diff options
| author | Randall Spangler <rspangler@chromium.org> | 2014-12-02 15:55:56 -0800 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-12-04 04:02:13 +0000 |
| commit | 108d991c678f80c99967bd07035de7418c81a072 (patch) | |
| tree | 2183720db7886371be5d05f53c47bf26a8527c62 | |
| parent | 7aef90c14d9dc770b4e16876faf8bf6b9942ff2e (diff) | |
| download | vboot-108d991c678f80c99967bd07035de7418c81a072.tar.gz | |
vboot2: Move knowledge of vboot 2.1 data structures inside lib21/
Code which compiles against fwlib2 no longer knows or cares about the
new data structures. This should shrink fwlib2 a bit. This is part 3
of 4 changes which split vboot 2.0 struct handling (old vboot1
structs) from vboot 2.1 struct handling (new style structs).
No functional changes; just shuffling around code.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
And compile firmware for veyron_pinky.
Change-Id: Ibccd7d1974e07f38b90c19c924ef3b1ffcb77d62
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233020
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
26 files changed, 1365 insertions, 1176 deletions
@@ -278,13 +278,12 @@ VBSLK_SRCS = \ firmware/lib/region-kernel.c \ # Firmware library source needed for smaller library 2 -FWLIB20_SRCS = \ +FWLIB2_SRCS = \ firmware/2lib/2api.c \ firmware/2lib/2common.c \ firmware/2lib/2crc8.c \ firmware/2lib/2misc.c \ firmware/2lib/2nvstorage.c \ - firmware/2lib/2packed_key.c \ firmware/2lib/2rsa.c \ firmware/2lib/2secdata.c \ firmware/2lib/2sha1.c \ @@ -292,6 +291,9 @@ FWLIB20_SRCS = \ firmware/2lib/2sha512.c \ firmware/2lib/2sha_utility.c +FWLIB20_SRCS = \ + firmware/2lib/2packed_key.c + FWLIB21_SRCS = \ firmware/lib21/api.c \ firmware/lib21/common.c \ @@ -332,7 +334,7 @@ VBSLK_SRCS += \ firmware/stub/vboot_api_stub_disk.c \ firmware/stub/vboot_api_stub_stream.c -FWLIB20_SRCS += \ +FWLIB2_SRCS += \ firmware/2lib/2stub.c endif @@ -345,13 +347,14 @@ VBSF_OBJS = ${VBSF_SRCS:%.c=${BUILD}/%.o} ALL_OBJS += ${VBINIT_OBJS} ${VBSF_OBJS} FWLIB_OBJS = ${FWLIB_SRCS:%.c=${BUILD}/%.o} +FWLIB2_OBJS = ${FWLIB2_SRCS:%.c=${BUILD}/%.o} FWLIB20_OBJS = ${FWLIB20_SRCS:%.c=${BUILD}/%.o} FWLIB21_OBJS = ${FWLIB21_SRCS:%.c=${BUILD}/%.o} -ALL_OBJS += ${FWLIB_OBJS} ${FWLIB20_OBJS} ${FWLIB21_OBJS} +ALL_OBJS += ${FWLIB_OBJS} ${FWLIB2_OBJS} ${FWLIB20_OBJS} ${FWLIB21_OBJS} # Intermediate library for the vboot_reference utilities to link against. UTILLIB = ${BUILD}/libvboot_util.a -UTILLIB21 = ${BUILD}/libvboot_util20.a +UTILLIB21 = ${BUILD}/libvboot_util21.a UTILLIB_SRCS = \ cgpt/cgpt_create.c \ @@ -630,26 +633,30 @@ endif TEST20_NAMES = \ tests/vb2_api_tests \ - tests/vb2_api2_tests \ tests/vb2_common_tests \ tests/vb2_common2_tests \ tests/vb2_common3_tests \ - tests/vb2_host_fw_preamble_tests \ - tests/vb2_host_key_tests \ - tests/vb2_host_keyblock_tests \ - tests/vb2_host_misc_tests \ - tests/vb2_host_sig_tests \ tests/vb2_misc_tests \ tests/vb2_misc2_tests \ - tests/vb2_misc3_tests \ tests/vb2_nvstorage_tests \ tests/vb2_rsa_padding_tests \ tests/vb2_rsa_utility_tests \ tests/vb2_secdata_tests \ - tests/vb2_sha_tests \ + tests/vb2_sha_tests + +TEST21_NAMES = \ + tests/vb21_api_tests \ + tests/vb21_common_tests \ + tests/vb21_common2_tests \ + tests/vb21_misc_tests \ + tests/vb21_host_fw_preamble_tests \ + tests/vb21_host_key_tests \ + tests/vb21_host_keyblock_tests \ + tests/vb21_host_misc_tests \ + tests/vb21_host_sig_tests ifneq (${VBOOT2},) -TEST_NAMES += ${TEST20_NAMES} +TEST_NAMES += ${TEST20_NAMES} ${TEST21_NAMES} endif # And a few more... @@ -673,6 +680,7 @@ TEST_BINS = $(addprefix ${BUILD}/,${TEST_NAMES}) TEST_OBJS += $(addsuffix .o,${TEST_BINS}) TEST20_BINS = $(addprefix ${BUILD}/,${TEST20_NAMES}) +TEST21_BINS = $(addprefix ${BUILD}/,${TEST21_NAMES}) # Directory containing test keys TEST_KEYS = ${SRC_RUN}/tests/testkeys @@ -738,6 +746,7 @@ ${FWLIB_OBJS}: CFLAGS += -DTPM_BLOCKING_CONTINUESELFTEST ifeq (${FIRMWARE_ARCH},i386) # Unrolling loops in cryptolib makes it faster ${FWLIB_OBJS}: CFLAGS += -DUNROLL_LOOPS +${FWLIB2_OBJS}: CFLAGS += -DUNROLL_LOOPS ${FWLIB20_OBJS}: CFLAGS += -DUNROLL_LOOPS ${FWLIB21_OBJS}: CFLAGS += -DUNROLL_LOOPS @@ -763,6 +772,8 @@ ifeq (${FIRMWARE_ARCH},) ${FWLIB_OBJS}: CFLAGS += -DDISABLE_ROLLBACK_TPM endif +${FWLIB21_OBJS}: INCLUDES += -Ifirmware/lib21/include + # Linktest ensures firmware lib doesn't rely on outside libraries ${BUILD}/firmware/linktest/main_vbinit: ${VBINIT_OBJS} ${BUILD}/firmware/linktest/main_vbinit: OBJS = ${VBINIT_OBJS} @@ -792,7 +803,7 @@ ${FWLIB}: ${FWLIB_OBJS} .PHONY: fwlib2 fwlib2: ${FWLIB20} -${FWLIB20}: ${FWLIB20_OBJS} +${FWLIB20}: ${FWLIB2_OBJS} ${FWLIB20_OBJS} @$(PRINTF) " RM $(subst ${BUILD}/,,$@)\n" ${Q}rm -f $@ @$(PRINTF) " AR $(subst ${BUILD}/,,$@)\n" @@ -801,7 +812,7 @@ ${FWLIB20}: ${FWLIB20_OBJS} .PHONY: fwlib21 fwlib21: ${FWLIB21} -${FWLIB21}: ${FWLIB21_OBJS} +${FWLIB21}: ${FWLIB2_OBJS} ${FWLIB21_OBJS} @$(PRINTF) " RM $(subst ${BUILD}/,,$@)\n" ${Q}rm -f $@ @$(PRINTF) " AR $(subst ${BUILD}/,,$@)\n" @@ -829,10 +840,10 @@ ${UTILLIB}: ${UTILLIB_OBJS} ${FWLIB_OBJS} .PHONY: utillib21 utillib21: ${UTILLIB21} -${UTILLIB21}: INCLUDES += -Ihost/lib21/include +${UTILLIB21}: INCLUDES += -Ihost/lib21/include -Ifirmware/lib21/include # TODO: right now, firmware lib 2.1 isn't a complete standalone copy -${UTILLIB21}: ${UTILLIB21_OBJS} ${FWLIB20_OBJS} ${FWLIB21_OBJS} +${UTILLIB21}: ${UTILLIB21_OBJS} ${FWLIB2_OBJS} ${FWLIB20_OBJS} ${FWLIB21_OBJS} @$(PRINTF) " RM $(subst ${BUILD}/,,$@)\n" ${Q}rm -f $@ @$(PRINTF) " AR $(subst ${BUILD}/,,$@)\n" @@ -970,9 +981,12 @@ ${TEST_BINS}: ${UTILLIB} ${TESTLIB} ${TEST_BINS}: INCLUDES += -Itests ${TEST_BINS}: LIBS = ${TESTLIB} ${UTILLIB} -${TEST20_BINS}: ${UTILLIB21} -${TEST20_BINS}: INCLUDES += -Ihost/lib21/include -${TEST20_BINS}: LIBS += ${UTILLIB21} +${TEST20_BINS}: ${FWLIB20} +${TEST20_BINS}: LIBS += ${FWLIB20} + +${TEST21_BINS}: ${UTILLIB21} +${TEST21_BINS}: INCLUDES += -Ihost/lib21/include -Ifirmware/lib21/include +${TEST21_BINS}: LIBS += ${UTILLIB21} ${TESTLIB}: ${TESTLIB_OBJS} @$(PRINTF) " RM $(subst ${BUILD}/,,$@)\n" @@ -1025,16 +1039,12 @@ ${BUILD}/utility/pad_digest_utility: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/utility/signature_digest_utility: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/host/linktest/main: LDLIBS += ${CRYPTO_LIBS} -${BUILD}/tests/vb2_api2_tests: LDLIBS += ${CRYPTO_LIBS} -${BUILD}/tests/vb2_common_tests: LDLIBS += ${CRYPTO_LIBS} -${BUILD}/tests/vb2_common2_tests: LDLIBS += ${CRYPTO_LIBS} -${BUILD}/tests/vb2_common3_tests: LDLIBS += ${CRYPTO_LIBS} -${BUILD}/tests/vb2_host_fw_preamble_tests: LDLIBS += ${CRYPTO_LIBS} -${BUILD}/tests/vb2_host_key_tests: LDLIBS += ${CRYPTO_LIBS} -${BUILD}/tests/vb2_host_keyblock_tests: LDLIBS += ${CRYPTO_LIBS} -${BUILD}/tests/vb2_host_sig_tests: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/tests/vboot_common2_tests: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/tests/vboot_common3_tests: LDLIBS += ${CRYPTO_LIBS} +${BUILD}/tests/vb2_common2_tests: LDLIBS += ${CRYPTO_LIBS} +${BUILD}/tests/vb2_common3_tests: LDLIBS += ${CRYPTO_LIBS} + +${TEST21_BINS}: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/utility/bmpblk_utility: LD = ${CXX} ${BUILD}/utility/bmpblk_utility: LDLIBS = -llzma -lyaml @@ -1208,22 +1218,24 @@ runmisctests: test_setup .PHONY: run2tests run2tests: test_setup ${RUNTEST} ${BUILD_RUN}/tests/vb2_api_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb2_api2_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_common_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_common2_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb2_common3_tests ${TEST_KEYS} - ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_fw_preamble_tests ${TEST_KEYS} - ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_key_tests ${TEST_KEYS} - ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_keyblock_tests ${TEST_KEYS} - ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_misc_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb2_host_sig_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb2_misc_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_misc2_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb2_misc3_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_nvstorage_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_rsa_utility_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_secdata_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_sha_tests + ${RUNTEST} ${BUILD_RUN}/tests/vb21_api_tests + ${RUNTEST} ${BUILD_RUN}/tests/vb21_common_tests + ${RUNTEST} ${BUILD_RUN}/tests/vb21_common2_tests ${TEST_KEYS} + ${RUNTEST} ${BUILD_RUN}/tests/vb21_misc_tests + ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_fw_preamble_tests ${TEST_KEYS} + ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_key_tests ${TEST_KEYS} + ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_keyblock_tests ${TEST_KEYS} + ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_misc_tests + ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_sig_tests ${TEST_KEYS} .PHONY: runfutiltests runfutiltests: test_setup @@ -1240,6 +1252,7 @@ runlongtests: test_setup genkeys genfuzztestcases ifneq (${VBOOT2},) ${RUNTEST} ${BUILD_RUN}/tests/vb2_common2_tests ${TEST_KEYS} --all ${RUNTEST} ${BUILD_RUN}/tests/vb2_common3_tests ${TEST_KEYS} --all + ${RUNTEST} ${BUILD_RUN}/tests/vb21_common2_tests ${TEST_KEYS} --all endif tests/run_preamble_tests.sh --all tests/run_vbutil_tests.sh --all diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index 1ea3f9e2..672bd00c 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -331,15 +331,6 @@ uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg, */ const struct vb2_guid *vb2_hash_guid(enum vb2_hash_algorithm hash_alg); -/** - * Verify the integrity of a signature struct - * @param sig Signature struct - * @param size Size of buffer containing signature struct - * @return VB2_SUCCESS, or non-zero if error. - */ -int vb2_verify_signature2(const struct vb2_signature2 *sig, - uint32_t size); - /* * Size of work buffer sufficient for vb2_verify_digest() or * vb2_verify_digest2() worst case. @@ -360,20 +351,6 @@ int vb2_verify_digest(const struct vb2_public_key *key, const uint8_t *digest, const struct vb2_workbuf *wb); -/** - * Verify a signature against an expected hash digest. - * - * @param key Key to use in signature verification - * @param sig Signature to verify (may be destroyed in process) - * @param digest Digest of signed data - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero if error. - */ -int vb2_verify_digest2(const struct vb2_public_key *key, - struct vb2_signature2 *sig, - const uint8_t *digest, - const struct vb2_workbuf *wb); - /* * Size of work buffer sufficient for vb2_verify_data() or vb2_verify_data2() * worst case. @@ -400,12 +377,6 @@ int vb2_verify_data(const uint8_t *data, const struct vb2_public_key *key, const struct vb2_workbuf *wb); -int vb2_verify_data2(const void *data, - uint32_t size, - struct vb2_signature2 *sig, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - /* * Size of work buffer sufficient for vb2_verify_keyblock() or * vb2_verify_keyblock2() worst case. @@ -429,11 +400,6 @@ int vb2_verify_keyblock(struct vb2_keyblock *block, const struct vb2_public_key *key, const struct vb2_workbuf *wb); -int vb2_verify_keyblock2(struct vb2_keyblock2 *block, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - /* * Size of work buffer sufficient for vb2_verify_fw_preamble() or * vb2_verify_fw_preamble2() worst case. @@ -456,9 +422,4 @@ int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, const struct vb2_public_key *key, const struct vb2_workbuf *wb); -int vb2_verify_fw_preamble2(struct vb2_fw_preamble2 *preamble, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - #endif /* VBOOT_REFERENCE_VBOOT_2COMMON_H_ */ diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index e4aaf607..b2b35f24 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -12,6 +12,37 @@ #include "2guid.h" +/* Algorithm types for signatures */ +enum vb2_signature_algorithm { + /* Invalid or unsupported signature type */ + VB2_SIG_INVALID = 0, + + /* + * No signature algorithm. The digest is unsigned. See + * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm. + */ + VB2_SIG_NONE = 1, + + /* RSA algorithms of the given length in bits (1024-8192) */ + VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */ + VB2_SIG_RSA2048 = 3, + VB2_SIG_RSA4096 = 4, + VB2_SIG_RSA8192 = 5, +}; + +/* Algorithm types for hash digests */ +enum vb2_hash_algorithm { + /* Invalid or unsupported digest type */ + VB2_HASH_INVALID = 0, + + /* SHA-1. Warning: This is likely to be deprecated soon! */ + VB2_HASH_SHA1 = 1, + + /* SHA-256 and SHA-512 */ + VB2_HASH_SHA256 = 2, + VB2_HASH_SHA512 = 3, +}; + /****************************************************************************/ /* * Vboot1-compatible data structures @@ -190,365 +221,6 @@ struct vb2_fw_preamble { #define EXPECTED_VB2_FW_PREAMBLE_SIZE 108 /****************************************************************************/ -/* - * Vboot2 data structures - * - * - * Offsets should be padded to 32-bit boundaries, since some architectures - * have trouble with accessing unaligned integers. - */ - -/* - * Magic numbers used by vb2_struct_common.magic. - * - * All valid numbers should be listed here to avoid accidental overlap. - * Numbers start at a large value, so that previous parsers (which stored - * things like lengths and offsets at that field) will detect and reject new - * structs as invalid. - */ -enum vb2_struct_common_magic { - /* "Vb2B" = vb2_keyblock2.c.magic */ - VB2_MAGIC_KEYBLOCK2 = 0x42326256, - - /* "Vb2F" = vb2_fw_preamble.c.magic */ - VB2_MAGIC_FW_PREAMBLE2 = 0x46326256, - - /* "Vb2I" = vb2_packed_private_key2.c.magic */ - VB2_MAGIC_PACKED_PRIVATE_KEY2 = 0x49326256, - - /* "Vb2K" = vb2_kernel_preamble.c.magic */ - VB2_MAGIC_KERNEL_PREAMBLE2 = 0x4b326256, - - /* "Vb2P" = vb2_packed_key2.c.magic */ - VB2_MAGIC_PACKED_KEY2 = 0x50326256, - - /* "Vb2S" = vb2_signature.c.magic */ - VB2_MAGIC_SIGNATURE2 = 0x53326256, -}; - - -/* - * Generic struct header for all vboot2 structs. This makes it easy to - * automatically parse and identify vboot structs (e.g., in futility). This - * must be the first member of the parent vboot2 struct. - */ -struct vb2_struct_common { - /* Magic number; see vb2_struct_common_magic for expected values */ - uint32_t magic; - - /* - * Parent struct version; see each struct for the expected value. - * - * How to handle struct version mismatches, if the parser is version - * A.b and the data is version C.d: - * 1) If A.b == C.d, we're good. - * 2) If A != C, the data cannot be parsed at all. - * 3) If b < d, C.d is a newer version of data which is backwards- - * compatible to old parsers. We're good. - * 4) If b > d, C.d is an older version of data. The parser should - * use default values for fields added after version d. We're - * good. - * - * Struct versions start at 3.0, since the highest version of the old - * structures was 2.1. This way, there is no possibility of collision - * for old code which depends on the version number. - */ - uint16_t struct_version_major; - uint16_t struct_version_minor; - - /* - * Size of the parent structure and all its data, including the - * description and any necessary padding. That is, all data must lie - * in a contiguous region of <total_size> bytes starting at the first - * byte of this header. - */ - uint32_t total_size; - - /* - * Size of the fixed portion of the parent structure. If a description - * is present, it must start at this offset. - */ - uint32_t fixed_size; - - /* - * The object may contain an ASCII description following the fixed - * portion of the structure. If it is present, it must be - * null-terminated, and padded with 0 (null) bytes to a multiple of 32 - * bits. - * - * Size of ASCII description in bytes, counting null terminator and - * padding (if any). Set 0 if no description is present. If non-zero, - * there must be a null terminator (0) at offset (fixed_size + - * desc_size - 1). - */ - uint32_t desc_size; -} __attribute__((packed)); - -#define EXPECTED_VB2_STRUCT_COMMON_SIZE 20 - -/* Algorithm types for signatures */ -enum vb2_signature_algorithm { - /* Invalid or unsupported signature type */ - VB2_SIG_INVALID = 0, - - /* - * No signature algorithm. The digest is unsigned. See - * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm. - */ - VB2_SIG_NONE = 1, - - /* RSA algorithms of the given length in bits (1024-8192) */ - VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */ - VB2_SIG_RSA2048 = 3, - VB2_SIG_RSA4096 = 4, - VB2_SIG_RSA8192 = 5, -}; - -/* Algorithm types for hash digests */ -enum vb2_hash_algorithm { - /* Invalid or unsupported digest type */ - VB2_HASH_INVALID = 0, - - /* SHA-1. Warning: This is likely to be deprecated soon! */ - VB2_HASH_SHA1 = 1, - - /* SHA-256 and SHA-512 */ - VB2_HASH_SHA256 = 2, - VB2_HASH_SHA512 = 3, -}; - -/* Current version of vb2_packed_key2 struct */ -#define VB2_PACKED_KEY2_VERSION_MAJOR 3 -#define VB2_PACKED_KEY2_VERSION_MINOR 0 - -/* - * Packed public key data, version 2 - * - * The key data must be arranged like this: - * 1) vb2_packed_key2 header struct h - * 2) Key description (pointed to by h.c.fixed_size) - * 3) Key data key (pointed to by h.key_offset) - */ -struct vb2_packed_key2 { - /* Common header fields */ - struct vb2_struct_common c; - - /* Offset of key data from start of this struct */ - uint32_t key_offset; - - /* Size of key data in bytes (NOT strength of key in bits) */ - uint32_t key_size; - - /* Signature algorithm used by the key (enum vb2_signature_algorithm) */ - uint16_t sig_alg; - - /* - * Hash digest algorithm used with the key (enum vb2_hash_algorithm). - * This is explicitly specified as part of the key to prevent use of a - * strong key with a weak hash. - */ - uint16_t hash_alg; - - /* Key version */ - uint32_t key_version; - - /* Key GUID */ - struct vb2_guid guid; -} __attribute__((packed)); - -#define EXPECTED_VB2_PACKED_KEY2_SIZE \ - (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16) - -/* Current version of vb2_packed_private_key2 struct */ -#define VB2_PACKED_PRIVATE_KEY2_VERSION_MAJOR 3 -#define VB2_PACKED_PRIVATE_KEY2_VERSION_MINOR 0 - -/* - * Packed private key data, version 2 - * - * The key data must be arranged like this: - * 1) vb2_packed_private_key2 header struct h - * 2) Key description (pointed to by h.c.fixed_size) - * 3) Key data key (pointed to by h.key_offset) - */ -struct vb2_packed_private_key2 { - /* Common header fields */ - struct vb2_struct_common c; - - /* Offset of key data from start of this struct */ - uint32_t key_offset; - - /* Size of key data in bytes (NOT strength of key in bits) */ - uint32_t key_size; - - /* Signature algorithm used by the key (enum vb2_signature_algorithm) */ - uint16_t sig_alg; - - /* - * Hash digest algorithm used with the key (enum vb2_hash_algorithm). - * This is explicitly specified as part of the key to prevent use of a - * strong key with a weak hash. - */ - uint16_t hash_alg; - - /* Key GUID */ - struct vb2_guid guid; -} __attribute__((packed)); - -#define EXPECTED_VB2_PACKED_PRIVATE_KEY2_SIZE \ - (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 12) - -/* Current version of vb2_signature2 struct */ -#define VB2_SIGNATURE2_VERSION_MAJOR 3 -#define VB2_SIGNATURE2_VERSION_MINOR 0 - -/* - * Signature data, version 2 - * - * The signature data must be arranged like this: - * 1) vb2_signature2 header struct h - * 2) Signature description (pointed to by h.c.fixed_size) - * 3) Signature data (pointed to by h.sig_offset) - */ -struct vb2_signature2 { - /* Common header fields */ - struct vb2_struct_common c; - - /* Offset of signature data from start of this struct */ - uint32_t sig_offset; - - /* Size of signature data in bytes */ - uint32_t sig_size; - - /* Size of the data block which was signed in bytes */ - uint32_t data_size; - - /* Signature algorithm used (enum vb2_signature_algorithm) */ - uint16_t sig_alg; - - /* Hash digest algorithm used (enum vb2_hash_algorithm) */ - uint16_t hash_alg; - - /* - * GUID for the signature. - * - * If this is a keyblock signature entry, this is the GUID of the key - * used to generate this signature. This allows the firmware to - * quickly determine which signature block (if any) goes with the key - * being used by the firmware. - * - * If this is a preamble hash entry, this is the GUID of the data type - * being hashed. There is no key GUID, because sig_alg=VB2_ALG_NONE. - */ - struct vb2_guid guid; -} __attribute__((packed)); - -#define EXPECTED_VB2_SIGNATURE2_SIZE \ - (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16) - - -/* Current version of vb2_keyblock2 struct */ -#define VB2_KEYBLOCK2_VERSION_MAJOR 3 -#define VB2_KEYBLOCK2_VERSION_MINOR 0 - -/* - * Key block. This contains a signed, versioned key for use in the next stage - * of verified boot. - * - * The key block data must be arranged like this: - * 1) vb2_keyblock2 header struct h - * 2) Keyblock description (pointed to by h.c.fixed_size) - * 3) Data key (pointed to by h.data_key_offset) - * 4) Signatures (first signature pointed to by h.sig_offset) - * - * The signatures from 4) must cover all the data from 1), 2), 3). That is, - * signatures must sign all data up to sig_offset. - */ -struct vb2_keyblock2 { - /* Common header fields */ - struct vb2_struct_common c; - - /* Flags (VB2_KEY_BLOCK_FLAG_*) */ - uint32_t flags; - - /* - * Offset of key (struct vb2_packed_key2) to use in next stage of - * verification, from start of the keyblock. - */ - uint32_t key_offset; - - /* Number of keyblock signatures which follow */ - uint32_t sig_count; - - /* - * Offset of the first signature (struct vb2_signature2) from the start - * of the keyblock. - * - * Signatures sign the contents of this struct and the data pointed to - * by data_key_offset, but not themselves or other signatures. - * - * For the firmware, there may be only one signature. - * - * Kernels often have at least two signatures - one using the kernel - * subkey from the RW firmware (for signed kernels) and one which is - * simply a SHA-512 hash (for unsigned developer kernels). - * - * The GUID for each signature indicates which key was used to generate - * the signature. - */ - uint32_t sig_offset; -} __attribute__((packed)); - -#define EXPECTED_VB2_KEYBLOCK2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 16) - - -/* Current version of vb2_fw_preamble2 struct */ -#define VB2_FW_PREAMBLE2_VERSION_MAJOR 3 -#define VB2_FW_PREAMBLE2_VERSION_MINOR 0 - -/* - * Firmware preamble - * - * The preamble data must be arranged like this: - * 1) vb2_fw_preamble2 header struct h - * 2) Preamble description (pointed to by h.c.fixed_size) - * 3) Hashes (pointed to by h.hash_offset) - * 4) Signature (pointed to by h.sig_offset) - * - * The signature 4) must cover all the data from 1), 2), 3). - */ -struct vb2_fw_preamble2 { - /* Common header fields */ - struct vb2_struct_common c; - - /* Flags; see VB2_FIRMWARE_PREAMBLE_* */ - uint32_t flags; - - /* Firmware version */ - uint32_t firmware_version; - - /* Offset of signature (struct vb2_signature2) for this preamble */ - uint32_t sig_offset; - - /* - * The preamble contains a list of hashes (struct vb2_signature2) for - * the various firmware components. These have sig_alg=VB2_SIG_NONE, - * and the GUID for each hash identifies the component being hashed. - * The calling firmware is responsible for knowing where to find