diff options
author | Bill Richardson <wfrichar@chromium.org> | 2010-07-01 10:22:06 -0700 |
---|---|---|
committer | Bill Richardson <wfrichar@chromium.org> | 2010-07-01 10:22:06 -0700 |
commit | abf055045802cb06c57ff2d7b187736bdcb3b138 (patch) | |
tree | be0cc0aaa1d8c64fb5402b66c975e7e7c018acd1 /tests | |
parent | a08b5c9d032be485fe6e2790c23e8c9bb9fca2ad (diff) | |
download | vboot-abf055045802cb06c57ff2d7b187736bdcb3b138.tar.gz |
Switch to using .vbprivk for signing everything now.
This makes it much simpler to keep track of what we're doing.
vbutil_key can now wrap both .keyb and .pem keys. It figures out which is
which by trying both and just using the one that works.
vbutil_keyblock and vbutil_kernel now use .vbprivk files for signing.
replace debug() with VBDEBUG(()) in host-side sources, too.
rename PrivateKeyRead to PrivateKeyReadPem
Add real PrivateKeyRead and PrivateKeyWrite for .vbprivk files.
Review URL: http://codereview.chromium.org/2871033
Diffstat (limited to 'tests')
-rw-r--r-- | tests/big_firmware_tests.c | 4 | ||||
-rw-r--r-- | tests/big_kernel_tests.c | 4 | ||||
-rw-r--r-- | tests/firmware_verify_benchmark.c | 8 | ||||
-rw-r--r-- | tests/kernel_rollback_tests.c | 14 | ||||
-rw-r--r-- | tests/kernel_verify_benchmark.c | 8 | ||||
-rw-r--r-- | tests/rollback_index_mock.c | 8 | ||||
-rw-r--r-- | tests/rsa_verify_benchmark.c | 8 | ||||
-rwxr-xr-x | tests/run_vbutil_tests.sh | 26 |
8 files changed, 45 insertions, 35 deletions
diff --git a/tests/big_firmware_tests.c b/tests/big_firmware_tests.c index 1f83cd2a..f460115f 100644 --- a/tests/big_firmware_tests.c +++ b/tests/big_firmware_tests.c @@ -33,7 +33,7 @@ int BigFirmwareTest(void) { RSAPublicKey* root_key = RSAPublicKeyFromFile(kRootKeyPublicFile); uint8_t* root_key_blob = BufferFromFile(kRootKeyPublicFile, &len); uint8_t* firmware_sign_key_buf= BufferFromFile(kFirmwareKeyPublicFile, &len); - debug("Generating Big FirmwareImage..."); + VBDEBUG(("Generating Big FirmwareImage...")); FirmwareImage* image = GenerateTestFirmwareImage(0, /* RSA1024/SHA1 */ firmware_sign_key_buf, @@ -47,7 +47,7 @@ int BigFirmwareTest(void) { error_code = 1; goto cleanup; } - debug("Done.\n"); + VBDEBUG(("Done.\n")); TEST_EQ(VerifyFirmwareImage(root_key, image), VERIFY_FIRMWARE_SUCCESS, "Big FirmwareImage Verification"); diff --git a/tests/big_kernel_tests.c b/tests/big_kernel_tests.c index b511c726..5524bad6 100644 --- a/tests/big_kernel_tests.c +++ b/tests/big_kernel_tests.c @@ -33,7 +33,7 @@ int BigKernelTest() { RSAPublicKey* firmware_key = RSAPublicKeyFromFile(kFirmwareKeyPublicFile); uint8_t* firmware_key_blob = BufferFromFile(kFirmwareKeyPublicFile, &len); uint8_t* kernel_sign_key_buf = BufferFromFile(kKernelKeyPublicFile, &len); - debug("Generating Big KernelImage..."); + VBDEBUG(("Generating Big KernelImage...")); KernelImage* image = GenerateTestKernelImage(3, /* RSA2048/SHA1 */ 0, /* RSA1024/SHA1 */ @@ -48,7 +48,7 @@ int BigKernelTest() { error_code = 1; goto cleanup; } - debug("Done.\n"); + VBDEBUG(("Done.\n")); TEST_EQ(VerifyKernelImage(firmware_key, image, 0), VERIFY_KERNEL_SUCCESS, "Big KernelImage Verification"); diff --git a/tests/firmware_verify_benchmark.c b/tests/firmware_verify_benchmark.c index 44e45661..598cdfc2 100644 --- a/tests/firmware_verify_benchmark.c +++ b/tests/firmware_verify_benchmark.c @@ -61,7 +61,7 @@ int SpeedTestAlgorithm(int algorithm) { snprintf(file_name, FILE_NAME_SIZE, "testkeys/key_rsa%d.keyb", key_size); firmware_sign_key = BufferFromFile(file_name, &len); if (!firmware_sign_key) { - debug("Couldn't read pre-processed firmware signing key.\n"); + VBDEBUG(("Couldn't read pre-processed firmware signing key.\n")); error_code = 1; goto cleanup; } @@ -79,7 +79,7 @@ int SpeedTestAlgorithm(int algorithm) { "testkeys/key_rsa8192.pem", firmware_sign_key_file); if (!firmware_blobs[i]) { - debug("Couldn't generate test firmware images.\n"); + VBDEBUG(("Couldn't generate test firmware images.\n")); error_code = 1; goto cleanup; } @@ -88,7 +88,7 @@ int SpeedTestAlgorithm(int algorithm) { /* Get pre-processed key used for verification. */ root_key_blob = BufferFromFile("testkeys/key_rsa8192.keyb", &len); if (!root_key_blob) { - debug("Couldn't read pre-processed rootkey.