vboot2: Move knowledge of vboot 2.1 data structures inside lib21/

Code which compiles against fwlib2 no longer knows or cares about the
new data structures.  This should shrink fwlib2 a bit.  This is part 3
of 4 changes which split vboot 2.0 struct handling (old vboot1
structs) from vboot 2.1 struct handling (new style structs).

No functional changes; just shuffling around code.

BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
     And compile firmware for veyron_pinky.

Change-Id: Ibccd7d1974e07f38b90c19c924ef3b1ffcb77d62
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233020
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

11 files changed, 848 insertions, 741 deletions

diff --git a/tests/vb2_api2_tests.c b/tests/vb21_api_tests.c
index cc1e12af..052d89b6 100644
--- a/tests/vb2_api2_tests.c
+++ b/tests/vb21_api_tests.c
@@ -15,6 +15,8 @@
 #include "2rsa.h"
 #include "2secdata.h"
 
+#include "vb2_common.h"
+
 #include "host_key2.h"
 #include "host_signature2.h"
 
diff --git a/tests/vb21_common2_tests.c b/tests/vb21_common2_tests.c
new file mode 100644
index 00000000..510665e2
--- /dev/null
+++ b/tests/vb21_common2_tests.c
@@ -0,0 +1,316 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Tests for firmware image library.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2rsa.h"
+#include "vb2_common.h"
+#include "host_common.h"
+#include "host_key2.h"
+#include "host_signature2.h"
+#include "test_common.h"
+
+
+static const uint8_t test_data[] = "This is some test data to sign.";
+static const uint32_t test_size = sizeof(test_data);
+
+static void test_unpack_key2(const struct vb2_packed_key2 *key)
+{
+	struct vb2_public_key pubk;
+	struct vb2_packed_key2 *key2;
+	uint32_t size = key->c.total_size;
+
+	/* Make a copy of the key for testing */
+	key2 = (struct vb2_packed_key2 *)malloc(size);
+
+	memcpy(key2, key, size);
+	TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		  "vb2_unpack_key2() ok");
+
+	memcpy(key2, key, size);
+	key2->key_offset += 4;
+	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		VB2_ERROR_COMMON_MEMBER_SIZE,
+		"vb2_unpack_key2() buffer too small");
+
+	memcpy(key2, key, size);
+	key2->c.fixed_size += size;
+	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		VB2_ERROR_COMMON_FIXED_SIZE,
+		"vb2_unpack_key2() buffer too small for desc");
+
+	memcpy(key2, key, size);
+	key2->c.desc_size = 0;
+	TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		  "vb2_unpack_key2() no desc");
+	TEST_EQ(strcmp(pubk.desc, ""), 0, "  empty desc string");
+
+	memcpy(key2, key, size);
+	key2->c.magic++;
+	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		VB2_ERROR_UNPACK_KEY_MAGIC,
+		"vb2_unpack_key2() bad magic");
+
+	memcpy(key2, key, size);
+	key2->c.struct_version_major++;
+	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		VB2_ERROR_UNPACK_KEY_STRUCT_VERSION,
+		"vb2_unpack_key2() bad major version");
+
+	/*
+	 * Minor version changes are ok.  Note that this test assumes that the
+	 * source key struct version is the highest actually known to the
+	 * reader.  If the reader does know about minor version + 1 and that
+	 * adds fields, this test will likely fail.  But at that point, we
+	 * should have already added a test for minor version compatibility to
+	 * handle both old and new struct versions, so someone will have
+	 * noticed this comment.
