diff options
author | Gaurav Shah <gauravsh@chromium.org> | 2010-03-25 13:04:45 -0700 |
---|---|---|
committer | Gaurav Shah <gauravsh@chromium.org> | 2010-03-25 13:04:45 -0700 |
commit | 3199eed3d37fa028c1a5e32d6b61aea00d35bc0c (patch) | |
tree | c6b889a514d282dcd26b0e9ae98c5917acb45f28 /tests | |
parent | 785397136260359e47de94b16881fbab06a96b36 (diff) | |
download | vboot-3199eed3d37fa028c1a5e32d6b61aea00d35bc0c.tar.gz |
Move test utility functions to a common place.
Also removes the dev_mode flag from Firmware Image verification as key signature for the firmware should be checked whether or not dev mode is enabled.
BUG=670
TEST=All tests still pass.
Merge remote branch 'refs/remotes/origin/master' into fixtests
Fix tests, remove dev mode. Move common code.
Review URL: http://codereview.chromium.org/1280002
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Makefile | 11 | ||||
-rw-r--r-- | tests/firmware_image_tests.c | 155 | ||||
-rw-r--r-- | tests/firmware_rollback_tests.c | 67 | ||||
-rw-r--r-- | tests/firmware_verify_benchmark.c | 54 | ||||
-rw-r--r-- | tests/kernel_image_tests.c | 179 | ||||
-rw-r--r-- | tests/kernel_verify_benchmark.c | 62 | ||||
-rw-r--r-- | tests/test_common.c | 187 | ||||
-rw-r--r-- | tests/test_common.h | 49 | ||||
-rw-r--r-- | tests/verify_firmware_fuzz_driver.c | 3 |
9 files changed, 325 insertions, 442 deletions
diff --git a/tests/Makefile b/tests/Makefile index 931e3f5d..d2e70c30 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -24,21 +24,22 @@ tests: firmware_image_tests \ verify_firmware_fuzz_driver \ verify_kernel_fuzz_driver -firmware_image_tests: firmware_image_tests.c rollback_index_mock.c +firmware_image_tests: firmware_image_tests.c rollback_index_mock.c test_common.c $(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(LIBS) -firmware_rollback_tests: firmware_rollback_tests.c rollback_index_mock.c test_common.c +firmware_rollback_tests: firmware_rollback_tests.c rollback_index_mock.c \ + test_common.c $(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(LIBS) firmware_verify_benchmark: firmware_verify_benchmark.c timer_utils.c \ - rollback_index_mock.c + rollback_index_mock.c test_common.c $(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(LIBS) -kernel_image_tests: kernel_image_tests.c rollback_index_mock.c +kernel_image_tests: kernel_image_tests.c rollback_index_mock.c test_common.c $(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(LIBS) kernel_verify_benchmark: kernel_verify_benchmark.c timer_utils.c \ - rollback_index_mock.c + rollback_index_mock.c test_common.c $(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(LIBS) rsa_padding_test: rsa_padding_test.c diff --git a/tests/firmware_image_tests.c b/tests/firmware_image_tests.c index b252735d..627b6349 100644 --- a/tests/firmware_image_tests.c +++ b/tests/firmware_image_tests.c @@ -11,146 +11,44 @@ #include "file_keys.h" #include "firmware_image.h" #include "rsa_utility.h" +#include "test_common.h" #include "utility.h" -#include "rollback_index.h" - -/* ANSI Color coding sequences. */ -#define COL_GREEN "\e[1;32m" -#define COL_RED "\e[0;31m" -#define COL_STOP "\e[m" - -int TEST_EQ(int result, int expected_result, char* testname) { - if (result == expected_result) { - fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); - return 1; - } else { - fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); - return 0; - } -} - -FirmwareImage* GenerateTestFirmwareImage(int algorithm, - uint8_t* firmware_sign_key, - int firmware_key_version, - int firmware_version, - int firmware_len, - const char* root_key_file, - const char* firmware_key_file) { - FirmwareImage* image = FirmwareImageNew(); - - Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); - image->firmware_sign_algorithm = algorithm; - image->firmware_sign_key = (uint8_t*) Malloc( - RSAProcessedKeySize(image->firmware_sign_algorithm)); - Memcpy(image->firmware_sign_key, firmware_sign_key, - RSAProcessedKeySize(image->firmware_sign_algorithm)); - image->firmware_key_version = firmware_key_version; - - /* Update correct header length. */ - image->header_len = GetFirmwareHeaderLen(image); - - /* Calculate SHA-512 digest on header and populate header_checksum. */ - CalculateFirmwareHeaderChecksum(image, image->header_checksum); - - /* Populate firmware and preamble with dummy data. */ - image->firmware_version = firmware_version; - image->firmware_len = firmware_len; - image->preamble_signature = image->firmware_signature = NULL; - Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); - image->firmware_data = Malloc(image->firmware_len); - Memset(image->firmware_data, 'F', image->firmware_len); - - /* Generate and populate signatures. */ - if (!AddFirmwareKeySignature(image, root_key_file)) { - fprintf(stderr, "Couldn't create key signature.