diff options
| author | Daisuke Nojiri <dnojiri@chromium.org> | 2015-01-29 14:37:25 -0800 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-02-03 04:19:16 +0000 |
| commit | 33aaf5126a356244796334feaef7c443ed380c7a (patch) | |
| tree | c162b50ea0da6f0502e9df1ecccd0f3db4b10637 | |
| parent | bca307cc7d4224eadcc821b26e71e535fc0ba536 (diff) | |
| download | vboot-33aaf5126a356244796334feaef7c443ed380c7a.tar.gz | |
add vb2api_get_pcr_digest
this api allows firmware to get the digest indicating boot mode status.
BUG=chromium:451609
TEST=VBOOT2=1 make run2tests
BRANCH=tot
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Idca7bc5f6aed947689ad7cf219805aad35047c7d
Reviewed-on: https://chromium-review.googlesource.com/244542
Reviewed-on: https://chromium-review.googlesource.com/245499
Commit-Queue: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | firmware/2lib/2api.c | 31 | ||||
| -rw-r--r-- | firmware/2lib/2misc.c | 1 | ||||
| -rw-r--r-- | firmware/2lib/2tpm_bootmode.c | 54 | ||||
| -rw-r--r-- | firmware/2lib/include/2api.h | 30 | ||||
| -rw-r--r-- | firmware/2lib/include/2return_codes.h | 6 | ||||
| -rw-r--r-- | firmware/2lib/include/2struct.h | 10 | ||||
| -rw-r--r-- | firmware/2lib/include/2tpm_bootmode.h | 21 | ||||
| -rw-r--r-- | tests/vb2_api_tests.c | 255 |
9 files changed, 196 insertions, 215 deletions
@@ -175,7 +175,7 @@ endif # And a few more default utilities LD = ${CC} -CXX ?= g++ # HEY: really? +CXX ?= g++ PKG_CONFIG ?= pkg-config # Determine QEMU architecture needed, if any @@ -291,6 +291,7 @@ FWLIB2_SRCS = \ firmware/2lib/2sha256.c \ firmware/2lib/2sha512.c \ firmware/2lib/2sha_utility.c \ + firmware/2lib/2tpm_bootmode.c # Support real TPM unless BIOS sets MOCK_TPM ifeq (${MOCK_TPM},) diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index 4d3b172f..6064a230 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -14,6 +14,7 @@ #include "2secdata.h" #include "2sha.h" #include "2rsa.h" +#include "2tpm_bootmode.h" int vb2api_secdata_check(const struct vb2_context *ctx) { @@ -291,3 +292,33 @@ int vb2api_check_hash(struct vb2_context *ctx) return rv; } + +int vb2api_get_pcr_digest(struct vb2_context *ctx, + enum vb2_pcr_digest which_digest, + uint8_t *dest, + uint32_t *dest_size) +{ + const uint8_t *digest; + uint32_t digest_size; + + switch (which_digest) { + case BOOT_MODE_PCR: + digest = vb2_get_boot_state_digest(ctx); + digest_size = VB2_SHA1_DIGEST_SIZE; + break; + case HWID_DIGEST_PCR: + digest = vb2_get_sd(ctx)->gbb_hwid_digest; + digest_size = VB2_GBB_HWID_DIGEST_SIZE; + break; + default: + return VB2_ERROR_API_PCR_DIGEST; + } + + if (digest == NULL || *dest_size < digest_size) + return VB2_ERROR_API_PCR_DIGEST_BUF; + + memcpy(dest, digest, digest_size); + *dest_size = digest_size; + + return VB2_SUCCESS; +} diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 931c4f04..6ebf6818 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -192,6 +192,7 @@ int vb2_fw_parse_gbb(struct vb2_context *ctx) sd->gbb_flags = gbb->flags; sd->gbb_rootkey_offset = gbb->rootkey_offset; sd->gbb_rootkey_size = gbb->rootkey_size; + memcpy(sd->gbb_hwid_digest, gbb->hwid_digest, VB2_GBB_HWID_DIGEST_SIZE); return VB2_SUCCESS; } diff --git a/firmware/2lib/2tpm_bootmode.c