diff options
| author | Randall Spangler <rspangler@chromium.org> | 2014-06-05 13:32:11 -0700 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-06-07 01:37:21 +0000 |
| commit | b9be53640efdee92b1b42e60adda274563236301 (patch) | |
| tree | f8f2f5ef809c7a0d163334f9e2675b016fae3ca4 | |
| parent | b64f097891e697eaf3b2794baae934f8b4d82d14 (diff) | |
| download | vboot-stabilize-5944.B.tar.gz | |
vboot2: Use more specific error codesstabilize-5944.Bstabilize-5943.Bstabilize-5942.Bfactory-samus-5939.B
Error codes reported by the crypto and storage APIs are now very
specific, and tests verify the proper errors are reported.
More specific error codes coming to other files next, but I don't want
this CL to get too long.
This also changes test_common.c so TEST_EQ() reports mismatched values
in both decimal and hex, and adds TEST_SUCC() to test for a successful
return value.
BUG=chromium:370082
BRANCH=none
TEST=make clean && VBOOT2=1 COV=1 make
Change-Id: I255c8e5769284fbc286b9d94631b19677a71cdd0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/202778
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
| -rw-r--r-- | firmware/2lib/2nvstorage.c | 4 | ||||
| -rw-r--r-- | firmware/2lib/2rsa.c | 14 | ||||
| -rw-r--r-- | firmware/2lib/2secdata.c | 10 | ||||
| -rw-r--r-- | firmware/2lib/2sha_utility.c | 8 | ||||
| -rw-r--r-- | firmware/2lib/include/2return_codes.h | 98 | ||||
| -rw-r--r-- | tests/test_common.c | 17 | ||||
| -rw-r--r-- | tests/test_common.h | 4 | ||||
| -rw-r--r-- | tests/vb2_nvstorage_tests.c | 5 | ||||
| -rw-r--r-- | tests/vb2_rsa_padding_tests.c | 31 | ||||
| -rw-r--r-- | tests/vb2_rsa_utility_tests.c | 3 | ||||
| -rw-r--r-- | tests/vb2_secdata_tests.c | 54 | ||||
| -rw-r--r-- | tests/vb2_sha_tests.c | 71 |
12 files changed, 222 insertions, 97 deletions
diff --git a/firmware/2lib/2nvstorage.c b/firmware/2lib/2nvstorage.c index 3bfe151c..be635825 100644 --- a/firmware/2lib/2nvstorage.c +++ b/firmware/2lib/2nvstorage.c @@ -82,11 +82,11 @@ int vb2_nv_check_crc(const struct vb2_context *ctx) /* Check header */ if (VB2_NV_HEADER_SIGNATURE != (p[VB2_NV_OFFS_HEADER] & VB2_NV_HEADER_MASK)) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_NV_HEADER; /* Check CRC */ if (vb2_crc8(p, VB2_NV_OFFS_CRC) != p[VB2_NV_OFFS_CRC]) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_NV_CRC; return VB2_SUCCESS; } diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c index e619e78b..cc39b1d6 100644 --- a/firmware/2lib/2rsa.c +++ b/firmware/2lib/2rsa.c @@ -286,7 +286,7 @@ int vb2_check_padding(uint8_t *sig, int algorithm) tail_size = sizeof(sha512_tail); break; default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_RSA_PADDING_ALGORITHM; } /* First 2 bytes are always 0x00 0x01 */ @@ -303,7 +303,7 @@ int vb2_check_padding(uint8_t *sig, int algorithm) */ result |= vb2_safe_memcmp(sig, tail, tail_size); - return result ? VB2_ERROR_BAD_SIGNATURE : VB2_SUCCESS; + return result ? VB2_ERROR_RSA_PADDING : VB2_SUCCESS; } int vb2_verify_digest(const struct vb2_public_key *key, @@ -318,22 +318,22 @@ int vb2_verify_digest(const struct vb2_public_key *key, int rv; if (!key || !sig || !digest) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_RSA_VERIFY_PARAM; if (key->algorithm >= VB2_ALG_COUNT) { VB2_DEBUG("Invalid signature type!\n"); - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_RSA_VERIFY_ALGORITHM; } /* Signature length should be same as key length */ if (key_bytes != vb2_rsa_sig_size(key->algorithm)) { VB2_DEBUG("Signature is of incorrect length!