+	 */
+	memcpy(key2, key, size);
+	key2->c.struct_version_minor++;
+	TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		  "vb2_unpack_key2() minor version change ok");
+
+	memcpy(key2, key, size);
+	key2->sig_alg = VB2_SIG_INVALID;
+	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM,
+		"vb2_unpack_key2() bad sig algorithm");
+
+	memcpy(key2, key, size);
+	key2->hash_alg = VB2_HASH_INVALID;
+	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM,
+		"vb2_unpack_key2() bad hash algorithm");
+
+	memcpy(key2, key, size);
+	key2->key_size -= 4;
+	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		VB2_ERROR_UNPACK_KEY_SIZE,
+		"vb2_unpack_key2() invalid size");
+
+	memcpy(key2, key, size);
+	key2->key_offset--;
+	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		VB2_ERROR_COMMON_MEMBER_UNALIGNED,
+		"vb2_unpack_key2() unaligned data");
+
+	memcpy(key2, key, size);
+	*(uint32_t *)((uint8_t *)key2 + key2->key_offset) /= 2;
+	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
+		VB2_ERROR_UNPACK_KEY_ARRAY_SIZE,
+		"vb2_unpack_key2() invalid key array size");
+
+	free(key2);
+}
+
+static void test_verify_signature2(const struct vb2_signature2 *sig)
+{
+	struct vb2_signature2 *sig2;
+	uint8_t *buf2;
+	uint32_t size;
+
+	/* Make a copy of the signature */
+	size = sig->c.total_size;
+	buf2 = malloc(size);
+	sig2 = (struct vb2_signature2 *)buf2;
+
+	memcpy(buf2, sig, size);
+	TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig ok");
+	sig2->c.magic = VB2_MAGIC_PACKED_KEY2;
+	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_MAGIC,
+		"verify_sig magic");
+
+	memcpy(buf2, sig, size);
+	sig2->c.total_size += 4;
+	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_TOTAL_SIZE,
+		"verify_sig common header");
+
+	memcpy(buf2, sig, size);
+	sig2->c.struct_version_minor++;
+	TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig minor ver");
+	sig2->c.struct_version_major++;
+	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_VERSION,
+		"verify_sig major ver");
+
+	memcpy(buf2, sig, size);
+	sig2->c.fixed_size -= 4;
+	sig2->c.desc_size += 4;
+	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_HEADER_SIZE,
+		"verify_sig header size");
+
+	memcpy(buf2, sig, size);
+	sig2->sig_size += 4;
+	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_MEMBER_SIZE,
+		"verify_sig sig size");
+
+	memcpy(buf2, sig, size);
+	sig2->sig_alg = VB2_SIG_INVALID;
+	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_ALGORITHM,
+		"verify_sig sig alg");
+
+	memcpy(buf2, sig, size);
+	sig2->sig_alg = (sig2->sig_alg == VB2_SIG_NONE ?
+			 VB2_SIG_RSA1024 : VB2_SIG_NONE);
+	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_SIZE,
+		"verify_sig sig size");
+
+	free(buf2);
+}
+
+static void test_verify_data2(const struct vb2_public_key *pubk_orig,
+			      const struct vb2_signature2 *sig)
+{
+	uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES];
+	struct vb2_workbuf wb;
+
+	struct vb2_public_key pubk;
+	struct vb2_signature2 *sig2;
+	uint8_t *buf2;
+	uint32_t size;
+
+	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+
+	pubk = *pubk_orig;
+
+	/* Allocate signature copy for tests */
+	size = sig->c.total_size;
+	buf2 = malloc(size);
+	sig2 = (struct vb2_signature2 *)buf2;
+
+	memcpy(buf2, sig, size);
+	pubk.sig_alg = VB2_SIG_INVALID;
+	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+		VB2_ERROR_VDATA_ALGORITHM, "vb2_verify_data2() bad sig alg");
+	pubk = *pubk_orig;
+
+	memcpy(buf2, sig, size);
+	pubk.hash_alg = VB2_HASH_INVALID;
+	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+		VB2_ERROR_VDATA_DIGEST_SIZE,
+		"vb2_verify_data2() bad hash alg");
+	pubk = *pubk_orig;
+
+	vb2_workbuf_init(&wb, workbuf, 4);
+	memcpy(buf2, sig, size);
+	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+		VB2_ERROR_VDATA_WORKBUF_DIGEST,
+		"vb2_verify_data2() workbuf too small");
+	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+
+	memcpy(buf2, sig, size);
+	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data2() ok");
+
+	memcpy(buf2, sig, size);
+	sig2->sig_size -= 16;
+	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+		VB2_ERROR_VDATA_SIG_SIZE, "vb2_verify_data2() wrong sig size");
+
+	memcpy(buf2, sig, size);
+	TEST_EQ(vb2_verify_data2(test_data, test_size - 1, sig2, &pubk, &wb),
+		VB2_ERROR_VDATA_SIZE, "vb2_verify_data2() wrong data size");
+
+	memcpy(buf2, sig, size);
+	sig2->hash_alg = (sig2->hash_alg == VB2_HASH_SHA1 ?