b/firmware/2lib/2tpm_bootmode.c new file mode 100644 index 00000000..6903fe87 --- /dev/null +++ b/firmware/2lib/2tpm_bootmode.c @@ -0,0 +1,54 @@ +/* Copyright 2015 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Functions for updating the TPM state with the status of boot path. + */ + +#include "2sysincludes.h" +#include "2common.h" +#include "2sha.h" +#include "2tpm_bootmode.h" + +/* + * Input digests for PCR extend. + * These are calculated as: + * SHA1("|Developer_Mode||Recovery_Mode||Keyblock_Mode|"). + * Developer_Mode can be 0 or 1. + * Recovery_Mode can be 0 or 1. + * Keyblock flags are defined in 2struct.h and assumed always 0 in recovery mode + * or 7 in non-recovery mode. + * + * We map them to Keyblock_Mode as follows: + * ----------------------------------------- + * Keyblock Flags | Keyblock Mode + * ----------------------------------------- + * 0 recovery mode | 0 + * 7 Normal-signed firmware | 1 + */ + +const uint8_t kBootStateSHA1Digests[][VB2_SHA1_DIGEST_SIZE] = { + /* SHA1(0x00|0x00|0x01) */ + {0x25, 0x47, 0xcc, 0x73, 0x6e, 0x95, 0x1f, 0xa4, 0x91, 0x98, 0x53, 0xc4, + 0x3a, 0xe8, 0x90, 0x86, 0x1a, 0x3b, 0x32, 0x64}, + + /* SHA1(0x01|0x00|0x01) */ + {0xc4, 0x2a, 0xc1, 0xc4, 0x6f, 0x1d, 0x4e, 0x21, 0x1c, 0x73, 0x5c, 0xc7, + 0xdf, 0xad, 0x4f, 0xf8, 0x39, 0x11, 0x10, 0xe9}, + + /* SHA1(0x00|0x01|0x00) */ + {0x62, 0x57, 0x18, 0x91, 0x21, 0x5b, 0x4e, 0xfc, 0x1c, 0xea, 0xb7, 0x44, + 0xce, 0x59, 0xdd, 0x0b, 0x66, 0xea, 0x6f, 0x73}, + + /* SHA1(0x01|0x01|0x00) */ + {0x47, 0xec, 0x8d, 0x98, 0x36, 0x64, 0x33, 0xdc, 0x00, 0x2e, 0x77, 0x21, + 0xc9, 0xe3, 0x7d, 0x50, 0x67, 0x54, 0x79, 0x37}, +}; + +const uint8_t *vb2_get_boot_state_digest(struct vb2_context *ctx) +{ + int index = (ctx->flags & VB2_CONTEXT_RECOVERY_MODE ? 2 : 0) + + (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE ? 1 : 0); + + return kBootStateSHA1Digests[index]; +} diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 4684d54b..743a1259 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -38,6 +38,9 @@ */ #define VB2_WORKBUF_RECOMMENDED_SIZE (12 * 1024) +/* Recommended buffer size for vb2api_get_pcr_digest */ +#define VB2_PCR_DIGEST_RECOMMENDED_SIZE 32 + /* Flags for vb2_context. * * Unless otherwise noted, flags are set by verified boot and may be read (but @@ -156,6 +159,15 @@ enum vb2_resource_index { VB2_RES_FW_VBLOCK, }; +/* Digest ID for vbapi_get_pcr_digest() */ +enum vb2_pcr_digest { + /* Digest based on current developer and recovery mode flags */ + BOOT_MODE_PCR, + + /* SHA-256 hash digest of HWID, from GBB */ + HWID_DIGEST_PCR, +}; + /****************************************************************************** * APIs provided by verified boot. * @@ -341,9 +353,21 @@ int vb2api_extend_hash(struct vb2_context *ctx, */ int vb2api_check_hash(struct vb2_context *ctx); -int vb2api_get_kernel_subkey(struct vb2_context *ctx, - uint8_t *buf, - uint32_t *size); +/** + * Get a PCR digest + * + * @param ctx Vboot context + * @param which_digest PCR index of the digest + * @param dest Destination where the digest is copied. + * Recommended size is VB2_PCR_DIGEST_RECOMMENDED_SIZE. + * @param dest_size IN: size of the buffer pointed by dest + * OUT: size of the copied