\n"); - FirmwareImageFree(image); - return NULL; - } - - if (!AddFirmwareSignature(image, firmware_key_file)) { - fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); - FirmwareImageFree(image); - return NULL; - } - return image; -} - -#define DEV_MODE_ENABLED 1 -#define DEV_MODE_DISABLED 0 /* Normal Firmware Blob Verification Tests. */ -int VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { - int success = 1; - if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_ENABLED), - VERIFY_FIRMWARE_SUCCESS, - "Normal Firmware Blob Verification (Dev Mode)")) - success = 0; - - if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_DISABLED), - VERIFY_FIRMWARE_SUCCESS, - "Normal Firmware Blob Verification (Trusted)")) - success = 0; - return success; +void VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { + TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob), + VERIFY_FIRMWARE_SUCCESS, + "Normal Firmware Blob Verification"); } /* Normal FirmwareImage Verification Tests. */ -int VerifyFirmwareImageTest(FirmwareImage* image, - RSAPublicKey* root_key) { - int success = 1; - if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), - VERIFY_FIRMWARE_SUCCESS, - "Normal FirmwareImage Verification (Dev Mode)")) - success = 0; - - if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), - VERIFY_FIRMWARE_SUCCESS, - "Normal FirmwareImage Verification (Trusted)")) - success = 0; - return success; +void VerifyFirmwareImageTest(FirmwareImage* image, + RSAPublicKey* root_key) { + TEST_EQ(VerifyFirmwareImage(root_key, image), + VERIFY_FIRMWARE_SUCCESS, + "Normal FirmwareImage Verification"); } /* Tampered FirmwareImage Verification Tests. */ -int VerifyFirmwareImageTamperTest(FirmwareImage* image, - RSAPublicKey* root_key) { - int success = 1; - fprintf(stderr, "[[Tampering with firmware preamble....]]\n"); +void VerifyFirmwareImageTamperTest(FirmwareImage* image, + RSAPublicKey* root_key) { image->firmware_version = 0; - if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), - VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, - "FirmwareImage Preamble Tamper Verification (Dev Mode)")) - success = 0; - - if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), - VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, - "FirmwareImage Preamble Tamper Verification (Trusted)")) - success = 0; + TEST_EQ(VerifyFirmwareImage(root_key, image), + VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, + "FirmwareImage Preamble Tamper Verification"); image->firmware_version = 1; image->firmware_data[0] = 'T'; - if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), - VERIFY_FIRMWARE_SIGNATURE_FAILED, - "FirmwareImage Tamper Verification (Dev Mode)")) - success = 0; - if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), - VERIFY_FIRMWARE_SIGNATURE_FAILED, - "FirmwareImage Tamper Verification (Trusted)")) - success = 0; + TEST_EQ(VerifyFirmwareImage(root_key, image), + VERIFY_FIRMWARE_SIGNATURE_FAILED, + "FirmwareImage Data Tamper Verification"); image->firmware_data[0] = 'F'; - - fprintf(stderr, "[[Tampering with root key signature...]]\n"); image->firmware_key_signature[0] = 0xFF; image->firmware_key_signature[1] = 0x00; - if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), - VERIFY_FIRMWARE_SUCCESS, - "FirmwareImage Root Signature Tamper Verification (Dev Mode)")) - success = 0; - if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), - VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, - "FirmwareImage Root Signature Tamper Verification (Trusted)")) - success = 0; - - return success; + TEST_EQ(VerifyFirmwareImage(root_key, image), + VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, + "FirmwareImage Root Signature Tamper Verification"); } int main(int argc, char* argv[]) { @@ -165,7 +63,6 @@ int main(int argc, char* argv[]) { RSAPublicKey* root_key_pub = NULL; int error_code = 0; int algorithm; - SetupTPM(); if(argc != 6) { fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" " <signing