+			  VB2_HASH_SHA256 : VB2_HASH_SHA1);
+	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+		VB2_ERROR_VDATA_ALGORITHM_MISMATCH,
+		"vb2_verify_data2() alg mismatch");
+
+
+	memcpy(buf2, sig, size);
+	buf2[sig2->sig_offset] ^= 0x5A;
+	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
+		VB2_ERROR_RSA_PADDING, "vb2_verify_data2() wrong sig");
+
+	free(buf2);
+}
+
+int test_algorithm(int key_algorithm, const char *keys_dir)
+{
+	char filename[1024];
+	int rsa_len = siglen_map[key_algorithm] * 8;
+
+	enum vb2_signature_algorithm sig_alg =
+		vb2_crypto_to_signature(key_algorithm);
+	enum vb2_hash_algorithm hash_alg = vb2_crypto_to_hash(key_algorithm);
+
+	struct vb2_private_key *prik = NULL;
+	struct vb2_signature2 *sig2 = NULL;
+	struct vb2_public_key *pubk = NULL;
+	struct vb2_packed_key2 *key2 = NULL;
+
+	printf("***Testing algorithm: %s\n", algo_strings[key_algorithm]);
+
+	sprintf(filename, "%s/key_rsa%d.pem", keys_dir, rsa_len);
+	TEST_SUCC(vb2_private_key_read_pem(&prik, filename),
+		  "Read private key");
+	prik->hash_alg = hash_alg;
+	prik->sig_alg = sig_alg;
+	vb2_private_key_set_desc(prik, "private key");
+
+	sprintf(filename, "%s/key_rsa%d.keyb", keys_dir, rsa_len);
+	TEST_SUCC(vb2_public_key_read_keyb(&pubk, filename),
+		  "Read public key");
+	pubk->hash_alg = hash_alg;
+	vb2_public_key_set_desc(pubk, "public key");
+	TEST_SUCC(vb2_public_key_pack(&key2, pubk), "Pack public key");
+
+	/* Calculate good signatures */
+	TEST_SUCC(vb2_sign_data(&sig2, test_data, test_size, prik, ""),
+		  "Make test signature");
+
+	test_unpack_key2(key2);
+	test_verify_data2(pubk, sig2);
+	test_verify_signature2(sig2);
+
+	free(key2);
+	free(sig2);
+	vb2_private_key_free(prik);
+	vb2_public_key_free(pubk);
+
+	return 0;
+}
+
+/* Test only the algorithms we use */
+const int key_algs[] = {
+	VB2_ALG_RSA2048_SHA256,
+	VB2_ALG_RSA4096_SHA256,
+	VB2_ALG_RSA8192_SHA512,
+};
+
+int main(int argc, char *argv[]) {
+
+	if (argc == 2) {
+		int i;
+
+		for (i = 0; i < ARRAY_SIZE(key_algs); i++) {
+			if (test_algorithm(key_algs[i], argv[1]))
+				return 1;
+		}
+
+	} else if (argc == 3 && !strcasecmp(argv[2], "--all")) {
+		/* Test all the algorithms */
+		int alg;
+
+		for (alg = 0; alg < kNumAlgorithms; alg++) {
+			if (test_algorithm(alg, argv[1]))
+				return 1;
+		}
+
+	} else {
+		fprintf(stderr, "Usage: %s <keys_dir> [--all]", argv[0]);
+		return -1;
+	}
+
+	return gTestSuccess ? 0 : 255;
+}
diff --git a/tests/vb21_common_tests.c b/tests/vb21_common_tests.c
new file mode 100644
index 00000000..39df1682
--- /dev/null
+++ b/tests/vb21_common_tests.c
@@ -0,0 +1,521 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Tests for firmware 2common.c
+ */
+
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2rsa.h"
+#include "vb2_common.h"
+#include "host_fw_preamble2.h"
+#include "host_key2.h"
+#include "host_keyblock2.h"
+#include "host_signature2.h"
+
+#include "test_common.h"
+
+static const uint8_t test_data[] = "This is some test data to sign.";
+static const uint8_t test_data2[] = "Some more test data";
+static const uint8_t test_data3[] = "Even more test data";
+
+/*
+ * Test struct packing for vboot_struct.h structs which are passed between
+ * firmware and OS, or passed between different phases of firmware.