those - * components, which may be on a different storage device than this - * preamble. - */ - - /* Number of hash entries */ - uint32_t hash_count; - - /* Offset of first hash entry from start of preamble */ - uint32_t hash_offset; -} __attribute__((packed)); - -#define EXPECTED_VB2_FW_PREAMBLE2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 20) - -/****************************************************************************/ /* Flags for vb2_shared_data.flags */ enum vb2_shared_data_flags { diff --git a/firmware/lib21/api.c b/firmware/lib21/api.c index 0df2cf69..99bc4433 100644 --- a/firmware/lib21/api.c +++ b/firmware/lib21/api.c @@ -14,6 +14,7 @@ #include "2secdata.h" #include "2sha.h" #include "2rsa.h" +#include "vb2_common.h" int vb2api_fw_phase3_2(struct vb2_context *ctx) { diff --git a/firmware/lib21/common.c b/firmware/lib21/common.c index a5ebc70c..cf1ec417 100644 --- a/firmware/lib21/common.c +++ b/firmware/lib21/common.c @@ -9,6 +9,7 @@ #include "2common.h" #include "2rsa.h" #include "2sha.h" +#include "vb2_common.h" const char *vb2_common_desc(const void *buf) { diff --git a/firmware/lib21/include/vb2_common.h b/firmware/lib21/include/vb2_common.h new file mode 100644 index 00000000..5abac4c0 --- /dev/null +++ b/firmware/lib21/include/vb2_common.h @@ -0,0 +1,91 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Common functions between firmware and kernel verified boot. + */ + +#ifndef VBOOT_REFERENCE_VB2_COMMON_H_ +#define VBOOT_REFERENCE_VB2_COMMON_H_ + +#include "2api.h" +#include "2common.h" +#include "2return_codes.h" +#include "2sha.h" +#include "2struct.h" +#include "vb2_struct.h" + +/** + * Verify the integrity of a signature struct + * @param sig Signature struct + * @param size Size of buffer containing signature struct + * @return VB2_SUCCESS, or non-zero if error. + */ +int vb2_verify_signature2(const struct vb2_signature2 *sig, + uint32_t size); + +/** + * Verify a signature against an expected hash digest. + * + * @param key Key to use in signature verification + * @param sig Signature to verify (may be destroyed in process) + * @param digest Digest of signed data + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero if error. + */ +int vb2_verify_digest2(const struct vb2_public_key *key, + struct vb2_signature2 *sig, + const uint8_t *digest, + const struct vb2_workbuf *wb); + +/** + * Verify data matches signature. + * + * @param data Data to verify + * @param size Size of data buffer. Note that amount of data to + * actually validate is contained in sig->data_size. + * @param sig Signature of data (destroyed in process) + * @param key Key to use to validate signature + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero error code if error. + */ +int vb2_verify_data2(const void *data, + uint32_t size, + struct vb2_signature2 *sig, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb); + +/** + * Check the sanity of a key block using a public key. + * + * Header fields are also checked for sanity. Does not verify key index or key + * block flags. Signature inside block is destroyed during check. + * + * @param block Key block to verify + * @param size Size of key block buffer + * @param key Key to use to verify block + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero error code if error. + */ +int vb2_verify_keyblock2(struct vb2_keyblock2 *block, + uint32_t size, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb); + +/** + * Check the sanity of a firmware preamble using a public key. + * + * The signature in the preamble is destroyed during the check. + * + * @param preamble Preamble to verify + * @param size Size of preamble buffer + * @param key Key to use to verify preamble + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero error code if error. + */ +int vb2_verify_fw_preamble2(struct vb2_fw_preamble2 *preamble, + uint32_t size, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb); + +#endif /* VBOOT_REFERENCE_VB2_COMMON_H_ */ diff --git a/firmware/lib21/include/vb2_struct.h b/firmware/lib21/include/vb2_struct.h new file mode 100644 index 00000000..4bf4da74 --- /dev/null +++ b/firmware/lib21/include/vb2_struct.h @@ -0,0 +1,336 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Vboot 2.1 data structures + * + * Offsets should be padded to 32-bit boundaries, since some architectures + * have trouble with accessing unaligned integers. + */ + +#ifndef VBOOT_REFERENCE_VB2_STRUCT_H_ +#define VBOOT_REFERENCE_VB2_STRUCT_H_ +#include <stdint.h> + +#include "2guid.h" + +/* + * Magic numbers used by vb2_struct_common.magic. + * + * All valid numbers should be listed here to avoid accidental overlap. + * Numbers start at a large value, so that previous parsers (which stored + * things like lengths and offsets at that field) will detect and reject new + * structs as invalid. + */ +enum vb2_struct_common_magic { + /* "Vb2B" = vb2_keyblock2.c.magic */ + VB2_MAGIC_KEYBLOCK2 = 0x42326256, + + /* "Vb2F" = vb2_fw_preamble.c.magic */ + VB2_MAGIC_FW_PREAMBLE2 = 0x46326256, + + /* "Vb2I" = vb2_packed_private_key2.c.magic */ + VB2_MAGIC_PACKED_PRIVATE_KEY2 = 0x49326256, + + /* "Vb2K" = vb2_kernel_preamble.c.magic */ + VB2_MAGIC_KERNEL_PREAMBLE2 = 0x4b326256, + + /* "Vb2P" = vb2_packed_key2.c.magic */ + VB2_MAGIC_PACKED_KEY2 = 0x50326256, + + /* "Vb2S" = vb2_signature.c.magic */ + VB2_MAGIC_SIGNATURE2 = 0x53326256, +}; + + +/* + * Generic struct header for all vboot2 structs. This makes it easy to + * automatically parse and identify vboot structs (e.g., in futility). This + * must be the first member of the parent vboot2 struct. + */ +struct vb2_struct_common { + /* Magic number; see vb2_struct_common_magic for expected values */ + uint32_t magic; + + /* + * Parent struct version; see each struct for the expected value. + * + * How to handle struct version mismatches, if the parser is version + * A.b and the data is version C.d: + * 1) If A.b == C.d, we're good. + * 2) If A != C, the data cannot be parsed at all. + * 3) If b < d, C.d is a newer version of data which is backwards- + * compatible to old parsers. We're good. + * 4) If b > d, C.d is an older version of data. The parser should + * use default values for fields added after version d. We're + * good. + * + * Struct versions start at 3.0, since the highest version of the old + * structures was 2.1. This way, there is no possibility of collision + * for old code which depends on the version number. + */ + uint16_t struct_version_major; + uint16_t struct_version_minor; + + /* + * Size of the parent structure and all its data, including the + * description and any necessary padding. That is, all data must lie + * in a contiguous region of <total_size> bytes starting at the first + * byte of this header. + */ + uint32_t total_size; + + /* + * Size of the fixed portion of the parent structure. If a description + * is present, it must start at this offset. + */ + uint32_t fixed_size; + + /* + * The object may contain an ASCII description following the fixed + * portion of the structure. If it is present, it must be + * null-terminated, and padded with 0 (null) bytes to a multiple of 32 + * bits. + * + * Size of ASCII description in bytes, counting null terminator and + * padding (if any). Set 0 if no description is present. If non-zero, + * there must be a null terminator (0) at offset (fixed_size + + * desc_size - 1). + */ + uint32_t desc_size; +} __attribute__((packed)); + +#define EXPECTED_VB2_STRUCT_COMMON_SIZE 20 + +/* Current version of vb2_packed_key2 struct */ +#define VB2_PACKED_KEY2_VERSION_MAJOR 3 +#define VB2_PACKED_KEY2_VERSION_MINOR 0 + +/* + * Packed public key data, version 2 + * + * The key data must be arranged like this: + * 1) vb2_packed_key2 header struct h + * 2) Key description (pointed to by h.c.fixed_size) + * 3) Key data key (pointed to by h.key_offset) + */ +struct vb2_packed_key2 { + /* Common header fields */ + struct vb2_struct_common c; + + /* Offset of key data from start of this struct */ + uint32_t key_offset; + + /* Size of key data in bytes (NOT strength of key in bits) */ + uint32_t key_size; + + /* Signature algorithm used by the key (enum vb2_signature_algorithm) */ + uint16_t sig_alg; + + /* + * Hash digest algorithm used with the key (enum vb2_hash_algorithm). + * This is explicitly specified as part of the key to prevent use of a + * strong key with a weak hash. + */ + uint16_t hash_alg; + + /* Key version */ + uint32_t key_version; + + /* Key GUID */ + struct vb2_guid guid; +} __attribute__((packed)); + +#define EXPECTED_VB2_PACKED_KEY2_SIZE \ + (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16) + +/* Current version of vb2_packed_private_key2 struct */ +#define VB2_PACKED_PRIVATE_KEY2_VERSION_MAJOR 3 +#define VB2_PACKED_PRIVATE_KEY2_VERSION_MINOR 0 + +/* + * Packed private key data, version 2 + * + * The key data must be arranged like this: + * 1) vb2_packed_private_key2 header struct h + * 2) Key description (pointed to by h.c.fixed_size) + * 3) Key data key (pointed to by h.key_offset) + */ +struct vb2_packed_private_key2 { + /* Common header fields */ + struct vb2_struct_common c; + + /* Offset of key data from start of this struct */ + uint32_t key_offset; + + /* Size of key data in bytes (NOT strength of key in bits) */ + uint32_t key_size; + + /* Signature algorithm used by the key (enum vb2_signature_algorithm) */ + uint16_t sig_alg; + + /* + * Hash digest algorithm used with the key (enum vb2_hash_algorithm). + * This is explicitly specified as part of the key to prevent use of a + * strong key with a weak hash. + */ + uint16_t hash_alg; + + /* Key GUID */ + struct vb2_guid guid; +} __attribute__((packed)); + +#define EXPECTED_VB2_PACKED_PRIVATE_KEY2_SIZE \ + (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 12) + +/* Current version of vb2_signature2 struct */ +#define VB2_SIGNATURE2_VERSION_MAJOR 3 +#define VB2_SIGNATURE2_VERSION_MINOR 0 + +/* + * Signature data, version 2 + * + * The signature data must be arranged like this: + * 1) vb2_signature2 header struct h + * 2) Signature description (pointed to by h.c.fixed_size) + * 3) Signature data (pointed to by h.sig_offset) + */ +struct vb2_signature2 { + /* Common header fields */ + struct vb2_struct_common c; + + /* Offset of signature data from start of this struct */ + uint32_t sig_offset; + + /* Size of signature data in bytes */ + uint32_t sig_size; + + /* Size of the data block which was signed in bytes */ + uint32_t data_size; + + /* Signature algorithm used (enum vb2_signature_algorithm) */ + uint16_t sig_alg; + + /* Hash digest algorithm used (enum vb2_hash_algorithm) */ + uint16_t hash_alg; + + /* + * GUID for the signature. + * + * If this is a keyblock signature entry, this is the GUID of the key + * used to generate this signature. This allows the firmware to + * quickly determine which signature block (if any) goes with the key + * being used by the firmware. + * + * If this is a preamble hash entry, this is the GUID of the data type + * being hashed. There is no key GUID, because sig_alg=VB2_ALG_NONE. + */ + struct vb2_guid guid; +} __attribute__((packed)); + +#define EXPECTED_VB2_SIGNATURE2_SIZE \ + (EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16) + + +/* Current version of vb2_keyblock2 struct */ +#define VB2_KEYBLOCK2_VERSION_MAJOR 3 +#define VB2_KEYBLOCK2_VERSION_MINOR 0 + +/* + * Key block. This contains a signed, versioned key for use in the next stage + * of verified boot. + * + * The key block data must be arranged like this: + * 1) vb2_keyblock2 header struct h + * 2) Keyblock description (pointed to by h.c.fixed_size) + * 3) Data key (pointed to by h.data_key_offset) + * 4) Signatures (first signature pointed to by h.sig_offset) + * + * The signatures from 4) must cover all