key> <processed signing key>\n", argv[0]); @@ -194,13 +91,13 @@ int main(int argc, char* argv[]) { firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); /* Test Firmware blob verify operations. */ - if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) - error_code = 255; + VerifyFirmwareTest(firmware_blob, root_key_blob); /* Test FirmwareImage verify operations. */ - if (!VerifyFirmwareImageTest(image, root_key_pub)) - error_code = 255; - if (!VerifyFirmwareImageTamperTest(image, root_key_pub)) + VerifyFirmwareImageTest(image, root_key_pub); + VerifyFirmwareImageTamperTest(image, root_key_pub); + + if (!gTestSuccess) error_code = 255; failure: diff --git a/tests/firmware_rollback_tests.c b/tests/firmware_rollback_tests.c index 19ac850c..0df0c3c2 100644 --- a/tests/firmware_rollback_tests.c +++ b/tests/firmware_rollback_tests.c @@ -15,73 +15,6 @@ #include "rollback_index.h" #include "test_common.h" -/* Generates a test firmware image for rollback tests with a given - * [firmware_key_version] and [firmware_version]. If [is_corrupt] is 1, - * then the image has invalid signatures and will fail verification. */ -uint8_t* GenerateRollbackTestImage(int firmware_key_version, - int firmware_version, - int is_corrupt) { - FirmwareImage* image = NULL; - uint8_t* firmware_blob = NULL; - const char* firmare_sign_key_pub_file = "testkeys/key_rsa1024.keyb"; - uint8_t* firmware_sign_key = NULL; - const char* root_key_file = "testkeys/key_rsa8192.pem"; - const char* firmware_key_file = "testkeys/key_rsa1024.pem"; - uint64_t len; - firmware_sign_key = BufferFromFile(firmare_sign_key_pub_file, - &len); - if (!firmware_sign_key) - return NULL; - - image = FirmwareImageNew(); - if (!image) - return NULL; - - Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); - image->firmware_sign_algorithm = 0; /* RSA1024/SHA1 */ - image->firmware_sign_key = (uint8_t*) Malloc( - RSAProcessedKeySize(image->firmware_sign_algorithm)); - Memcpy(image->firmware_sign_key, firmware_sign_key, - RSAProcessedKeySize(image->firmware_sign_algorithm)); - image->firmware_key_version = firmware_key_version; - Free(firmware_sign_key); - - /* Update correct header length. */ - image->header_len = GetFirmwareHeaderLen(image); - - /* Calculate SHA-512 digest on header and populate header_checksum. */ - CalculateFirmwareHeaderChecksum(image, image->header_checksum); - - /* Populate firmware and preamble with dummy data. */ - image->firmware_version = firmware_version; - image->firmware_len = 1; - image->preamble_signature = image->firmware_signature = NULL; - Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); - image->firmware_data = Malloc(image->firmware_len); - Memset(image->firmware_data, 'F', image->firmware_len); - - /* Generate and populate signatures. */ - if (!AddFirmwareKeySignature(image, root_key_file)) { - fprintf(stderr, "Couldn't create key signature.\n"); - FirmwareImageFree(image); - return NULL; - } - - if (!AddFirmwareSignature(image, firmware_key_file)) { - fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); - FirmwareImageFree(image); - return NULL; - } - if (is_corrupt) { - /* Invalidate image. */ - Memset(image->firmware_data, 'X', image->firmware_len); - } - - firmware_blob = GetFirmwareBlob(image, &len); - FirmwareImageFree(image); - return firmware_blob; -} - /* Tests that check for correctness of the VerifyFirmwareDriver_f() logic * and rollback prevention. */ void VerifyFirmwareDriverTest(void) { diff --git a/tests/firmware_verify_benchmark.c b/tests/firmware_verify_benchmark.c index 02d0d5d4..8eafc70c 100644 --- a/tests/firmware_verify_benchmark.c +++ b/tests/firmware_verify_benchmark.c @@ -12,6 +12,7 @@ #include "firmware_image.h" #include "padding.h" #include "rsa_utility.h" +#include "test_common.h" #include "timer_utils.h" #include "utility.h" @@ -34,53 +35,6 @@ const char* g_firmware_size_labels[] = { #define NUM_SIZES_TO_TEST (sizeof(g_firmware_sizes_to_test) / \ sizeof(g_firmware_sizes_to_test[0])) -uint8_t* GenerateTestFirmwareBlob(int algorithm, - int firmware_len, - const uint8_t* firmware_sign_key, - const char* root_key_file, - const char* firmware_sign_key_file) { - FirmwareImage* image = FirmwareImageNew(); - uint8_t* firmware_blob = NULL; - uint64_t firmware_blob_len = 0; - - Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); - image->firmware_sign_algorithm = algorithm; - image->firmware_sign_key = (uint8_t*) Malloc( - RSAProcessedKeySize(image->firmware_sign_algorithm)); - Memcpy(image->firmware_sign_key, firmware_sign_key, - RSAProcessedKeySize(image->firmware_sign_algorithm)); - image->firmware_key_version = 1; - - /* Update correct header length. */ - image->header_len = GetFirmwareHeaderLen(image); - - /* Calculate SHA-512 digest on header and populate header_checksum. */ - CalculateFirmwareHeaderChecksum(image, image->header_checksum); - - /* Populate firmware and preamble with dummy data. */ - image->firmware_version = 1; - image->firmware_len = firmware_len; - image->preamble_signature = image->firmware_signature = NULL; - Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); - image->firmware_data = Malloc(image->firmware_len); - Memset(image->firmware_data, 'F', image->firmware_len); - - if (!AddFirmwareKeySignature(image, root_key_file)) { - fprintf(stderr, "Couldn't create key signature.\n"); - FirmwareImageFree(image); - return NULL; - } - - if (!AddFirmwareSignature(image, firmware_sign_key_file)) { - fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); - FirmwareImageFree(image); - return NULL; - } - firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); - FirmwareImageFree(image); - return firmware_blob; -} - int SpeedTestAlgorithm(int algorithm) { int i, j, key_size, error_code = 0; ClockTimerState ct; @@ -115,8 +69,10 @@ int SpeedTestAlgorithm(int algorithm) { /* Generate test images. */ for (i = 0; i < NUM_SIZES_TO_TEST; ++i) { firmware_blobs[i] = GenerateTestFirmwareBlob(algorithm, - g_firmware_sizes_to_test[i], firmware_sign_key, + 1, /* firmware key version. */ + 1, /* firmware version. */ + g_firmware_sizes_to_test[i], "testkeys/key_rsa8192.pem", firmware_sign_key_file); if (!firmware_blobs[i]) { @@ -139,7 +95,7 @@ int SpeedTestAlgorithm(int algorithm) { StartTimer(&ct); for (j = 0; j < NUM_OPERATIONS; ++j) { if (VERIFY_FIRMWARE_SUCCESS != - VerifyFirmware(root_key_blob, firmware_blobs[i], 0)) + VerifyFirmware(root_key_blob, firmware_blobs[i])) fprintf(stderr, "Warning: Firmware Verification Failed.\n"); } StopTimer(&ct); diff --git a/tests/kernel_image_tests.c b/tests/kernel_image_tests.c index d958c0fa..a5650115 100644 --- a/tests/kernel_image_tests.c +++ b/tests/kernel_image_tests.c @@ -11,143 +11,70 @@ #include "file_keys.h" #include "kernel_image.h" #include "rsa_utility.h" +#include "test_common.h" #include "utility.h" -/* ANSI Color coding sequences. */ -#define COL_GREEN "\e[1;32m" -#define COL_RED "\e[0;31m" -#define COL_STOP "\e[m" - -int TEST_EQ(int result, int expected_result, char* testname) { - if (result == expected_result) { - fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); - return 1; - } - else { - fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); - return 0; - } -} - -KernelImage* GenerateTestKernelImage(int firmware_sign_algorithm, - int kernel_sign_algorithm, - uint8_t* kernel_sign_key, - int kernel_key_version, - int kernel_version, - int kernel_len) { - KernelImage* image = KernelImageNew(); - - Memcpy(image->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE); - image->header_version = 1; - image->firmware_sign_algorithm = firmware_sign_algorithm; - image->kernel_sign_algorithm = kernel_sign_algorithm; - image->kernel_key_version = kernel_key_version; - image->kernel_sign_key = (uint8_t*) Malloc( - RSAProcessedKeySize(image->kernel_sign_algorithm)); - Memcpy(image->kernel_sign_key, kernel_sign_key, - RSAProcessedKeySize(image->kernel_sign_algorithm)); - - /* Update correct header length. */ - image->header_len = GetKernelHeaderLen(image); - - /* Calculate SHA-512 digest on header and populate header_checksum. */ - CalculateKernelHeaderChecksum(image, image->header_checksum); - - /* Populate kernel options and data with dummy data. */ - image->kernel_version = kernel_version; - image->options.version[0] = 1; - image->options.version[1] = 0; - Memset(image->options.cmd_line, 0, sizeof(image->options.cmd_line)); - image->options.kernel_len = kernel_len; - image->options.kernel_load_addr = 0; - image->options.kernel_entry_addr = 0; - image->kernel_key_signature = image->kernel_signature = NULL; - image->kernel_data = Malloc(kernel_len); - Memset(image->kernel_data, 'F', kernel_len); - - return image; -} - #define DEV_MODE_ENABLED 1 #define DEV_MODE_DISABLED 0 /* Normal Kernel Blob Verification Tests. */ -int VerifyKernelTest(uint8_t* kernel_blob, uint8_t* firmware_key_blob) { - int