -1; + } + + return gTestSuccess ? 0 : 255; } |