\n"); - return VB2_ERROR_BAD_SIGNATURE; + return VB2_ERROR_RSA_VERIFY_SIG_LEN; } workbuf32 = vb2_workbuf_alloc(&wblocal, 3 * key_bytes); if (!workbuf32) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_RSA_VERIFY_WORKBUF; modpowF4(key, sig, workbuf32); @@ -354,7 +354,7 @@ int vb2_verify_digest(const struct vb2_public_key *key, if (vb2_safe_memcmp(sig + pad_size, digest, key_bytes - pad_size)) { VB2_DEBUG("Digest check failed!\n"); - rv = VB2_ERROR_BAD_SIGNATURE; + rv = VB2_ERROR_RSA_VERIFY_DIGEST; } return rv; diff --git a/firmware/2lib/2secdata.c b/firmware/2lib/2secdata.c index 668bc507..2987e037 100644 --- a/firmware/2lib/2secdata.c +++ b/firmware/2lib/2secdata.c @@ -18,7 +18,7 @@ int vb2_secdata_check_crc(const struct vb2_context *ctx) /* Verify CRC */ if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdata, crc8))) - return VB2_ERROR_BAD_SECDATA; + return VB2_ERROR_SECDATA_CRC; return VB2_SUCCESS; } @@ -47,7 +47,7 @@ int vb2_secdata_init(struct vb2_context *ctx) /* Data must be new enough to have a CRC */ if (sec->struct_version < 2) - return VB2_ERROR_BAD_SECDATA; + return VB2_ERROR_SECDATA_VERSION; rv = vb2_secdata_check_crc(ctx); if (rv) @@ -76,7 +76,7 @@ int vb2_secdata_get(struct vb2_context *ctx, return VB2_SUCCESS; default: - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_SECDATA_GET_PARAM; } } @@ -95,7 +95,7 @@ int vb2_secdata_set(struct vb2_context *ctx, case VB2_SECDATA_FLAGS: /* Make sure flags is in valid range */ if (value > 0xff) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_SECDATA_SET_FLAGS; sec->flags = value; break; @@ -105,7 +105,7 @@ int vb2_secdata_set(struct vb2_context *ctx, break; default: - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_SECDATA_SET_PARAM; } /* Regenerate CRC */ diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c index 66e8b692..0f9adfa3 100644 --- a/firmware/2lib/2sha_utility.c +++ b/firmware/2lib/2sha_utility.c @@ -72,7 +72,7 @@ int vb2_digest_init(struct vb2_digest_context *dc, uint32_t algorithm) return VB2_SUCCESS; #endif default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_SHA_INIT_ALGORITHM; } } @@ -97,7 +97,7 @@ int vb2_digest_extend(struct vb2_digest_context *dc, return VB2_SUCCESS; #endif default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_SHA_EXTEND_ALGORITHM; } } @@ -106,7 +106,7 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, uint32_t digest_size) { if (digest_size < vb2_digest_size(dc->algorithm)) - return VB2_ERROR_BUFFER_TOO_SMALL; + return VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE; switch (vb2_hash_alg(dc->algorithm)) { #if VB2_SUPPORT_SHA1 @@ -125,6 +125,6 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, return VB2_SUCCESS; #endif default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_SHA_FINALIZE_ALGORITHM; } } diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 73a37b5e..28c0f91d 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -16,8 +16,93 @@ enum vb2_return_code { /* Success - no error */ VB2_SUCCESS = 0, + /* + * All vboot2 error codes start at a large offset from zero, to reduce + * the risk of overlap with other error codes (TPM, etc.). + */ + VB2_ERROR_BASE = 0x0100000, + /* Unknown / unspecified error */ - VB2_ERROR_UNKNOWN = 0x10000, + VB2_ERROR_UNKNOWN = VB2_ERROR_BASE + 1, + + /********************************************************************** + * SHA