success = 1; - if (!TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_ENABLED), - VERIFY_KERNEL_SUCCESS, - "Normal Kernel Blob Verification (Dev Mode)")) - success = 0; - - if (!TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_DISABLED), - VERIFY_KERNEL_SUCCESS, - "Normal Kernel Blob Verification (Trusted)")) - success = 0; - return success; +void VerifyKernelTest(uint8_t* kernel_blob, uint8_t* firmware_key_blob) { + TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_ENABLED), + VERIFY_KERNEL_SUCCESS, + "Normal Kernel Blob Verification (Dev Mode)"); + + TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_DISABLED), + VERIFY_KERNEL_SUCCESS, + "Normal Kernel Blob Verification (Trusted)"); } /* Normal KernelImage Verification Tests. */ -int VerifyKernelImageTest(KernelImage* image, +void VerifyKernelImageTest(KernelImage* image, RSAPublicKey* firmware_key) { - int success = 1; - if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), - VERIFY_KERNEL_SUCCESS, - "Normal KernelImage Verification (Dev Mode)")) - success = 0; - - if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), - VERIFY_KERNEL_SUCCESS, - "Normal KernelImage Verification (Trusted)")) - success = 0; - return success; + TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), + VERIFY_KERNEL_SUCCESS, + "Normal KernelImage Verification (Dev Mode)"); + TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), + VERIFY_KERNEL_SUCCESS, + "Normal KernelImage Verification (Trusted)"); } /* Tampered KernelImage Verification Tests. */ -int VerifyKernelImageTamperTest(KernelImage* image, - RSAPublicKey* firmware_key) { - int success = 1; - fprintf(stderr, "[[Tampering with kernel config....]]\n"); +void VerifyKernelImageTamperTest(KernelImage* image, + RSAPublicKey* firmware_key) { image->options.kernel_load_addr = 0xFFFF; - if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), - VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, - "KernelImage Config Tamper Verification (Dev Mode)")) - success = 0; - if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), - VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, - "KernelImage Config Tamper Verification (Trusted)")) - success = 0; + TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), + VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, + "KernelImage Config Tamper Verification (Dev Mode)"); + TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), + VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, + "KernelImage Config Tamper Verification (Trusted)"); image->options.kernel_load_addr = 0; image->kernel_data[0] = 'T'; - if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), - VERIFY_KERNEL_SIGNATURE_FAILED, - "KernelImage Tamper Verification (Dev Mode)")) - success = 0; - if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), - VERIFY_KERNEL_SIGNATURE_FAILED, - "KernelImage Tamper Verification (Trusted)")) - success = 0; + TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), + VERIFY_KERNEL_SIGNATURE_FAILED, + "KernelImage Tamper Verification (Dev Mode)"); + TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), + VERIFY_KERNEL_SIGNATURE_FAILED, + "KernelImage Tamper Verification (Trusted)"); image->kernel_data[0] = 'F'; - - fprintf(stderr, "[[Tampering with kernel key signature...]]\n"); image->kernel_key_signature[0] = 0xFF; image->kernel_key_signature[1] = 0x00; - if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), - VERIFY_KERNEL_SUCCESS, - "KernelImage Key Signature Tamper Verification (Dev Mode)")) - success = 0; - if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), - VERIFY_KERNEL_KEY_SIGNATURE_FAILED, - "KernelImage Key Signature Tamper Verification (Trusted)")) - success = 0; - - return success; + TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), + VERIFY_KERNEL_SUCCESS, + "KernelImage Key Signature Tamper Verification (Dev Mode)"); + TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), + VERIFY_KERNEL_KEY_SIGNATURE_FAILED, + "KernelImage Key Signature Tamper Verification (Trusted)"); } int main(int argc, char* argv[]) { uint64_t len; + const char* firmware_key_file = NULL; + const char* kernel_key_file = NULL; uint8_t* kernel_sign_key_buf = NULL; uint8_t* firmware_key_blob = NULL; uint8_t* kernel_blob = NULL; @@ -171,6 +98,9 @@ int main(int argc, char* argv[]) { firmware_key = RSAPublicKeyFromFile(argv[4]); firmware_key_blob = BufferFromFile(argv[4], &len); kernel_sign_key_buf = BufferFromFile(argv[6], &len); + firmware_key_file = argv[3]; + kernel_key_file = argv[5]; + if (!firmware_key || !kernel_sign_key_buf || !kernel_sign_key_buf) { error_code = 1; goto failure; @@ -181,35 +111,24 @@ int main(int argc, char* argv[]) { kernel_sign_key_buf, 1, /* Kernel Key Version */ 1, /* Kernel Version */ - 1000); /* Kernel Size */ + 1000, /* Kernel Size */ + firmware_key_file, + kernel_key_file); if (!image) { error_code = 1; goto failure; } - /* Generate and populate signatures. */ - if (!AddKernelKeySignature(image, argv[3])) { - fprintf(stderr, "Couldn't create key signature.\n"); - error_code = 1; - goto failure; - } - - if (!AddKernelSignature(image, argv[5])) { - fprintf(stderr, "Couldn't create kernel option and kernel signature.\n"); - error_code = 1; - goto failure; - } - kernel_blob = GetKernelBlob(image, &kernel_blob_len); /* Test Kernel blob verify operations. */ - if (!VerifyKernelTest(kernel_blob, firmware_key_blob)) - error_code = 255; + VerifyKernelTest(kernel_blob, firmware_key_blob); /* Test KernelImage verify operations. */ - if (!VerifyKernelImageTest(image, firmware_key)) - error_code = 255; - if (!VerifyKernelImageTamperTest(image, firmware_key)) + VerifyKernelImageTest(image, firmware_key); + VerifyKernelImageTamperTest(image, firmware_key); + + if (!gTestSuccess) error_code = 255; failure: diff --git a/tests/kernel_verify_benchmark.c b/tests/kernel_verify_benchmark.c index 16453f0b..1460ef2e 100644 --- a/tests/kernel_verify_benchmark.c +++ b/tests/kernel_verify_benchmark.c @@ -12,6 +12,7 @@ #include "kernel_image.h" #include "padding.h" #include "rsa_utility.h" +#include "test_common.h" #include "timer_utils.h" #include "utility.h" @@ -40,63 +41,6 @@ const char* g_kernel_size_labels[] = { #define NUM_SIZES_TO_TEST (sizeof(g_kernel_sizes_to_test) / \ sizeof(g_kernel_sizes_to_test[0])) -uint8_t* GenerateTestKernelBlob(int firmware_sign_algorithm, - int kernel_sign_algorithm, - int kernel_len, - const uint8_t* kernel_sign_key, - const char* firmware_key_file, - const char* kernel_key_file) { - KernelImage* image = KernelImageNew(); - uint8_t* kernel_blob = NULL; - uint64_t kernel_blob_len = 0; - - Memcpy(image->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE); - image->header_version = 1; - image->firmware_sign_algorithm = firmware_sign_algorithm; - image->kernel_sign_algorithm = kernel_sign_algorithm; - image->kernel_key_version = 1; - image->kernel_sign_key = (uint8_t*) Malloc( - RSAProcessedKeySize(image->kernel_sign_algorithm)); - Memcpy(image->kernel_sign_key, kernel_sign_key, - RSAProcessedKeySize(image->kernel_sign_algorithm)); - - /* Update correct header length. */ - image->header_len = GetKernelHeaderLen(image); - - /* Calculate SHA-512 digest on header and populate header_checksum. */ - CalculateKernelHeaderChecksum(image, image->header_checksum); - - /* Populate kernel options and data with dummy data. */ - image->kernel_version = 1; - image->options.version[0] = 1; - image->options.version[1] = 0; - Memset(image->options.cmd_line, 0, sizeof(image->options.cmd_line)); - image->options.kernel_len = kernel_len; - image->options.kernel_load_addr = 0; - image->options.kernel_entry_addr = 0; - image->kernel_key_signature = image->kernel_signature = NULL; - image->kernel_data = Malloc(kernel_len); - /* TODO(gauravsh): Populate this with random data, to remove data-dependent - * timing artificats. */ - Memset(image->kernel_data, 'K', kernel_len); - - if (!AddKernelKeySignature(image, firmware_key_file)) { - fprintf(stderr, "Couldn't create key signature.\n"); - KernelImageFree(image); - return NULL; - } - - if (!AddKernelSignature(image, kernel_key_file)) { - fprintf(stderr, "Couldn't create kernel option and kernel signature.