\n"); + VBDEBUG(("Couldn't read pre-processed rootkey.\n")); error_code = 1; goto cleanup; } @@ -101,7 +101,7 @@ int SpeedTestAlgorithm(int algorithm) { VerifyFirmware(root_key_blob, verification_blobs[i], firmware_blobs[i])) - debug("Warning: Firmware Verification Failed.\n"); + VBDEBUG(("Warning: Firmware Verification Failed.\n")); } StopTimer(&ct); msecs = (float) GetDurationMsecs(&ct) / NUM_OPERATIONS; diff --git a/tests/kernel_rollback_tests.c b/tests/kernel_rollback_tests.c index 89b24454..731d45c9 100644 --- a/tests/kernel_rollback_tests.c +++ b/tests/kernel_rollback_tests.c @@ -61,7 +61,7 @@ void VerifyKernelDriverTest(void) { * the full blown kernel boot logic. Updates to the kernel attributes * in the paritition table are not tested. */ - debug("Kernel A boot priority(15) > Kernel B boot priority(1)\n"); + VBDEBUG(("Kernel A boot priority(15) > Kernel B boot priority(1)\n")); TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, &valid_kernelA, &valid_kernelB, DEV_MODE_DISABLED), @@ -87,8 +87,8 @@ void VerifyKernelDriverTest(void) { "(Corrupt Kernel A (current version)\n" " Corrupt Kernel B (current version) runs Recovery):"); - debug("\nSwapping boot priorities...\n" - "Kernel B boot priority(15) > Kernel A boot priority(1)\n"); + VBDEBUG(("\nSwapping boot priorities...\n" + "Kernel B boot priority(15) > Kernel A boot priority(1)\n")); valid_kernelA.boot_priority = corrupt_kernelA.boot_priority = 1; valid_kernelB.boot_priority = corrupt_kernelB.boot_priority = 15; TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, @@ -116,8 +116,8 @@ void VerifyKernelDriverTest(void) { "(Corrupt Kernel A (current version)\n" " Corrupt Kernel B (current version) runs Recovery):"); - debug("\nUpdating stored version information. Obsoleting " - "exiting kernel images.\n"); + VBDEBUG(("\nUpdating stored version information. Obsoleting " + "exiting kernel images.\n")); g_kernel_key_version = 2; g_kernel_version = 2; TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, @@ -127,8 +127,8 @@ void VerifyKernelDriverTest(void) { "(Valid Kernel A (old version)\n" " Valid Kernel B (old version) runs Recovery):"); - debug("\nGenerating updated Kernel A blob with " - "new version.\n"); + VBDEBUG(("\nGenerating updated Kernel A blob with " + "new version.\n")); Free(valid_kernelA.kernel_blob); valid_kernelA.kernel_blob = GenerateRollbackTestKernelBlob(3, 3, 0); TEST_EQ(VerifyKernelDriver_f(firmware_key_pub, diff --git a/tests/kernel_verify_benchmark.c b/tests/kernel_verify_benchmark.c index 9ee508c3..c16dfcb8 100644 --- a/tests/kernel_verify_benchmark.c +++ b/tests/kernel_verify_benchmark.c @@ -73,7 +73,7 @@ int SpeedTestAlgorithm(int firmware_sign_algorithm, kernel_key_size); kernel_sign_key = BufferFromFile(file_name, &len); if (!kernel_sign_key) { - debug("Couldn't read pre-processed public kernel signing key.\n"); + VBDEBUG(("Couldn't read pre-processed public kernel signing key.\n")); error_code = 1; goto cleanup; } @@ -89,7 +89,7 @@ int SpeedTestAlgorithm(int firmware_sign_algorithm, firmware_sign_key_file, kernel_sign_key_file); if (!kernel_blobs[i]) { - debug("Couldn't generate test firmware images.\n"); + VBDEBUG(("Couldn't generate test firmware images.\n")); error_code = 1; goto cleanup; } @@ -100,7 +100,7 @@ int SpeedTestAlgorithm(int firmware_sign_algorithm, firmware_key_size); firmware_key_blob = BufferFromFile(file_name, &len); if (!firmware_key_blob) { - debug("Couldn't read pre-processed firmware public key.\n"); + VBDEBUG(("Couldn't read pre-processed firmware public key.\n")); error_code = 1; goto cleanup; } @@ -111,7 +111,7 @@ int SpeedTestAlgorithm(int firmware_sign_algorithm, for (j = 0; j < NUM_OPERATIONS; ++j) { if (VERIFY_KERNEL_SUCCESS != VerifyKernel(firmware_key_blob, kernel_blobs[i], 0)) - debug("Warning: Kernel Verification Failed.\n"); + VBDEBUG(("Warning: Kernel Verification Failed.\n")); } StopTimer(&ct); msecs = (float) GetDurationMsecs(&ct) / NUM_OPERATIONS; diff --git a/tests/rollback_index_mock.c b/tests/rollback_index_mock.c index f12402bd..8e96ec11 100644 --- a/tests/rollback_index_mock.c +++ b/tests/rollback_index_mock.c @@ -20,7 +20,7 @@ __pragma(warning (disable: 4100)) uint32_t SetupTPM(int mode, int developer_flag) { #ifndef NDEBUG - debug("Rollback Index Library Mock: TPM initialized.