diff options
author | Randall Spangler <rspangler@chromium.org> | 2014-11-24 12:55:29 -0800 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-12-01 20:30:46 +0000 |
commit | 9328bbff521625e788396ef9c5b26b79e6d1a7cb (patch) | |
tree | 4f10606071aedebba7ac98fa0b91822e3a08682b | |
parent | fc73f087653ee67193a9f2b897433db2cd532f8c (diff) | |
download | vboot-9328bbff521625e788396ef9c5b26b79e6d1a7cb.tar.gz |
vboot2: Add host lib function to create a vb2-style keyblock
Also add vb2_common_desc() helper function to return the description
for an object starting with a common struct header.
And use the new host lib function to create the keyblock for verifying
the firmware lib.
Add tests for everything new.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I1fadb3e249e771a692cc69b23620c6ddd46a48ac
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/231721
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | firmware/2lib/2common2.c | 10 | ||||
-rw-r--r-- | firmware/2lib/2packed_key2.c | 6 | ||||
-rw-r--r-- | firmware/2lib/include/2common.h | 10 | ||||
-rw-r--r-- | firmware/2lib/include/2return_codes.h | 17 | ||||
-rw-r--r-- | host/lib/host_keyblock2.c | 76 | ||||
-rw-r--r-- | host/lib/include/host_keyblock2.h | 36 | ||||
-rw-r--r-- | tests/vb2_common_tests.c | 87 | ||||
-rw-r--r-- | tests/vb2_host_key_tests.c | 3 | ||||
-rw-r--r-- | tests/vb2_host_keyblock_tests.c | 135 | ||||
-rw-r--r-- | tests/vb2_host_sig_tests.c | 6 |
11 files changed, 313 insertions, 77 deletions
@@ -377,6 +377,7 @@ UTILLIB_SRCS = \ ifneq (${VBOOT2},) UTILLIB_SRCS += \ host/lib/host_key2.c \ + host/lib/host_keyblock2.c \ host/lib/host_misc2.c \ host/lib/host_signature2.c \ @@ -639,6 +640,7 @@ TEST_NAMES += \ tests/vb2_common2_tests \ tests/vb2_common3_tests \ tests/vb2_host_key_tests \ + tests/vb2_host_keyblock_tests \ tests/vb2_host_misc_tests \ tests/vb2_host_sig_tests \ tests/vb2_misc_tests \ @@ -999,6 +1001,7 @@ ${BUILD}/tests/vb2_common_tests: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/tests/vb2_common2_tests: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/tests/vb2_common3_tests: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/tests/vb2_host_key_tests: LDLIBS += ${CRYPTO_LIBS} +${BUILD}/tests/vb2_host_keyblock_tests: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/tests/vb2_host_sig_tests: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/tests/vboot_common2_tests: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/tests/vboot_common3_tests: LDLIBS += ${CRYPTO_LIBS} @@ -1180,6 +1183,7 @@ run2tests: test_setup ${RUNTEST} ${BUILD_RUN}/tests/vb2_common2_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb2_common3_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_key_tests ${TEST_KEYS} + ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_keyblock_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_misc_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_sig_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb2_misc_tests diff --git a/firmware/2lib/2common2.c b/firmware/2lib/2common2.c index 099f7c1f..a5ebc70c 100644 --- a/firmware/2lib/2common2.c +++ b/firmware/2lib/2common2.c @@ -10,6 +10,13 @@ #include "2rsa.h" #include "2sha.h" +const char *vb2_common_desc(const void *buf) +{ + const struct vb2_struct_common *c = buf; + + return c->desc_size ? (const char *)c + c->fixed_size : ""; +} + int vb2_verify_common_header(const void *parent, uint32_t