errors + */ + VB2_ERROR_SHA = VB2_ERROR_BASE + 0x010000, + + /* Bad algorithm in vb2_digest_init() */ + VB2_ERROR_SHA_INIT_ALGORITHM, + + /* Bad algorithm in vb2_digest_extend() */ + VB2_ERROR_SHA_EXTEND_ALGORITHM, + + /* Bad algorithm in vb2_digest_finalize() */ + VB2_ERROR_SHA_FINALIZE_ALGORITHM, + + /* Digest size buffer too small in vb2_digest_finalize() */ + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, + + /********************************************************************** + * RSA errors + */ + VB2_ERROR_RSA = VB2_ERROR_BASE + 0x020000, + + /* Padding mismatch in vb2_check_padding() */ + VB2_ERROR_RSA_PADDING, + + /* Bad algorithm in vb2_check_padding() */ + VB2_ERROR_RSA_PADDING_ALGORITHM, + + /* Null param passed to vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_PARAM, + + /* Bad algorithm in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_ALGORITHM, + + /* Bad signature length in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_SIG_LEN, + + /* Work buffer too small in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_WORKBUF, + + /* Digest mismatch in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_DIGEST, + + /********************************************************************** + * NV storage errors + */ + VB2_ERROR_NV = VB2_ERROR_BASE + 0x030000, + + /* Bad header in vb2_nv_check_crc() */ + VB2_ERROR_NV_HEADER, + + /* Bad CRC in vb2_nv_check_crc() */ + VB2_ERROR_NV_CRC, + + /********************************************************************** + * Secure data storage errors + */ + VB2_ERROR_SECDATA = VB2_ERROR_BASE + 0x040000, + + /* Bad CRC in vb2_secdata_check_crc() */ + VB2_ERROR_SECDATA_CRC, + + /* Bad struct version in vb2_secdata_init() */ + VB2_ERROR_SECDATA_VERSION, + + /* Invalid param in vb2_secdata_get() */ + VB2_ERROR_SECDATA_GET_PARAM, + + /* Invalid param in vb2_secdata_set() */ + VB2_ERROR_SECDATA_SET_PARAM, + + /* Invalid flags passed to vb2_secdata_set() */ + VB2_ERROR_SECDATA_SET_FLAGS, + + /********************************************************************** + * TODO: errors which must still be made specific + */ + VB2_ERROR_TODO = VB2_ERROR_BASE + 0xff0000, /* Work buffer too small */ VB2_ERROR_WORKBUF_TOO_SMALL, @@ -37,9 +122,6 @@ enum vb2_return_code { /* Signature check failed */ VB2_ERROR_BAD_SIGNATURE, - /* Bad secure data */ - VB2_ERROR_BAD_SECDATA, - /* Bad key */ VB2_ERROR_BAD_KEY, @@ -57,6 +139,14 @@ enum vb2_return_code { /* Bad hash tag */ VB2_ERROR_BAD_TAG, + + /********************************************************************** + * Highest non-zero error generated inside vboot library. Note that + * error codes passed through vboot when it calls external APIs may + * still be outside this range. + */ + VB2_ERROR_MAX = VB2_ERROR_BASE + 0xffffff, + }; #endif /* VBOOT_2_RETURN_CODES_H_ */ diff --git a/tests/test_common.c b/tests/test_common.c index 2fa445f6..3804245e 100644 --- a/tests/test_common.c +++ b/tests/test_common.c @@ -24,7 +24,8 @@ int TEST_EQ(int result, int expected_result, const char* testname) { return 1; } else { fprintf(stderr, "%s Test " COL_RED "FAILED\n" COL_STOP, testname); - fprintf(stderr, " Expected: %d, got: %d\n", expected_result, result); + fprintf(stderr, " Expected: 0x%x (%d), got: 0x%x (%d)\n", + expected_result, expected_result, result, result); gTestSuccess = 0; return 0; } @@ -36,7 +37,8 @@ int TEST_NEQ(int result, int not_expected_result, const char* testname) { return 1; } else { fprintf(stderr, "%s Test " COL_RED "FAILED\n" COL_STOP, testname); - fprintf(stderr, " Didn't expect %d, but got it.