digest + * @return VB2_SUCCESS, or error code on error + */ +int vb2api_get_pcr_digest(struct vb2_context *ctx, + enum vb2_pcr_digest which_digest, + uint8_t *dest, + uint32_t *dest_size); /*****************************************************************************/ /* APIs provided by the caller to verified boot */ diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 77d0dd89..4f56bdb0 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -328,6 +328,12 @@ enum vb2_return_code { /* Phase one needs recovery mode */ VB2_ERROR_API_PHASE1_RECOVERY, + /* Invalid enum vb2_pcr_digest requested to vb2api_get_pcr_digest */ + VB2_ERROR_API_PCR_DIGEST, + + /* Buffer size for the digest is too small for vb2api_get_pcr_digest */ + VB2_ERROR_API_PCR_DIGEST_BUF, + /********************************************************************** * Errors which may be generated by implementations of vb2ex functions. * Implementation may also return its own specific errors, which should diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 38979253..0eaaa572 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -76,6 +76,7 @@ struct vb2_signature { #define VB2_KEY_BLOCK_FLAG_DEVELOPER_1 0x02 /* Developer switch on */ #define VB2_KEY_BLOCK_FLAG_RECOVERY_0 0x04 /* Not recovery mode */ #define VB2_KEY_BLOCK_FLAG_RECOVERY_1 0x08 /* Recovery mode */ +#define VB2_GBB_HWID_DIGEST_SIZE 32 /* * Key block, containing the public key used to sign some other chunk of data. @@ -270,6 +271,9 @@ struct vb2_shared_data { uint32_t gbb_rootkey_offset; uint32_t gbb_rootkey_size; + /* HWID digest from GBB header */ + uint8_t gbb_hwid_digest[VB2_GBB_HWID_DIGEST_SIZE]; + /* Offset of preamble from start of vblock */ uint32_t vblock_preamble_offset; @@ -388,7 +392,11 @@ struct vb2_gbb_header { uint32_t recovery_key_offset; /* Recovery key */ uint32_t recovery_key_size; - uint8_t pad[80]; /* To match GBB_HEADER_SIZE. Initialize to 0. */ + /* Added in version 1.2 */ + uint8_t hwid_digest[VB2_GBB_HWID_DIGEST_SIZE]; /* SHA-256 of HWID */ + + /* Pad to match EXPECETED_VB2_GBB_HEADER_SIZE. Initialize to 0. */ + uint8_t pad[48]; } __attribute__((packed)); #endif /* VBOOT_REFERENCE_VBOOT_2STRUCT_H_ */ diff --git a/firmware/2lib/include/2tpm_bootmode.h b/firmware/2lib/include/2tpm_bootmode.h new file mode 100644 index 00000000..63f247da --- /dev/null +++ b/firmware/2lib/include/2tpm_bootmode.h @@ -0,0 +1,21 @@ +/* Copyright 2015 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Functions for updating the TPM state with the status of boot path. + */ + +#ifndef VBOOT_REFERENCE_2TPM_BOOTMODE_H_ +#define VBOOT_REFERENCE_2TPM_BOOTMODE_H_ + +#include "2api.h" + +/** + * Return digest indicating the boot state + * + * @param ctx Vboot context + * @return Pointer to sha1 digest of size VB2_SHA1_DIGEST_SIZE + */ +const uint8_t *vb2_get_boot_state_digest(struct vb2_context *ctx); + +#endif /* VBOOT_REFERENCE_2TPM_BOOTMODE_H_ */ diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c index 1882f559..a765d21f 100644 --- a/tests/vb2_api_tests.c +++ b/tests/vb2_api_tests.c @@ -26,7 +26,12 @@ static struct vb2_shared_data *sd; const char mock_body[320] = "Mock body"; const int mock_body_size = sizeof(mock_body); const int