+ */
+static void test_struct_packing(void)
+{
+	/* Test new struct sizes */
+	TEST_EQ(EXPECTED_GUID_SIZE,
+		sizeof(struct vb2_guid),
+		"sizeof(vb2_guid)");
+	TEST_EQ(EXPECTED_VB2_STRUCT_COMMON_SIZE,
+		sizeof(struct vb2_struct_common),
+		"sizeof(vb2_struct_common)");
+	TEST_EQ(EXPECTED_VB2_PACKED_KEY2_SIZE,
+		sizeof(struct vb2_packed_key2),
+		"sizeof(vb2_packed_key2)");
+	TEST_EQ(EXPECTED_VB2_SIGNATURE2_SIZE,
+		sizeof(struct vb2_signature2),
+		"sizeof(vb2_signature2)");
+	TEST_EQ(EXPECTED_VB2_KEYBLOCK2_SIZE,
+		sizeof(struct vb2_keyblock2),
+		"sizeof(vb2_keyblock2)");
+	TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_SIZE,
+		sizeof(struct vb2_fw_preamble2),
+		"sizeof(vb2_fw_preamble2)");
+}
+
+/**
+ * Common header functions
+ */
+static void test_common_header_functions(void)
+{
+	uint8_t cbuf[sizeof(struct vb2_struct_common) + 128];
+	uint8_t cbufgood[sizeof(cbuf)];
+	struct vb2_struct_common *c = (struct vb2_struct_common *)cbuf;
+	struct vb2_struct_common *c2;
+	const char test_desc[32] = "test desc";
+	uint32_t desc_end, m;
+
+	c->total_size = sizeof(cbuf);
+	c->fixed_size = sizeof(*c);
+	c->desc_size = sizeof(test_desc);
+	memcpy(cbuf + c->fixed_size, test_desc, sizeof(test_desc));
+	desc_end = c->fixed_size + c->desc_size;
+
+	c2 = (struct vb2_struct_common *)(cbuf + desc_end);
+	c2->total_size = c->total_size - desc_end;
+	c2->fixed_size = sizeof(*c2);
+	c2->desc_size = 0;
+
+	/* Description helper */
+	TEST_EQ(0, strcmp(vb2_common_desc(c), test_desc), "vb2_common_desc()");
+	TEST_EQ(0, strcmp(vb2_common_desc(c2), ""), "vb2_common_desc() empty");
+
+	TEST_SUCC(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+		  "vb2_verify_common_header() good");
+	memcpy(cbufgood, cbuf, sizeof(cbufgood));
+
+	memcpy(cbuf, cbufgood, sizeof(cbuf));
+	c->total_size += 4;
+	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+		VB2_ERROR_COMMON_TOTAL_SIZE,
+		"vb2_verify_common_header() total size");
+
+	memcpy(cbuf, cbufgood, sizeof(cbuf));
+	c->fixed_size = c->total_size + 4;
+	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+		VB2_ERROR_COMMON_FIXED_SIZE,
+		"vb2_verify_common_header() fixed size");
+
+	memcpy(cbuf, cbufgood, sizeof(cbuf));
+	c->desc_size = c->total_size - c->fixed_size + 4;
+	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+		VB2_ERROR_COMMON_DESC_SIZE,
+		"vb2_verify_common_header() desc size");
+
+	memcpy(cbuf, cbufgood, sizeof(cbuf));
+	c->total_size--;
+	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+		VB2_ERROR_COMMON_TOTAL_UNALIGNED,
+		"vb2_verify_common_header() total unaligned");
+
+	memcpy(cbuf, cbufgood, sizeof(cbuf));
+	c->fixed_size++;
+	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+		VB2_ERROR_COMMON_FIXED_UNALIGNED,
+		"vb2_verify_common_header() fixed unaligned");
+
+	memcpy(cbuf, cbufgood, sizeof(cbuf));
+	c->desc_size--;
+	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+		VB2_ERROR_COMMON_DESC_UNALIGNED,
+		"vb2_verify_common_header() desc unaligned");
+
+	memcpy(cbuf, cbufgood, sizeof(cbuf));
+	c->desc_size = -4;
+	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+		VB2_ERROR_COMMON_DESC_WRAPS,
+		"vb2_verify_common_header() desc wraps");
+
+	memcpy(cbuf, cbufgood, sizeof(cbuf));
+	cbuf[desc_end - 1] = 1;
+	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
+		VB2_ERROR_COMMON_DESC_TERMINATOR,
+		"vb2_verify_common_header() desc not terminated");
+
+	/* Member checking function */
+	memcpy(cbuf, cbufgood, sizeof(cbuf));
+	m = 0;
+	TEST_SUCC(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 4),
+		  "vb2_verify_common_member()");
+	TEST_EQ(m, c->total_size - 4, "  new minimum");
+
+	m = desc_end;
+	TEST_SUCC(vb2_verify_common_member(cbuf, &m, desc_end, 4),
+		  "vb2_verify_common_member() good offset");
+	TEST_EQ(m, desc_end + 4, "  new minimum");
+
+	m = 0;
+	TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, -4),
+		VB2_ERROR_COMMON_MEMBER_WRAPS,
+		"vb2_verify_common_member() wraps");
+
+	m = 0;