the data from 1), 2), 3). That is, + * signatures must sign all data up to sig_offset. + */ +struct vb2_keyblock2 { + /* Common header fields */ + struct vb2_struct_common c; + + /* Flags (VB2_KEY_BLOCK_FLAG_*) */ + uint32_t flags; + + /* + * Offset of key (struct vb2_packed_key2) to use in next stage of + * verification, from start of the keyblock. + */ + uint32_t key_offset; + + /* Number of keyblock signatures which follow */ + uint32_t sig_count; + + /* + * Offset of the first signature (struct vb2_signature2) from the start + * of the keyblock. + * + * Signatures sign the contents of this struct and the data pointed to + * by data_key_offset, but not themselves or other signatures. + * + * For the firmware, there may be only one signature. + * + * Kernels often have at least two signatures - one using the kernel + * subkey from the RW firmware (for signed kernels) and one which is + * simply a SHA-512 hash (for unsigned developer kernels). + * + * The GUID for each signature indicates which key was used to generate + * the signature. + */ + uint32_t sig_offset; +} __attribute__((packed)); + +#define EXPECTED_VB2_KEYBLOCK2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 16) + + +/* Current version of vb2_fw_preamble2 struct */ +#define VB2_FW_PREAMBLE2_VERSION_MAJOR 3 +#define VB2_FW_PREAMBLE2_VERSION_MINOR 0 + +/* + * Firmware preamble + * + * The preamble data must be arranged like this: + * 1) vb2_fw_preamble2 header struct h + * 2) Preamble description (pointed to by h.c.fixed_size) + * 3) Hashes (pointed to by h.hash_offset) + * 4) Signature (pointed to by h.sig_offset) + * + * The signature 4) must cover all the data from 1), 2), 3). + */ +struct vb2_fw_preamble2 { + /* Common header fields */ + struct vb2_struct_common c; + + /* Flags; see VB2_FIRMWARE_PREAMBLE_* */ + uint32_t flags; + + /* Firmware version */ + uint32_t firmware_version; + + /* Offset of signature (struct vb2_signature2) for this preamble */ + uint32_t sig_offset; + + /* + * The preamble contains a list of hashes (struct vb2_signature2) for + * the various firmware components. These have sig_alg=VB2_SIG_NONE, + * and the GUID for each hash identifies the component being hashed. + * The calling firmware is responsible for knowing where to find those + * components, which may be on a different storage device than this + * preamble. + */ + + /* Number of hash entries */ + uint32_t hash_count; + + /* Offset of first hash entry from start of preamble */ + uint32_t hash_offset; +} __attribute__((packed)); + +#define EXPECTED_VB2_FW_PREAMBLE2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 20) + +#endif /* VBOOT_REFERENCE_VB2_STRUCT_H_ */ diff --git a/firmware/lib21/misc.c b/firmware/lib21/misc.c index dbdf95c0..16648a74 100644 --- a/firmware/lib21/misc.c +++ b/firmware/lib21/misc.c @@ -13,6 +13,7 @@ #include "2secdata.h" #include "2sha.h" #include "2rsa.h" +#include "vb2_common.h" /** * Read an object with a common struct header from a verified boot resource. diff --git a/firmware/lib21/packed_key.c b/firmware/lib21/packed_key.c index d872d446..3974b5f8 100644 --- a/firmware/lib21/packed_key.c +++ b/firmware/lib21/packed_key.c @@ -8,6 +8,7 @@ #include "2sysincludes.h" #include "2common.h" #include "2rsa.h" +#include "vb2_common.h" int vb2_unpack_key2_data(struct vb2_public_key *key, const uint8_t *key_data, diff --git a/host/lib21/host_fw_preamble.c b/host/lib21/host_fw_preamble.c index 87c4ecdd..557c157c 100644 --- a/host/lib21/host_fw_preamble.c +++ b/host/lib21/host_fw_preamble.c @@ -14,6 +14,7 @@ #include "host_keyblock2.h" #include "host_misc.h" #include "host_signature2.h" +#include "vb2_common.h" int vb2_fw_preamble_create(struct vb2_fw_preamble2 **fp_ptr, const struct vb2_private_key *signing_key, diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c index adda9da0..5fc41889 100644 --- a/host/lib21/host_key.c +++ b/host/lib21/host_key.c @@ -15,6 +15,7 @@ #include "2common.h" #include "2rsa.h" #include "2sha.h" +#include "vb2_common.h" #include "host_common.h" #include "host_key2.h" #include "host_misc.h" diff --git a/host/lib21/host_keyblock.c b/host/lib21/host_keyblock.c index 570d3c8a..f242cdde 100644 --- a/host/lib21/host_keyblock.c +++ b/host/lib21/host_keyblock.c @@ -8,6 +8,7 @@ #include "2sysincludes.h" #include "2common.h" #include "2rsa.h" +#include "vb2_common.h" #include "host_common.h" #include "host_key2.h" #include "host_keyblock2.h" diff --git a/host/lib21/host_misc.c b/host/lib21/host_misc.c index a78a7132..555867a2 100644 --- a/host/lib21/host_misc.c +++ b/host/lib21/host_misc.c @@ -11,6 +11,7 @@ #include "2sysincludes.h" #include "2common.h" #include "2sha.h" +#include "vb2_common.h" #include "host_common.h" int vb2_read_file(const char *filename, uint8_t **data_ptr, uint32_t *size_ptr) diff --git a/host/lib21/host_signature.c b/host/lib21/host_signature.c index b81428d0..9ffb3a82 100644 --- a/host/lib21/host_signature.c +++ b/host/lib21/host_signature.c @@ -14,6 +14,7 @@ #include "2common.h" #include "2rsa.h" #include "2sha.h" +#include "vb2_common.h" #include "host_common.h" #include "host_key2.h" #include "host_signature2.h" diff --git a/host/lib21/include/host_fw_preamble2.h b/host/lib21/include/host_fw_preamble2.h index d8c53838..52644493 100644 --- a/host/lib21/include/host_fw_preamble2.h +++ b/host/lib21/include/host_fw_preamble2.h @@ -8,7 +8,7 @@ #ifndef VBOOT_REFERENCE_HOST_FW_PREAMBLE2_H_ #define VBOOT_REFERENCE_HOST_FW_PREAMBLE2_H_ -#include "2struct.h" +#include "vb2_struct.h" struct vb2_private_key; diff --git a/tests/vb2_api2_tests.c b/tests/vb21_api_tests.c index cc1e12af..052d89b6 100644 --- a/tests/vb2_api2_tests.c +++ b/tests/vb21_api_tests.c @@ -15,6 +15,8 @@ #include "2rsa.h" #include "2secdata.h" +#include "vb2_common.h" + #include "host_key2.h" #include "host_signature2.h" diff --git a/tests/vb21_common2_tests.c b/tests/vb21_common2_tests.c new file mode 100644 index 00000000..510665e2 --- /dev/null +++ b/tests/vb21_common2_tests.c @@ -0,0 +1,316 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Tests for firmware image library. + */ + +#include <stdint.h> +#include <stdio.h> +#include <string.h> + +#include "2sysincludes.h" +#include "2common.h" +#include "2rsa.h" +#include "vb2_common.h" +#include "host_common.h" +#include "host_key2.h" +#include "host_signature2.h" +#include "test_common.h" + + +static const uint8_t test_data[] = "This is some test data to sign."; +static const uint32_t test_size = sizeof(test_data); + +static void test_unpack_key2(const struct vb2_packed_key2 *key) +{ + struct vb2_public_key pubk; + struct vb2_packed_key2 *key2; + uint32_t size = key->c.total_size; + + /* Make a copy of the key for testing */ + key2 = (struct vb2_packed_key2 *)malloc(size); + + memcpy(key2, key, size); + TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + "vb2_unpack_key2() ok"); + + memcpy(key2, key, size); + key2->key_offset += 4; + TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + VB2_ERROR_COMMON_MEMBER_SIZE, + "vb2_unpack_key2() buffer too small"); + + memcpy(key2, key, size); + key2->c.fixed_size += size; + TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + VB2_ERROR_COMMON_FIXED_SIZE, + "vb2_unpack_key2() buffer too small for desc"); + + memcpy(key2, key, size); + key2->c.desc_size = 0; + TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + "vb2_unpack_key2() no desc"); + TEST_EQ(strcmp(pubk.desc, ""), 0, " empty desc string"); + + memcpy(key2, key, size); + key2->c.magic++; + TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_MAGIC, + "vb2_unpack_key2() bad magic"); + + memcpy(key2, key, size); + key2->c.struct_version_major++; + TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_STRUCT_VERSION, + "vb2_unpack_key2() bad major version"); + + /* + * Minor version changes are ok. Note that this test assumes that the + * source key struct version is the highest actually known to the + * reader. If the reader does know about minor version + 1 and that + * adds fields, this test will likely fail. But at that point, we + * should have already added a test for minor version compatibility to + * handle both old and new struct versions, so someone will have + * noticed this comment. + */ + memcpy(key2, key, size); + key2->c.struct_version_minor++; + TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + "vb2_unpack_key2() minor version change ok"); + + memcpy(key2, key, size); + key2->sig_alg = VB2_SIG_INVALID; + TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, + "vb2_unpack_key2() bad sig algorithm"); + + memcpy(key2, key, size); + key2->hash_alg = VB2_HASH_INVALID; + TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM, + "vb2_unpack_key2() bad hash algorithm"); + + memcpy(key2, key, size); + key2->key_size -= 4; + TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_SIZE, + "vb2_unpack_key2() invalid size"); + + memcpy(key2, key, size); + key2->key_offset--; + TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + VB2_ERROR_COMMON_MEMBER_UNALIGNED, + "vb2_unpack_key2() unaligned data"); + + memcpy(key2, key, size); + *(uint32_t *)((uint8_t *)key2 + key2->key_offset) /= 2; + TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_ARRAY_SIZE, + "vb2_unpack_key2() invalid key array size"); + + free(key2); +} + +static void test_verify_signature2(const struct vb2_signature2 *sig) +{ + struct vb2_signature2 *sig2; + uint8_t *buf2; + uint32_t size; + + /* Make a copy of the signature */ + size = sig->c.total_size; + buf2 = malloc(size); + sig2 = (struct vb2_signature2 *)buf2; + + memcpy(buf2, sig, size); + TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig ok"); + sig2->c.magic = VB2_MAGIC_PACKED_KEY2; + TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_MAGIC, + "verify_sig magic"); + + memcpy(buf2, sig, size); + sig2->c.total_size += 4; + TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_TOTAL_SIZE, + "verify_sig common header"); + + memcpy(buf2, sig, size); + sig2->c.struct_version_minor++; + TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig minor ver"); + sig2->c.struct_version_major++; + TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_VERSION, + "verify_sig major ver"); + + memcpy(buf2, sig, size); + sig2->c.fixed_size -= 4; + sig2->c.desc_size += 4; + TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_HEADER_SIZE, + "verify_sig header size"); + + memcpy(buf2, sig, size); + sig2->sig_size += 4; + TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_MEMBER_SIZE, + "verify_sig sig size"); + + memcpy(buf2, sig, size); + sig2->sig_alg = VB2_SIG_INVALID; + TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_ALGORITHM, + "verify_sig sig alg"); + + memcpy(buf2, sig, size); + sig2->sig_alg = (sig2->sig_alg == VB2_SIG_NONE ? + VB2_SIG_RSA1024 : VB2_SIG_NONE); + TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_SIZE, + "verify_sig sig size"); + + free(buf2); +} + +static void test_verify_data2(const struct vb2_public_key *pubk_orig, + const struct vb2_signature2 *sig) +{ + uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES]; + struct vb2_workbuf wb; + + struct vb2_public_key pubk; + struct vb2_signature2 *sig2; + uint8_t *buf2; + uint32_t size; + + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); + + pubk = *pubk_orig; + + /* Allocate signature copy for tests */ + size = sig->c.total_size; + buf2 = malloc(size); + sig2 = (struct vb2_signature2 *)buf2; + + memcpy(buf2, sig, size); + pubk.sig_alg = VB2_SIG_INVALID; + TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_VDATA_ALGORITHM, "vb2_verify_data2() bad sig alg"); + pubk = *pubk_orig; + + memcpy(buf2, sig, size); + pubk.hash_alg = VB2_HASH_INVALID; + TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_VDATA_DIGEST_SIZE, + "vb2_verify_data2() bad