\n"); - KernelImageFree(image); - return NULL; - } - - kernel_blob = GetKernelBlob(image, &kernel_blob_len); - KernelImageFree(image); - return kernel_blob; -} - int SpeedTestAlgorithm(int firmware_sign_algorithm, int kernel_sign_algorithm) { int i, j, error_code = 0; @@ -139,8 +83,10 @@ int SpeedTestAlgorithm(int firmware_sign_algorithm, for (i = 0; i < NUM_SIZES_TO_TEST; ++i) { kernel_blobs[i] = GenerateTestKernelBlob(firmware_sign_algorithm, kernel_sign_algorithm, - g_kernel_sizes_to_test[i], kernel_sign_key, + 1, /* kernel key version. */ + 1, /* kernel version. */ + g_kernel_sizes_to_test[i], firmware_sign_key_file, kernel_sign_key_file); if (!kernel_blobs[i]) { diff --git a/tests/test_common.c b/tests/test_common.c index 4a92f7d8..5cc0805d 100644 --- a/tests/test_common.c +++ b/tests/test_common.c @@ -9,9 +9,13 @@ #include <stdio.h> +#include "file_keys.h" +#include "rsa_utility.h" +#include "utility.h" + /* ANSI Color coding sequences. */ #define COL_GREEN "\e[1;32m" -#define COL_RED "\e[0;31m]" +#define COL_RED "\e[0;31m" #define COL_STOP "\e[m" /* Global test success flag. */ @@ -28,3 +32,184 @@ int TEST_EQ(int result, int expected_result, char* testname) { return 0; } } + +FirmwareImage* GenerateTestFirmwareImage(int algorithm, + const uint8_t* firmware_sign_key, + int firmware_key_version, + int firmware_version, + int firmware_len, + const char* root_key_file, + const char* firmware_key_file) { + FirmwareImage* image = FirmwareImageNew(); + + Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); + image->firmware_sign_algorithm = algorithm; + image->firmware_sign_key = (uint8_t*) Malloc( + RSAProcessedKeySize(image->firmware_sign_algorithm)); + Memcpy(image->firmware_sign_key, firmware_sign_key, + RSAProcessedKeySize(image->firmware_sign_algorithm)); + image->firmware_key_version = firmware_key_version; + + /* Update correct header length. */ + image->header_len = GetFirmwareHeaderLen(image); + + /* Calculate SHA-512 digest on header and populate header_checksum. */ + CalculateFirmwareHeaderChecksum(image, image->header_checksum); + + /* Populate firmware and preamble with dummy data. */ + image->firmware_version = firmware_version; + image->firmware_len = firmware_len; + image->preamble_signature = image->firmware_signature = NULL; + Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); + image->firmware_data = Malloc(image->firmware_len); + Memset(image->firmware_data, 'F', image->firmware_len); + + /* Generate and populate signatures. */ + if (!AddFirmwareKeySignature(image, root_key_file)) { + fprintf(stderr, "Couldn't create key signature.\n"); + FirmwareImageFree(image); + return NULL; + } + + if (!AddFirmwareSignature(image, firmware_key_file)) { + fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); + FirmwareImageFree(image); + return NULL; + } + return image; +} + +uint8_t* GenerateTestFirmwareBlob(int algorithm, + const uint8_t* firmware_sign_key, + int firmware_key_version, + int firmware_version, + int firmware_len, + const char* root_key_file, + const char* firmware_key_file) { + FirmwareImage* image = NULL; + uint8_t* firmware_blob = NULL; + uint64_t firmware_blob_len = 0; + + image = GenerateTestFirmwareImage(algorithm, + firmware_sign_key, + firmware_key_version, + firmware_version, + firmware_len, + root_key_file, + firmware_key_file); + firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); + FirmwareImageFree(image); + return firmware_blob; +} + +uint8_t* GenerateRollbackTestImage(int firmware_key_version, + int firmware_version, + int is_corrupt) { + FirmwareImage* image = NULL; + uint64_t len; + uint8_t* firmware_blob = NULL; + uint8_t* firmware_sign_key = NULL; + + firmware_sign_key = BufferFromFile("testkeys/key_rsa1024.keyb", + &len); + if (!firmware_sign_key) + return NULL; + image = GenerateTestFirmwareImage(0, /* RSA1024/SHA1 */ + firmware_sign_key, + firmware_key_version, + firmware_version, + 1, /* Firmware length. */ + "testkeys/key_rsa8192.pem", + "testkeys/key_rsa1024.pem"); + if (!image) + return NULL; + if (is_corrupt) { + /* Invalidate image. */ + Memset(image->firmware_data, 'X', image->firmware_len); + } + + firmware_blob = GetFirmwareBlob(image, &len); + FirmwareImageFree(image); + return firmware_blob; +} + + +KernelImage* GenerateTestKernelImage(int firmware_sign_algorithm, + int kernel_sign_algorithm, + const uint8_t* kernel_sign_key, + int kernel_key_version, + int kernel_version, + int kernel_len, + const char* firmware_key_file, + const char* kernel_key_file) { + KernelImage* image = KernelImageNew(); + + Memcpy(image->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE); + image->header_version = 1; + image->firmware_sign_algorithm = firmware_sign_algorithm; + image->kernel_sign_algorithm = kernel_sign_algorithm; + image->kernel_key_version = kernel_key_version; + image->kernel_sign_key = (uint8_t*) Malloc( + RSAProcessedKeySize(image->kernel_sign_algorithm)); + Memcpy(image->kernel_sign_key, kernel_sign_key, + RSAProcessedKeySize(image->kernel_sign_algorithm)); + + /* Update