+	TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 7, 4),
+		VB2_ERROR_COMMON_MEMBER_UNALIGNED,
+		"vb2_verify_common_member() offset unaligned");
+
+	m = 0;
+	TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 5),
+		VB2_ERROR_COMMON_MEMBER_UNALIGNED,
+		"vb2_verify_common_member() size unaligned");
+
+	m = 0;
+	TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end - 4, 4),
+		VB2_ERROR_COMMON_MEMBER_OVERLAP,
+		"vb2_verify_common_member() overlap");
+
+	m = desc_end + 4;
+	TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end, 4),
+		VB2_ERROR_COMMON_MEMBER_OVERLAP,
+		"vb2_verify_common_member() overlap 2");
+
+	m = 0;
+	TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 4, 8),
+		VB2_ERROR_COMMON_MEMBER_SIZE,
+		"vb2_verify_common_member() size");
+
+	/* Subobject checking */
+	m = 0;
+	TEST_SUCC(vb2_verify_common_subobject(cbuf, &m, desc_end),
+		  "vb2_verify_common_subobject() good offset");
+	TEST_EQ(m, sizeof(cbuf), "  new minimum");
+
+	m = desc_end + 4;
+	TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end),
+		VB2_ERROR_COMMON_MEMBER_OVERLAP,
+		"vb2_verify_common_subobject() overlap");
+
+	m = 0;
+	c2->total_size += 4;
+	TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end),
+		VB2_ERROR_COMMON_TOTAL_SIZE,
+		"vb2_verify_common_subobject() size");
+}
+
+/**
+ * Signature size
+ */
+static void test_sig_size(void)
+{
+	TEST_EQ(vb2_sig_size(VB2_SIG_INVALID, VB2_HASH_SHA256), 0,
+		"vb2_sig_size() sig invalid");
+
+	TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_INVALID), 0,
+		"vb2_sig_size() hash invalid");
+
+	TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_SHA256), 2048 / 8,
+		"vb2_sig_size() RSA2048");
+	TEST_EQ(vb2_sig_size(VB2_SIG_RSA4096, VB2_HASH_SHA256), 4096 / 8,
+		"vb2_sig_size() RSA4096");
+	TEST_EQ(vb2_sig_size(VB2_SIG_RSA8192, VB2_HASH_SHA512), 8192 / 8,
+		"vb2_sig_size() RSA8192");
+
+	TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA1),
+		VB2_SHA1_DIGEST_SIZE, "vb2_sig_size() SHA1");
+	TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA256),
+		VB2_SHA256_DIGEST_SIZE, "vb2_sig_size() SHA256");
+	TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA512),
+		VB2_SHA512_DIGEST_SIZE, "vb2_sig_size() SHA512");
+}
+
+/**
+ * Verify data on bare hash
+ */
+static void test_verify_hash(void)
+{
+	struct vb2_signature2 *sig;
+	const struct vb2_private_key *prik;
+	struct vb2_public_key pubk;
+	uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES];
+	struct vb2_workbuf wb;
+
+	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+
+	TEST_SUCC(vb2_private_key_hash(&prik, VB2_HASH_SHA256),
+		  "create private hash key");
+	TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
+		  "create hash key");
+
+	/* Create the signature */
+	TEST_SUCC(vb2_sign_data(&sig, test_data, sizeof(test_data),
+				prik, NULL),
+		  "create hash sig");
+
+	TEST_SUCC(vb2_verify_data2(test_data, sizeof(test_data),
+				   sig, &pubk, &wb),
+		  "vb2_verify_data2() hash ok");
+
+	*((uint8_t *)sig + sig->sig_offset) ^= 0xab;
+	TEST_EQ(vb2_verify_data2(test_data, sizeof(test_data), sig, &pubk, &wb),
+		VB2_ERROR_VDATA_VERIFY_DIGEST, "vb2_verify_data2() hash bad");
+
+	free(sig);
+}
+
+/**
+ * Verify keyblock
+ */
+static void test_verify_keyblock(void)
+{
+	const char desc[16] = "test keyblock";
+	const struct vb2_private_key *prik[2];
+	struct vb2_public_key pubk, pubk2, pubk3;
+	struct vb2_signature2 *sig;
+	struct vb2_keyblock2 *kbuf;
+	uint32_t buf_size;
+	uint8_t *buf, *buf2;
+
+	uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES];
+	struct vb2_workbuf wb;
+
+	TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
+		  "create hash key 1");
+	TEST_SUCC(vb2_public_key_hash(&pubk2, VB2_HASH_SHA512),
+		  "create hash key 2");
+	TEST_SUCC(vb2_public_key_hash(&pubk3, VB2_HASH_SHA1),
+		  "create hash key 3");
+
+	TEST_SUCC(vb2_private_key_hash(prik + 0, VB2_HASH_SHA256),
+		  "create private key 1");