hash alg"); + pubk = *pubk_orig; + + vb2_workbuf_init(&wb, workbuf, 4); + memcpy(buf2, sig, size); + TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_VDATA_WORKBUF_DIGEST, + "vb2_verify_data2() workbuf too small"); + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); + + memcpy(buf2, sig, size); + TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data2() ok"); + + memcpy(buf2, sig, size); + sig2->sig_size -= 16; + TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_VDATA_SIG_SIZE, "vb2_verify_data2() wrong sig size"); + + memcpy(buf2, sig, size); + TEST_EQ(vb2_verify_data2(test_data, test_size - 1, sig2, &pubk, &wb), + VB2_ERROR_VDATA_SIZE, "vb2_verify_data2() wrong data size"); + + memcpy(buf2, sig, size); + sig2->hash_alg = (sig2->hash_alg == VB2_HASH_SHA1 ? + VB2_HASH_SHA256 : VB2_HASH_SHA1); + TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_VDATA_ALGORITHM_MISMATCH, + "vb2_verify_data2() alg mismatch"); + + + memcpy(buf2, sig, size); + buf2[sig2->sig_offset] ^= 0x5A; + TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_RSA_PADDING, "vb2_verify_data2() wrong sig"); + + free(buf2); +} + +int test_algorithm(int key_algorithm, const char *keys_dir) +{ + char filename[1024]; + int rsa_len = siglen_map[key_algorithm] * 8; + + enum vb2_signature_algorithm sig_alg = + vb2_crypto_to_signature(key_algorithm); + enum vb2_hash_algorithm hash_alg = vb2_crypto_to_hash(key_algorithm); + + struct vb2_private_key *prik = NULL; + struct vb2_signature2 *sig2 = NULL; + struct vb2_public_key *pubk = NULL; + struct vb2_packed_key2 *key2 = NULL; + + printf("***Testing algorithm: %s\n", algo_strings[key_algorithm]); + + sprintf(filename, "%s/key_rsa%d.pem", keys_dir, rsa_len); + TEST_SUCC(vb2_private_key_read_pem(&prik, filename), + "Read private key"); + prik->hash_alg = hash_alg; + prik->sig_alg = sig_alg; + vb2_private_key_set_desc(prik, "private key"); + + sprintf(filename, "%s/key_rsa%d.keyb", keys_dir, rsa_len); + TEST_SUCC(vb2_public_key_read_keyb(&pubk, filename), + "Read public key"); + pubk->hash_alg = hash_alg; + vb2_public_key_set_desc(pubk, "public key"); + TEST_SUCC(vb2_public_key_pack(&key2, pubk), "Pack public key"); + + /* Calculate good signatures */ + TEST_SUCC(vb2_sign_data(&sig2, test_data, test_size, prik, ""), + "Make test signature"); + + test_unpack_key2(key2); + test_verify_data2(pubk, sig2); + test_verify_signature2(sig2); + + free(key2); + free(sig2); + vb2_private_key_free(prik); + vb2_public_key_free(pubk); + + return 0; +} + +/* Test only the algorithms we use */ +const int key_algs[] = { + VB2_ALG_RSA2048_SHA256, + VB2_ALG_RSA4096_SHA256, + VB2_ALG_RSA8192_SHA512, +}; + +int main(int argc, char *argv[]) { + + if (argc == 2) { + int i; + + for (i = 0; i < ARRAY_SIZE(key_algs); i++) { + if (test_algorithm(key_algs[i], argv[1])) + return 1; + } + + } else if (argc == 3 && !strcasecmp(argv[2], "--all")) { + /* Test all the algorithms */ + int alg; + + for (alg = 0; alg < kNumAlgorithms; alg++) { + if (test_algorithm(alg, argv[1])) + return 1; + } + + } else { + fprintf(stderr, "Usage: %s <keys_dir> [--all]", argv[0]); + return -1; + } + + return gTestSuccess ? 0 : 255; +} diff --git a/tests/vb21_common_tests.c b/tests/vb21_common_tests.c new file mode 100644 index 00000000..39df1682 --- /dev/null +++ b/tests/vb21_common_tests.c @@ -0,0 +1,521 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Tests for firmware 2common.c + */ + +#include "2sysincludes.h" +#include "2common.h" +#include "2rsa.h" +#include "vb2_common.h" +#include "host_fw_preamble2.h" +#include "host_key2.h" +#include "host_keyblock2.h" +#include "host_signature2.h" + +#include "test_common.h" + +static const uint8_t test_data[] = "This is some test data to sign."; +static const uint8_t test_data2[] = "Some more test data"; +static const uint8_t test_data3[] = "Even more test data"; + +/* + * Test struct packing for vboot_struct.h structs which are passed between + * firmware and OS, or passed between different phases of firmware. + */ +static void test_struct_packing(void) +{ + /* Test new struct sizes */ + TEST_EQ(EXPECTED_GUID_SIZE, + sizeof(struct vb2_guid), + "sizeof(vb2_guid)"); + TEST_EQ(EXPECTED_VB2_STRUCT_COMMON_SIZE, + sizeof(struct vb2_struct_common), + "sizeof(vb2_struct_common)"); + TEST_EQ(EXPECTED_VB2_PACKED_KEY2_SIZE, + sizeof(struct vb2_packed_key2), + "sizeof(vb2_packed_key2)"); + TEST_EQ(EXPECTED_VB2_SIGNATURE2_SIZE, + sizeof(struct vb2_signature2), + "sizeof(vb2_signature2)"); + TEST_EQ(EXPECTED_VB2_KEYBLOCK2_SIZE, + sizeof(struct vb2_keyblock2), + "sizeof(vb2_keyblock2)"); + TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_SIZE, + sizeof(struct vb2_fw_preamble2), + "sizeof(vb2_fw_preamble2)"); +} + +/** + * Common header functions + */ +static void test_common_header_functions(void) +{ + uint8_t cbuf[sizeof(struct vb2_struct_common) + 128]; + uint8_t cbufgood[sizeof(cbuf)]; + struct vb2_struct_common *c = (struct vb2_struct_common *)cbuf; + struct vb2_struct_common *c2; + const char test_desc[32] = "test desc"; + uint32_t desc_end, m; + + c->total_size = sizeof(cbuf); + c->fixed_size = sizeof(*c); + c->desc_size = sizeof(test_desc); + memcpy(cbuf + c->fixed_size, test_desc, sizeof(test_desc)); + desc_end = c->fixed_size + c->desc_size; + + c2 = (struct vb2_struct_common *)(cbuf + desc_end); + c2->total_size = c->total_size - desc_end; + c2->fixed_size = sizeof(*c2); + c2->desc_size = 0; + + /* Description helper */ + TEST_EQ(0, strcmp(vb2_common_desc(c), test_desc), "vb2_common_desc()"); + TEST_EQ(0, strcmp(vb2_common_desc(c2), ""), "vb2_common_desc() empty"); + + TEST_SUCC(vb2_verify_common_header(cbuf, sizeof(cbuf)), + "vb2_verify_common_header() good"); + memcpy(cbufgood, cbuf, sizeof(cbufgood)); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->total_size += 4; + TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_TOTAL_SIZE, + "vb2_verify_common_header() total size"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->fixed_size = c->total_size + 4; + TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_FIXED_SIZE, + "vb2_verify_common_header() fixed size"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->desc_size = c->total_size - c->fixed_size + 4; + TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_DESC_SIZE, + "vb2_verify_common_header() desc size"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->total_size--; + TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_TOTAL_UNALIGNED, + "vb2_verify_common_header() total unaligned"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->fixed_size++; + TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_FIXED_UNALIGNED, + "vb2_verify_common_header() fixed unaligned"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->desc_size--; + TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_DESC_UNALIGNED, + "vb2_verify_common_header() desc unaligned"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->desc_size = -4; + TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_DESC_WRAPS, + "vb2_verify_common_header() desc wraps"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + cbuf[desc_end - 1] = 1; + TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_DESC_TERMINATOR, + "vb2_verify_common_header() desc not terminated"); + + /* Member checking function */ + memcpy(cbuf, cbufgood, sizeof(cbuf)); + m = 0; + TEST_SUCC(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 4), + "vb2_verify_common_member()"); + TEST_EQ(m, c->total_size - 4, " new minimum"); + + m = desc_end; + TEST_SUCC(vb2_verify_common_member(cbuf, &m, desc_end, 4), + "vb2_verify_common_member() good offset"); + TEST_EQ(m, desc_end + 4, " new minimum"); + + m = 0; + TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, -4), + VB2_ERROR_COMMON_MEMBER_WRAPS, + "vb2_verify_common_member() wraps"); + + m = 0; + TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 7, 4), + VB2_ERROR_COMMON_MEMBER_UNALIGNED, + "vb2_verify_common_member() offset unaligned"); + + m = 0; + TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 5), + VB2_ERROR_COMMON_MEMBER_UNALIGNED, + "vb2_verify_common_member() size unaligned"); + + m = 0; + TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end - 4, 4), + VB2_ERROR_COMMON_MEMBER_OVERLAP, + "vb2_verify_common_member() overlap"); + + m = desc_end + 4; + TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end, 4), + VB2_ERROR_COMMON_MEMBER_OVERLAP, + "vb2_verify_common_member() overlap 2"); + + m = 0; + TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 4, 8), + VB2_ERROR_COMMON_MEMBER_SIZE, + "vb2_verify_common_member() size"); + + /* Subobject checking */ + m = 0; + TEST_SUCC(vb2_verify_common_subobject(cbuf, &m, desc_end), + "vb2_verify_common_subobject() good offset"); + TEST_EQ(m, sizeof(cbuf), " new minimum"); + + m = desc_end + 4; + TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end), + VB2_ERROR_COMMON_MEMBER_OVERLAP, + "vb2_verify_common_subobject() overlap"); + + m = 0; + c2->total_size += 4; + TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end), + VB2_ERROR_COMMON_TOTAL_SIZE, + "vb2_verify_common_subobject() size"); +} + +/** + * Signature size + */ +static void test_sig_size(void) +{ + TEST_EQ(vb2_sig_size(VB2_SIG_INVALID, VB2_HASH_SHA256), 0, + "vb2_sig_size() sig invalid"); + + TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_INVALID), 0, + "vb2_sig_size() hash invalid"); + + TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_SHA256), 2048 / 8, + "vb2_sig_size() RSA2048"); + TEST_EQ(vb2_sig_size(VB2_SIG_RSA4096, VB2_HASH_SHA256), 4096 / 8, + "vb2_sig_size() RSA4096"); + TEST_EQ(vb2_sig_size(VB2_SIG_RSA8192, VB2_HASH_SHA512), 8192 / 8, + "vb2_sig_size() RSA8192"); + + TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA1), + VB2_SHA1_DIGEST_SIZE, "vb2_sig_size() SHA1"); + TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA256), + VB2_SHA256_DIGEST_SIZE, "vb2_sig_size() SHA256"); + TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA512), + VB2_SHA512_DIGEST_SIZE, "vb2_sig_size() SHA512"); +} + +/** + * Verify data on bare hash + */ +static void test_verify_hash(void) +{ + struct vb2_signature2 *sig; + const struct vb2_private_key *prik; + struct vb2_public_key pubk; + uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES]; + struct vb2_workbuf wb; + + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); + + TEST_SUCC(vb2_private_key_hash(&prik, VB2_HASH_SHA256), + "create private hash key"); + TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256), + "create hash key"); + + /* Create the signature */ + TEST_SUCC(vb2_sign_data(&sig, test_data, sizeof(test_data), + prik, NULL), + "create hash sig"); + + TEST_SUCC(vb2_verify_data2(test_data, sizeof(test_data), + sig, &pubk, &wb), + "vb2_verify_data2() hash ok"); + + *((uint8_t *)sig + sig->sig_offset) ^= 0xab; + TEST_EQ(vb2_verify_data2(test_data, sizeof(test_data), sig, &pubk, &wb), + VB2_ERROR_VDATA_VERIFY_DIGEST, "vb2_verify_data2() hash bad"); + + free(sig); +} + +/** + * Verify keyblock + */ +static void test_verify_keyblock(void) +{ + const char desc[16] = "test keyblock"; + const struct vb2_private_key *prik[2]; + struct vb2_public_key pubk, pubk2, pubk3; + struct vb2_signature2 *sig; + struct vb2_keyblock2 *kbuf; + uint32_t buf_size; + uint8_t *buf, *buf2; + + uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES]; + struct vb2_workbuf wb; + + TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256), + "create hash key 1"); + TEST_SUCC(vb2_public_key_hash(&pubk2, VB2_HASH_SHA512), + "create hash key 2"); + TEST_SUCC(vb2_public_key_hash(&pubk3, VB2_HASH_SHA1), + "create hash key 3"); + + TEST_SUCC(vb2_private_key_hash(prik + 0, VB2_HASH_SHA256), + "create private key 1"); + TEST_SUCC(vb2_private_key_hash(prik + 1, VB2_HASH_SHA512), + "create private key 2"); + + /* Create the test keyblock */ + TEST_SUCC(vb2_keyblock_create(&kbuf, &pubk3, prik, 2, 0x4321, desc), + "create keyblock"); + + buf = (uint8_t *)kbuf; + buf_size = kbuf->c.total_size; + + /* Make a copy of the buffer, so we can mangle it for tests */ + buf2 = malloc(buf_size); + memcpy(buf2, buf, buf_size); + + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); + kbuf = (struct vb2_keyblock2 *)buf; + + TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + "vb2_verify_keyblock2()"); + + memcpy(buf, buf2, buf_size); + TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk2, &wb), + "vb2_verify_keyblock2() key 2"); + + memcpy(buf, buf2, buf_size); + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk3, &wb), + VB2_ERROR_KEYBLOCK_SIG_GUID, + "vb2_verify_keyblock2() key not present"); + + memcpy(buf, buf2, buf_size); + kbuf->c.magic = VB2_MAGIC_PACKED_KEY2; + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + VB2_ERROR_KEYBLOCK_MAGIC, + "vb2_verify_keyblock2() magic"); + + memcpy(buf, buf2, buf_size); + kbuf->c.fixed_size++; + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + VB2_ERROR_COMMON_FIXED_UNALIGNED, + "vb2_verify_keyblock2() header"); + + memcpy(buf, buf2, buf_size); + kbuf->c.struct_version_major++; + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + VB2_ERROR_KEYBLOCK_HEADER_VERSION, + "vb2_verify_keyblock2() major version"); + + memcpy(buf, buf2, buf_size); + kbuf->c.struct_version_minor++; + /* That changes the signature, so resign the keyblock */ + vb2_sign_data(&sig, buf, kbuf->sig_offset, prik[0], NULL); + memcpy(buf + kbuf->sig_offset, sig, sig->c.total_size); + free(sig); + TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + "vb2_verify_keyblock2() minor version"); + + memcpy(buf, buf2, buf_size); + kbuf->c.fixed_size -= 4; + kbuf->c.desc_size += 4; + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + VB2_ERROR_KEYBLOCK_SIZE, + "vb2_verify_keyblock2() header size"); + + memcpy(buf, buf2, buf_size); + kbuf->key_offset = kbuf->c.total_size - 4; + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + VB2_ERROR_COMMON_MEMBER_SIZE, + "vb2_verify_keyblock2() data key outside"); + + memcpy(buf, buf2, buf_size); + sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset); + sig->data_size--; + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + VB2_ERROR_KEYBLOCK_SIGNED_SIZE, + "vb2_verify_keyblock2() signed wrong size"); + + memcpy(buf, buf2, buf_size); + sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset); + sig->c.total_size = kbuf->c.total_size - 4; + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + VB2_ERROR_COMMON_TOTAL_SIZE, + "vb2_verify_keyblock2() key outside keyblock"); + + memcpy(buf, buf2, buf_size); + sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset); + sig->c.struct_version_major++; + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + VB2_ERROR_SIG_VERSION, + "vb2_verify_keyblock2() corrupt key"); + + memcpy(buf, buf2, buf_size); + kbuf->c.struct_version_minor++; + TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), + VB2_ERROR_VDATA_VERIFY_DIGEST, + "vb2_verify_keyblock2() corrupt"); + + free(buf); + free(buf2); +} + +/** + * Verify firmware preamble + */ +static void test_verify_fw_preamble(void) +{ + const char desc[16] = "test preamble"; + const struct vb2_private_key *prikhash; + struct vb2_signature2 *hashes[3]; + struct vb2_public_key pubk; + struct vb2_signature2 *sig; + struct vb2_fw_preamble2 *pre; + uint32_t buf_size; + uint8_t *buf, *buf2; + + uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES]; + struct vb2_workbuf wb; + + /* + * Preambles will usually be signed with a real key not a bare hash, + * but the call to vb2_verify_data2() inside the preamble check is the + * same (and its functionality is verified separately), and using a + * bare hash here saves us from needing to have a private key to do + * this test. + */ + TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256), + "create hash key"); + TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA256), + "Create private hash key"); + + /* Create some signatures */ + TEST_SUCC(vb2_sign_data(hashes + 0, test_data, sizeof(test_data), + prikhash, "Hash 1"), + "Hash 1"); + TEST_SUCC(vb2_sign_data(hashes + 1, test_data2, sizeof(test_data2), + prikhash, "Hash 2"), + "Hash 2"); + TEST_SUCC(vb2_sign_data(hashes + 2, test_data3, sizeof(test_data3), + prikhash, "Hash 3"), + "Hash 3"); + + /* Test good preamble */ + TEST_SUCC(vb2_fw_preamble_create(&pre, prikhash, + (const struct vb2_signature2 **)hashes, + 3, 0x1234, 0x5678, desc), + "Create preamble good"); + + buf = (uint8_t *)pre; + buf_size = pre->c.total_size; + + /* Make a copy of the buffer, so we can mangle it for tests */ + buf2 = malloc(buf_size); + memcpy(buf2, buf, buf_size); + + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); + pre = (struct vb2_fw_preamble2 *)buf; + + TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + "vb2_verify_fw_preamble2()"); + + memcpy(buf, buf2, buf_size); + pre->c.magic = VB2_MAGIC_PACKED_KEY2; + TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + VB2_ERROR_PREAMBLE_MAGIC, + "vb2_verify_fw_preamble2() magic"); + + memcpy(buf, buf2, buf_size); + pre->c.fixed_size++; + TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + VB2_ERROR_COMMON_FIXED_UNALIGNED, + "vb2_verify_fw_preamble2() header"); + + memcpy(buf, buf2, buf_size); + pre->c.struct_version_major++; + TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + VB2_ERROR_PREAMBLE_HEADER_VERSION, + "vb2_verify_fw_preamble2() major version"); + + memcpy(buf, buf2, buf_size); + pre->c.struct_version_minor++; + /* That changes the signature, so resign the fw_preamble */ + vb2_sign_data(&sig, buf, pre->sig_offset, prikhash, NULL); + memcpy(buf + pre->sig_offset, sig, sig->c.total_size); + free(sig); + TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + "vb2_verify_fw_preamble2() minor version"); + + memcpy(buf, buf2, buf_size); + pre->c.fixed_size -= 4; + pre->c.desc_size += 4; + TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + VB2_ERROR_PREAMBLE_SIZE, + "vb2_verify_fw_preamble2() header size"); + + memcpy(buf, buf2, buf_size); + sig = (struct vb2_signature2 *)(buf + pre->hash_offset); + sig->c.total_size += pre->c.total_size; + TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + VB2_ERROR_COMMON_TOTAL_SIZE, + "vb2_verify_fw_preamble2() hash size"); + + memcpy(buf, buf2, buf_size); + sig = (struct vb2_signature2 *)(buf + pre->hash_offset); + sig->sig_size /= 2; + TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + VB2_ERROR_SIG_SIZE, + "vb2_verify_fw_preamble2() hash integrity"); + + memcpy(buf, buf2, buf_size); + pre->hash_count++; + TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + VB2_ERROR_COMMON_MEMBER_OVERLAP, + "vb2_verify_fw_preamble2() hash count"); + + memcpy(buf, buf2, buf_size); + sig = (struct vb2_signature2 *)(buf + pre->sig_offset); + sig->c.total_size += 4; + TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + VB2_ERROR_COMMON_TOTAL_SIZE, + "vb2_verify_fw_preamble2() sig inside"); + + memcpy(buf, buf2, buf_size); + sig = (struct vb2_signature2 *)(buf + pre->sig_offset); + buf[pre->sig_offset + sig->sig_offset]++; + TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + VB2_ERROR_VDATA_VERIFY_DIGEST, + "vb2_verify_fw_preamble2() sig corrupt"); + + memcpy(buf, buf2, buf_size); + pre->flags++; + TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), + VB2_ERROR_VDATA_VERIFY_DIGEST, + "vb2_verify_fw_preamble2() preamble corrupt"); + + free(buf); + free(buf2); +} + +int main(int argc, char* argv[]) +{ + test_struct_packing(); + test_common_header_functions(); + test_sig_size(); + test_verify_hash(); + test_verify_keyblock(); + test_verify_fw_preamble(); + + return gTestSuccess ? 0 : 255; +} diff --git a/tests/vb2_host_fw_preamble_tests.c b/tests/vb21_host_fw_preamble_tests.c index 0063ba82..1cd0a9a9 100644 --- a/tests/vb2_host_fw_preamble_tests.c +++ b/tests/vb21_host_fw_preamble_tests.c @@ -11,6 +11,9 @@ #include "2sysincludes.h" #include "2common.h" #include "2rsa.h" + +#include "vb2_common.h" + #include "host_common.h" #include "host_fw_preamble2.h" #include "host_key2.h" diff --git a/tests/vb2_host_key_tests.c b/tests/vb21_host_key_tests.c index 451366f7..ed4c44b2 100644 --- a/tests/vb2_host_key_tests.c +++ b/tests/vb21_host_key_tests.c @@ -11,6 +11,7 @@ #include "2sysincludes.h" #include "2common.h" #include "2rsa.h" +#include "vb2_common.h" #include "host_common.h" #include "host_key2.h" diff --git a/tests/vb2_host_keyblock_tests.c b/tests/vb21_host_keyblock_tests.c index c30f3702..11a75d74 100644 --- a/tests/vb2_host_keyblock_tests.c +++ b/tests/vb21_host_keyblock_tests.c @@ -11,6 +11,7 @@ #include "2sysincludes.h" #include "2common.h" #include "2rsa.h" +#include "vb2_common.h" #include "host_common.h" #include "host_key2.h" #include "host_keyblock2.h" diff --git a/tests/vb2_host_misc_tests.c b/tests/vb21_host_misc_tests.c index a78c7450..638977e2 100644 --- a/tests/vb2_host_misc_tests.c +++ b/tests/vb21_host_misc_tests.c @@ -9,6 +9,7 @@ #include "2sysincludes.h" #include "2common.h" +#include "vb2_common.h" #include "host_common.h" #include "host_misc.h" diff --git a/tests/vb2_host_sig_tests.c b/tests/vb21_host_sig_tests.c index 809c7b04..5c1176ab 100644 --- a/tests/vb2_host_sig_tests.c +++ b/tests/vb21_host_sig_tests.c @@ -11,6 +11,7 @@ #include "2sysincludes.h" #include "2common.h" #include "2rsa.h" +#include "vb2_common.h" #include "host_common.h" #include "host_key2.h" #include "host_signature2.h" diff --git a/tests/vb2_misc3_tests.c b/tests/vb21_misc_tests.c index c607d248..9f6489fc 100644 --- a/tests/vb2_misc3_tests.c +++ b/tests/vb21_misc_tests.c @@ -14,6 +14,8 @@ #include "2nvstorage.h" #include "2secdata.h" +#include "vb2_common.h" + #include "test_common.h" /* Common context for tests */ diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c index 88dbf23e..ec9ef183 100644 --- a/tests/vb2_common2_tests.c +++ b/tests/vb2_common2_tests.c @@ -12,11 +12,8 @@ #include "2sysincludes.h" #include "2common.h" #include "2rsa.h" - #include "file_keys.h" #include "host_common.h" -#include "host_key2.h" -#include "host_signature2.h" #include "vboot_common.h" #include "test_common.h" @@ -77,97 +74,6 @@ static void test_unpack_key(const struct vb2_packed_key *key1) free(key); } -static void test_unpack_key2(const struct vb2_packed_key *key1, - const struct vb2_packed_key2 *key) -{ - struct vb2_public_key pubk; - struct vb2_packed_key2 *key2; - uint32_t size = key->c.total_size; - - /* Make a copy of the key for testing */ - key2 = (struct vb2_packed_key2 *)malloc(size); - - memcpy(key2, key, size); - TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - "vb2_unpack_key2() ok"); - - memcpy(key2, key, size); - key2->key_offset += 4; - TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_COMMON_MEMBER_SIZE, - "vb2_unpack_key2() buffer too small"); - - memcpy(key2, key, size); - key2->c.fixed_size += size; - TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_COMMON_FIXED_SIZE, - "vb2_unpack_key2() buffer too small for desc"); - - memcpy(key2, key, size); - key2->c.desc_size = 0; - TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - "vb2_unpack_key2() no desc"); - TEST_EQ(strcmp(pubk.desc, ""), 0, " empty desc string"); - - memcpy(key2, key, size); - key2->c.magic++; - TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_MAGIC, - "vb2_unpack_key2() bad magic"); - - memcpy(key2, key, size); - key2->c.struct_version_major++; - TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_STRUCT_VERSION, - "vb2_unpack_key2() bad major version"); - - /* - * Minor version changes are ok. Note that this test