parent_size) { const struct vb2_struct_common *c = parent; @@ -42,8 +49,7 @@ int vb2_verify_common_header(const void *parent, uint32_t parent_size) return VB2_ERROR_COMMON_DESC_SIZE; /* Description must be null-terminated */ - const uint8_t *desc = (const uint8_t *)c + c->fixed_size; - if (desc[c->desc_size - 1] != 0) + if (vb2_common_desc(c)[c->desc_size - 1] != 0) return VB2_ERROR_COMMON_DESC_TERMINATOR; } diff --git a/firmware/2lib/2packed_key2.c b/firmware/2lib/2packed_key2.c index a67664bb..4019213b 100644 --- a/firmware/2lib/2packed_key2.c +++ b/firmware/2lib/2packed_key2.c @@ -99,11 +99,7 @@ int vb2_unpack_key2(struct vb2_public_key *key, } /* Key description */ - if (pkey->c.desc_size) - key->desc = (const char *)&(pkey->c) + pkey->c.fixed_size; - else - key->desc = ""; - + key->desc = vb2_common_desc(pkey); key->version = pkey->key_version; key->guid = &pkey->guid; diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index a0c82d3c..1ea3f9e2 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -184,6 +184,16 @@ int vb2_verify_member_inside(const void *parent, size_t parent_size, size_t member_data_size); /** + * Return the description of an object starting with a vb2_struct_common header. + * + * Does not sanity-check the buffer; merely returns the pointer. + * + * @param buf Pointer to common object + * @return A pointer to description or an empty string if none. + */ +const char *vb2_common_desc(const void *buf); + +/** * Verify the common struct header is fully contained in its parent data * * Also verifies the description is either zero-length or null-terminated. diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 8f5a5c51..7a59925a 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -600,6 +600,23 @@ enum vb2_return_code { VB2_SIGN_OBJECT_OVERFLOW, /********************************************************************** + * Errors generated by host library keyblock functions + */ + VB2_ERROR_HOST_KEYBLOCK = VB2_ERROR_HOST_BASE + 0x040000, + + /* Unable to determine signature sizes for vb2_create_keyblock() */ + VB2_KEYBLOCK_CREATE_SIG_SIZE, + + /* Unable to pack data key for vb2_create_keyblock() */ + VB2_KEYBLOCK_CREATE_DATA_KEY, + + /* Unable to allocate buffer in vb2_create_keyblock() */ + VB2_KEYBLOCK_CREATE_ALLOC, + + /* Unable to sign keyblock in vb2_create_keyblock() */ + VB2_KEYBLOCK_CREATE_SIGN, + + /********************************************************************** * Highest non-zero error generated inside vboot library. Note that * error codes passed through vboot when it calls external APIs may * still be outside this range. diff --git a/host/lib/host_keyblock2.c b/host/lib/host_keyblock2.c new file mode 100644 index 00000000..9394cf6a --- /dev/null +++ b/host/lib/host_keyblock2.c @@ -0,0 +1,76 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Host functions for keyblocks + */ + +#include "2sysincludes.h" +#include "2common.h" +#include "2rsa.h" +#include "host_common.h" +#include "host_key2.h" +#include "host_keyblock2.h" +#include "host_misc.h" +#include "host_signature2.h" + +int vb2_keyblock_create(struct vb2_keyblock2 **kb_ptr, + const struct vb2_public_key *data_key, + const struct vb2_private_key **signing_keys, + uint32_t signing_key_count, + uint32_t flags, + const char *desc) +{ + struct vb2_keyblock2 kb = { + .c.magic = VB2_MAGIC_KEYBLOCK2, + .c.struct_version_major = VB2_KEYBLOCK2_VERSION_MAJOR, + .c.struct_version_minor = VB2_KEYBLOCK2_VERSION_MAJOR, + .c.fixed_size = sizeof(kb), + .flags = flags, + .sig_count = signing_key_count, + }; + + struct vb2_packed_key2 *key = NULL; + uint32_t sig_size; + uint8_t *buf; + + *kb_ptr = NULL; + + /* Determine component sizes */ + if (!desc) + desc = data_key->desc; + kb.c.desc_size = vb2_desc_size(desc); + kb.key_offset = kb.c.fixed_size + kb.c.desc_size; + + if (vb2_sig_size_for_keys(&sig_size, signing_keys, signing_key_count)) + return VB2_KEYBLOCK_CREATE_SIG_SIZE; + + if (vb2_public_key_pack(&key, data_key)) + return VB2_KEYBLOCK_CREATE_DATA_KEY; + + kb.sig_offset = kb.key_offset + key->c.total_size; + kb.c.total_size = kb.sig_offset + sig_size; + + /* Allocate buffer and copy header and data key */ + buf = malloc(kb.c.total_size); + if (!buf) { + free(key); + return VB2_KEYBLOCK_CREATE_ALLOC; + } + + memcpy(buf, &kb, sizeof(kb)); + if (kb.c.desc_size) + strcpy((char *)buf + kb.c.fixed_size, desc); + memcpy(buf + kb.key_offset, key, key->c.total_size); + free(key); + + /* Sign the keyblock */ + if (vb2_sign_object_multiple(buf, kb.sig_offset, signing_keys, + signing_key_count)) { + free(buf); + return VB2_KEYBLOCK_CREATE_SIGN; + } + + *kb_ptr = (struct vb2_keyblock2 *)buf; + return VB2_SUCCESS; +} diff --git a/host/lib/include/host_keyblock2.h b/host/lib/include/host_keyblock2.h new file mode 100644 index 00000000..5b05ab1f --- /dev/null +++ b/host/lib/include/host_keyblock2.h @@ -0,0 +1,36 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Host-side functions for verified boot key structures + */ + +#ifndef VBOOT_REFERENCE_HOST_KEYBLOCK2_H_ +#define VBOOT_REFERENCE_HOST_KEYBLOCK2_H_ + +#include "2struct.h" + +struct vb2_private_key; +struct vb2_public_key; + +/** + * Create and sign a keyblock. + * + * @param kb_ptr On success, points to a newly allocated keyblock buffer. + * Caller is responsible for calling free() on this. + * @param data_key Data key to contain inside keyblock. + * @param signing_keys List of keys to sign the keyblock with. + * @param signing_key_count Number of keys in signing_keys. + * @param flags Flags for keyblock. + * @param desc Description for keyblock. If NULL, description will be + * taken from the data key. + * @return VB2_SUCCESS, or non-zero error code if failure. + */ +int vb2_keyblock_create(struct vb2_keyblock2 **kb_ptr, + const struct vb2_public_key *data_key, + const struct vb2_private_key **signing_keys, + uint32_t signing_key_count, + uint32_t flags, + const char *desc); + +#endif /* VBOOT_REFERENCE_HOST_KEYBLOCK2_H_ */ diff --git a/tests/vb2_common_tests.c b/tests/vb2_common_tests.c index 29adfe84..199b1e05 100644 --- a/tests/vb2_common_tests.c +++ b/tests/vb2_common_tests.c @@ -9,6 +9,7 @@ #include "2common.h" #include "2rsa.h" #include "host_key2.h" +#include "host_keyblock2.h" #include "host_signature2.h" #include "vb2_convert_structs.h" #include "vboot_struct.h" /* For old struct sizes */ @@ -297,19 +298,24 @@ static void test_common_header_functions(void) uint8_t cbufgood[sizeof(cbuf)]; struct vb2_struct_common *c = (struct vb2_struct_common *)cbuf; struct vb2_struct_common *c2; + const char test_desc[32] = "test desc"; uint32_t desc_end, m; c->total_size = sizeof(cbuf); c->fixed_size = sizeof(*c); - c->desc_size = 32; + c->desc_size = sizeof(test_desc); + memcpy(cbuf + c->fixed_size, test_desc, sizeof(test_desc)); desc_end = c->fixed_size + c->desc_size; - cbuf[desc_end - 1] = 0; c2 = (struct vb2_struct_common *)(cbuf + desc_end); c2->total_size = c->total_size - desc_end; c2->fixed_size = sizeof(*c2); c2->desc_size = 0; + /* Description helper */ + TEST_EQ(0, strcmp(vb2_common_desc(c), test_desc), "vb2_common_desc()"); + TEST_EQ(0, strcmp(vb2_common_desc(c2), ""), "vb2_common_desc() empty"); + TEST_SUCC(vb2_verify_common_header(cbuf, sizeof(cbuf)), "vb2_verify_common_header() good"); memcpy(cbufgood, cbuf, sizeof(cbufgood)); @@ -484,11 +490,12 @@ static void test_verify_hash(void) static void test_verify_keyblock(void) { const char desc[16] = "test keyblock"; - struct vb2_public_key pubk, pubk2, pubk_not_present; + const struct vb2_private_key *prik[2]; + struct vb2_public_key pubk, pubk2, pubk3; struct vb2_signature2 *sig; struct vb2_keyblock2 *kbuf; uint32_t buf_size; - uint8_t *buf, *buf2, *bnext; + uint8_t *buf, *buf2; uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES]; struct vb2_workbuf wb; @@ -497,68 +504,20 @@ static void test_verify_keyblock(void) "create hash key 1"); TEST_SUCC(vb2_public_key_hash(&pubk2, VB2_HASH_SHA512), "create hash key 2"); - TEST_SUCC(vb2_public_key_hash(&pubk_not_present, VB2_HASH_SHA1), + TEST_SUCC(vb2_public_key_hash(&pubk3, VB2_HASH_SHA1), "create hash key 3"); - /* - * Test packed key only needs to initialize the fields used by keyblock - * verification. - */ - const struct vb2_packed_key2 pkey = { - .c.fixed_size = sizeof(pkey), - .c.desc_size = 0, - .c.total_size = sizeof(pkey) - }; - - struct vb2_keyblock2 kb = { - .c.magic = VB2_MAGIC_KEYBLOCK2, - .c.struct_version_major = VB2_KEYBLOCK2_VERSION_MAJOR, - .c.struct_version_minor = VB2_KEYBLOCK2_VERSION_MAJOR, - .c.fixed_size = sizeof(kb), - .c.desc_size = sizeof(desc), - .flags = 0, - .sig_count = 2, - }; - - kb.key_offset = kb.c.fixed_size + kb.c.desc_size; - kb.sig_offset = kb.key_offset + pkey.c.total_size; - - /* - * Sign some dummy data with the right algorithms and descritions, to - * determine signature sizes. - */ - kb.c.total_size = kb.sig_offset; + TEST_SUCC(vb2_private_key_hash(prik + 0, VB2_HASH_SHA256), + "create private key 1"); + TEST_SUCC(vb2_private_key_hash(prik + 1, VB2_HASH_SHA512), + "create private key 2"); - sig = vb2_create_hash_sig(test_data, sizeof(test_data), - VB2_HASH_SHA256); - kb.c.total_size += sig->c.total_size; - free(sig); + /* Create the test keyblock */ + TEST_SUCC(vb2_keyblock_create(&kbuf, &pubk3, prik, 2, 0x4321, desc), + "create keyblock"); - sig = vb2_create_hash_sig(test_data, sizeof(test_data), - VB2_HASH_SHA512); - kb.c.total_size += sig->c.total_size; - free(sig); - - /* Now that the keyblock size is known, create the real keyblock */ - buf_size = kb.c.total_size; - buf = malloc(buf_size); - memset(buf, 0, buf_size); - memcpy(buf, &kb, sizeof(kb)); - memcpy(buf + kb.c.fixed_size, desc, sizeof(desc)); - memcpy(buf + kb.key_offset, &pkey, pkey.c.total_size); - - /* And copy in the signatures */ - bnext = buf + kb.sig_offset; - - sig = vb2_create_hash_sig(buf, kb.sig_offset, VB2_HASH_SHA256); - memcpy(bnext, sig, sig->c.total_size); - bnext += sig->c.total_size; - free(sig); - - sig = vb2_create_hash_sig(buf, kb.sig_offset, VB2_HASH_SHA512); - memcpy(bnext, sig, sig->c.total_size); - bnext += sig->c.total_size; - free(sig); + buf = (uint8_t *)kbuf; + buf_size = kbuf->c.total_size; /* Make a copy of the buffer, so we can mangle it for tests */ buf2 = malloc(buf_size); @@ -575,7 +534,7 @@ static void test_verify_keyblock(void) "vb2_verify_keyblock2() key 