+	TEST_SUCC(vb2_private_key_hash(prik + 1, VB2_HASH_SHA512),
+		  "create private key 2");
+
+	/* Create the test keyblock */
+	TEST_SUCC(vb2_keyblock_create(&kbuf, &pubk3, prik, 2, 0x4321, desc),
+		  "create keyblock");
+
+	buf = (uint8_t *)kbuf;
+	buf_size = kbuf->c.total_size;
+
+	/* Make a copy of the buffer, so we can mangle it for tests */
+	buf2 = malloc(buf_size);
+	memcpy(buf2, buf, buf_size);
+
+	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+	kbuf = (struct vb2_keyblock2 *)buf;
+
+	TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		  "vb2_verify_keyblock2()");
+
+	memcpy(buf, buf2, buf_size);
+	TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk2, &wb),
+		  "vb2_verify_keyblock2() key 2");
+
+	memcpy(buf, buf2, buf_size);
+	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk3, &wb),
+		VB2_ERROR_KEYBLOCK_SIG_GUID,
+		"vb2_verify_keyblock2() key not present");
+
+	memcpy(buf, buf2, buf_size);
+	kbuf->c.magic = VB2_MAGIC_PACKED_KEY2;
+	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		VB2_ERROR_KEYBLOCK_MAGIC,
+		"vb2_verify_keyblock2() magic");
+
+	memcpy(buf, buf2, buf_size);
+	kbuf->c.fixed_size++;
+	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		VB2_ERROR_COMMON_FIXED_UNALIGNED,
+		"vb2_verify_keyblock2() header");
+
+	memcpy(buf, buf2, buf_size);
+	kbuf->c.struct_version_major++;
+	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		VB2_ERROR_KEYBLOCK_HEADER_VERSION,
+		"vb2_verify_keyblock2() major version");
+
+	memcpy(buf, buf2, buf_size);
+	kbuf->c.struct_version_minor++;
+	/* That changes the signature, so resign the keyblock */
+	vb2_sign_data(&sig, buf, kbuf->sig_offset, prik[0], NULL);
+	memcpy(buf + kbuf->sig_offset, sig, sig->c.total_size);
+	free(sig);
+	TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		  "vb2_verify_keyblock2() minor version");
+
+	memcpy(buf, buf2, buf_size);
+	kbuf->c.fixed_size -= 4;
+	kbuf->c.desc_size += 4;
+	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		VB2_ERROR_KEYBLOCK_SIZE,
+		"vb2_verify_keyblock2() header size");
+
+	memcpy(buf, buf2, buf_size);
+	kbuf->key_offset = kbuf->c.total_size - 4;
+	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		VB2_ERROR_COMMON_MEMBER_SIZE,
+		"vb2_verify_keyblock2() data key outside");
+
+	memcpy(buf, buf2, buf_size);
+	sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
+	sig->data_size--;
+	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		VB2_ERROR_KEYBLOCK_SIGNED_SIZE,
+		"vb2_verify_keyblock2() signed wrong size");
+
+	memcpy(buf, buf2, buf_size);
+	sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
+	sig->c.total_size = kbuf->c.total_size - 4;
+	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		VB2_ERROR_COMMON_TOTAL_SIZE,
+		"vb2_verify_keyblock2() key outside keyblock");
+
+	memcpy(buf, buf2, buf_size);
+	sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
+	sig->c.struct_version_major++;
+	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		VB2_ERROR_SIG_VERSION,
+		"vb2_verify_keyblock2() corrupt key");
+
+	memcpy(buf, buf2, buf_size);
+	kbuf->c.struct_version_minor++;
+	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
+		VB2_ERROR_VDATA_VERIFY_DIGEST,
+		"vb2_verify_keyblock2() corrupt");
+
+	free(buf);
+	free(buf2);
+}
+
+/**
+ * Verify firmware preamble
+ */
+static void test_verify_fw_preamble(void)
+{
+	const char desc[16] = "test preamble";
+	const struct vb2_private_key *prikhash;
+	struct vb2_signature2 *hashes[3];
+	struct vb2_public_key pubk;
+	struct vb2_signature2 *sig;
+	struct vb2_fw_preamble2 *pre;
+	uint32_t buf_size;
+	uint8_t *buf, *buf2;
+
+	uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES];
+	struct vb2_workbuf wb;
+
+	/*
+	 * Preambles will usually be signed with a real key not a bare hash,
+	 * but the call to vb2_verify_data2() inside the preamble check is the
+	 * same (and its functionality is verified separately), and using a
+	 * bare hash here saves us from needing to have a private key to do
+	 * this test.