assumes that the - * source key struct version is the highest actually known to the - * reader. If the reader does know about minor version + 1 and that - * adds fields, this test will likely fail. But at that point, we - * should have already added a test for minor version compatibility to - * handle both old and new struct versions, so someone will have - * noticed this comment. - */ - memcpy(key2, key, size); - key2->c.struct_version_minor++; - TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - "vb2_unpack_key2() minor version change ok"); - - memcpy(key2, key, size); - key2->sig_alg = VB2_SIG_INVALID; - TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, - "vb2_unpack_key2() bad sig algorithm"); - - memcpy(key2, key, size); - key2->hash_alg = VB2_HASH_INVALID; - TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM, - "vb2_unpack_key2() bad hash algorithm"); - - memcpy(key2, key, size); - key2->key_size -= 4; - TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_SIZE, - "vb2_unpack_key2() invalid size"); - - memcpy(key2, key, size); - key2->key_offset--; - TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_COMMON_MEMBER_UNALIGNED, - "vb2_unpack_key2() unaligned data"); - - memcpy(key2, key, size); - *(uint32_t *)((uint8_t *)key2 + key2->key_offset) /= 2; - TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_ARRAY_SIZE, - "vb2_unpack_key2() invalid key array size"); - - free(key2); -} - static void test_verify_data(const struct vb2_packed_key *key1, const struct vb2_signature *sig) { @@ -227,145 +133,15 @@ static void test_verify_data(const struct vb2_packed_key *key1, free(sig2); } -static void test_verify_signature2(const struct vb2_signature2 *sig) -{ - struct vb2_signature2 *sig2; - uint8_t *buf2; - uint32_t size; - - /* Make a copy of the signature */ - size = sig->c.total_size; - buf2 = malloc(size); - sig2 = (struct vb2_signature2 *)buf2; - - memcpy(buf2, sig, size); - TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig ok"); - sig2->c.magic = VB2_MAGIC_PACKED_KEY2; - TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_MAGIC, - "verify_sig magic"); - - memcpy(buf2, sig, size); - sig2->c.total_size += 4; - TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_TOTAL_SIZE, - "verify_sig common header"); - - memcpy(buf2, sig, size); - sig2->c.struct_version_minor++; - TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig minor ver"); - sig2->c.struct_version_major++; - TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_VERSION, - "verify_sig major ver"); - - memcpy(buf2, sig, size); - sig2->c.fixed_size -= 4; - sig2->c.desc_size += 4; - TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_HEADER_SIZE, - "verify_sig header size"); - - memcpy(buf2, sig, size); - sig2->sig_size += 4; - TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_MEMBER_SIZE, - "verify_sig sig size"); - - memcpy(buf2, sig, size); - sig2->sig_alg = VB2_SIG_INVALID; - TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_ALGORITHM, - "verify_sig sig alg"); - - memcpy(buf2, sig, size); - sig2->sig_alg = (sig2->sig_alg == VB2_SIG_NONE ? - VB2_SIG_RSA1024 : VB2_SIG_NONE); - TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_SIZE, - "verify_sig sig size"); - - free(buf2); -} - -static void test_verify_data2(const struct vb2_public_key *pubk_orig, - const struct vb2_signature2 *sig) -{ - uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES]; - struct vb2_workbuf wb; - - struct vb2_public_key pubk; - struct vb2_signature2 *sig2; - uint8_t *buf2; - uint32_t size; - - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - - pubk = *pubk_orig; - - /* Allocate signature copy for tests */ - size = sig->c.total_size; - buf2 = malloc(size); - sig2 = (struct vb2_signature2 *)buf2; - - memcpy(buf2, sig, size); - pubk.sig_alg = VB2_SIG_INVALID; - TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_VDATA_ALGORITHM, "vb2_verify_data2() bad sig alg"); - pubk = *pubk_orig; - - memcpy(buf2, sig, size); - pubk.hash_alg = VB2_HASH_INVALID; - TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_VDATA_DIGEST_SIZE, - "vb2_verify_data2() bad hash alg"); - pubk = *pubk_orig; - - vb2_workbuf_init(&wb, workbuf, 4); - memcpy(buf2, sig, size); - TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_VDATA_WORKBUF_DIGEST, - "vb2_verify_data2() workbuf too small"); - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - - memcpy(buf2, sig, size); - TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), - 0, "vb2_verify_data2() ok"); - - memcpy(buf2, sig, size); - sig2->sig_size -= 16; - TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_VDATA_SIG_SIZE, "vb2_verify_data2() wrong sig size"); - - memcpy(buf2, sig, size); - TEST_EQ(vb2_verify_data2(test_data, test_size - 1, sig2, &pubk, &wb), - VB2_ERROR_VDATA_SIZE, "vb2_verify_data2() wrong data size"); - - memcpy(buf2, sig, size); - sig2->hash_alg = (sig2->hash_alg == VB2_HASH_SHA1 ? - VB2_HASH_SHA256 : VB2_HASH_SHA1); - TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_VDATA_ALGORITHM_MISMATCH, - "vb2_verify_data2() alg mismatch"); - - - memcpy(buf2, sig, size); - buf2[sig2->sig_offset] ^= 0x5A; - TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_RSA_PADDING, "vb2_verify_data2() wrong sig"); - - free(buf2); -} int test_algorithm(int key_algorithm, const char *keys_dir) { char filename[1024]; int rsa_len = siglen_map[key_algorithm] * 8; - enum vb2_signature_algorithm sig_alg = - vb2_crypto_to_signature(key_algorithm); - enum vb2_hash_algorithm hash_alg = vb2_crypto_to_hash(key_algorithm); - VbPrivateKey *private_key = NULL; - struct vb2_private_key *prik = NULL; struct vb2_signature *sig = NULL; - struct vb2_signature2 *sig2 = NULL; - struct vb2_public_key *pubk = NULL; struct vb2_packed_key *key1; - struct vb2_packed_key2 *key2 = NULL; printf("***Testing algorithm: %s\n", algo_strings[key_algorithm]); @@ -376,12 +152,6 @@ int test_algorithm(int key_algorithm, const char *keys_dir) return 1; } - TEST_SUCC(vb2_private_key_read_pem(&prik, filename), - "Read private key"); - prik->hash_alg = hash_alg; - prik->sig_alg = sig_alg; - vb2_private_key_set_desc(prik, "private key"); - sprintf(filename, "%s/key_rsa%d.keyb", keys_dir, rsa_len); key1 = (struct vb2_packed_key *) PublicKeyReadKeyb(filename, key_algorithm, 1); @@ -390,12 +160,6 @@ int test_algorithm(int key_algorithm, const char *keys_dir) return 1; } - TEST_SUCC(vb2_public_key_read_keyb(&pubk, filename), - "Read public key"); - pubk->hash_alg = hash_alg; - vb2_public_key_set_desc(pubk, "public key"); - TEST_SUCC(vb2_public_key_pack(&key2, pubk), "Pack public key"); - /* Calculate good signatures */ sig = (struct vb2_signature *) CalculateSignature(test_data, sizeof(test_data), private_key); @@ -403,23 +167,12 @@ int test_algorithm(int key_algorithm, const char *keys_dir) if (!sig) return 1; - TEST_SUCC(vb2_sign_data(&sig2, test_data, test_size, prik, ""), - "Make test signature"); - test_unpack_key(key1); test_verify_data(key1, sig); - test_unpack_key2(key1, key2); - test_verify_data2(pubk, sig2); - test_verify_signature2(sig2); - free(key1); - free(key2); free(private_key); free(sig); - free(sig2); - vb2_private_key_free(prik); - vb2_public_key_free(pubk); return 0; } diff --git a/tests/vb2_common_tests.c b/tests/vb2_common_tests.c index d520f1c6..f8502957 100644 --- a/tests/vb2_common_tests.c +++ b/tests/vb2_common_tests.c @@ -8,18 +8,10 @@ #include "2sysincludes.h" #include "2common.h" #include "2rsa.h" -#include "host_fw_preamble2.h" -#include "host_key2.h" -#include "host_keyblock2.h" -#include "host_signature2.h" #include "vboot_struct.h" /* For old struct sizes */ #include "test_common.h" -static const uint8_t test_data[] = "This is some test data to sign."; -static const uint8_t test_data2[] = "Some more test data"; -static const uint8_t test_data3[] = "Even more test data"; - /** * Test memory compare functions */ @@ -152,26 +144,6 @@ static void test_struct_packing(void) TEST_EQ(EXPECTED_VB2_FW_PREAMBLE_SIZE, EXPECTED_VBFIRMWAREPREAMBLEHEADER2_1_SIZE, "vboot1->2 firmware preamble sizes same"); - - /* Test new struct sizes */ - TEST_EQ(EXPECTED_GUID_SIZE, - sizeof(struct vb2_guid), - "sizeof(vb2_guid)"); - TEST_EQ(EXPECTED_VB2_STRUCT_COMMON_SIZE, - sizeof(struct vb2_struct_common), - "sizeof(vb2_struct_common)"); - TEST_EQ(EXPECTED_VB2_PACKED_KEY2_SIZE, - sizeof(struct vb2_packed_key2), - "sizeof(vb2_packed_key2)"); - TEST_EQ(EXPECTED_VB2_SIGNATURE2_SIZE, - sizeof(struct vb2_signature2), - "sizeof(vb2_signature2)"); - TEST_EQ(EXPECTED_VB2_KEYBLOCK2_SIZE, - sizeof(struct vb2_keyblock2), - "sizeof(vb2_keyblock2)"); - TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_SIZE, - sizeof(struct vb2_fw_preamble2), - "sizeof(vb2_fw_preamble2)"); } /** @@ -291,467 +263,6 @@ static void test_helper_functions(void) } } -/** - * Common header functions - */ -static void test_common_header_functions(void) -{ - uint8_t cbuf[sizeof(struct vb2_struct_common) + 128]; - uint8_t cbufgood[sizeof(cbuf)]; - struct vb2_struct_common *c = (struct vb2_struct_common *)cbuf; - struct vb2_struct_common *c2; - const char test_desc[32] = "test desc"; - uint32_t desc_end, m; - - c->total_size = sizeof(cbuf); - c->fixed_size = sizeof(*c); - c->desc_size = sizeof(test_desc); - memcpy(cbuf + c->fixed_size, test_desc, sizeof(test_desc)); - desc_end = c->fixed_size + c->desc_size; - - c2 = (struct vb2_struct_common *)(cbuf + desc_end); - c2->total_size = c->total_size - desc_end; - c2->fixed_size = sizeof(*c2); - c2->desc_size = 0; - - /* Description helper */ - TEST_EQ(0, strcmp(vb2_common_desc(c), test_desc), "vb2_common_desc()"); - TEST_EQ(0, strcmp(vb2_common_desc(c2), ""), "vb2_common_desc() empty"); - - TEST_SUCC(vb2_verify_common_header(cbuf, sizeof(cbuf)), - "vb2_verify_common_header() good"); - memcpy(cbufgood, cbuf, sizeof(cbufgood)); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->total_size += 4; - TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_TOTAL_SIZE, - "vb2_verify_common_header() total size"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->fixed_size = c->total_size + 4; - TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_FIXED_SIZE, - "vb2_verify_common_header() fixed size"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->desc_size = c->total_size - c->fixed_size + 4; - TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_DESC_SIZE, - "vb2_verify_common_header() desc size"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->total_size--; - TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_TOTAL_UNALIGNED, - "vb2_verify_common_header() total unaligned"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->fixed_size++; - TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_FIXED_UNALIGNED, - "vb2_verify_common_header() fixed unaligned"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->desc_size--; - TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_DESC_UNALIGNED, - "vb2_verify_common_header() desc unaligned"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->desc_size = -4; - TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_DESC_WRAPS, - "vb2_verify_common_header() desc wraps"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - cbuf[desc_end - 1] = 1; - TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_DESC_TERMINATOR, - "vb2_verify_common_header() desc not terminated"); - - /* Member checking function */ - memcpy(cbuf, cbufgood, sizeof(cbuf)); - m = 0; - TEST_SUCC(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 4), - "vb2_verify_common_member()"); - TEST_EQ(m, c->total_size - 4, " new minimum"); - - m = desc_end; - TEST_SUCC(vb2_verify_common_member(cbuf, &m, desc_end, 4), - "vb2_verify_common_member() good offset"); - TEST_EQ(m, desc_end + 4, " new