\n", not_expected_result); + fprintf(stderr, " Didn't expect 0x%x (%d), but got it.\n", + not_expected_result, not_expected_result); gTestSuccess = 0; return 0; } @@ -91,6 +93,17 @@ int TEST_STR_EQ(const char* result, const char* expected_result, } +int TEST_SUCC(int result, const char* testname) { + if (result == 0) { + fprintf(stderr, "%s Test " COL_GREEN "PASSED\n" COL_STOP, testname); + } else { + fprintf(stderr, "%s Test " COL_RED "FAILED\n" COL_STOP, testname); + fprintf(stderr, " Expected SUCCESS, got: 0x%lx\n", (long)result); + gTestSuccess = 0; + } + return !result; +} + int TEST_TRUE(int result, const char* testname) { if (result) { fprintf(stderr, "%s Test " COL_GREEN "PASSED\n" COL_STOP, testname); diff --git a/tests/test_common.h b/tests/test_common.h index 4acf5887..9a84f505 100644 --- a/tests/test_common.h +++ b/tests/test_common.h @@ -42,6 +42,10 @@ int TEST_TRUE(int result, const char* testname); * Also update the global gTestSuccess flag if test fails. */ int TEST_FALSE(int result, const char* testname); +/* Return 1 if result is 0 (VB_ERROR_SUCCESS / VB2_SUCCESS), else return 0. + * Also update the global gTestSuccess flag if test fails. */ +int TEST_SUCC(int result, const char* testname); + /* ANSI Color coding sequences. * * Don't use \e as MSC does not recognize it as a valid escape sequence. diff --git a/tests/vb2_nvstorage_tests.c b/tests/vb2_nvstorage_tests.c index 061f8691..88ffe477 100644 --- a/tests/vb2_nvstorage_tests.c +++ b/tests/vb2_nvstorage_tests.c @@ -79,6 +79,7 @@ static void nv_storage_test(void) "vb2_nv_init() status changed"); test_changed(&c, 1, "vb2_nv_init() reset changed"); goodcrc = c.nvdata[15]; + TEST_SUCC(vb2_nv_check_crc(&c), "vb2_nv_check_crc() good"); /* Another init should not cause further changes */ c.flags = 0; @@ -90,6 +91,8 @@ static void nv_storage_test(void) /* Perturbing the header should force defaults */ c.nvdata[0] ^= 0x40; + TEST_EQ(vb2_nv_check_crc(&c), + VB2_ERROR_NV_HEADER, "vb2_nv_check_crc() bad header"); vb2_nv_init(&c); TEST_EQ(c.nvdata[0], 0x70, "vb2_nv_init() reset header byte again"); test_changed(&c, 1, "vb2_nv_init() corrupt changed"); @@ -98,6 +101,8 @@ static void nv_storage_test(void) /* So should perturbing some other byte */ TEST_EQ(c.nvdata[11], 0, "Kernel byte starts at 0"); c.nvdata[11] = 12; + TEST_EQ(vb2_nv_check_crc(&c), + VB2_ERROR_NV_CRC, "vb2_nv_check_crc() bad CRC"); vb2_nv_init(&c); TEST_EQ(c.nvdata[11], 0, "vb2_nv_init() reset kernel byte"); test_changed(&c, 1, "vb2_nv_init() corrupt elsewhere changed"); diff --git a/tests/vb2_rsa_padding_tests.c b/tests/vb2_rsa_padding_tests.c index 233f7298..f1b7aa43 100644 --- a/tests/vb2_rsa_padding_tests.c +++ b/tests/vb2_rsa_padding_tests.c @@ -51,8 +51,8 @@ static void test_signatures(const struct vb2_public_key *key) /* The first test signature is valid. */ Memcpy(sig, signatures[0], sizeof(sig)); - TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "RSA Padding Test valid sig"); + TEST_SUCC(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + "RSA Padding Test valid sig"); /* All other signatures should fail verification. */ unexpected_success = 0; @@ -79,37 +79,40 @@ static void test_verify_digest(struct vb2_public_key *key) { vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); Memcpy(sig, signatures[0], sizeof(sig)); - TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() good"); + TEST_SUCC(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + "vb2_verify_digest() good"); Memcpy(sig, signatures[0], sizeof(sig)); vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1); - TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() small workbuf"); + TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + VB2_ERROR_RSA_VERIFY_WORKBUF, + "vb2_verify_digest() small workbuf"); vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); key->algorithm += VB2_ALG_COUNT; Memcpy(sig, signatures[0], sizeof(sig)); - TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() bad key alg"); + TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + VB2_ERROR_RSA_VERIFY_ALGORITHM, + "vb2_verify_digest() bad key alg"); key->algorithm -= VB2_ALG_COUNT; key->arrsize *= 2; Memcpy(sig, signatures[0], sizeof(sig)); - TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() bad key len"); + TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + VB2_ERROR_RSA_VERIFY_SIG_LEN, + "vb2_verify_digest() bad sig len"); key->arrsize /= 2; /* Corrupt the signature near start and end */ Memcpy(sig, signatures[0], sizeof(sig)); sig[3] ^= 0x42; - TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() bad sig"); + TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + VB2_ERROR_RSA_PADDING, "vb2_verify_digest() bad sig"); Memcpy(sig, signatures[0], sizeof(sig)); sig[RSA1024NUMBYTES - 3] ^= 0x56; - TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() bad sig end"); + TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + VB2_ERROR_RSA_PADDING, "vb2_verify_digest() bad sig end"); } int main(int argc, char *argv[]) diff --git a/tests/vb2_rsa_utility_tests.c b/tests/vb2_rsa_utility_tests.c index df3eb37a..2a74f35e 100644 --- a/tests/vb2_rsa_utility_tests.c +++ b/tests/vb2_rsa_utility_tests.c @@ -72,7 +72,8 @@ static void test_utils(void) /* Test padding check with bad algorithm */ Memcpy(sig, signatures[0], sizeof(sig)); TEST_EQ(vb2_check_padding(sig, VB2_ALG_COUNT), - VB2_ERROR_BAD_ALGORITHM, "vb2_check_padding() bad alg"); + VB2_ERROR_RSA_PADDING_ALGORITHM, + "vb2_check_padding() bad alg"); /* Test safe memcmp */ TEST_EQ(vb2_safe_memcmp("foo", "foo", 3), 0, "vb2_safe_memcmp() good"); diff --git a/tests/vb2_secdata_tests.c b/tests/vb2_secdata_tests.c index 3451b324..51283317 100644 --- a/tests/vb2_secdata_tests.c +++ b/tests/vb2_secdata_tests.c @@ -40,58 +40,66 @@ static void secdata_test(void) /* Blank data is invalid */ memset(c.secdata, 0xa6, sizeof(c.secdata)); - TEST_NEQ(vb2_secdata_check_crc(&c), 0, "Check blank CRC"); - TEST_NEQ(vb2_secdata_init(&c), 0, "Init blank CRC"); + TEST_EQ(vb2_secdata_check_crc(&c), + VB2_ERROR_SECDATA_CRC, "Check blank CRC"); + TEST_EQ(vb2_secdata_init(&c), + VB2_ERROR_SECDATA_CRC, "Init blank CRC"); /* Create good data */ - TEST_EQ(vb2_secdata_create(&c), 0, "Create"); - TEST_EQ(vb2_secdata_check_crc(&c), 0, "Check created CRC"); - TEST_EQ(vb2_secdata_init(&c), 0, "Init created CRC"); + TEST_SUCC(vb2_secdata_create(&c), "Create"); + TEST_SUCC(vb2_secdata_check_crc(&c), "Check created CRC"); + TEST_SUCC(vb2_secdata_init(&c), "Init created CRC"); test_changed(&c, 1, "Create changes data"); /* Now corrupt it */ c.secdata[2]++; - TEST_NEQ(vb2_secdata_check_crc(&c), 0, "Check invalid CRC"); - TEST_NEQ(vb2_secdata_init(&c), 