diff options
author | Kangheui Won <khwon@chromium.org> | 2020-08-13 15:48:41 +1000 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-08-26 05:02:06 +0000 |
commit | e24a6f60c11ce3d616cb1932da6395a72c5b8bfd (patch) | |
tree | 7b5ec1f60bc3932643727eb52b9e6753e0e0d0fa /tests | |
parent | 927a95261259382ef0e167babcd997d3bfb6f1fd (diff) | |
download | vboot-e24a6f60c11ce3d616cb1932da6395a72c5b8bfd.tar.gz |
vboot2: use hwcrypto for RSA when allowed
Add vb2ex_hwcrypto_rsa_verify support for RSA verification.
If firmware implements the function it will used instead of SW
implementation in vboot.
Also separate hwcrypto stubs to 2stub_hwcrypto.c for depthcharge and coreboot.
Depthcharge needs stubs but fails to compile 2stub.c
BRANCH=none
BUG=b:163710320, b:161205813
TEST=make runtests
TEST=check hwcrypto is allowed/disallowed depending on nvmem flag
Change-Id: I85573e7cff31f32043db4b0a6b24b642856024e3
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2353775
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/vb20_misc_tests.c | 55 | ||||
-rw-r--r-- | tests/vb2_api_tests.c | 26 | ||||
-rw-r--r-- | tests/vb2_common2_tests.c | 46 |
3 files changed, 127 insertions, 0 deletions
diff --git a/tests/vb20_misc_tests.c b/tests/vb20_misc_tests.c index 73fae538..fdab37e3 100644 --- a/tests/vb20_misc_tests.c +++ b/tests/vb20_misc_tests.c @@ -76,6 +76,9 @@ static void reset_common_data(enum reset_type t) vb2api_secdata_firmware_create(ctx); vb2_secdata_firmware_init(ctx); + vb2api_secdata_kernel_create(ctx); + vb2_secdata_kernel_init(ctx); + mock_read_res_fail_on_call = 0; mock_unpack_key_retval = VB2_SUCCESS; mock_verify_keyblock_retval = VB2_SUCCESS; @@ -156,10 +159,13 @@ vb2_error_t vb2_unpack_key_buffer(struct vb2_public_key *key, return mock_unpack_key_retval; } +static struct vb2_public_key last_used_key; + vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, const struct vb2_public_key *key, const struct vb2_workbuf *wb) { + memcpy(&last_used_key, key, sizeof(struct vb2_public_key)); return mock_verify_keyblock_retval; } @@ -168,6 +174,7 @@ vb2_error_t vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, const struct vb2_public_key *key, const struct vb2_workbuf *wb) { + memcpy(&last_used_key, key, sizeof(struct vb2_public_key)); return mock_verify_preamble_retval; } @@ -208,6 +215,29 @@ static void verify_keyblock_tests(void) sd->data_key_size), "workbuf used after"); + /* Test hwcrypto conditions */ + reset_common_data(FOR_KEYBLOCK); + + TEST_SUCC(vb2_load_fw_keyblock(ctx), "keyblock verify"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden by TPM flag"); + + ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; + TEST_SUCC(vb2_load_fw_keyblock(ctx), "keyblock verify"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden by TPM flag on recovery mode"); + + vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, + VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED); + + TEST_SUCC(vb2_load_fw_keyblock(ctx), "keyblock verify"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden on recovery mode"); + + ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE; + TEST_SUCC(vb2_load_fw_keyblock(ctx), "keyblock verify"); + TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed"); + /* Test failures */ reset_common_data(FOR_KEYBLOCK); sd->workbuf_used = sd->workbuf_size + VB2_WORKBUF_ALIGN - @@ -298,6 +328,31 @@ static void verify_preamble_tests(void) sd->preamble_size), "workbuf used"); + /* Test hwcrypto conditions */ + reset_common_data(FOR_PREAMBLE); + + TEST_SUCC(vb2_load_fw_preamble(ctx), "preamble good"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden by TPM flag"); + + ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; + TEST_SUCC(vb2_load_fw_preamble(ctx), "preamble good"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden by TPM flag on recovery