diff options
author | Joel Kitching <kitching@google.com> | 2019-12-11 16:21:26 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-02-11 02:04:08 +0000 |
commit | 9e39b7452393486d1a37ff9eee61906452f5d4f7 (patch) | |
tree | 9954f761a9fb37265aff54d897d8893473c0ba4b | |
parent | d4a006922bf468be9f9f4446f3fefb2c8a3b7266 (diff) | |
download | vboot-9e39b7452393486d1a37ff9eee61906452f5d4f7.tar.gz |
vboot: purge unused vboot 2.1 code
Only keep vboot 2.1 code that futility uses.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: Iee45d7a0f7c6a6d4b27997b2eff3117a12a48dcf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1961715
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
-rw-r--r-- | Makefile | 12 | ||||
-rw-r--r-- | firmware/2lib/include/2api.h | 16 | ||||
-rw-r--r-- | firmware/2lib/include/2misc.h | 2 | ||||
-rw-r--r-- | firmware/lib21/api.c | 167 | ||||
-rw-r--r-- | firmware/lib21/common.c | 138 | ||||
-rw-r--r-- | firmware/lib21/include/vb21_common.h | 32 | ||||
-rw-r--r-- | firmware/lib21/include/vb21_struct.h | 120 | ||||
-rw-r--r-- | firmware/lib21/misc.c | 245 | ||||
-rw-r--r-- | host/lib21/host_fw_preamble.c | 80 | ||||
-rw-r--r-- | host/lib21/host_keyblock.c | 76 | ||||
-rw-r--r-- | host/lib21/include/host_fw_preamble2.h | 33 | ||||
-rw-r--r-- | host/lib21/include/host_keyblock2.h | 34 | ||||
-rw-r--r-- | tests/vb21_api_tests.c | 371 | ||||
-rw-r--r-- | tests/vb21_common_tests.c | 277 | ||||
-rw-r--r-- | tests/vb21_host_fw_preamble_tests.c | 120 | ||||
-rw-r--r-- | tests/vb21_host_keyblock_tests.c | 138 | ||||
-rw-r--r-- | tests/vb21_misc_tests.c | 400 |
17 files changed, 1 insertions, 2260 deletions
@@ -393,9 +393,7 @@ FWLIB20_SRCS = \ firmware/lib20/packed_key.c FWLIB21_SRCS = \ - firmware/lib21/api.c \ firmware/lib21/common.c \ - firmware/lib21/misc.c \ firmware/lib21/packed_key.c # TPM lightweight command library @@ -471,9 +469,7 @@ UTILLIB_SRCS = \ host/lib/signature_digest.c \ host/lib/subprocess.c \ host/lib/util_misc.c \ - host/lib21/host_fw_preamble.c \ host/lib21/host_key.c \ - host/lib21/host_keyblock.c \ host/lib21/host_misc.c \ host/lib21/host_signature.c @@ -733,13 +729,9 @@ TEST20_NAMES = \ tests/vb20_verify_fw TEST21_NAMES = \ - tests/vb21_api_tests \ tests/vb21_common_tests \ tests/vb21_common2_tests \ - tests/vb21_misc_tests \ - tests/vb21_host_fw_preamble_tests \ tests/vb21_host_key_tests \ - tests/vb21_host_keyblock_tests \ tests/vb21_host_misc_tests \ tests/vb21_host_sig_tests @@ -1239,13 +1231,9 @@ run2tests: install_for_test ${RUNTEST} ${BUILD_RUN}/tests/vb20_api_kernel_tests ${RUNTEST} ${BUILD_RUN}/tests/vb20_kernel_tests ${RUNTEST} ${BUILD_RUN}/tests/vb20_misc_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb21_api_tests ${RUNTEST} ${BUILD_RUN}/tests/vb21_common_tests ${RUNTEST} ${BUILD_RUN}/tests/vb21_common2_tests ${TEST_KEYS} - ${RUNTEST} ${BUILD_RUN}/tests/vb21_misc_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_fw_preamble_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_key_tests ${TEST_KEYS} ${BUILD} - ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_keyblock_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_misc_tests ${BUILD} ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_sig_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/hmac_test diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index e8ce89da..5470b308 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -587,11 +587,6 @@ vb2_error_t vb2api_fw_phase2(struct vb2_context *ctx); vb2_error_t vb2api_fw_phase3(struct vb2_context *ctx); /** - * Same, but for new-style structs. - */ -vb2_error_t vb21api_fw_phase3(struct vb2_context *ctx); - -/** * Initialize hashing data for the specified tag. * * @param ctx Vboot context @@ -601,12 +596,6 @@ vb2_error_t vb21api_fw_phase3(struct vb2_context *ctx); vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag); /** - * Same, but for new-style structs. - */ -vb2_error_t vb21api_init_hash(struct vb2_context *ctx, const struct vb2_id *id, - uint32_t *size); - -/** * Extend the hash started by vb2api_init_hash() with additional data. * * (This is the same for both old and new style structs.) @@ -628,11 +617,6 @@ vb2_error_t vb2api_extend_hash(struct vb2_context *ctx, const void *buf, int vb2api_check_hash(struct vb2_context *ctx); /** - * Same, but for new-style structs. - */ -vb2_error_t vb21api_check_hash(struct vb2_context *ctx); - -/** * Check the hash value started by vb2api_init_hash() while retrieving * calculated digest. * diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index 6400bfa6..6a61f9e5 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -130,7 +130,6 @@ vb2_error_t vb2_select_fw_slot(struct vb2_context *ctx); * @return VB2_SUCCESS, or error code on error. */ vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx); -vb2_error_t vb21_load_fw_keyblock(struct vb2_context *ctx); /** * Verify the firmware preamble using the data subkey from the keyblock. @@ -141,7 +140,6 @@ vb2_error_t vb21_load_fw_keyblock(struct vb2_context *ctx); * @return VB2_SUCCESS, or error code on error. */ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx); -vb2_error_t vb21_load_fw_preamble(struct vb2_context *ctx); /** * Verify the kernel keyblock using the previously-loaded kernel key. diff --git a/firmware/lib21/api.c b/firmware/lib21/api.c deleted file mode 100644 index b9fc5e4c..00000000 --- a/firmware/lib21/api.c +++ /dev/null @@ -1,167 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Externally-callable APIs - * (Firmware portion) - */ - -#include "2api.h" -#include "2common.h" -#include "2misc.h" -#include "2nvstorage.h" -#include "2rsa.h" -#include "2secdata.h" -#include "2sha.h" -#include "2sysincludes.h" -#include "vb21_common.h" - -vb2_error_t vb21api_fw_phase3(struct vb2_context *ctx) -{ - vb2_error_t rv; - - /* Verify firmware keyblock */ - rv = vb21_load_fw_keyblock(ctx); - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); - return rv; - } - - /* Verify firmware preamble */ - rv = vb21_load_fw_preamble(ctx); - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); - return rv; - } - - return VB2_SUCCESS; -} - -vb2_error_t vb21api_init_hash(struct vb2_context *ctx, - const struct vb2_id *id, - uint32_t *size) -{ - struct vb2_shared_data *sd = vb2_get_sd(ctx); - const struct vb21_fw_preamble *pre; - const struct vb21_signature *sig = NULL; - struct vb2_digest_context *dc; - struct vb2_workbuf wb; - uint32_t hash_offset; - int i, rv; - - vb2_workbuf_from_ctx(ctx, &wb); - - /* Get preamble pointer */ - if (!sd->preamble_size) - return VB2_ERROR_API_INIT_HASH_PREAMBLE; - pre = (const struct vb21_fw_preamble *) - vb2_member_of(sd, sd->preamble_offset); - - /* Find the matching signature */ - hash_offset = pre->hash_offset; - for (i = 0; i < pre->hash_count; i++) { - sig = (const struct vb21_signature *) - ((uint8_t *)pre + hash_offset); - - if (!memcmp(id, &sig->id, sizeof(*id))) - break; - - hash_offset += sig->c.total_size; - } - if (i >= pre->hash_count) - return VB2_ERROR_API_INIT_HASH_ID; /* No match */ - - /* Allocate workbuf space for the hash */ - if (sd->hash_size) { - dc = (struct vb2_digest_context *) - vb2_member_of(sd, sd->hash_offset); - } else { - uint32_t dig_size = sizeof(*dc); - - dc = vb2_workbuf_alloc(&wb, dig_size); - if (!dc) - return VB2_ERROR_API_INIT_HASH_WORKBUF; - - sd->hash_offset = vb2_offset_of(sd, dc); - sd->hash_size = dig_size; - vb2_set_workbuf_used(ctx, sd->hash_offset + dig_size); - } - - sd->hash_tag = vb2_offset_of(sd, sig); - sd->hash_remaining_size = sig->data_size; - - if (size) - *size = sig->data_size; - - if (!(pre->flags & VB21_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) { - rv = vb2ex_hwcrypto_digest_init(sig->hash_alg, sig->data_size); - if (!rv) { - VB2_DEBUG("Using HW crypto engine for hash_alg %d\n", - sig->hash_alg); - dc->hash_alg = sig->hash_alg; - dc->using_hwcrypto = 1; - return VB2_SUCCESS; - } - if (rv != VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED) - return rv; - VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n", - sig->hash_alg); - } else { - VB2_DEBUG("HW crypto forbidden by preamble, using SW\n"); - } - - return vb2_digest_init(dc, sig->hash_alg); -} - -vb2_error_t vb21api_check_hash(struct vb2_context *ctx) -{ - struct vb2_shared_data *sd = vb2_get_sd(ctx); - struct vb2_digest_context *dc = (struct vb2_digest_context *) - vb2_member_of(sd, sd->hash_offset); - struct vb2_workbuf wb; - - uint8_t *digest; - uint32_t digest_size = vb2_digest_size(dc->hash_alg); - - const struct vb21_signature *sig; - - vb2_error_t rv; - - vb2_workbuf_from_ctx(ctx, &wb); - - /* Get signature pointer */ - if (!sd->hash_tag) - return VB2_ERROR_API_CHECK_HASH_TAG; - sig = vb2_member_of(sd, sd->hash_tag); - - /* Must have initialized hash digest work area */ - if (!sd->hash_size) - return VB2_ERROR_API_CHECK_HASH_WORKBUF; - - /* Should have hashed the right amount of data */ - if (sd->hash_remaining_size) - return VB2_ERROR_API_CHECK_HASH_SIZE; - - /* Allocate the digest */ - digest = vb2_workbuf_alloc(&wb, digest_size); - if (!digest) - return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST; - - /* Finalize the digest */ - if (dc->using_hwcrypto) - rv = vb2ex_hwcrypto_digest_finalize(digest, digest_size); - else - rv = vb2_digest_finalize(dc, digest, digest_size); - if (rv) - return rv; - - /* Compare with the signature */ - if (vb2_safe_memcmp(digest, (const uint8_t *)sig + sig->sig_offset, - digest_size)) - return VB2_ERROR_API_CHECK_HASH_SIG; - - /* TODO: The old check-hash function called vb2api_fail() on any - mismatch. I don't think it should do that; the caller should. */ - - return VB2_SUCCESS; -} diff --git a/firmware/lib21/common.c b/firmware/lib21/common.c index 89367ba3..19f07bce 100644 --- a/firmware/lib21/common.c +++ b/firmware/lib21/common.c @@ -301,141 +301,3 @@ vb2_error_t vb21_verify_data(const void *data, uint32_t size, return vb21_verify_digest(key, sig, digest, &wblocal); } - -vb2_error_t vb21_verify_keyblock(struct vb21_keyblock *block, uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - uint32_t min_offset = 0, sig_offset; - vb2_error_t rv, i; - - /* Check magic number */ - if (block->c.magic != VB21_MAGIC_KEYBLOCK) - return VB2_ERROR_KEYBLOCK_MAGIC; - - /* Make sure common header is good */ - rv = vb21_verify_common_header(block, size); - if (rv) - return rv; - - /* - * Check for compatible version. No need to check minor version, since - * that's compatible across readers matching the major version, and we - * haven't added any new fields. - */ - if (block->c.struct_version_major != VB21_KEYBLOCK_VERSION_MAJOR) - return VB2_ERROR_KEYBLOCK_HEADER_VERSION; - - /* Make sure header is big enough */ - if (block->c.fixed_size < sizeof(*block)) - return VB2_ERROR_KEYBLOCK_SIZE; - - /* Make sure data key is inside */ - rv = vb21_verify_common_subobject(block, &min_offset, - block->key_offset); - if (rv) - return rv; - - /* Loop over signatures */ - sig_offset = block->sig_offset; - for (i = 0; i < block->sig_count; i++, sig_offset = min_offset) { - struct vb21_signature *sig; - - /* Make sure signature is inside keyblock */ - rv = vb21_verify_common_subobject(block, &min_offset, - sig_offset); - if (rv) - return rv; - - sig = (struct vb21_signature *)((uint8_t *)block + sig_offset); - - /* Verify the signature integrity */ - rv = vb21_verify_signature(sig, - block->c.total_size - sig_offset); - if (rv) - return rv; - - /* Skip signature if it doesn't match the key ID */ - if (memcmp(&sig->id, key->id, VB2_ID_NUM_BYTES)) - continue; - - /* Make sure we signed the right amount of data */ - if (sig->data_size != block->sig_offset) - return VB2_ERROR_KEYBLOCK_SIGNED_SIZE; - - return vb21_verify_data(block, block->sig_offset, sig, key, wb); - } - - /* If we're still here, no signature matched the key ID */ - return VB2_ERROR_KEYBLOCK_SIG_ID; -} - -vb2_error_t vb21_verify_fw_preamble(struct vb21_fw_preamble *preamble, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - struct vb21_signature *sig; - uint32_t min_offset = 0, hash_offset; - vb2_error_t rv, i; - - /* Check magic number */ - if (preamble->c.magic != VB21_MAGIC_FW_PREAMBLE) - return VB2_ERROR_PREAMBLE_MAGIC; - - /* Make sure common header is good */ - rv = vb21_verify_common_header(preamble, size); - if (rv) - return rv; - - /* - * Check for compatible version. No need to check minor version, since - * that's compatible across readers matching the major version, and we - * haven't added any new fields. - */ - if (preamble->c.struct_version_major != VB21_FW_PREAMBLE_VERSION_MAJOR) - return VB2_ERROR_PREAMBLE_HEADER_VERSION; - - /* Make sure header is big enough */ - if (preamble->c.fixed_size < sizeof(*preamble)) - return VB2_ERROR_PREAMBLE_SIZE; - - /* Make sure all hash signatures are inside */ - hash_offset = preamble->hash_offset; - for (i = 0; i < preamble->hash_count; i++, hash_offset = min_offset) { - /* Make sure signature is inside preamble */ - rv = vb21_verify_common_subobject(preamble, &min_offset, - hash_offset); - if (rv) - return rv; - - sig = (struct vb21_signature *) - ((uint8_t *)preamble + hash_offset); - - /* Verify the signature integrity */ - rv = vb21_verify_signature( - sig, preamble->c.total_size - hash_offset); - if (rv) - return rv; - - /* Hashes must all be unsigned */ - if (sig->sig_alg != VB2_SIG_NONE) - return VB2_ERROR_PREAMBLE_HASH_SIGNED; - } - - /* Make sure signature is inside preamble */ - rv = vb21_verify_common_subobject(preamble, &min_offset, - preamble->sig_offset); - if (rv) - return rv; - - /* Verify preamble signature */ - sig = (struct vb21_signature *)((uint8_t *)preamble + - preamble->sig_offset); - - rv = vb21_verify_data(preamble, preamble->sig_offset, sig, key, wb); - if (rv) - return rv; - - return VB2_SUCCESS; -} diff --git a/firmware/lib21/include/vb21_common.h b/firmware/lib21/include/vb21_common.h index 6362a150..442ccb07 100644 --- a/firmware/lib21/include/vb21_common.h +++ b/firmware/lib21/include/vb21_common.h @@ -144,38 +144,6 @@ vb2_error_t vb21_verify_data(const void *data, uint32_t size, const struct vb2_public_key *key, const struct vb2_workbuf *wb); -/** - * Check the sanity of a keyblock using a public key. - * - * Header fields are also checked for sanity. Does not verify key index or key - * block flags. Signature inside block is destroyed during check. - * - * @param block Keyblock to verify - * @param size Size of keyblock buffer - * @param key Key to use to verify block - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb21_verify_keyblock(struct vb21_keyblock *block, uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - -/** - * Check the sanity of a firmware preamble using a public key. - * - * The signature in the preamble is destroyed during the check. - * - * @param preamble Preamble to verify - * @param size Size of preamble buffer - * @param key Key to use to verify preamble - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb21_verify_fw_preamble(struct vb21_fw_preamble *preamble, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/firmware/lib21/include/vb21_struct.h b/firmware/lib21/include/vb21_struct.h index 18cfb8dd..6f91e36c 100644 --- a/firmware/lib21/include/vb21_struct.h +++ b/firmware/lib21/include/vb21_struct.h @@ -11,9 +11,8 @@ #ifndef VBOOT_REFERENCE_VB21_STRUCT_H_ #define VBOOT_REFERENCE_VB21_STRUCT_H_ -#include <stdint.h> - #include "2id.h" +#include "2sysincludes.h" #ifdef __cplusplus extern "C" { @@ -28,18 +27,9 @@ extern "C" { * structs as invalid. */ enum vb21_struct_common_magic { - /* "Vb2B" = vb21_keyblock.c.magic */ - VB21_MAGIC_KEYBLOCK = 0x42326256, - - /* "Vb2F" = vb21_fw_preamble.c.magic */ - VB21_MAGIC_FW_PREAMBLE = 0x46326256, - /* "Vb2I" = vb21_packed_private_key.c.magic */ VB21_MAGIC_PACKED_PRIVATE_KEY = 0x49326256, - /* "Vb2K" = vb2_kernel_preamble.c.magic */ - VB21_MAGIC_KERNEL_PREAMBLE = 0x4b326256, - /* "Vb2P" = vb21_packed_key.c.magic */ VB21_MAGIC_PACKED_KEY = 0x50326256, @@ -236,114 +226,6 @@ struct vb21_signature { #define EXPECTED_VB21_SIGNATURE_SIZE \ (EXPECTED_VB21_STRUCT_COMMON_SIZE + 16 + EXPECTED_ID_SIZE) - -/* Current version of vb21_keyblock struct */ -#define VB21_KEYBLOCK_VERSION_MAJOR 3 -#define VB21_KEYBLOCK_VERSION_MINOR 0 - -/* - * Keyblock. This contains a signed, versioned key for use in the next stage - * of verified boot. - * - * The keyblock data must be arranged like this: - * 1) vb21_keyblock header struct h - * 2) Keyblock description (pointed to by h.c.fixed_size) - * 3) Data key (pointed to by h.data_key_offset) - * 4) Signatures (first signature pointed to by h.sig_offset) - * - * The signatures from 4) must cover all the data from 1), 2), 3). That is, - * signatures must sign all data up to sig_offset. - */ -struct vb21_keyblock { - /* Common header fields */ - struct vb21_struct_common c; - - /* Flags (VB2_KEYBLOCK_FLAG_*) */ - uint32_t flags; - - /* - * Offset of key (struct vb21_packed_key) to use in next stage of - * verification, from start of the keyblock. - */ - uint32_t key_offset; - - /* Number of keyblock signatures which follow */ - uint32_t sig_count; - - /* - * Offset of the first signature (struct vb21_signature) from the start - * of the keyblock. - * - * Signatures sign the contents of this struct and the data pointed to - * by data_key_offset, but not themselves or other signatures. - * - * For the firmware, there may be only one signature. - * - * Kernels often have at least two signatures - one using the kernel - * subkey from the RW firmware (for signed kernels) and one which is - * simply a SHA-512 hash (for unsigned developer kernels). - * - * The ID for each signature indicates which key was used to generate - * the signature. - */ - uint32_t sig_offset; -} __attribute__((packed)); - -#define EXPECTED_VB21_KEYBLOCK_SIZE (EXPECTED_VB21_STRUCT_COMMON_SIZE + 16) - - -/* Current version of vb21_fw_preamble struct */ -#define VB21_FW_PREAMBLE_VERSION_MAJOR 3 -#define VB21_FW_PREAMBLE_VERSION_MINOR 0 - -/* Flags for vb21_fw_preamble.flags */ -/* Reserved; do not use */ -#define VB21_FIRMWARE_PREAMBLE_RESERVED0 0x00000001 -/* Do not allow use of any hardware crypto accelerators. */ -#define VB21_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002 - -/* - * Firmware preamble - * - * The preamble data must be arranged like this: - * 1) vb21_fw_preamble header struct h - * 2) Preamble description (pointed to by h.c.fixed_size) - * 3) Hashes (pointed to by h.hash_offset) - * 4) Signature (pointed to by h.sig_offset) - * - * The signature 4) must cover all the data from 1), 2), 3). - */ -struct vb21_fw_preamble { - /* Common header fields */ - struct