+	 */
+	TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
+		  "create hash key");
+	TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA256),
+			  "Create private hash key");
+
+	/* Create some signatures */
+	TEST_SUCC(vb2_sign_data(hashes + 0, test_data, sizeof(test_data),
+				prikhash, "Hash 1"),
+		  "Hash 1");
+	TEST_SUCC(vb2_sign_data(hashes + 1, test_data2, sizeof(test_data2),
+				prikhash, "Hash 2"),
+		  "Hash 2");
+	TEST_SUCC(vb2_sign_data(hashes + 2, test_data3, sizeof(test_data3),
+				prikhash, "Hash 3"),
+			  "Hash 3");
+
+	/* Test good preamble */
+	TEST_SUCC(vb2_fw_preamble_create(&pre, prikhash,
+					 (const struct vb2_signature2 **)hashes,
+					 3, 0x1234, 0x5678, desc),
+		  "Create preamble good");
+
+	buf = (uint8_t *)pre;
+	buf_size = pre->c.total_size;
+
+	/* Make a copy of the buffer, so we can mangle it for tests */
+	buf2 = malloc(buf_size);
+	memcpy(buf2, buf, buf_size);
+
+	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+	pre = (struct vb2_fw_preamble2 *)buf;
+
+	TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		  "vb2_verify_fw_preamble2()");
+
+	memcpy(buf, buf2, buf_size);
+	pre->c.magic = VB2_MAGIC_PACKED_KEY2;
+	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		VB2_ERROR_PREAMBLE_MAGIC,
+		"vb2_verify_fw_preamble2() magic");
+
+	memcpy(buf, buf2, buf_size);
+	pre->c.fixed_size++;
+	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		VB2_ERROR_COMMON_FIXED_UNALIGNED,
+		"vb2_verify_fw_preamble2() header");
+
+	memcpy(buf, buf2, buf_size);
+	pre->c.struct_version_major++;
+	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		VB2_ERROR_PREAMBLE_HEADER_VERSION,
+		"vb2_verify_fw_preamble2() major version");
+
+	memcpy(buf, buf2, buf_size);
+	pre->c.struct_version_minor++;
+	/* That changes the signature, so resign the fw_preamble */
+	vb2_sign_data(&sig, buf, pre->sig_offset, prikhash, NULL);
+	memcpy(buf + pre->sig_offset, sig, sig->c.total_size);
+	free(sig);
+	TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		  "vb2_verify_fw_preamble2() minor version");
+
+	memcpy(buf, buf2, buf_size);
+	pre->c.fixed_size -= 4;
+	pre->c.desc_size += 4;
+	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		VB2_ERROR_PREAMBLE_SIZE,
+		"vb2_verify_fw_preamble2() header size");
+
+	memcpy(buf, buf2, buf_size);
+	sig = (struct vb2_signature2 *)(buf + pre->hash_offset);
+	sig->c.total_size += pre->c.total_size;
+	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		VB2_ERROR_COMMON_TOTAL_SIZE,
+		"vb2_verify_fw_preamble2() hash size");
+
+	memcpy(buf, buf2, buf_size);
+	sig = (struct vb2_signature2 *)(buf + pre->hash_offset);
+	sig->sig_size /= 2;
+	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		VB2_ERROR_SIG_SIZE,
+		"vb2_verify_fw_preamble2() hash integrity");
+
+	memcpy(buf, buf2, buf_size);
+	pre->hash_count++;
+	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		VB2_ERROR_COMMON_MEMBER_OVERLAP,
+		"vb2_verify_fw_preamble2() hash count");
+
+	memcpy(buf, buf2, buf_size);
+	sig = (struct vb2_signature2 *)(buf + pre->sig_offset);
+	sig->c.total_size += 4;
+	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		VB2_ERROR_COMMON_TOTAL_SIZE,
+		"vb2_verify_fw_preamble2() sig inside");
+