2"); memcpy(buf, buf2, buf_size); - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk_not_present, &wb), + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk3, &wb), VB2_ERROR_KEYBLOCK_SIG_GUID, "vb2_verify_keyblock2() key not present"); @@ -600,7 +559,7 @@ static void test_verify_keyblock(void) memcpy(buf, buf2, buf_size); kbuf->c.struct_version_minor++; /* That changes the signature, so resign the keyblock */ - sig = vb2_create_hash_sig(buf, kb.sig_offset, VB2_HASH_SHA256); + sig = vb2_create_hash_sig(buf, kbuf->sig_offset, VB2_HASH_SHA256); memcpy(buf + kbuf->sig_offset, sig, sig->c.total_size); free(sig); TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), diff --git a/tests/vb2_host_key_tests.c b/tests/vb2_host_key_tests.c index 15e0b377..5780691a 100644 --- a/tests/vb2_host_key_tests.c +++ b/tests/vb2_host_key_tests.c @@ -224,8 +224,7 @@ static void public_key_tests(const struct alg_combo *combo, TEST_EQ(pkey->key_version, key->version, " version"); TEST_EQ(memcmp(&pkey->guid, key->guid, sizeof(pkey->guid)), 0, " guid"); - TEST_EQ(strcmp((char *)pkey + pkey->c.fixed_size, key->desc), 0, - " desc"); + TEST_EQ(strcmp(vb2_common_desc(pkey), key->desc), 0, " desc"); TEST_SUCC(vb2_unpack_key2(&k2, (uint8_t *)pkey, pkey->c.total_size), "Unpack public key"); TEST_EQ(key->arrsize, k2.arrsize, " arrsize"); diff --git a/tests/vb2_host_keyblock_tests.c b/tests/vb2_host_keyblock_tests.c new file mode 100644 index 00000000..c30f3702 --- /dev/null +++ b/tests/vb2_host_keyblock_tests.c @@ -0,0 +1,135 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Tests for host library vboot2 keyblock functions + */ + +#include <stdio.h> +#include <unistd.h> + +#include "2sysincludes.h" +#include "2common.h" +#include "2rsa.h" +#include "host_common.h" +#include "host_key2.h" +#include "host_keyblock2.h" + +#include "test_common.h" + +static void keyblock_tests(const char *keys_dir) +{ + struct vb2_public_key *pubk2048, *pubk4096, *pubk8192, pubkhash; + struct vb2_private_key *prik4096, *prik8192; + struct vb2_packed_key2 *pak, *pakgood; + struct vb2_keyblock2 *kb; + const struct vb2_private_key *prikhash; + const struct vb2_private_key *prik[2]; + char fname[1024]; + const char test_desc[] = "Test keyblock"; + + uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES]; + struct vb2_workbuf wb; + + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); + + /* Read keys */ + sprintf(fname, "%s/key_rsa2048.keyb", keys_dir); + TEST_SUCC(vb2_public_key_read_keyb(&pubk2048, fname), + "Read public key 2"); + vb2_public_key_set_desc(pubk2048, "Test RSA2048 public key"); + pubk2048->hash_alg = VB2_HASH_SHA256; + + sprintf(fname, "%s/key_rsa4096.keyb", keys_dir); + TEST_SUCC(vb2_public_key_read_keyb(&pubk4096, fname), + "Read public key 1"); + vb2_public_key_set_desc(pubk4096, "Test RSA4096 public key"); + pubk4096->hash_alg = VB2_HASH_SHA256; + + sprintf(fname, "%s/key_rsa8192.keyb", keys_dir); + TEST_SUCC(vb2_public_key_read_keyb(&pubk8192, fname), + "Read public key 2"); + vb2_public_key_set_desc(pubk8192, "Test RSA8192 public key"); + pubk8192->hash_alg = VB2_HASH_SHA512; + + sprintf(fname, "%s/key_rsa4096.pem", keys_dir); + TEST_SUCC(vb2_private_key_read_pem(&prik4096, fname), + "Read private key 2"); + vb2_private_key_set_desc(prik4096, "Test RSA4096 private key"); + prik4096->sig_alg = VB2_SIG_RSA4096; + prik4096->hash_alg = VB2_HASH_SHA256; + + sprintf(fname, "%s/key_rsa8192.pem", keys_dir); + TEST_SUCC(vb2_private_key_read_pem(&prik8192, fname), + "Read private key 1"); + vb2_private_key_set_desc(prik8192, "Test RSA8192 private key"); + prik8192->sig_alg = VB2_SIG_RSA8192; + prik8192->hash_alg = VB2_HASH_SHA512; + + TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA512), + "Create private hash key"); + + TEST_SUCC(vb2_public_key_hash(&pubkhash, VB2_HASH_SHA512), + "Create public hash key"); + + TEST_SUCC(vb2_public_key_pack(&pakgood, pubk2048), "Test packed key"); + + /* Sign a keyblock with one key */ + prik[0] = prik4096; + TEST_SUCC(vb2_keyblock_create(&kb, pubk2048, prik, 1, 0x1234, NULL), + "Keyblock single"); + TEST_PTR_NEQ(kb, NULL, " kb_ptr"); + TEST_SUCC(vb2_verify_keyblock2(kb, kb->c.total_size, pubk4096, &wb), + " verify"); + TEST_EQ(strcmp(vb2_common_desc(kb), pubk2048->desc), 0, " desc"); + TEST_EQ(kb->flags, 0x1234, " flags"); + + pak = (struct vb2_packed_key2 *)((uint8_t *)kb + kb->key_offset); + TEST_EQ(0, memcmp(pak, pakgood, pakgood->c.total_size), " data key"); + free(kb); + + /* Sign a keyblock with two keys */ + prik[0] = prik8192; + prik[1] = prikhash; + TEST_SUCC(vb2_keyblock_create(&kb, pubk4096, prik, 2, 0, test_desc), + "Keyblock multiple"); + TEST_SUCC(vb2_verify_keyblock2(kb, kb->c.total_size, pubk8192, &wb), + " verify 1"); + TEST_SUCC(vb2_verify_keyblock2(kb, kb->c.total_size, &pubkhash, &wb), + " verify 2"); + TEST_EQ(strcmp(vb2_common_desc(kb), test_desc), 0, " desc"); + TEST_EQ(kb->flags, 0, " flags"); + free(kb); + + /* Test errors */ + prik[0] = prik8192; + prik8192->hash_alg = VB2_HASH_INVALID; + TEST_EQ(vb2_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL), + VB2_KEYBLOCK_CREATE_SIG_SIZE, "Keyblock bad sig size"); + TEST_PTR_EQ(kb, NULL, " kb_ptr"); + + prik[0] = prik4096; + pubk4096->sig_alg = VB2_SIG_INVALID; + TEST_EQ(vb2_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL), + VB2_KEYBLOCK_CREATE_DATA_KEY, "Keyblock bad data key"); + + /* Free keys */ + free(pakgood); + vb2_public_key_free(pubk2048); + vb2_public_key_free(pubk4096); + vb2_public_key_free(pubk8192); + vb2_private_key_free(prik4096); + vb2_private_key_free(prik8192); +} + +int main(int argc, char *argv[]) { + + if (argc == 2) { + keyblock_tests(argv[1]); + } else { + fprintf(stderr, "Usage: %s <keys_dir>", argv[0]); + return -1; + } + + return gTestSuccess ? 0 : 255; +} diff --git a/tests/vb2_host_sig_tests.c b/tests/vb2_host_sig_tests.c index a2793bc9..76e128c9 100644 --- a/tests/vb2_host_sig_tests.c +++ b/tests/vb2_host_sig_tests.c @@ -80,8 +80,7 @@ static void sig_tests(const struct alg_combo *combo, TEST_SUCC(vb2_sign_data(&sig, test_data, test_size, prik, NULL), "Sign good"); TEST_PTR_NEQ(sig, NULL, " sig_ptr"); - TEST_EQ(0, strcmp((char *)sig + sig->c.fixed_size, test_desc), - " desc"); + TEST_EQ(0, strcmp(vb2_common_desc(sig), test_desc), " desc"); TEST_EQ(0, memcmp(&sig->guid, &test_guid, sizeof(test_guid)), " guid"); TEST_EQ(sig->data_size, test_size, " data_size"); TEST_SUCC(vb2_sig_size_for_key(&size, prik, NULL), "Sig size"); @@ -93,8 +92,7 @@ static void sig_tests(const struct alg_combo *combo, TEST_SUCC(vb2_sign_data(&sig, test_data, test_size, prik, test_sig_desc), "Sign with desc"); - TEST_EQ(0, strcmp((char *)sig + sig->c.fixed_size, test_sig_desc), - " desc"); + TEST_EQ(0, strcmp(vb2_common_desc(sig), test_sig_desc), " desc"); free(sig); TEST_SUCC(vb2_sign_data(&sig, test_data, test_size, prik, ""), |