vb21_struct_common c; - - /* Flags; see VB21_FIRMWARE_PREAMBLE_* */ - uint32_t flags; - - /* Firmware version */ - uint32_t fw_version; - - /* Offset of signature (struct vb21_signature) for this preamble */ - uint32_t sig_offset; - - /* - * The preamble contains a list of hashes (struct vb21_signature) for - * the various firmware components. These have sig_alg=VB2_SIG_NONE, - * and the ID for each hash identifies the component being hashed. - * The calling firmware is responsible for knowing where to find those - * components, which may be on a different storage device than this - * preamble. - */ - - /* Number of hash entries */ - uint32_t hash_count; - - /* Offset of first hash entry from start of preamble */ - uint32_t hash_offset; -} __attribute__((packed)); - -#define EXPECTED_VB21_FW_PREAMBLE_SIZE (EXPECTED_VB21_STRUCT_COMMON_SIZE + 20) - #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/firmware/lib21/misc.c b/firmware/lib21/misc.c deleted file mode 100644 index ca1a012f..00000000 --- a/firmware/lib21/misc.c +++ /dev/null @@ -1,245 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Misc functions which need access to vb2_context but are not public APIs - */ - -#include "2api.h" -#include "2common.h" -#include "2misc.h" -#include "2nvstorage.h" -#include "2rsa.h" -#include "2secdata.h" -#include "2sha.h" -#include "2sysincludes.h" -#include "vb21_common.h" - -/** - * Read an object with a common struct header from a verified boot resource. - * - * On success, an object buffer will be allocated in the work buffer, the - * object will be stored into the buffer, and *buf_ptr will point to the - * object. - * - * @param ctx Vboot context - * @param index Resource index to read - * @param offset Byte offset within resource to start at - * @param buf_ptr Destination for object pointer - * @return VB2_SUCCESS, or error code on error. - */ -static vb2_error_t vb21_read_resource_object(struct vb2_context *ctx, - enum vb2_resource_index index, - uint32_t offset, - struct vb2_workbuf *wb, - void **buf_ptr) -{ - struct vb21_struct_common c; - void *buf; - vb2_error_t rv; - - *buf_ptr = NULL; - - /* Read the common header */ - rv = vb2ex_read_resource(ctx, index, offset, &c, sizeof(c)); - if (rv) - return rv; - - /* Allocate a buffer for the object, now that we know how big it is */ - buf = vb2_workbuf_alloc(wb, c.total_size); - if (!buf) - return VB2_ERROR_READ_RESOURCE_OBJECT_BUF; - - /* Read the object */ - rv = vb2ex_read_resource(ctx, index, offset, buf, c.total_size); - if (rv) { - vb2_workbuf_free(wb, c.total_size); - return rv; - } - - /* Save the pointer */ - *buf_ptr = buf; - return VB2_SUCCESS; -} - -vb2_error_t vb21_load_fw_keyblock(struct vb2_context *ctx) -{ - struct vb2_shared_data *sd = vb2_get_sd(ctx); - struct vb2_gbb_header *gbb = vb2_get_gbb(ctx); - struct vb2_workbuf wb; - - uint8_t *key_data; - uint32_t key_size; - struct vb21_packed_key *packed_key; - struct vb2_public_key root_key; - struct vb21_keyblock *kb; - - vb2_error_t rv; - - vb2_workbuf_from_ctx(ctx, &wb); - - /* Read the root key */ - key_size = gbb->rootkey_size; - key_data = vb2_workbuf_alloc(&wb, key_size); - if (!key_data) - return VB2_ERROR_FW_KEYBLOCK_WORKBUF_ROOT_KEY; - - rv = vb2ex_read_resource(ctx, VB2_RES_GBB, gbb->rootkey_offset, - key_data, key_size); - if (rv) - return rv; - - /* Unpack the root key */ - rv = vb21_unpack_key(&root_key, key_data, key_size); - if (rv) - return rv; - - /* - * Load the firmware keyblock common header into the work buffer after - * the root key. - */ - rv = vb21_read_resource_object(ctx, VB2_RES_FW_VBLOCK, 0, &wb, - (void **)&kb); - if (rv) - return rv; - - /* Verify the keyblock */ - rv = vb21_verify_keyblock(kb, kb->c.total_size, &root_key, &wb); - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv); - return rv; - } - - /* Preamble follows the keyblock in the vblock */ - sd->vblock_preamble_offset = kb->c.total_size; - - packed_key = (struct vb21_packed_key *)((uint8_t *)kb + kb->key_offset); - - /* Key version is the upper 16 bits of the composite firmware version */ - if (packed_key->key_version > 0xffff) - rv = VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE; - if (!rv && packed_key->key_version < (sd->fw_version_secdata >> 16)) { - if (gbb->flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) - VB2_DEBUG("Ignoring FW key rollback due to GBB flag\n"); - else - rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; - } - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv); - return rv; - } - - sd->fw_version = packed_key->key_version << 16; - - /* - * Save the data key in the work buffer. This overwrites the root key - * we read above. That's ok, because now that we have the data key we - * no longer need the root key. - * - * Use memmove() instead of memcpy(). In theory, the destination will - * never overlap with the source because the root key is likely to be - * at least as large as the data key, but there's no harm here in being - * paranoid. - */ - memmove(key_data, packed_key, packed_key->c.total_size); - packed_key = (struct vb21_packed_key *)key_data; - - /* Save the packed key offset and size */ - sd->data_key_offset = vb2_offset_of(sd, key_data); - sd->data_key_size = packed_key->c.total_size; - - /* Data key will persist in the workbuf after we return */ - vb2_set_workbuf_used(ctx, sd->data_key_offset + sd->data_key_size); - - return VB2_SUCCESS; -} - -vb2_error_t vb21_load_fw_preamble(struct vb2_context *ctx) -{ - struct vb2_shared_data *sd = vb2_get_sd(ctx); - struct vb2_gbb_header *gbb = vb2_get_gbb(ctx); - struct vb2_workbuf wb; - - uint8_t *key_data = vb2_member_of(sd, sd->data_key_offset); - uint32_t key_size = sd->data_key_size; - struct vb2_public_key data_key; - - /* Preamble goes in the next unused chunk of work buffer */ - struct vb21_fw_preamble *pre; - - vb2_error_t rv; - - vb2_workbuf_from_ctx(ctx, &wb); - - /* Unpack the firmware data key */ - if (!sd->data_key_size) - return VB2_ERROR_FW_PREAMBLE2_DATA_KEY; - - rv = vb21_unpack_key(&data_key, key_data, key_size); - if (rv) - return rv; - - /* Load the firmware preamble */ - rv = vb21_read_resource_object(ctx, VB2_RES_FW_VBLOCK, - sd->vblock_preamble_offset, &wb, - (void **)&pre); - if (rv) - return rv; - - /* Work buffer now contains the data subkey data and the preamble */ - - /* Verify the preamble */ - rv = vb21_verify_fw_preamble(pre, pre->c.total_size, &data_key, &wb); - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv); - return rv; - } - - /* Move the preamble down now that the data key is no longer used */ - memmove(key_data, pre, pre->c.total_size); - pre = (struct vb21_fw_preamble *)key_data; - - /* Data key is now gone */ - sd->data_key_offset = sd->data_key_size = 0; - - /* - * Firmware version is the lower 16 bits of the composite firmware - * version. - */ - if (pre->fw_version > 0xffff) - rv = VB2_ERROR_FW_PREAMBLE_VERSION_RANGE; - /* Combine with the key version from vb2_load_fw_keyblock() */ - sd->fw_version |= pre->fw_version; - if (!rv && sd->fw_version < sd->fw_version_secdata) { - if (gbb->flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) - VB2_DEBUG("Ignoring FW rollback due to GBB flag\n"); - else - rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; - } - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv); - return rv; - } - - /* - * If this is a newer version than in secure storage, and we - * successfully booted the same slot last boot, roll forward the - * version in secure storage. - */ - if (sd->fw_version > sd->fw_version_secdata && - sd->last_fw_slot == sd->fw_slot && - sd->last_fw_result == VB2_FW_RESULT_SUCCESS) { - sd->fw_version_secdata = sd->fw_version; - vb2_secdata_firmware_set(ctx, VB2_SECDATA_FIRMWARE_VERSIONS, - sd->fw_version); - } - - /* Keep track of where we put the preamble */ - sd->preamble_offset = vb2_offset_of(sd, pre); - sd->preamble_size = pre->c.total_size; - - /* Preamble will persist in work buffer after we return */ - vb2_set_workbuf_used(ctx, sd->preamble_offset + sd->preamble_size); - - return VB2_SUCCESS; -} diff --git a/host/lib21/host_fw_preamble.c b/host/lib21/host_fw_preamble.c deleted file mode 100644 index ea2da988..00000000 --- a/host/lib21/host_fw_preamble.c +++ /dev/null @@ -1,80 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Host functions for keyblocks - */ - -#include "2common.h" -#include "2rsa.h" -#include "2sysincludes.h" -#include "host_common.h" -#include "host_fw_preamble2.h" -#include "host_key2.h" -#include "host_keyblock2.h" -#include "host_misc.h" -#include "host_signature2.h" -#include "vb21_common.h" - -vb2_error_t vb21_fw_preamble_create(struct vb21_fw_preamble **fp_ptr, - const struct vb2_private_key *signing_key, - const struct vb21_signature **hash_list, - uint32_t hash_count, uint32_t fw_version, - uint32_t flags, const char *desc) -{ - struct vb21_fw_preamble fp = { - .c.magic = VB21_MAGIC_FW_PREAMBLE, - .c.struct_version_major = VB21_FW_PREAMBLE_VERSION_MAJOR, - .c.struct_version_minor = VB21_FW_PREAMBLE_VERSION_MAJOR, - .c.fixed_size = sizeof(fp), - .c.desc_size = vb2_desc_size(desc), - .flags = flags, - .fw_version = fw_version, - .hash_count = hash_count, - }; - - uint32_t hash_next; - uint32_t sig_size; - uint8_t *buf; - int i; - - *fp_ptr = NULL; - - /* Determine component sizes */ - hash_next = fp.hash_offset = fp.c.fixed_size + fp.c.desc_size; - - for (i = 0; i < hash_count; i++) - hash_next += hash_list[i]->c.total_size; - - fp.sig_offset = hash_next; - - if (vb21_sig_size_for_key(&sig_size, signing_key, NULL)) - return VB2_FW_PREAMBLE_CREATE_SIG_SIZE; - - fp.c.total_size = fp.sig_offset + sig_size; - - /* Allocate buffer and copy components */ - buf = calloc(fp.c.total_size, 1); - if (!buf) - return VB2_FW_PREAMBLE_CREATE_ALLOC; - - memcpy(buf, &fp, sizeof(fp)); - if (fp.c.desc_size) - strcpy((char *)buf + fp.c.fixed_size, desc); - - hash_next = fp.hash_offset; - for (i = 0; i < hash_count; i++) { - memcpy(buf + hash_next, hash_list[i], - hash_list[i]->c.total_size); - hash_next += hash_list[i]->c.total_size; - } - - /* Sign the preamble */ - if (vb21_sign_object(buf, fp.sig_offset, signing_key, NULL)) { - free(buf); - return VB2_FW_PREAMBLE_CREATE_SIGN; - } - - *fp_ptr = (struct vb21_fw_preamble *)buf; - return VB2_SUCCESS; -} diff --git a/host/lib21/host_keyblock.c b/host/lib21/host_keyblock.c deleted file mode 100644 index d52afe23..00000000 --- a/host/lib21/host_keyblock.c +++ /dev/null @@ -1,76 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Host functions for keyblocks - */ - -#include "2common.h" -#include "2rsa.h" -#include "2sysincludes.h" -#include "host_common.h" -#include "host_key2.h" -#include "host_keyblock2.h" -#include "host_misc.h" -#include "host_signature2.h" -#include "vb21_common.h" - -vb2_error_t vb21_keyblock_create(struct vb21_keyblock **kb_ptr, - const struct vb2_public_key *data_key, - const struct vb2_private_key **signing_keys, - uint32_t signing_key_count, uint32_t flags, - const char *desc) -{ - struct vb21_keyblock kb = { - .c.magic = VB21_MAGIC_KEYBLOCK, - .c.struct_version_major = VB21_KEYBLOCK_VERSION_MAJOR, - .c.struct_version_minor = VB21_KEYBLOCK_VERSION_MAJOR, - .c.fixed_size = sizeof(kb), - .flags = flags, - .sig_count = signing_key_count, - }; - - struct vb21_packed_key *key = NULL; - uint32_t sig_size; - uint8_t *buf; - - *kb_ptr = NULL; - - /* Determine component sizes */ - if (!desc) - desc = data_key->desc; - kb.c.desc_size = vb2_desc_size(desc); - kb.key_offset = kb.c.fixed_size + kb.c.desc_size; - - if (vb21_sig_size_for_keys(&sig_size, signing_keys, signing_key_count)) - return VB2_KEYBLOCK_CREATE_SIG_SIZE; - - if (vb21_public_key_pack(&key, data_key)) - return VB2_KEYBLOCK_CREATE_DATA_KEY; - - kb.sig_offset = kb.key_offset + key->c.total_size; - kb.c.total_size = kb.sig_offset + sig_size; - - /* Allocate buffer and copy header and data key */ - buf = calloc(1, kb.c.total_size); - if (!buf) { - free(key); - return VB2_KEYBLOCK_CREATE_ALLOC; - } - - memcpy(buf, &kb, sizeof(kb)); - if (kb.c.desc_size) - strcpy((char *)buf + kb.c.fixed_size, desc); - memcpy(buf + kb.key_offset, key, key->c.total_size); - free(key); - - /* Sign the keyblock */ - if (vb21_sign_object_multiple(buf, kb.sig_offset, signing_keys, - signing_key_count)) { - free(buf); - return VB2_KEYBLOCK_CREATE_SIGN; - } - - *kb_ptr = (struct vb21_keyblock *)buf; - return VB2_SUCCESS; -} diff --git a/host/lib21/include/host_fw_preamble2.h b/host/lib21/include/host_fw_preamble2.h deleted file mode 100644 index d0bed1ef..00000000 --- a/host/lib21/include/host_fw_preamble2.h +++ /dev/null @@ -1,33 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Host-side functions for firmware preamble - */ - -#ifndef VBOOT_REFERENCE_HOST_FW_PREAMBLE2_H_ -#define VBOOT_REFERENCE_HOST_FW_PREAMBLE2_H_ - -struct vb2_private_key; -struct vb21_fw_preamble; -struct vb21_signature; -/** - * Create and sign a firmware preamble. - * - * @param fp_ptr On success, points to a newly allocated preamble buffer. - * Caller is responsible for calling free() on this. - * @param signing_key Key to sign the preamble with - * @param hash_list Component hashes to include in the keyblock - * @param hash_count Number of component hashes - * @param fw_version Firmware version - * @param flags Flags for preamble - * @param desc Description for preamble, or NULL if none - * @return VB2_SUCCESS, or non-zero error code if failure. - */ -vb2_error_t vb21_fw_preamble_create(struct vb21_fw_preamble **fp_ptr, - const struct vb2_private_key *signing_key, - const struct vb21_signature **hash_list, - uint32_t hash_count, uint32_t fw_version, - uint32_t flags, const char *desc); - -#endif /* VBOOT_REFERENCE_HOST_FW_PREAMBLE2_H_ */ diff --git a/host/lib21/include/host_keyblock2.h b/host/lib21/include/host_keyblock2.h deleted file mode 100644 index faa51d26..00000000 --- a/host/lib21/include/host_keyblock2.h +++ /dev/null @@ -1,34 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Host-side functions for verified boot key structures - */ - -#ifndef VBOOT_REFERENCE_HOST_KEYBLOCK2_H_ -#define VBOOT_REFERENCE_HOST_KEYBLOCK2_H_ - -struct vb2_private_key; -struct vb2_public_key; -struct vb21_keyblock; - -/** - * Create and sign a keyblock. - * - * @param kb_ptr On success, points to a newly allocated keyblock buffer. - * Caller is responsible for calling free() on this. - * @param data_key Data key to contain inside keyblock. - * @param signing_keys List of keys to sign the keyblock with. - * @param signing_key_count Number of keys in signing_keys. - * @param flags Flags for keyblock. - * @param desc Description for keyblock. If NULL, description will be - * taken from the data key. - * @return VB2_SUCCESS, or non-zero error code if failure. - */ -vb2_error_t vb21_keyblock_create(struct vb21_keyblock **kb_ptr, - const struct vb2_public_key *data_key, - const struct vb2_private_key **signing_keys, - uint32_t signing_key_count, uint32_t flags, - const char *desc); - -#endif /* VBOOT_REFERENCE_HOST_KEYBLOCK2_H_ */ diff --git a/tests/vb21_api_tests.c b/tests/vb21_api_tests.c deleted file mode 100644 index 21de87d3..00000000 --- a/tests/vb21_api_tests.c +++ /dev/null @@ -1,371 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Tests for api library, new style structs - */ - -#include <stdio.h> - -#include "2api.h" -#include "2common.h" -#include "2misc.h" -#include "2nvstorage.h" -#include "2rsa.h" -#include "2secdata.h" -#include "2sysincludes.h" -#include "host_key2.h" -#include "host_signature2.h" -#include "test_common.h" -#include "vb21_common.h" - -/* Common context for tests */ -static uint8_t workbuf[VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE] - __attribute__((aligned(VB2_WORKBUF_ALIGN))); -static struct vb2_context *ctx; -static struct vb2_shared_data *sd; - -static const uint8_t mock_body[320] = "Mock body"; -static const int mock_body_size = sizeof(mock_body); -static const int mock_hash_alg = VB2_HASH_SHA256; -static int mock_sig_size; - -static const struct vb2_id test_id[4] = { - {.raw = {0x11}}, - {.raw = {0x22}}, - {.raw = {0x33}}, - {.raw = {0x44}}, -}; - -/* Mocked function data */ - -static enum { - HWCRYPTO_DISABLED, - HWCRYPTO_ENABLED, - HWCRYPTO_FORBIDDEN, -} hwcrypto_state; - -static struct vb2_digest_context hwcrypto_emulation_dc; - -static vb2_error_t retval_hwcrypto; -static vb2_error_t retval_vb21_load_fw_keyblock; -static vb2_error_t retval_vb21_load_fw_preamble; - -/* Type of test to reset for */ -enum reset_type { - FOR_MISC, - FOR_EXTEND_HASH, - FOR_CHECK_HASH, -}; - -static void reset_common_data(enum reset_type t) -{ - const struct vb2_private_key *hash_key; - struct vb21_fw_preamble *pre; - struct vb21_signature *sig; - uint32_t sig_offset; - - int i; - - memset(workbuf, 0xaa, sizeof(workbuf)); - - TEST_SUCC(vb2api_init(workbuf, sizeof(workbuf), &ctx), - "vb2api_init failed"); - - sd = vb2_get_sd(ctx); - vb2_nv_init(ctx); - - vb2api_secdata_firmware_create(ctx); - vb2_secdata_firmware_init(ctx); - - memset(&hwcrypto_emulation_dc, 0, sizeof(hwcrypto_emulation_dc)); - retval_hwcrypto = VB2_SUCCESS; - retval_vb21_load_fw_keyblock = VB2_SUCCESS; - retval_vb21_load_fw_preamble = VB2_SUCCESS; - - vb2_private_key_hash(&hash_key, mock_hash_alg); - - sd->preamble_offset = sd->workbuf_used; - pre = vb2_member_of(sd, sd->preamble_offset); - pre->hash_count = 3; - pre->hash_offset = sig_offset = sizeof(*pre); - if (hwcrypto_state == HWCRYPTO_FORBIDDEN) - pre->flags = VB21_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO; - else - pre->flags = 0; - - for (i = 0; i < 3; i++) { - vb21_sign_data(&sig, mock_body, mock_body_size - 16 * i, - hash_key, NULL); - memcpy(&sig->id, test_id + i, sizeof(sig->id)); - memcpy((uint8_t *)pre + sig_offset, sig, sig->c.total_size); - sig_offset += sig->c.total_size; - mock_sig_size = sig->c.total_size; - free(sig); - } - - sd->preamble_size = sig_offset; - sd->workbuf_used = vb2_wb_round_up(sd->preamble_offset + - sd->preamble_size); - - if (t == FOR_EXTEND_HASH || t == FOR_CHECK_HASH) - vb21api_init_hash(ctx, test_id, NULL); - - if (t == FOR_CHECK_HASH) - vb2api_extend_hash(ctx, mock_body, mock_body_size); -}; - -/* Mocked functions */ - -vb2_error_t vb21_load_fw_keyblock(struct vb2_context *c) -{ - return retval_vb21_load_fw_keyblock; -} - -vb2_error_t vb21_load_fw_preamble(struct vb2_context *c) -{ - return retval_vb21_load_fw_preamble; -} - -vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, - uint32_t data_size) -{ - vb2_digest_init(&hwcrypto_emulation_dc, hash_alg); - - switch (hwcrypto_state) { - case HWCRYPTO_DISABLED: - return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; - case