mode"); + + vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, + VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED); + + TEST_SUCC(vb2_load_fw_preamble(ctx), "preamble good"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden on recovery mode"); + + ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE; + TEST_SUCC(vb2_load_fw_preamble(ctx), "preamble good"); + TEST_EQ(last_used_key.allow_hwcrypto, 1, + "hwcrypto is allowed"); + + /* Expected failures */ reset_common_data(FOR_PREAMBLE); sd->data_key_size = 0; diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c index 3a32d4b7..c5e45097 100644 --- a/tests/vb2_api_tests.c +++ b/tests/vb2_api_tests.c @@ -81,6 +81,7 @@ static void reset_common_data(enum reset_type t) vb2api_secdata_firmware_create(ctx); vb2api_secdata_kernel_create(ctx); + vb2_secdata_kernel_init(ctx); force_dev_mode = 0; retval_vb2_fw_init_gbb = VB2_SUCCESS; @@ -260,10 +261,13 @@ uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg) return mock_sig_size; } +static struct vb2_public_key last_used_key; + vb2_error_t vb2_rsa_verify_digest(const struct vb2_public_key *key, uint8_t *sig, const uint8_t *digest, const struct vb2_workbuf *wb) { + memcpy(&last_used_key, key, sizeof(struct vb2_public_key)); return retval_vb2_verify_digest; } @@ -736,6 +740,28 @@ static void check_hash_tests(void) TEST_SUCC(memcmp(digest_result, &digest_value, sizeof(digest_value)), "check digest value"); + /* Test hwcrypto conditions */ + reset_common_data(FOR_CHECK_HASH); + TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden by TPM flag"); + + ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; + TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden by TPM flag on recovery mode"); + + vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, + VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED); + + TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden on recovery mode"); + + ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE; + TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); + TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed"); + reset_common_data(FOR_CHECK_HASH); TEST_EQ(vb2api_check_hash_get_digest(ctx, digest_result, digest_result_size - 1), diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c index e8c96f78..89a560c4 100644 --- a/tests/vb2_common2_tests.c +++ b/tests/vb2_common2_tests.c @@ -20,6 +20,26 @@ static const uint8_t test_data[] = "This is some test data to sign."; static const uint32_t test_size = sizeof(test_data); +static enum { + HWCRYPTO_OK, + HWCRYPTO_NOTSUPPORTED, + HWCRYPTO_ERROR, +} hwcrypto_state; + +vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key, + const uint8_t *sig, const uint8_t *digest) +{ + switch (hwcrypto_state) { + case HWCRYPTO_OK: + return VB2_SUCCESS; + case HWCRYPTO_NOTSUPPORTED: + return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; + case HWCRYPTO_ERROR: + return VB2_ERROR_RSA_VERIFY_DIGEST; + } +} + + static void test_unpack_key(const struct vb2_packed_key *key1) { struct vb2_public_key pubk; @@ -133,6 +153,32 @@ static void test_verify_data(const struct vb2_packed_key *key1, TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), 0, "vb2_verify_data() wrong sig"); + pubk.allow_hwcrypto = 1; + + hwcrypto_state = HWCRYPTO_OK; + memcpy(sig2, sig, sig_total_size); + vb2_signature_data_mutable(sig2)[0] ^= 0x5A; + TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto ok"); + + hwcrypto_state = HWCRYPTO_ERROR; + memcpy(sig2, sig, sig_total_size); + TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto error"); + + hwcrypto_state = HWCRYPTO_NOTSUPPORTED; + memcpy(sig2, sig, sig_total_size); + TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto fallback ok"); + + memcpy(sig2, sig, sig_total_size); + sig2->sig_size -= 16; + TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto fallback error"); + + pubk.allow_hwcrypto = 0; + + free(sig2); } |