\n"); + VBDEBUG(("Rollback Index Library Mock: TPM initialized.\n")); #endif return TPM_SUCCESS; } @@ -51,21 +51,21 @@ uint32_t WriteStoredVersions(int type, uint16_t key_version, uint16_t version) { break; } #ifndef NDEBUG - debug("Rollback Index Library Mock: Stored Versions written.\n"); + VBDEBUG(("Rollback Index Library Mock: Stored Versions written.\n")); #endif return TPM_SUCCESS; } uint32_t LockFirmwareVersions(void) { #ifndef NDEBUG - debug("Rollback Index Library Mock: Firmware Versions Locked.\n"); + VBDEBUG(("Rollback Index Library Mock: Firmware Versions Locked.\n")); #endif return TPM_SUCCESS; } uint32_t LockKernelVersionsByLockingPP(void) { #ifndef NDEBUG - debug("Rollback Index Library Mock: Kernel Versions Locked.\n"); + VBDEBUG(("Rollback Index Library Mock: Kernel Versions Locked.\n")); #endif return TPM_SUCCESS; } diff --git a/tests/rsa_verify_benchmark.c b/tests/rsa_verify_benchmark.c index 2b003ffa..8e93e0b4 100644 --- a/tests/rsa_verify_benchmark.c +++ b/tests/rsa_verify_benchmark.c @@ -36,7 +36,7 @@ int SpeedTestAlgorithm(int algorithm) { snprintf(file_name, FILE_NAME_SIZE, "testkeys/key_rsa%d.keyb", key_size); key = RSAPublicKeyFromFile(file_name); if (!key) { - debug("Couldn't read RSA Public key from file: %s\n", file_name); + VBDEBUG(("Couldn't read RSA Public key from file: %s\n", file_name)); error_code = 1; goto failure; } @@ -46,7 +46,7 @@ int SpeedTestAlgorithm(int algorithm) { sha_strings[algorithm]); digest = BufferFromFile(file_name, &digest_len); if (!digest) { - debug("Couldn't read digest file.\n"); + VBDEBUG(("Couldn't read digest file.\n")); error_code = 1; goto failure; } @@ -56,7 +56,7 @@ int SpeedTestAlgorithm(int algorithm) { key_size, sha_strings[algorithm]); signature = BufferFromFile(file_name, &sig_len); if (!signature) { - debug("Couldn't read signature file.\n"); + VBDEBUG(("Couldn't read signature file.\n")); error_code = 1; goto failure; } @@ -64,7 +64,7 @@ int SpeedTestAlgorithm(int algorithm) { StartTimer(&ct); for (i = 0; i < NUM_OPERATIONS; i++) { if (!RSAVerify(key, signature, sig_len, algorithm, digest)) - debug("Warning: Signature Check Failed.\n"); + VBDEBUG(("Warning: Signature Check Failed.\n")); } StopTimer(&ct); diff --git a/tests/run_vbutil_tests.sh b/tests/run_vbutil_tests.sh index ce86e173..abbd17b7 100755 --- a/tests/run_vbutil_tests.sh +++ b/tests/run_vbutil_tests.sh @@ -19,9 +19,9 @@ function test_vbutil_key { do echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" # Pack the key - ${UTIL_DIR}/vbutil_key --pack \ - --in ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ - --out ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk \ + ${UTIL_DIR}/vbutil_key \ + --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk \ + --key ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ --version 1 \ --algorithm $algorithmcounter if [ $? -ne 0 ] @@ -31,8 +31,8 @@ function test_vbutil_key { # Unpack the key # TODO: should verify we get the same key back out? - ${UTIL_DIR}/vbutil_key --unpack \ - --in ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk + ${UTIL_DIR}/vbutil_key \ + --unpack ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk if [ $? -ne 0 ] then return_code=255 @@ -68,12 +68,22 @@ ${datahashalgo}${COL_STOP}" keyblockfile+="${data_algorithmcounter}.keyblock" rm -f ${keyblockfile} + # Wrap + ${UTIL_DIR}/vbutil_key \ + --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbprivk \ + --key ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ + --algorithm $signing_algorithmcounter + if [ $? -ne 0 ] + then + return_code=255 + fi + # Pack ${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \ --datapubkey \ - ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ - --signprivate ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ - --algorithm $signing_algorithmcounter + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ + --signprivate \ + ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbprivk if [ $? -ne 0 ] then return_code=255 |