HWCRYPTO_ENABLED: - if (hash_alg != mock_hash_alg) - return VB2_ERROR_SHA_INIT_ALGORITHM; - else - return retval_hwcrypto; - case HWCRYPTO_FORBIDDEN: - default: - return VB2_ERROR_UNKNOWN; - } -} - -vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) -{ - vb2_digest_extend(&hwcrypto_emulation_dc, buf, size); - - if (hwcrypto_state != HWCRYPTO_ENABLED) - return VB2_ERROR_UNKNOWN; - - return retval_hwcrypto; -} - -vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, - uint32_t digest_size) -{ - vb2_digest_finalize(&hwcrypto_emulation_dc, digest, digest_size); - - if (hwcrypto_state != HWCRYPTO_ENABLED) - return VB2_ERROR_UNKNOWN; - - return retval_hwcrypto; -} - -/* Tests */ - -static void phase3_tests(void) -{ - reset_common_data(FOR_MISC); - TEST_SUCC(vb21api_fw_phase3(ctx), "phase3 good"); - - reset_common_data(FOR_MISC); - retval_vb21_load_fw_keyblock = VB2_ERROR_MOCK; - TEST_EQ(vb21api_fw_phase3(ctx), VB2_ERROR_MOCK, "phase3 keyblock"); - TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST), - VB2_RECOVERY_RO_INVALID_RW, " recovery reason"); - - reset_common_data(FOR_MISC); - retval_vb21_load_fw_preamble = VB2_ERROR_MOCK; - TEST_EQ(vb21api_fw_phase3(ctx), VB2_ERROR_MOCK, "phase3 keyblock"); - TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST), - VB2_RECOVERY_RO_INVALID_RW, " recovery reason"); -} - -static void init_hash_tests(void) -{ - struct vb21_fw_preamble *pre; - struct vb21_signature *sig; - int expected_offset; - int wb_used_before; - uint32_t size; - - reset_common_data(FOR_MISC); - pre = vb2_member_of(sd, sd->preamble_offset); - sig = (struct vb21_signature *)((uint8_t *)pre + pre->hash_offset); - - expected_offset = sd->workbuf_used; - TEST_SUCC(vb21api_init_hash(ctx, test_id, &size), - "init hash good"); - TEST_EQ(sd->hash_offset, expected_offset, - "hash context offset"); - TEST_EQ(sd->hash_size, sizeof(struct vb2_digest_context), - "hash context size"); - TEST_EQ(sd->workbuf_used, - vb2_wb_round_up(sd->hash_offset + - sd->hash_size), - "hash uses workbuf"); - TEST_EQ(sd->hash_tag, - sd->preamble_offset + pre->hash_offset, - "hash signature offset"); - TEST_EQ(sd->hash_remaining_size, mock_body_size, "hash remaining"); - - wb_used_before = sd->workbuf_used; - TEST_SUCC(vb21api_init_hash(ctx, test_id + 2, NULL), - "init hash again"); - TEST_EQ(sd->workbuf_used, wb_used_before, "init hash reuses context"); - TEST_EQ(sd->hash_tag, - sd->preamble_offset + pre->hash_offset + - 2 * mock_sig_size, - "hash signature offset 2"); - - reset_common_data(FOR_MISC); - TEST_EQ(vb21api_init_hash(ctx, test_id + 3, &size), - VB2_ERROR_API_INIT_HASH_ID, "init hash invalid id"); - - reset_common_data(FOR_MISC); - sd->preamble_size = 0; - TEST_EQ(vb21api_init_hash(ctx, test_id, &size), - VB2_ERROR_API_INIT_HASH_PREAMBLE, "init hash preamble"); - - reset_common_data(FOR_MISC); - sd->workbuf_used = sd->workbuf_size + VB2_WORKBUF_ALIGN - - vb2_wb_round_up(sizeof(struct vb2_digest_context)); - TEST_EQ(vb21api_init_hash(ctx, test_id, &size), - VB2_ERROR_API_INIT_HASH_WORKBUF, "init hash workbuf"); - - reset_common_data(FOR_MISC); - sig->hash_alg = VB2_HASH_INVALID; - TEST_EQ(vb21api_init_hash(ctx, test_id, &size), - VB2_ERROR_SHA_INIT_ALGORITHM, "init hash algorithm"); - - if (hwcrypto_state == HWCRYPTO_ENABLED) { - reset_common_data(FOR_MISC); - retval_hwcrypto = VB2_ERROR_MOCK; - TEST_EQ(vb21api_init_hash(ctx, test_id, &size), - VB2_ERROR_MOCK, "init hash use hwcrypto"); - } -} - -static void extend_hash_tests(void) -{ - struct vb2_digest_context *dc; - - reset_common_data(FOR_EXTEND_HASH); - TEST_SUCC(vb2api_extend_hash(ctx, mock_body, 32), - "hash extend good"); - TEST_EQ(sd->hash_remaining_size, mock_body_size - 32, - "hash extend remaining"); - TEST_SUCC(vb2api_extend_hash(ctx, mock_body, mock_body_size - 32), - "hash extend again"); - TEST_EQ(sd->hash_remaining_size, 0, "hash extend remaining 2"); - - reset_common_data(FOR_EXTEND_HASH); - sd->hash_size = 0; - TEST_EQ(vb2api_extend_hash(ctx, mock_body, mock_body_size), - VB2_ERROR_API_EXTEND_HASH_WORKBUF, "hash extend no workbuf"); - - reset_common_data(FOR_EXTEND_HASH); - TEST_EQ(vb2api_extend_hash(ctx, mock_body, mock_body_size + 1), - VB2_ERROR_API_EXTEND_HASH_SIZE, "hash extend too much"); - - reset_common_data(FOR_EXTEND_HASH); - TEST_EQ(vb2api_extend_hash(ctx, mock_body, 0), - VB2_ERROR_API_EXTEND_HASH_SIZE, "hash extend empty"); - - if (hwcrypto_state == HWCRYPTO_ENABLED) { - reset_common_data(FOR_EXTEND_HASH); - retval_hwcrypto = VB2_ERROR_MOCK; - TEST_EQ(vb2api_extend_hash(ctx, mock_body, mock_body_size), - VB2_ERROR_MOCK, "hash extend use hwcrypto"); - } else { - reset_common_data(FOR_EXTEND_HASH); - dc = (struct vb2_digest_context *) - vb2_member_of(sd, sd->hash_offset); - dc->hash_alg = VB2_HASH_INVALID; - TEST_EQ(vb2api_extend_hash(ctx, mock_body, mock_body_size), - VB2_ERROR_SHA_EXTEND_ALGORITHM, "hash extend fail"); - } -} - -static void check_hash_tests(void) -{ - struct vb21_fw_preamble *pre; - struct vb21_signature *sig; - struct vb2_digest_context *dc; - - reset_common_data(FOR_CHECK_HASH); - pre = vb2_member_of(sd, sd->preamble_offset); - sig = vb2_member_of(pre, pre->hash_offset); - dc = vb2_member_of(sd, sd->hash_offset); - - TEST_SUCC(vb21api_check_hash(ctx), "check hash good"); - - reset_common_data(FOR_CHECK_HASH); - sd->hash_tag = 0; - TEST_EQ(vb21api_check_hash(ctx), - VB2_ERROR_API_CHECK_HASH_TAG, "check hash tag"); - - reset_common_data(FOR_CHECK_HASH); - sd->hash_size = 0; - TEST_EQ(vb21api_check_hash(ctx), - VB2_ERROR_API_CHECK_HASH_WORKBUF, "check hash no workbuf"); - - reset_common_data(FOR_CHECK_HASH); - sd->hash_remaining_size = 1; - TEST_EQ(vb21api_check_hash(ctx), - VB2_ERROR_API_CHECK_HASH_SIZE, "check hash size"); - - reset_common_data(FOR_CHECK_HASH); - sd->workbuf_used = sd->workbuf_size; - TEST_EQ(vb21api_check_hash(ctx), - VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST, "check hash workbuf"); - - reset_common_data(FOR_CHECK_HASH); - *((uint8_t *)sig + sig->sig_offset) ^= 0x55; - TEST_EQ(vb21api_check_hash(ctx), - VB2_ERROR_API_CHECK_HASH_SIG, "check hash sig"); - - if (hwcrypto_state == HWCRYPTO_ENABLED) { - reset_common_data(FOR_CHECK_HASH); - retval_hwcrypto = VB2_ERROR_MOCK; - TEST_EQ(vb21api_check_hash(ctx), - VB2_ERROR_MOCK, "check hash use hwcrypto"); - } else { - reset_common_data(FOR_CHECK_HASH); - dc->hash_alg = VB2_HASH_INVALID; - *((uint8_t *)sig + sig->sig_offset) ^= 0x55; - TEST_EQ(vb21api_check_hash(ctx), - VB2_ERROR_SHA_FINALIZE_ALGORITHM, "check hash finaliz"); - } -} - -int main(int argc, char* argv[]) -{ - phase3_tests(); - - fprintf(stderr, "Running hash API tests without hwcrypto support...\n"); - hwcrypto_state = HWCRYPTO_DISABLED; - init_hash_tests(); - extend_hash_tests(); - check_hash_tests(); - - fprintf(stderr, "Running hash API tests with hwcrypto support...\n"); - hwcrypto_state = HWCRYPTO_ENABLED; - init_hash_tests(); - extend_hash_tests(); - check_hash_tests(); - - fprintf(stderr, "Running hash API tests with forbidden hwcrypto...\n"); - hwcrypto_state = HWCRYPTO_FORBIDDEN; - init_hash_tests(); - extend_hash_tests(); - check_hash_tests(); - - return gTestSuccess ? 0 : 255; -} diff --git a/tests/vb21_common_tests.c b/tests/vb21_common_tests.c index 94fceadc..543ebb24 100644 --- a/tests/vb21_common_tests.c +++ b/tests/vb21_common_tests.c @@ -8,16 +8,12 @@ #include "2common.h" #include "2rsa.h" #include "2sysincludes.h" -#include "host_fw_preamble2.h" #include "host_key2.h" -#include "host_keyblock2.h" #include "host_signature2.h" #include "test_common.h" #include "vb21_common.h" static const uint8_t test_data[] = "This is some test data to sign."; -static const uint8_t test_data2[] = "Some more test data"; -static const uint8_t test_data3[] = "Even more test data"; /* * Test struct packing for vboot_struct.h structs which are passed between @@ -38,12 +34,6 @@ static void test_struct_packing(void) TEST_EQ(EXPECTED_VB21_SIGNATURE_SIZE, sizeof(struct vb21_signature), "sizeof(vb21_signature)"); - TEST_EQ(EXPECTED_VB21_KEYBLOCK_SIZE, - sizeof(struct vb21_keyblock), - "sizeof(vb21_keyblock)"); - TEST_EQ(EXPECTED_VB21_FW_PREAMBLE_SIZE, - sizeof(struct vb21_fw_preamble), - "sizeof(vb21_fw_preamble)"); } /** @@ -246,279 +236,12 @@ static void test_verify_hash(void) free(sig); } -/** - * Verify keyblock - */ -static void test_verify_keyblock(void) -{ - const char desc[16] = "test keyblock"; - const struct vb2_private_key *prik[2]; - struct vb2_public_key pubk, pubk2, pubk3; - struct vb21_signature *sig; - struct vb21_keyblock *kbuf; - uint32_t buf_size; - uint8_t *buf, *buf2; - - uint8_t workbuf[VB2_KEYBLOCK_VERIFY_WORKBUF_BYTES] - __attribute__((aligned(VB2_WORKBUF_ALIGN))); - struct vb2_workbuf wb; - - TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256), - "create hash key 1"); - TEST_SUCC(vb2_public_key_hash(&pubk2, VB2_HASH_SHA512), - "create hash key 2"); - TEST_SUCC(vb2_public_key_hash(&pubk3, VB2_HASH_SHA1), - "create hash key 3"); - - TEST_SUCC(vb2_private_key_hash(prik + 0, VB2_HASH_SHA256), - "create private key 1"); - TEST_SUCC(vb2_private_key_hash(prik + 1, VB2_HASH_SHA512), - "create private key 2"); - - /* Create the test keyblock */ - TEST_SUCC(vb21_keyblock_create(&kbuf, &pubk3, prik, 2, 0x4321, desc), - "create keyblock"); - - buf = (uint8_t *)kbuf; - buf_size = kbuf->c.total_size; - - /* Make a copy of the buffer, so we can mangle it for tests */ - buf2 = malloc(buf_size); - memcpy(buf2, buf, buf_size); - - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - kbuf = (struct vb21_keyblock *)buf; - - TEST_SUCC(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - "vb21_verify_keyblock()"); - - memcpy(buf, buf2, buf_size); - TEST_SUCC(vb21_verify_keyblock(kbuf, buf_size, &pubk2, &wb), - "vb21_verify_keyblock() key 2"); - - memcpy(buf, buf2, buf_size); - TEST_EQ(vb21_verify_keyblock(kbuf, buf_size, &pubk3, &wb), - VB2_ERROR_KEYBLOCK_SIG_ID, - "vb21_verify_keyblock() key not present"); - - memcpy(buf, buf2, buf_size); - kbuf->c.magic = VB21_MAGIC_PACKED_KEY; - TEST_EQ(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_KEYBLOCK_MAGIC, - "vb21_verify_keyblock() magic"); - - memcpy(buf, buf2, buf_size); - kbuf->c.fixed_size++; - TEST_EQ(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_FIXED_UNALIGNED, - "vb21_verify_keyblock() header"); - - memcpy(buf, buf2, buf_size); - kbuf->c.struct_version_major++; - TEST_EQ(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_KEYBLOCK_HEADER_VERSION, - "vb21_verify_keyblock() major version"); - - memcpy(buf, buf2, buf_size); - kbuf->c.struct_version_minor++; - /* That changes the signature, so resign the keyblock */ - vb21_sign_data(&sig, buf, kbuf->sig_offset, prik[0], NULL); - memcpy(buf + kbuf->sig_offset, sig, sig->c.total_size); - free(sig); - TEST_SUCC(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - "vb21_verify_keyblock() minor version"); - - memcpy(buf, buf2, buf_size); - kbuf->c.fixed_size -= 4; - kbuf->c.desc_size += 4; - TEST_EQ(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_KEYBLOCK_SIZE, - "vb21_verify_keyblock() header size"); - - memcpy(buf, buf2, buf_size); - kbuf->key_offset = kbuf->c.total_size - 4; - TEST_EQ(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_MEMBER_SIZE, - "vb21_verify_keyblock() data key outside"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb21_signature *)(buf + kbuf->sig_offset); - sig->data_size--; - TEST_EQ(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_KEYBLOCK_SIGNED_SIZE, - "vb21_verify_keyblock() signed wrong size"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb21_signature *)(buf + kbuf->sig_offset); - sig->c.total_size = kbuf->c.total_size - 4; - TEST_EQ(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_TOTAL_SIZE, - "vb21_verify_keyblock() key outside keyblock"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb21_signature *)(buf + kbuf->sig_offset); - sig->c.struct_version_major++; - TEST_EQ(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_SIG_VERSION, - "vb21_verify_keyblock() corrupt key"); - - memcpy(buf, buf2, buf_size); - kbuf->c.struct_version_minor++; - TEST_EQ(vb21_verify_keyblock(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_VDATA_VERIFY_DIGEST, - "vb21_verify_keyblock() corrupt"); - - free(buf); - free(buf2); -} - -/** - * Verify firmware preamble - */ -static void test_verify_fw_preamble(void) -{ - const char desc[16] = "test preamble"; - const struct vb2_private_key *prikhash; - struct vb21_signature *hashes[3]; - struct vb2_public_key pubk; - struct vb21_signature *sig; - struct vb21_fw_preamble *pre; - uint32_t buf_size; - uint8_t *buf, *buf2; - - uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES] - __attribute__((aligned(VB2_WORKBUF_ALIGN))); - struct vb2_workbuf wb; - - /* - * Preambles will usually be signed with a real key not a bare hash, - * but the call to vb21_verify_data() inside the preamble check is the - * same (and its functionality is verified separately), and using a - * bare hash here saves us from needing to have a private key to do - * this test. - */ - TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256), - "create hash key"); - TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA256), - "Create private hash key"); - - /* Create some signatures */ - TEST_SUCC(vb21_sign_data(hashes + 0, test_data, sizeof(test_data), - prikhash, "Hash 1"), - "Hash 1"); - TEST_SUCC(vb21_sign_data(hashes + 1, test_data2, sizeof(test_data2), - prikhash, "Hash 2"), - "Hash 2"); - TEST_SUCC(vb21_sign_data(hashes + 2, test_data3, sizeof(test_data3), - prikhash, "Hash 3"), - "Hash 3"); - - /* Test good preamble */ - TEST_SUCC(vb21_fw_preamble_create( - &pre, prikhash, - (const struct vb21_signature **)hashes, - 3, 0x1234, 0x5678, desc), - "Create preamble good"); - - buf = (uint8_t *)pre; - buf_size = pre->c.total_size; - - /* Make a copy of the buffer, so we can mangle it for tests */ - buf2 = malloc(buf_size); - memcpy(buf2, buf, buf_size); - - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - pre = (struct vb21_fw_preamble *)buf; - - TEST_SUCC(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - "vb21_verify_fw_preamble()"); - - memcpy(buf, buf2, buf_size); - pre->c.magic = VB21_MAGIC_PACKED_KEY; - TEST_EQ(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - VB2_ERROR_PREAMBLE_MAGIC, - "vb21_verify_fw_preamble() magic"); - - memcpy(buf, buf2, buf_size); - pre->c.fixed_size++; - TEST_EQ(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_FIXED_UNALIGNED, - "vb21_verify_fw_preamble() header"); - - memcpy(buf, buf2, buf_size); - pre->c.struct_version_major++; - TEST_EQ(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - VB2_ERROR_PREAMBLE_HEADER_VERSION, - "vb21_verify_fw_preamble() major version"); - - memcpy(buf, buf2, buf_size); - pre->c.struct_version_minor++; - /* That changes the signature, so resign the fw_preamble */ - vb21_sign_data(&sig, buf, pre->sig_offset, prikhash, NULL); - memcpy(buf + pre->sig_offset, sig, sig->c.total_size); - free(sig); - TEST_SUCC(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - "vb21_verify_fw_preamble() minor version"); - - memcpy(buf, buf2, buf_size); - pre->c.fixed_size -= 4; - pre->c.desc_size += 4; - TEST_EQ(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - VB2_ERROR_PREAMBLE_SIZE, - "vb21_verify_fw_preamble() header size"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb21_signature *)(buf + pre->hash_offset); - sig->c.total_size += pre->c.total_size; - TEST_EQ(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_TOTAL_SIZE, - "vb21_verify_fw_preamble() hash size"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb21_signature *)(buf + pre->hash_offset); - sig->sig_size /= 2; - TEST_EQ(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - VB2_ERROR_SIG_SIZE, - "vb21_verify_fw_preamble() hash integrity"); - - memcpy(buf, buf2, buf_size); - pre->hash_count++; - TEST_EQ(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_MEMBER_OVERLAP, - "vb21_verify_fw_preamble() hash count"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb21_signature *)(buf + pre->sig_offset); - sig->c.total_size += 4; - TEST_EQ(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_TOTAL_SIZE, - "vb21_verify_fw_preamble() sig inside"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb21_signature *)(buf + pre->sig_offset); - buf[pre->sig_offset + sig->sig_offset]++; - TEST_EQ(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - VB2_ERROR_VDATA_VERIFY_DIGEST, - "vb21_verify_fw_preamble() sig corrupt"); - - memcpy(buf, buf2, buf_size); - pre->flags++; - TEST_EQ(vb21_verify_fw_preamble(pre, buf_size, &pubk, &wb), - VB2_ERROR_VDATA_VERIFY_DIGEST, - "vb21_verify_fw_preamble() preamble corrupt"); - - free(buf); - free(buf2); -} - int main(int argc, char* argv[]) { test_struct_packing(); test_common_header_functions(); test_sig_size(); test_verify_hash(); - test_verify_keyblock(); - test_verify_fw_preamble(); return gTestSuccess ? 0 : 255; } diff --git a/tests/vb21_host_fw_preamble_tests.c b/tests/vb21_host_fw_preamble_tests.c deleted file mode 100644 index c93f714f..00000000 --- a/tests/vb21_host_fw_preamble_tests.c +++ /dev/null @@ -1,120 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Tests for host library vboot2 preamble functions - */ - -#include <stdio.h> -#include <unistd.h> - -#include "2common.h" -#include "2rsa.h" -#include "2sysincludes.h" -#include "host_common.h" -#include "host_fw_preamble2.h" -#include "host_key2.h" -#include "host_signature2.h" -#include "test_common.h" -#include "vb21_common.h" - -const uint8_t test_data1[] = "Some test data"; -const uint8_t test_data2[] = "Some more test data"; -const uint8_t test_data3[] = "Even more test data"; - -static void preamble_tests(const char *keys_dir) -{ - struct vb2_private_key *prik4096; - struct vb2_public_key *pubk4096; - struct vb21_fw_preamble *fp; - const struct vb2_private_key *prikhash; - struct vb21_signature *hashes[3]; - char fname[1024]; - const char test_desc[] = "Test fw preamble"; - const uint32_t test_version = 2061; - const uint32_t test_flags = 0x11223344; - uint32_t hash_next; - int i; - - uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES] - __attribute__((aligned(VB2_WORKBUF_ALIGN))); - struct vb2_workbuf wb; - - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - - /* Read keys */ - snprintf(fname, sizeof(fname), "%s/key_rsa4096.keyb", keys_dir); - TEST_SUCC(vb2_public_key_read_keyb(&pubk4096, fname), - "Read public key 1"); - vb2_public_key_set_desc(pubk4096, "Test RSA4096 public key"); - pubk4096->hash_alg = VB2_HASH_SHA256; - - snprintf(fname, sizeof(fname), "%s/key_rsa4096.pem", keys_dir); - TEST_SUCC(vb2_private_key_read_pem(&prik4096, fname), - "Read