0, "Init invalid CRC"); + TEST_EQ(vb2_secdata_check_crc(&c), + VB2_ERROR_SECDATA_CRC, "Check invalid CRC"); + TEST_EQ(vb2_secdata_init(&c), + VB2_ERROR_SECDATA_CRC, "Init invalid CRC"); /* Version 1 didn't have a CRC, so init should reject it */ vb2_secdata_create(&c); s->struct_version = 1; - TEST_NEQ(vb2_secdata_init(&c), 0, "Init old version"); + TEST_EQ(vb2_secdata_init(&c), + VB2_ERROR_SECDATA_VERSION, "Init old version"); vb2_secdata_create(&c); c.flags = 0; /* Read/write flags */ - TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), 0, "Get flags"); + TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), "Get flags"); TEST_EQ(v, 0, "Flags created 0"); test_changed(&c, 0, "Get doesn't change data"); - TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), 0, "Set flags"); + TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), "Set flags"); test_changed(&c, 1, "Set changes data"); - TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), 0, "Set flags 2"); + TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), "Set flags 2"); test_changed(&c, 0, "Set again doesn't change data"); - TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), 0, "Get flags 2"); + TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), "Get flags 2"); TEST_EQ(v, 0x12, "Flags changed"); - TEST_NEQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x100), 0, "Bad flags"); + TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x100), + VB2_ERROR_SECDATA_SET_FLAGS, "Bad flags"); /* Read/write versions */ - TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), - 0, "Get versions"); + TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), + "Get versions"); TEST_EQ(v, 0, "Versions created 0"); test_changed(&c, 0, "Get doesn't change data"); - TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), - 0, "Set versions"); + TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), + "Set versions"); test_changed(&c, 1, "Set changes data"); - TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), - 0, "Set versions 2"); + TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), + "Set versions 2"); test_changed(&c, 0, "Set again doesn't change data"); - TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), 0, - "Get versions 2"); + TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), + "Get versions 2"); TEST_EQ(v, 0x123456ff, "Versions changed"); /* Invalid field fails */ - TEST_NEQ(vb2_secdata_get(&c, -1, &v), 0, "Get invalid"); - TEST_NEQ(vb2_secdata_set(&c, -1, 456), 0, "Set invalid"); + TEST_EQ(vb2_secdata_get(&c, -1, &v), + VB2_ERROR_SECDATA_GET_PARAM, "Get invalid"); + TEST_EQ(vb2_secdata_set(&c, -1, 456), + VB2_ERROR_SECDATA_SET_PARAM, "Set invalid"); test_changed(&c, 0, "Set invalid field doesn't change data"); } diff --git a/tests/vb2_sha_tests.c b/tests/vb2_sha_tests.c index cbcd7282..c60bbd15 100644 --- a/tests/vb2_sha_tests.c +++ b/tests/vb2_sha_tests.c @@ -5,18 +5,13 @@ /* FIPS 180-2 Tests for message digest functions. */ -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "test_common.h" - +#include "2sysincludes.h" #include "2rsa.h" #include "2sha.h" +#include "2return_codes.h" -#include "cryptolib.h" #include "sha_test_vectors.h" +#include "test_common.h" static int vb2_digest(const uint8_t *buf, uint32_t size, @@ -49,17 +44,18 @@ void sha1_tests(void) test_inputs[2] = (uint8_t *) long_msg; for (i = 0; i < 