minimum"); - - m = 0; - TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, -4), - VB2_ERROR_COMMON_MEMBER_WRAPS, - "vb2_verify_common_member() wraps"); - - m = 0; - TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 7, 4), - VB2_ERROR_COMMON_MEMBER_UNALIGNED, - "vb2_verify_common_member() offset unaligned"); - - m = 0; - TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 5), - VB2_ERROR_COMMON_MEMBER_UNALIGNED, - "vb2_verify_common_member() size unaligned"); - - m = 0; - TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end - 4, 4), - VB2_ERROR_COMMON_MEMBER_OVERLAP, - "vb2_verify_common_member() overlap"); - - m = desc_end + 4; - TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end, 4), - VB2_ERROR_COMMON_MEMBER_OVERLAP, - "vb2_verify_common_member() overlap 2"); - - m = 0; - TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 4, 8), - VB2_ERROR_COMMON_MEMBER_SIZE, - "vb2_verify_common_member() size"); - - /* Subobject checking */ - m = 0; - TEST_SUCC(vb2_verify_common_subobject(cbuf, &m, desc_end), - "vb2_verify_common_subobject() good offset"); - TEST_EQ(m, sizeof(cbuf), " new minimum"); - - m = desc_end + 4; - TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end), - VB2_ERROR_COMMON_MEMBER_OVERLAP, - "vb2_verify_common_subobject() overlap"); - - m = 0; - c2->total_size += 4; - TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end), - VB2_ERROR_COMMON_TOTAL_SIZE, - "vb2_verify_common_subobject() size"); -} - -/** - * Signature size - */ -static void test_sig_size(void) -{ - TEST_EQ(vb2_sig_size(VB2_SIG_INVALID, VB2_HASH_SHA256), 0, - "vb2_sig_size() sig invalid"); - - TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_INVALID), 0, - "vb2_sig_size() hash invalid"); - - TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_SHA256), 2048 / 8, - "vb2_sig_size() RSA2048"); - TEST_EQ(vb2_sig_size(VB2_SIG_RSA4096, VB2_HASH_SHA256), 4096 / 8, - "vb2_sig_size() RSA4096"); - TEST_EQ(vb2_sig_size(VB2_SIG_RSA8192, VB2_HASH_SHA512), 8192 / 8, - "vb2_sig_size() RSA8192"); - - TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA1), - VB2_SHA1_DIGEST_SIZE, "vb2_sig_size() SHA1"); - TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA256), - VB2_SHA256_DIGEST_SIZE, "vb2_sig_size() SHA256"); - TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA512), - VB2_SHA512_DIGEST_SIZE, "vb2_sig_size() SHA512"); -} - -/** - * Verify data on bare hash - */ -static void test_verify_hash(void) -{ - struct vb2_signature2 *sig; - const struct vb2_private_key *prik; - struct vb2_public_key pubk; - uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES]; - struct vb2_workbuf wb; - - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - - TEST_SUCC(vb2_private_key_hash(&prik, VB2_HASH_SHA256), - "create private hash key"); - TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256), - "create hash key"); - - /* Create the signature */ - TEST_SUCC(vb2_sign_data(&sig, test_data, sizeof(test_data), - prik, NULL), - "create hash sig"); - - TEST_SUCC(vb2_verify_data2(test_data, sizeof(test_data), - sig, &pubk, &wb), - "vb2_verify_data2() hash ok"); - - *((uint8_t *)sig + sig->sig_offset) ^= 0xab; - TEST_EQ(vb2_verify_data2(test_data, sizeof(test_data), sig, &pubk, &wb), - VB2_ERROR_VDATA_VERIFY_DIGEST, "vb2_verify_data2() hash bad"); - - free(sig); -} - -/** - * Verify keyblock - */ -static void test_verify_keyblock(void) -{ - const char desc[16] = "test keyblock"; - const struct vb2_private_key *prik[2]; - struct vb2_public_key pubk, pubk2, pubk3; - struct vb2_signature2 *sig; - struct vb2_keyblock2 *kbuf; - uint32_t buf_size; - uint8_t *buf, *buf2; - - uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES]; - struct vb2_workbuf wb; - - TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256), - "create hash key 1"); - TEST_SUCC(vb2_public_key_hash(&pubk2, VB2_HASH_SHA512), - "create hash key 2"); - TEST_SUCC(vb2_public_key_hash(&pubk3, VB2_HASH_SHA1), - "create hash key 3"); - - TEST_SUCC(vb2_private_key_hash(prik + 0, VB2_HASH_SHA256), - "create private key 1"); - TEST_SUCC(vb2_private_key_hash(prik + 1, VB2_HASH_SHA512), - "create private key 2"); - - /* Create the test keyblock */ - TEST_SUCC(vb2_keyblock_create(&kbuf, &pubk3, prik, 2, 0x4321, desc), - "create keyblock"); - - buf = (uint8_t *)kbuf; - buf_size = kbuf->c.total_size; - - /* Make a copy of the buffer, so we can mangle it for tests */ - buf2 = malloc(buf_size); - memcpy(buf2, buf, buf_size); - - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - kbuf = (struct vb2_keyblock2 *)buf; - - TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - "vb2_verify_keyblock2()"); - - memcpy(buf, buf2, buf_size); - TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk2, &wb), - "vb2_verify_keyblock2() key 2"); - - memcpy(buf, buf2, buf_size); - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk3, &wb), - VB2_ERROR_KEYBLOCK_SIG_GUID, - "vb2_verify_keyblock2() key not present"); - - memcpy(buf, buf2, buf_size); - kbuf->c.magic = VB2_MAGIC_PACKED_KEY2; - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_KEYBLOCK_MAGIC, - "vb2_verify_keyblock2() magic"); - - memcpy(buf, buf2, buf_size); - kbuf->c.fixed_size++; - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_FIXED_UNALIGNED, - "vb2_verify_keyblock2() header"); - - memcpy(buf, buf2, buf_size); - kbuf->c.struct_version_major++; - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_KEYBLOCK_HEADER_VERSION, - "vb2_verify_keyblock2() major version"); - - memcpy(buf, buf2, buf_size); - kbuf->c.struct_version_minor++; - /* That changes the signature, so resign the keyblock */ - vb2_sign_data(&sig, buf, kbuf->sig_offset, prik[0], NULL); - memcpy(buf + kbuf->sig_offset, sig, sig->c.total_size); - free(sig); - TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - "vb2_verify_keyblock2() minor version"); - - memcpy(buf, buf2, buf_size); - kbuf->c.fixed_size -= 4; - kbuf->c.desc_size += 4; - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_KEYBLOCK_SIZE, - "vb2_verify_keyblock2() header size"); - - memcpy(buf, buf2, buf_size); - kbuf->key_offset = kbuf->c.total_size - 4; - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_MEMBER_SIZE, - "vb2_verify_keyblock2() data key outside"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset); - sig->data_size--; - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_KEYBLOCK_SIGNED_SIZE, - "vb2_verify_keyblock2() signed wrong size"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset); - sig->c.total_size = kbuf->c.total_size - 4; - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_TOTAL_SIZE, - "vb2_verify_keyblock2() key outside keyblock"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset); - sig->c.struct_version_major++; - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_SIG_VERSION, - "vb2_verify_keyblock2() corrupt key"); - - memcpy(buf, buf2, buf_size); - kbuf->c.struct_version_minor++; - TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb), - VB2_ERROR_VDATA_VERIFY_DIGEST, - "vb2_verify_keyblock2() corrupt"); - - free(buf); - free(buf2); -} - -/** - * Verify firmware preamble - */ -static void test_verify_fw_preamble(void) -{ - const char desc[16] = "test preamble"; - const struct vb2_private_key *prikhash; - struct vb2_signature2 *hashes[3]; - struct vb2_public_key pubk; - struct vb2_signature2 *sig; - struct vb2_fw_preamble2 *pre; - uint32_t buf_size; - uint8_t *buf, *buf2; - - uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES]; - struct vb2_workbuf wb; - - /* - * Preambles will usually be signed with a real key not a bare hash, - * but the call to vb2_verify_data2() inside the preamble check is the - * same (and its functionality is verified separately), and using a - * bare hash here saves us from needing to have a private key to do - * this test. - */ - TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256), - "create hash key"); - TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA256), - "Create private hash key"); - - /* Create some signatures */ - TEST_SUCC(vb2_sign_data(hashes + 0, test_data, sizeof(test_data), - prikhash, "Hash 1"), - "Hash 1"); - TEST_SUCC(vb2_sign_data(hashes + 1, test_data2, sizeof(test_data2), - prikhash, "Hash 2"), - "Hash 2"); - TEST_SUCC(vb2_sign_data(hashes + 2, test_data3, sizeof(test_data3), - prikhash, "Hash 3"), - "Hash 3"); - - /* Test good preamble */ - TEST_SUCC(vb2_fw_preamble_create(&pre, prikhash, - (const struct vb2_signature2 **)hashes, - 3, 0x1234, 0x5678, desc), - "Create preamble good"); - - buf = (uint8_t *)pre; - buf_size = pre->c.total_size; - - /* Make a copy of the buffer, so we can mangle it for tests */ - buf2 = malloc(buf_size); - memcpy(buf2, buf, buf_size); - - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - pre = (struct vb2_fw_preamble2 *)buf; - - TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - "vb2_verify_fw_preamble2()"); - - memcpy(buf, buf2, buf_size); - pre->c.magic = VB2_MAGIC_PACKED_KEY2; - TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - VB2_ERROR_PREAMBLE_MAGIC, - "vb2_verify_fw_preamble2() magic"); - - memcpy(buf, buf2, buf_size); - pre->c.fixed_size++; - TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_FIXED_UNALIGNED, - "vb2_verify_fw_preamble2() header"); - - memcpy(buf, buf2, buf_size); - pre->c.struct_version_major++; - TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - VB2_ERROR_PREAMBLE_HEADER_VERSION, - "vb2_verify_fw_preamble2() major version"); - - memcpy(buf, buf2, buf_size); - pre->c.struct_version_minor++; - /* That changes the signature, so resign the fw_preamble */ - vb2_sign_data(&sig, buf, pre->sig_offset, prikhash, NULL); - memcpy(buf + pre->sig_offset, sig, sig->c.total_size); - free(sig); - TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - "vb2_verify_fw_preamble2() minor version"); - - memcpy(buf, buf2, buf_size); - pre->c.fixed_size -= 4; - pre->c.desc_size += 4; - TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - VB2_ERROR_PREAMBLE_SIZE, - "vb2_verify_fw_preamble2() header size"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb2_signature2 *)(buf + pre->hash_offset); - sig->c.total_size += pre->c.total_size; - TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_TOTAL_SIZE, - "vb2_verify_fw_preamble2() hash size"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb2_signature2 *)(buf + pre->hash_offset); - sig->sig_size /= 2; - TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - VB2_ERROR_SIG_SIZE, - "vb2_verify_fw_preamble2() hash integrity"); - - memcpy(buf, buf2, buf_size); - pre->hash_count++; - TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_MEMBER_OVERLAP, - "vb2_verify_fw_preamble2() hash count"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb2_signature2 *)(buf + pre->sig_offset); - sig->c.total_size += 4; - TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - VB2_ERROR_COMMON_TOTAL_SIZE, - "vb2_verify_fw_preamble2() sig inside"); - - memcpy(buf, buf2, buf_size); - sig = (struct vb2_signature2 *)(buf + pre->sig_offset); - buf[pre->sig_offset + sig->sig_offset]++; - TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - VB2_ERROR_VDATA_VERIFY_DIGEST, - "vb2_verify_fw_preamble2() sig corrupt"); - - memcpy(buf, buf2, buf_size); - pre->flags++; - TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb), - VB2_ERROR_VDATA_VERIFY_DIGEST, - "vb2_verify_fw_preamble2() preamble corrupt"); - - free(buf); - free(buf2); -} - int main(int argc, char* argv[]) { test_memcmp(); @@ -759,11 +270,6 @@ int main(int argc, char* argv[]) test_workbuf(); test_struct_packing(); test_helper_functions(); - test_common_header_functions(); - test_sig_size(); - test_verify_hash(); - test_verify_keyblock(); - test_verify_fw_preamble(); return gTestSuccess ? 0 : 255; } |