private key 2"); - vb2_private_key_set_desc(prik4096, "Test RSA4096 private key"); - prik4096->sig_alg = VB2_SIG_RSA4096; - prik4096->hash_alg = VB2_HASH_SHA256; - - TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA256), - "Create private hash key"); - - /* Create some signatures */ - TEST_SUCC(vb21_sign_data(hashes + 0, test_data1, sizeof(test_data1), - prikhash, "Hash 1"), - "Hash 1"); - TEST_SUCC(vb21_sign_data(hashes + 1, test_data2, sizeof(test_data2), - prikhash, "Hash 2"), - "Hash 2"); - TEST_SUCC(vb21_sign_data(hashes + 2, test_data3, sizeof(test_data3), - prikhash, "Hash 3"), - "Hash 3"); - - /* Test good preamble */ - TEST_SUCC(vb21_fw_preamble_create( - &fp, prik4096, (const struct vb21_signature **)hashes, - 3, test_version, test_flags, test_desc), - "Create preamble good"); - TEST_PTR_NEQ(fp, NULL, " fp_ptr"); - TEST_SUCC(vb21_verify_fw_preamble(fp, fp->c.total_size, pubk4096, &wb), - "Verify preamble good"); - TEST_EQ(strcmp(vb21_common_desc(fp), test_desc), 0, " desc"); - TEST_EQ(fp->fw_version, test_version, " fw_version"); - TEST_EQ(fp->flags, test_flags, " flags"); - TEST_EQ(fp->hash_count, 3, " hash_count"); - - hash_next = fp->hash_offset; - for (i = 0; i < 3; i++) { - TEST_EQ(0, memcmp((uint8_t *)fp + hash_next, hashes[i], - hashes[i]->c.total_size), " hash[i]"); - hash_next += hashes[i]->c.total_size; - } - - free(fp); - - /* Test errors */ - prik4096->hash_alg = VB2_HASH_INVALID; - TEST_EQ(vb21_fw_preamble_create(&fp, prik4096, - (const struct vb21_signature **)hashes, - 3, test_version, test_flags, - test_desc), - VB2_FW_PREAMBLE_CREATE_SIG_SIZE, - "Create preamble bad sig"); - TEST_PTR_EQ(fp, NULL, " fp_ptr"); - - /* Free keys */ - vb2_public_key_free(pubk4096); - vb2_private_key_free(prik4096); -} - -int main(int argc, char *argv[]) { - - if (argc == 2) { - preamble_tests(argv[1]); - } else { - fprintf(stderr, "Usage: %s <keys_dir>", argv[0]); - return -1; - } - - return gTestSuccess ? 0 : 255; -} diff --git a/tests/vb21_host_keyblock_tests.c b/tests/vb21_host_keyblock_tests.c deleted file mode 100644 index 3a5f0f58..00000000 --- a/tests/vb21_host_keyblock_tests.c +++ /dev/null @@ -1,138 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Tests for host library vboot2 keyblock functions - */ - -#include <stdio.h> -#include <unistd.h> - -#include "2common.h" -#include "2rsa.h" -#include "2sysincludes.h" -#include "host_common.h" -#include "host_key2.h" -#include "host_keyblock2.h" -#include "test_common.h" -#include "vb21_common.h" - -static void keyblock_tests(const char *keys_dir) -{ - struct vb2_public_key *pubk2048, *pubk4096, *pubk8192, pubkhash; - struct vb2_private_key *prik4096, *prik8192; - struct vb21_packed_key *pak, *pakgood; - struct vb21_keyblock *kb; - const struct vb2_private_key *prikhash; - const struct vb2_private_key *prik[2]; - char fname[1024]; - const char test_desc[] = "Test keyblock"; - - uint8_t workbuf[VB2_KEYBLOCK_VERIFY_WORKBUF_BYTES] - __attribute__((aligned(VB2_WORKBUF_ALIGN))); - struct vb2_workbuf wb; - - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - - /* Read keys */ - sprintf(fname, "%s/key_rsa2048.keyb", keys_dir); - TEST_SUCC(vb2_public_key_read_keyb(&pubk2048, fname), - "Read public key 2"); - vb2_public_key_set_desc(pubk2048, "Test RSA2048 public key"); - pubk2048->hash_alg = VB2_HASH_SHA256; - - sprintf(fname, "%s/key_rsa4096.keyb", keys_dir); - TEST_SUCC(vb2_public_key_read_keyb(&pubk4096, fname), - "Read public key 1"); - vb2_public_key_set_desc(pubk4096, "Test RSA4096 public key"); - pubk4096->hash_alg = VB2_HASH_SHA256; - - sprintf(fname, "%s/key_rsa8192.keyb", keys_dir); - TEST_SUCC(vb2_public_key_read_keyb(&pubk8192, fname), - "Read public key 2"); - vb2_public_key_set_desc(pubk8192, "Test RSA8192 public key"); - pubk8192->hash_alg = VB2_HASH_SHA512; - - sprintf(fname, "%s/key_rsa4096.pem", keys_dir); - TEST_SUCC(vb2_private_key_read_pem(&prik4096, fname), - "Read private key 2"); - vb2_private_key_set_desc(prik4096, "Test RSA4096 private key"); - prik4096->sig_alg = VB2_SIG_RSA4096; - prik4096->hash_alg = VB2_HASH_SHA256; - - sprintf(fname, "%s/key_rsa8192.pem", keys_dir); - TEST_SUCC(vb2_private_key_read_pem(&prik8192, fname), - "Read private key 1"); - vb2_private_key_set_desc(prik8192, "Test RSA8192 private key"); - prik8192->sig_alg = VB2_SIG_RSA8192; - prik8192->hash_alg = VB2_HASH_SHA512; - - TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA512), - "Create private hash key"); - - TEST_SUCC(vb2_public_key_hash(&pubkhash, VB2_HASH_SHA512), - "Create public hash key"); - - TEST_SUCC(vb21_public_key_pack(&pakgood, pubk2048), "Test packed key"); - - /* Sign a keyblock with one key */ - prik[0] = prik4096; - TEST_SUCC(vb21_keyblock_create(&kb, pubk2048, prik, 1, 0x1234, NULL), - "Keyblock single"); - TEST_PTR_NEQ(kb, NULL, " kb_ptr"); - TEST_SUCC(vb21_verify_keyblock(kb, kb->c.total_size, pubk4096, &wb), - " verify"); - TEST_EQ(strcmp(vb21_common_desc(kb), pubk2048->desc), 0, " desc"); - TEST_EQ(kb->flags, 0x1234, " flags"); - - pak = (struct vb21_packed_key *)((uint8_t *)kb + kb->key_offset); - TEST_EQ(0, memcmp(pak, pakgood, pakgood->c.total_size), " data key"); - free(kb); - - /* Sign a keyblock with two keys */ - prik[0] = prik8192; - prik[1] = prikhash; - TEST_SUCC(vb21_keyblock_create(&kb, pubk4096, prik, 2, 0, test_desc), - "Keyblock multiple"); - TEST_SUCC(vb21_verify_keyblock(kb, kb->c.total_size, pubk8192, &wb), - " verify 1"); - TEST_SUCC(vb21_verify_keyblock(kb, kb->c.total_size, &pubkhash, &wb), - " verify 2"); - TEST_EQ(strcmp(vb21_common_desc(kb), test_desc), 0, " desc"); - TEST_EQ(kb->flags, 0, " flags"); - free(kb); - - /* Test errors */ - prik[0] = prik8192; - prik8192->hash_alg = VB2_HASH_INVALID; - TEST_EQ(vb21_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL), - VB2_KEYBLOCK_CREATE_SIG_SIZE, "Keyblock bad sig size"); - TEST_PTR_EQ(kb, NULL, " kb_ptr"); - free(kb); - - prik[0] = prik4096; - pubk4096->sig_alg = VB2_SIG_INVALID; - TEST_EQ(vb21_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL), - VB2_KEYBLOCK_CREATE_DATA_KEY, "Keyblock bad data key"); - free(kb); - - /* Free keys */ - free(pakgood); - vb2_public_key_free(pubk2048); - vb2_public_key_free(pubk4096); - vb2_public_key_free(pubk8192); - vb2_private_key_free(prik4096); - vb2_private_key_free(prik8192); -} - -int main(int argc, char *argv[]) { - - if (argc == 2) { - keyblock_tests(argv[1]); - } else { - fprintf(stderr, "Usage: %s <keys_dir>", argv[0]); - return -1; - } - - return gTestSuccess ? 0 : 255; -} diff --git a/tests/vb21_misc_tests.c b/tests/vb21_misc_tests.c deleted file mode 100644 index f76ff292..00000000 --- a/tests/vb21_misc_tests.c +++ /dev/null @@ -1,400 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Tests for misc library, new-style structs - */ - -#include <stdio.h> - -#include "2api.h" -#include "2common.h" -#include "2misc.h" -#include "2nvstorage.h" -#include "2secdata.h" -#include "2sysincludes.h" -#include "test_common.h" -#include "vb21_common.h" - -/* Common context for tests */ -static uint8_t workbuf[VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE] - __attribute__((aligned(VB2_WORKBUF_ALIGN))); -static struct vb2_context *ctx; -static struct vb2_shared_data *sd; -static struct vb2_gbb_header gbb; - -/* Mocked function data */ - -static struct { - struct vb2_gbb_header h; - struct vb21_packed_key rootkey; - char rootkey_data[32]; -} mock_gbb; - -static struct { - /* Keyblock */ - struct { - struct vb21_keyblock kb; - struct vb21_packed_key data_key; - char data_key_data[16]; - uint8_t kbdata[128]; - } k; - /* Preamble follows keyblock */ - struct { - struct vb21_fw_preamble pre; - uint8_t predata[128]; - } p; -} mock_vblock; - -static int mock_read_res_fail_on_call; -static int mock_unpack_key_retval; -static int mock_verify_keyblock_retval; -static int mock_verify_preamble_retval; - -/* Type of test to reset for */ -enum reset_type { - FOR_KEYBLOCK, - FOR_PREAMBLE -}; - -static void reset_common_data(enum reset_type t) -{ - struct vb21_keyblock *kb = &mock_vblock.k.kb; - struct vb21_packed_key *dk = &mock_vblock.k.data_key; - struct vb21_fw_preamble *pre = &mock_vblock.p.pre; - - memset(workbuf, 0xaa, sizeof(workbuf)); - - TEST_SUCC(vb2api_init(workbuf, sizeof(workbuf), &ctx), - "vb2api_init failed"); - - memset(&gbb, 0, sizeof(gbb)); - sd = vb2_get_sd(ctx); - - vb2_nv_init(ctx); - - vb2api_secdata_firmware_create(ctx); - vb2_secdata_firmware_init(ctx); - - mock_read_res_fail_on_call = 0; - mock_unpack_key_retval = VB2_SUCCESS; - mock_verify_keyblock_retval = VB2_SUCCESS; - mock_verify_preamble_retval = VB2_SUCCESS; - - /* Set up mock data for verifying keyblock */ - sd->fw_version_secdata = 0x20002; - vb2_secdata_firmware_set(ctx, VB2_SECDATA_FIRMWARE_VERSIONS, - sd->fw_version_secdata); - - gbb.rootkey_offset = vb2_offset_of(&mock_gbb, &mock_gbb.rootkey); - gbb.rootkey_size = sizeof(mock_gbb.rootkey_data); - sd->last_fw_result = VB2_FW_RESULT_SUCCESS; - - mock_gbb.rootkey.sig_alg = VB2_SIG_RSA8192; - mock_gbb.rootkey.key_offset = - vb2_offset_of(&mock_gbb.rootkey, - &mock_gbb.rootkey_data); - mock_gbb.rootkey.key_size = sizeof(mock_gbb.rootkey_data); - - kb->c.total_size = sizeof(mock_vblock.k); - kb->key_offset = vb2_offset_of(&mock_vblock.k.kb, - &mock_vblock.k.data_key); - - dk->c.fixed_size = sizeof(mock_vblock.k.data_key); - dk->sig_alg = VB2_SIG_RSA4096; - dk->key_version = 2; - dk->key_offset = dk->c.fixed_size; - dk->key_size = sizeof(mock_vblock.k.data_key_data); - dk->c.total_size = dk->key_offset + dk->key_size; - strcpy(mock_vblock.k.data_key_data, "data key data!!"); - - pre->c.total_size = sizeof(mock_vblock.p); - pre->fw_version = 2; - - /* If verifying preamble, verify keyblock first to set up data key */ - if (t == FOR_PREAMBLE) - vb21_load_fw_keyblock(ctx); -}; - -/* Mocked functions */ -struct vb2_gbb_header *vb2_get_gbb(struct vb2_context *c) -{ - return &gbb; -} - -vb2_error_t vb2ex_read_resource(struct vb2_context *c, - enum vb2_resource_index index, uint32_t offset, - void *buf, uint32_t size) -{ - uint8_t *rptr; - uint32_t rsize; - - if (--mock_read_res_fail_on_call == 0) - return VB2_ERROR_EX_READ_RESOURCE_INDEX; - - switch(index) { - case VB2_RES_GBB: - rptr = (uint8_t *)&mock_gbb; - rsize = sizeof(mock_gbb); - break; - case VB2_RES_FW_VBLOCK: - rptr = (uint8_t *)&mock_vblock; - rsize = sizeof(mock_vblock); - break; - default: - return VB2_ERROR_EX_READ_RESOURCE_INDEX; - } - - if (offset > rsize || offset + size > rsize) - return VB2_ERROR_EX_READ_RESOURCE_SIZE; - - memcpy(buf, rptr + offset, size); - return VB2_SUCCESS; -} - -vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf, - uint32_t size) -{ - return mock_unpack_key_retval; -} - -vb2_error_t vb21_verify_keyblock(struct vb21_keyblock *block, uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - return mock_verify_keyblock_retval; -} - -vb2_error_t vb21_verify_fw_preamble(struct vb21_fw_preamble *preamble, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - return mock_verify_preamble_retval; -} - -/* Tests */ - -static void load_keyblock_tests(void) -{ - struct vb21_keyblock *kb = &mock_vblock.k.kb; - struct vb21_packed_key *dk = &mock_vblock.k.data_key; - struct vb21_packed_key *k; - int expected_offset; - - /* Test successful call */ - reset_common_data(FOR_KEYBLOCK); - expected_offset = sd->workbuf_used; - TEST_SUCC(vb21_load_fw_keyblock(ctx), "keyblock verify"); - TEST_EQ(sd->fw_version, 0x20000, "keyblock version"); - TEST_EQ(sd->vblock_preamble_offset, sizeof(mock_vblock.k), - "preamble offset"); - TEST_EQ(sd->data_key_offset, expected_offset, - "keyblock data key offset"); - TEST_EQ(sd->workbuf_used, - vb2_wb_round_up(sd->data_key_offset + - sd->data_key_size), - "workbuf used"); - - /* Make sure data key was properly saved */ - k = vb2_member_of(sd, sd->data_key_offset); - TEST_EQ(k->sig_alg, VB2_SIG_RSA4096, "data key algorithm"); - TEST_EQ(k->key_version, 2, "data key version"); - TEST_EQ(k->key_size, sizeof(mock_vblock.k.data_key_data), - "data key size"); - TEST_EQ(memcmp(vb2_member_of(k, k->key_offset), - mock_vblock.k.data_key_data, - sizeof(mock_vblock.k.data_key_data)), - 0, "data key data"); - TEST_EQ(sd->workbuf_used, - vb2_wb_round_up(sd->data_key_offset + - sd->data_key_size), - "workbuf used after"); - - /* Test failures */ - reset_common_data(FOR_KEYBLOCK); - sd->workbuf_used = sd->workbuf_size + VB2_WORKBUF_ALIGN - - vb2_wb_round_up(gbb.rootkey_size); - TEST_EQ(vb21_load_fw_keyblock(ctx), - VB2_ERROR_FW_KEYBLOCK_WORKBUF_ROOT_KEY, - "keyblock not enough workbuf for root key"); - - reset_common_data(FOR_KEYBLOCK); - gbb.rootkey_size = sizeof(mock_gbb); - TEST_EQ(vb21_load_fw_keyblock(ctx), - VB2_ERROR_EX_READ_RESOURCE_SIZE, - "keyblock read root key"); - - reset_common_data(FOR_KEYBLOCK); - mock_unpack_key_retval = VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; - TEST_EQ(vb21_load_fw_keyblock(ctx), - VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, - "keyblock unpack root key"); - - reset_common_data(FOR_KEYBLOCK); - sd->workbuf_used = sd->workbuf_size - - vb2_wb_round_up(gbb.rootkey_size); - TEST_EQ(vb21_load_fw_keyblock(ctx), - VB2_ERROR_READ_RESOURCE_OBJECT_BUF, - "keyblock not enough workbuf for header"); - - reset_common_data(FOR_KEYBLOCK); - mock_read_res_fail_on_call = 2; - TEST_EQ(vb21_load_fw_keyblock(ctx), - VB2_ERROR_EX_READ_RESOURCE_INDEX, - "keyblock read keyblock header"); - - reset_common_data(FOR_KEYBLOCK); - sd->workbuf_used = sd->workbuf_size - - vb2_wb_round_up(gbb.rootkey_size) - - vb2_wb_round_up(sizeof(struct vb21_keyblock)); - TEST_EQ(vb21_load_fw_keyblock(ctx), - VB2_ERROR_READ_RESOURCE_OBJECT_BUF, - "keyblock not enough workbuf for entire keyblock"); - - reset_common_data(FOR_KEYBLOCK); - kb->c.total_size = sizeof(mock_vblock) + 1; - TEST_EQ(vb21_load_fw_keyblock(ctx), - VB2_ERROR_EX_READ_RESOURCE_SIZE, - "keyblock read keyblock"); - - reset_common_data(FOR_KEYBLOCK); - mock_verify_keyblock_retval = VB2_ERROR_KEYBLOCK_MAGIC; - TEST_EQ(vb21_load_fw_keyblock(ctx), - VB2_ERROR_KEYBLOCK_MAGIC, - "keyblock verify keyblock"); - - reset_common_data(FOR_KEYBLOCK); - dk->key_version = 0x10000; - TEST_EQ(vb21_load_fw_keyblock(ctx), - VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE, - "keyblock version range"); - - reset_common_data(FOR_KEYBLOCK); - dk->key_version = 1; - TEST_EQ(vb21_load_fw_keyblock(ctx), - VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK, - "keyblock rollback"); - - reset_common_data(FOR_KEYBLOCK); - dk->key_version = 1; - gbb.flags |= VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK; - TEST_SUCC(vb21_load_fw_keyblock(ctx), "keyblock rollback + GBB flag"); -} - -static void load_preamble_tests(void) -{ - struct vb21_fw_preamble *pre = &mock_vblock.p.pre; - int data_key_offset_before; - uint32_t v; - - /* Test successful call */ - reset_common_data(FOR_PREAMBLE); - data_key_offset_before = sd->data_key_offset; - TEST_SUCC(vb21_load_fw_preamble(ctx), "preamble good"); - TEST_EQ(sd->fw_version, 0x20002, "combined version"); - TEST_EQ(sd->preamble_offset, data_key_offset_before, - "preamble offset"); - TEST_EQ(sd->preamble_size, pre->c.total_size, "preamble size"); - TEST_EQ(sd->workbuf_used, - vb2_wb_round_up(sd->preamble_offset + - sd->preamble_size), - "workbuf used"); - TEST_EQ(sd->data_key_offset, 0, "data key offset gone"); - TEST_EQ(sd->data_key_size, 0, "data key size gone"); - - /* Expected failures */ - reset_common_data(FOR_PREAMBLE); - sd->data_key_size = 0; - TEST_EQ(vb21_load_fw_preamble(ctx), - VB2_ERROR_FW_PREAMBLE2_DATA_KEY, - "preamble no data key"); - - reset_common_data(FOR_PREAMBLE); - mock_unpack_key_retval = VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; - TEST_EQ(vb21_load_fw_preamble(ctx), - VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM, - "preamble unpack data key"); - - reset_common_data(FOR_PREAMBLE); - sd->workbuf_used = sd->workbuf_size + VB2_WORKBUF_ALIGN - - vb2_wb_round_up(sizeof(struct vb21_fw_preamble)); - TEST_EQ(vb21_load_fw_preamble(ctx), - VB2_ERROR_READ_RESOURCE_OBJECT_BUF, - "preamble not enough workbuf for header"); - - reset_common_data(FOR_PREAMBLE); - sd->vblock_preamble_offset = sizeof(mock_vblock); - TEST_EQ(vb21_load_fw_preamble(ctx), - VB2_ERROR_EX_READ_RESOURCE_SIZE, - "preamble read header"); - - reset_common_data(FOR_PREAMBLE); - sd->workbuf_used = sd->workbuf_size + VB2_WORKBUF_ALIGN - - vb2_wb_round_up(sizeof(mock_vblock.p)); - TEST_EQ(vb21_load_fw_preamble(ctx), - VB2_ERROR_READ_RESOURCE_OBJECT_BUF, - "preamble not enough workbuf"); - - reset_common_data(FOR_PREAMBLE); - pre->c.total_size = sizeof(mock_vblock); - TEST_EQ(vb21_load_fw_preamble(ctx), - VB2_ERROR_EX_READ_RESOURCE_SIZE, - "preamble read full"); - - reset_common_data(FOR_PREAMBLE); - mock_verify_preamble_retval = VB2_ERROR_PREAMBLE_SIG_INVALID; - TEST_EQ(vb21_load_fw_preamble(ctx), - VB2_ERROR_PREAMBLE_SIG_INVALID, - "preamble verify"); - - reset_common_data(FOR_PREAMBLE); - pre->fw_version = 0x10000; - TEST_EQ(vb21_load_fw_preamble(ctx), - VB2_ERROR_FW_PREAMBLE_VERSION_RANGE, - "preamble version range"); - - reset_common_data(FOR_PREAMBLE); - pre->fw_version = 1; - TEST_EQ(vb21_load_fw_preamble(ctx), - VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK, - "preamble version rollback"); - - reset_common_data(FOR_PREAMBLE); - pre->fw_version = 1; - gbb.flags |= VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK; - TEST_SUCC(vb21_load_fw_preamble(ctx), "version rollback with GBB flag"); - - reset_common_data(FOR_PREAMBLE); - pre->fw_version = 3; - TEST_SUCC(vb21_load_fw_preamble(ctx), - "preamble version roll forward"); - v = vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_VERSIONS); - TEST_EQ(v, 0x20003, "roll forward"); - - /* Newer version without result success doesn't roll forward */ - reset_common_data(FOR_PREAMBLE); - pre->fw_version = 3; - sd->last_fw_result = VB2_FW_RESULT_UNKNOWN; - TEST_SUCC(vb21_load_fw_preamble(ctx), - "preamble version no roll forward 1"); - v = vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_VERSIONS); - TEST_EQ(v, 0x20002, "no roll forward"); - - /* Newer version with success but for other slot doesn't roll forward */ - reset_common_data(FOR_PREAMBLE); - pre->fw_version = 3; - sd->last_fw_slot = 1; - TEST_SUCC(vb21_load_fw_preamble(ctx), - "preamble version no roll forward 2"); - v = vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_VERSIONS); - TEST_EQ(v, 0x20002, "no roll forward"); -} - -int main(int argc, char* argv[]) -{ - load_keyblock_tests(); - load_preamble_tests(); - - return gTestSuccess ? 0 : 255; -} |