mock_algorithm = VB2_ALG_RSA2048_SHA256; -const int mock_sig_size = 64; +static const uint8_t mock_hwid_digest[VB2_GBB_HWID_DIGEST_SIZE] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, +}; /* Mocked function data */ @@ -48,9 +53,6 @@ enum reset_type { static void reset_common_data(enum reset_type t) { - struct vb2_fw_preamble *pre; - struct vb2_packed_key *k; - memset(workbuf, 0xaa, sizeof(workbuf)); memset(&cc, 0, sizeof(cc)); @@ -69,33 +71,9 @@ static void reset_common_data(enum reset_type t) retval_vb2_check_dev_switch = VB2_SUCCESS; retval_vb2_check_tpm_clear = VB2_SUCCESS; retval_vb2_select_fw_slot = VB2_SUCCESS; - retval_vb2_verify_fw_keyblock = VB2_SUCCESS; - retval_vb2_verify_fw_preamble2 = VB2_SUCCESS; - retval_vb2_digest_finalize = VB2_SUCCESS; - retval_vb2_verify_digest = VB2_SUCCESS; - - sd->workbuf_preamble_offset = 8; - sd->workbuf_preamble_size = sizeof(*pre); - cc.workbuf_used = sd->workbuf_preamble_offset - + sd->workbuf_preamble_size; - pre = (struct vb2_fw_preamble *) - (cc.workbuf + sd->workbuf_preamble_offset); - pre->body_signature.data_size = mock_body_size; - pre->body_signature.sig_size = mock_sig_size; - - sd->workbuf_data_key_offset = cc.workbuf_used; - sd->workbuf_data_key_size = sizeof(*k) + 8; - cc.workbuf_used = sd->workbuf_data_key_offset + - sd->workbuf_data_key_size; - k = (struct vb2_packed_key *) - (cc.workbuf + sd->workbuf_data_key_offset); - k->algorithm = mock_algorithm; - - if (t == FOR_EXTEND_HASH || t == FOR_CHECK_HASH) - vb2api_init_hash(&cc, VB2_HASH_TAG_FW_BODY, NULL); - - if (t == FOR_CHECK_HASH) - vb2api_extend_hash(&cc, mock_body, mock_body_size); + + memcpy(sd->gbb_hwid_digest, mock_hwid_digest, + sizeof(sd->gbb_hwid_digest)); }; /* Mocked functions */ @@ -171,11 +149,6 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, return retval_vb2_digest_finalize; } -uint32_t vb2_rsa_sig_size(uint32_t algorithm) -{ - return mock_sig_size; -} - int vb2_verify_digest(const struct vb2_public_key *key, uint8_t *sig, const uint8_t *digest, @@ -267,179 +240,43 @@ static void phase2_tests(void) VB2_RECOVERY_FW_SLOT, " recovery reason"); } -static void phase3_tests(void) +static void get_pcr_digest_tests(void) { - reset_common_data(FOR_MISC); - TEST_SUCC(vb2api_fw_phase3(&cc), "phase3 good"); - - reset_common_data(FOR_MISC); - retval_vb2_verify_fw_keyblock = VB2_ERROR_MOCK; - TEST_EQ(vb2api_fw_phase3(&cc), VB2_ERROR_MOCK, "phase3 keyblock"); - TEST_EQ(vb2_nv_get(&cc, VB2_NV_RECOVERY_REQUEST), - VB2_RECOVERY_RO_INVALID_RW, " recovery reason"); + uint8_t digest[VB2_PCR_DIGEST_RECOMMENDED_SIZE]; + uint8_t digest_org[VB2_PCR_DIGEST_RECOMMENDED_SIZE]; + uint32_t digest_size; reset_common_data(FOR_MISC); - retval_vb2_verify_fw_preamble2 = VB2_ERROR_MOCK; - TEST_EQ(vb2api_fw_phase3(&cc), VB2_ERROR_MOCK, "phase3 keyblock"); - TEST_EQ(vb2_nv_get(&cc, VB2_NV_RECOVERY_REQUEST), - VB2_RECOVERY_RO_INVALID_RW, " recovery reason"); -} - -static void init_hash_tests(void) -{ - struct vb2_packed_key *k; - int wb_used_before; - uint32_t size; - - /* For now, all we support is body signature hash */ - reset_common_data(FOR_MISC); - wb_used_before = cc.workbuf_used; - TEST_SUCC(vb2api_init_hash(&cc, VB2_HASH_TAG_FW_BODY, &size), - "init hash