correct header length. */ + image->header_len = GetKernelHeaderLen(image); + + /* Calculate SHA-512 digest on header and populate header_checksum. */ + CalculateKernelHeaderChecksum(image, image->header_checksum); + + /* Populate kernel options and data with dummy data. */ + image->kernel_version = kernel_version; + image->options.version[0] = 1; + image->options.version[1] = 0; + Memset(image->options.cmd_line, 0, sizeof(image->options.cmd_line)); + image->options.kernel_len = kernel_len; + image->options.kernel_load_addr = 0; + image->options.kernel_entry_addr = 0; + image->kernel_key_signature = image->kernel_signature = NULL; + image->kernel_data = Malloc(kernel_len); + Memset(image->kernel_data, 'F', kernel_len); + + /* Generate and populate signatures. */ + if (!AddKernelKeySignature(image, firmware_key_file)) { + fprintf(stderr, "Couldn't create key signature.\n"); + KernelImageFree(image); + return NULL; + } + + if (!AddKernelSignature(image, kernel_key_file)) { + fprintf(stderr, "Couldn't create kernel option and kernel signature.\n"); + KernelImageFree(image); + return NULL; + } + + return image; +} + +uint8_t* GenerateTestKernelBlob(int firmware_sign_algorithm, + int kernel_sign_algorithm, + const uint8_t* kernel_sign_key, + int kernel_key_version, + int kernel_version, + int kernel_len, + const char* firmware_key_file, + const char* kernel_key_file) { + KernelImage* image = NULL; + uint8_t* kernel_blob = NULL; + uint64_t kernel_blob_len = 0; + + image = GenerateTestKernelImage(firmware_sign_algorithm, + kernel_sign_algorithm, + kernel_sign_key, + kernel_key_version, + kernel_version, + kernel_len, + firmware_key_file, + kernel_key_file); + + kernel_blob = GetKernelBlob(image, &kernel_blob_len); + KernelImageFree(image); + return kernel_blob; +} diff --git a/tests/test_common.h b/tests/test_common.h index 9fa3eecf..a449bddd 100644 --- a/tests/test_common.h +++ b/tests/test_common.h @@ -7,7 +7,54 @@ #ifndef VBOOT_REFERENCE_TEST_COMMON_H_ #define VBOOT_REFERENCE_TEST_COMMON_H_ -int TEST_EQ(int result, int expected_result, char* testname); +#include <stdint.h> + +#include "firmware_image.h" +#include "kernel_image.h" + extern int gTestSuccess; +/* Return 1 if result is equal to expected_result, else return 0. + * Also update the global gTestSuccess flag if test fails. */ +int TEST_EQ(int result, int expected_result, char* testname); + +/* Test firmware image generation functions. */ +FirmwareImage* GenerateTestFirmwareImage(int algorithm, + const uint8_t* firmware_sign_key, + int firmware_key_version, + int firmware_version, + int firmware_len, + const char* root_key_file, + const char* firmware_key_file); +uint8_t* GenerateTestFirmwareBlob(int algorithm, + const uint8_t* firmware_sign_key, + int firmware_key_version, + int firmware_version, + int firmware_len, + const char* root_key_file, + const char* firmware_key_file); + +/* Test kernel image generation functions. */ +KernelImage* GenerateTestKernelImage(int firmware_sign_algorithm, + int kernel_sign_algorithm, + const uint8_t* kernel_sign_key, + int kernel_key_version, + int kernel_version, + int kernel_len, + const char* firmware_key_file, + const char* kernel_key_file); +uint8_t* GenerateTestKernelBlob(int firmware_sign_algorithm, + int kernel_sign_algorithm, + const uint8_t* kernel_sign_key, + int kernel_key_version, + int kernel_version, + int kernel_len, + const char* firmware_key_file, + const char* kernel_key_file); +/* Generates a test firmware image for rollback tests with a given + * [firmware_key_version] and [firmware_version]. If [is_corrupt] is 1, + * then the image has invalid signatures and will fail verification. */ +uint8_t* GenerateRollbackTestImage(int firmware_key_version, + int firmware_version, + int is_corrupt); #endif /* VBOOT_REFERENCE_TEST_COMMON_H_ */ diff --git a/tests/verify_firmware_fuzz_driver.c b/tests/verify_firmware_fuzz_driver.c index 224fdb58..8ab33ad6 100644 --- a/tests/verify_firmware_fuzz_driver.c +++ b/tests/verify_firmware_fuzz_driver.c @@ -28,8 +28,7 @@ int VerifySignedFirmware(const char* image_file, error_code = 1; } - if (!error_code && (error = VerifyFirmware(root_key_blob, firmware_blob, - 0))) { /* Trusted Mode. */ + if (!error_code && (error = VerifyFirmware(root_key_blob, firmware_blob))) { fprintf(stderr, "%s\n", VerifyFirmwareErrorString(error)); error_code = 1; } |