3; i++) { - TEST_EQ(vb2_digest(test_inputs[i], - strlen((char *)test_inputs[i]), - VB2_ALG_RSA1024_SHA1, digest, - sizeof(digest)), 0, "vb2_digest() SHA1"); + TEST_SUCC(vb2_digest(test_inputs[i], + strlen((char *)test_inputs[i]), + VB2_ALG_RSA1024_SHA1, digest, + sizeof(digest)), + "vb2_digest() SHA1"); TEST_EQ(memcmp(digest, sha1_results[i], sizeof(digest)), 0, "SHA1 digest"); } - TEST_NEQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), + TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), VB2_ALG_RSA1024_SHA1, digest, sizeof(digest) - 1), - 0, "vb2_digest() too small"); + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small"); } void sha256_tests(void) @@ -73,17 +69,18 @@ void sha256_tests(void) test_inputs[2] = (uint8_t *) long_msg; for (i = 0; i < 3; i++) { - TEST_EQ(vb2_digest(test_inputs[i], - strlen((char *)test_inputs[i]), - VB2_ALG_RSA1024_SHA256, digest, - sizeof(digest)), 0, "vb2_digest() SHA256"); + TEST_SUCC(vb2_digest(test_inputs[i], + strlen((char *)test_inputs[i]), + VB2_ALG_RSA1024_SHA256, digest, + sizeof(digest)), + "vb2_digest() SHA256"); TEST_EQ(memcmp(digest, sha256_results[i], sizeof(digest)), 0, "SHA-256 digest"); } - TEST_NEQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), - VB2_ALG_RSA1024_SHA256, digest, sizeof(digest) - 1), - 0, "vb2_digest() too small"); + TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), + VB2_ALG_RSA1024_SHA256, digest, sizeof(digest) - 1), + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small"); } void sha512_tests(void) @@ -97,17 +94,18 @@ void sha512_tests(void) test_inputs[2] = (uint8_t *) long_msg; for (i = 0; i < 3; i++) { - TEST_EQ(vb2_digest(test_inputs[i], - strlen((char *)test_inputs[i]), - VB2_ALG_RSA1024_SHA512, digest, - sizeof(digest)), 0, "vb2_digest() SHA512"); + TEST_SUCC(vb2_digest(test_inputs[i], + strlen((char *)test_inputs[i]), + VB2_ALG_RSA1024_SHA512, digest, + sizeof(digest)), + "vb2_digest() SHA512"); TEST_EQ(memcmp(digest, sha512_results[i], sizeof(digest)), 0, "SHA-512 digest"); } - TEST_NEQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), - VB2_ALG_RSA1024_SHA512, digest, sizeof(digest) - 1), - 0, "vb2_digest() too small"); + TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), + VB2_ALG_RSA1024_SHA512, digest, sizeof(digest) - 1), + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small"); } void misc_tests(void) @@ -117,17 +115,20 @@ void misc_tests(void) TEST_EQ(vb2_digest_size(VB2_ALG_COUNT), 0, "digest size invalid alg"); - TEST_NEQ(vb2_digest((uint8_t *)oneblock_msg, strlen(oneblock_msg), - VB2_ALG_COUNT, digest, sizeof(digest)), - 0, "vb2_digest() invalid alg"); + TEST_EQ(vb2_digest((uint8_t *)oneblock_msg, strlen(oneblock_msg), + VB2_ALG_COUNT, digest, sizeof(digest)), + VB2_ERROR_SHA_INIT_ALGORITHM, + "vb2_digest() invalid alg"); /* Test bad algorithm inside extend and finalize */ vb2_digest_init(&dc, VB2_ALG_RSA1024_SHA1); dc.algorithm = VB2_ALG_COUNT; - TEST_NEQ(vb2_digest_extend(&dc, digest, sizeof(digest)), - 0, "vb2_digest_extend() invalid alg"); - TEST_NEQ(vb2_digest_finalize(&dc, digest, sizeof(digest)), - 0, "vb2_digest_finalize() invalid alg"); + TEST_EQ(vb2_digest_extend(&dc, digest, sizeof(digest)), + VB2_ERROR_SHA_EXTEND_ALGORITHM, + "vb2_digest_extend() invalid alg"); + TEST_EQ(vb2_digest_finalize(&dc, digest, sizeof(digest)), + VB2_ERROR_SHA_FINALIZE_ALGORITHM, + "vb2_digest_finalize() invalid alg"); } int main(int argc, char *argv[]) |