good"); - TEST_EQ(sd->workbuf_hash_offset, - (wb_used_before + (VB2_WORKBUF_ALIGN - 1)) & - ~(VB2_WORKBUF_ALIGN - 1), - "hash context offset"); - TEST_EQ(sd->workbuf_hash_size, sizeof(struct vb2_digest_context), - "hash context size"); - TEST_EQ(cc.workbuf_used, - sd->workbuf_hash_offset + sd->workbuf_hash_size, - "hash uses workbuf"); - TEST_EQ(sd->hash_tag, VB2_HASH_TAG_FW_BODY, "hash tag"); - TEST_EQ(sd->hash_remaining_size, mock_body_size, "hash remaining"); - - wb_used_before = cc.workbuf_used; - TEST_SUCC(vb2api_init_hash(&cc, VB2_HASH_TAG_FW_BODY, NULL), - "init hash again"); - TEST_EQ(cc.workbuf_used, wb_used_before, "init hash reuses context"); - - reset_common_data(FOR_MISC); - TEST_EQ(vb2api_init_hash(&cc, VB2_HASH_TAG_INVALID, &size), - VB2_ERROR_API_INIT_HASH_TAG, "init hash invalid tag"); - - reset_common_data(FOR_MISC); - sd->workbuf_preamble_size = 0; - TEST_EQ(vb2api_init_hash(&cc, VB2_HASH_TAG_FW_BODY, &size), - VB2_ERROR_API_INIT_HASH_PREAMBLE, "init hash preamble"); - - reset_common_data(FOR_MISC); - TEST_EQ(vb2api_init_hash(&cc, VB2_HASH_TAG_FW_BODY + 1, &size), - VB2_ERROR_API_INIT_HASH_TAG, "init hash unknown tag"); - - reset_common_data(FOR_MISC); - cc.workbuf_used = - cc.workbuf_size - sizeof(struct vb2_digest_context) + 8; - TEST_EQ(vb2api_init_hash(&cc, VB2_HASH_TAG_FW_BODY, &size), - VB2_ERROR_API_INIT_HASH_WORKBUF, "init hash workbuf"); - - reset_common_data(FOR_MISC); - sd->workbuf_data_key_size = 0; - TEST_EQ(vb2api_init_hash(&cc, VB2_HASH_TAG_FW_BODY, &size), - VB2_ERROR_API_INIT_HASH_DATA_KEY, "init hash data key"); - - reset_common_data(FOR_MISC); - sd->workbuf_data_key_size--; - TEST_EQ(vb2api_init_hash(&cc, VB2_HASH_TAG_FW_BODY, &size), - VB2_ERROR_UNPACK_KEY_SIZE, "init hash data key size"); - - reset_common_data(FOR_MISC); - k = (struct vb2_packed_key *)(cc.workbuf + sd->workbuf_data_key_offset); - k->algorithm--; - TEST_EQ(vb2api_init_hash(&cc, VB2_HASH_TAG_FW_BODY, &size), - VB2_ERROR_SHA_INIT_ALGORITHM, "init hash algorithm"); -} - -static void extend_hash_tests(void) -{ - struct vb2_digest_context *dc; - - reset_common_data(FOR_EXTEND_HASH); - TEST_SUCC(vb2api_extend_hash(&cc, mock_body, 32), - "hash extend good"); - TEST_EQ(sd->hash_remaining_size, mock_body_size - 32, - "hash extend remaining"); - TEST_SUCC(vb2api_extend_hash(&cc, mock_body, mock_body_size - 32), - "hash extend again"); - TEST_EQ(sd->hash_remaining_size, 0, "hash extend remaining 2"); - - reset_common_data(FOR_EXTEND_HASH); - sd->workbuf_hash_size = 0; - TEST_EQ(vb2api_extend_hash(&cc, mock_body, mock_body_size), - VB2_ERROR_API_EXTEND_HASH_WORKBUF, "hash extend no workbuf"); - - reset_common_data(FOR_EXTEND_HASH); - TEST_EQ(vb2api_extend_hash(&cc, mock_body, mock_body_size + 1), - VB2_ERROR_API_EXTEND_HASH_SIZE, "hash extend too much"); - - reset_common_data(FOR_EXTEND_HASH); - TEST_EQ(vb2api_extend_hash(&cc, mock_body, 0), - VB2_ERROR_API_EXTEND_HASH_SIZE, "hash extend empty"); - - reset_common_data(FOR_EXTEND_HASH); - dc = (struct vb2_digest_context *) - (cc.workbuf + sd->workbuf_hash_offset); - dc->algorithm++; - TEST_EQ(vb2api_extend_hash(&cc, mock_body, mock_body_size), - VB2_ERROR_SHA_EXTEND_ALGORITHM, "hash extend fail"); -} - -static void check_hash_tests(void) -{ - struct vb2_fw_preamble *pre; - - reset_common_data(FOR_CHECK_HASH); - TEST_SUCC(vb2api_check_hash(&cc), "check hash good"); - - reset_common_data(FOR_CHECK_HASH); - sd->workbuf_preamble_size = 0; - TEST_EQ(vb2api_check_hash(&cc), - VB2_ERROR_API_CHECK_HASH_PREAMBLE, "check hash preamble"); - - reset_common_data(FOR_CHECK_HASH); - sd->workbuf_hash_size = 0; - TEST_EQ(vb2api_check_hash(&cc), - VB2_ERROR_API_CHECK_HASH_WORKBUF, "check hash no workbuf"); - - reset_common_data(FOR_CHECK_HASH); - sd->hash_remaining_size = 1; - TEST_EQ(vb2api_check_hash(&cc), - VB2_ERROR_API_CHECK_HASH_SIZE, "check hash size"); - - reset_common_data(FOR_CHECK_HASH); - cc.workbuf_used = cc.workbuf_size; - TEST_EQ(vb2api_check_hash(&cc), - VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST, "check hash workbuf"); - - reset_common_data(FOR_CHECK_HASH); - retval_vb2_digest_finalize = VB2_ERROR_MOCK; - TEST_EQ(vb2api_check_hash(&cc), VB2_ERROR_MOCK, "check hash finalize"); - - reset_common_data(FOR_CHECK_HASH); - sd->hash_tag = VB2_HASH_TAG_INVALID; - TEST_EQ(vb2api_check_hash(&cc), - VB2_ERROR_API_CHECK_HASH_TAG, "check hash tag"); - - reset_common_data(FOR_CHECK_HASH); - sd->workbuf_data_key_size = 0; - TEST_EQ(vb2api_check_hash(&cc), - VB2_ERROR_API_CHECK_HASH_DATA_KEY, "check hash data key"); - - reset_common_data(FOR_CHECK_HASH); - sd->workbuf_data_key_size--; - TEST_EQ(vb2api_check_hash(&cc), - VB2_ERROR_UNPACK_KEY_SIZE, "check hash data key size"); - - reset_common_data(FOR_CHECK_HASH); - pre = (struct vb2_fw_preamble *) - (cc.workbuf + sd->workbuf_preamble_offset); - pre->body_signature.sig_size++; - TEST_EQ(vb2api_check_hash(&cc), - VB2_ERROR_API_CHECK_HASH_SIG_SIZE, "check hash sig size"); - - reset_common_data(FOR_CHECK_HASH); - retval_vb2_digest_finalize = VB2_ERROR_RSA_VERIFY_DIGEST; - TEST_EQ(vb2api_check_hash(&cc), - VB2_ERROR_RSA_VERIFY_DIGEST, "check hash finalize"); + memset(digest_org, 0, sizeof(digest_org)); + + digest_size = sizeof(digest); + memset(digest, 0, sizeof(digest)); + TEST_SUCC(vb2api_get_pcr_digest( + &cc, BOOT_MODE_PCR, digest, &digest_size), + "BOOT_MODE_PCR"); + TEST_EQ(digest_size, VB2_SHA1_DIGEST_SIZE, "BOOT_MODE_PCR digest size"); + TEST_TRUE(memcmp(digest, digest_org, digest_size), + "BOOT_MODE_PCR digest"); + + digest_size = sizeof(digest); + memset(digest, 0, sizeof(digest)); + TEST_SUCC(vb2api_get_pcr_digest( + &cc, HWID_DIGEST_PCR, digest, &digest_size), + "HWID_DIGEST_PCR"); + TEST_EQ(digest_size, VB2_GBB_HWID_DIGEST_SIZE, + "HWID_DIGEST_PCR digest size"); + TEST_FALSE(memcmp(digest, mock_hwid_digest, digest_size), + "HWID_DIGEST_PCR digest"); + + digest_size = 1; + TEST_EQ(vb2api_get_pcr_digest(&cc, BOOT_MODE_PCR, digest, &digest_size), + VB2_ERROR_API_PCR_DIGEST_BUF, + "BOOT_MODE_PCR buffer too small"); + + TEST_EQ(vb2api_get_pcr_digest( + &cc, HWID_DIGEST_PCR + 1, digest, &digest_size), + VB2_ERROR_API_PCR_DIGEST, + "invalid enum vb2_pcr_digest"); } int main(int argc, char* argv[]) @@ -447,10 +284,8 @@ int main(int argc, char* argv[]) misc_tests(); phase1_tests(); phase2_tests(); - phase3_tests(); - init_hash_tests(); - extend_hash_tests(); - check_hash_tests(); + + get_pcr_digest_tests(); return gTestSuccess ? 0 : 255; } |