+	memcpy(buf, buf2, buf_size);
+	sig = (struct vb2_signature2 *)(buf + pre->sig_offset);
+	buf[pre->sig_offset + sig->sig_offset]++;
+	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		VB2_ERROR_VDATA_VERIFY_DIGEST,
+		"vb2_verify_fw_preamble2() sig corrupt");
+
+	memcpy(buf, buf2, buf_size);
+	pre->flags++;
+	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
+		VB2_ERROR_VDATA_VERIFY_DIGEST,
+		"vb2_verify_fw_preamble2() preamble corrupt");
+
+	free(buf);
+	free(buf2);
+}
+
+int main(int argc, char* argv[])
+{
+	test_struct_packing();
+	test_common_header_functions();
+	test_sig_size();
+	test_verify_hash();
+	test_verify_keyblock();
+	test_verify_fw_preamble();
+
+	return gTestSuccess ? 0 : 255;
+}
diff --git a/tests/vb2_host_fw_preamble_tests.c b/tests/vb21_host_fw_preamble_tests.c
index 0063ba82..1cd0a9a9 100644
--- a/tests/vb2_host_fw_preamble_tests.c
+++ b/tests/vb21_host_fw_preamble_tests.c
@@ -11,6 +11,9 @@
 #include "2sysincludes.h"
 #include "2common.h"
 #include "2rsa.h"
+
+#include "vb2_common.h"
+
 #include "host_common.h"
 #include "host_fw_preamble2.h"
 #include "host_key2.h"
diff --git a/tests/vb2_host_key_tests.c b/tests/vb21_host_key_tests.c
index 451366f7..ed4c44b2 100644
--- a/tests/vb2_host_key_tests.c
+++ b/tests/vb21_host_key_tests.c
@@ -11,6 +11,7 @@
 #include "2sysincludes.h"
 #include "2common.h"
 #include "2rsa.h"
+#include "vb2_common.h"
 #include "host_common.h"
 #include "host_key2.h"
 
diff --git a/tests/vb2_host_keyblock_tests.c b/tests/vb21_host_keyblock_tests.c
index c30f3702..11a75d74 100644
--- a/tests/vb2_host_keyblock_tests.c
+++ b/tests/vb21_host_keyblock_tests.c
@@ -11,6 +11,7 @@
 #include "2sysincludes.h"
 #include "2common.h"
 #include "2rsa.h"
+#include "vb2_common.h"
 #include "host_common.h"
 #include "host_key2.h"
 #include "host_keyblock2.h"
diff --git a/tests/vb2_host_misc_tests.c b/tests/vb21_host_misc_tests.c
index a78c7450..638977e2 100644
--- a/tests/vb2_host_misc_tests.c
+++ b/tests/vb21_host_misc_tests.c
@@ -9,6 +9,7 @@
 
 #include "2sysincludes.h"
 #include "2common.h"
+#include "vb2_common.h"
 #include "host_common.h"
 #include "host_misc.h"
 
diff --git a/tests/vb2_host_sig_tests.c b/tests/vb21_host_sig_tests.c
index 809c7b04..5c1176ab 100644
--- a/tests/vb2_host_sig_tests.c
+++ b/tests/vb21_host_sig_tests.c
@@ -11,6 +11,7 @@
 #include "2sysincludes.h"
 #include "2common.h"
 #include "2rsa.h"
+#include "vb2_common.h"
 #include "host_common.h"
 #include "host_key2.h"
 #include "host_signature2.h"
diff --git a/tests/vb2_misc3_tests.c b/tests/vb21_misc_tests.c
index c607d248..9f6489fc 100644
--- a/tests/vb2_misc3_tests.c
+++ b/tests/vb21_misc_tests.c
@@ -14,6 +14,8 @@
 #include "2nvstorage.h"
 #include "2secdata.h"
 
+#include "vb2_common.h"
+
 #include "test_common.h"
 
 /* Common context for tests */
diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c
index 88dbf23e..ec9ef183 100644
--- a/tests/vb2_common2_tests.c
+++ b/tests/vb2_common2_tests.c
@@ -12,11 +12,8 @@
 #include "2sysincludes.h"
 #include "2common.h"
 #include "2rsa.h"
-
 #include "file_keys.h"
 #include "host_common.h"
-#include "host_key2.h"
-#include "host_signature2.h"
 #include "vboot_common.h"
 #include "test_common.h"
 
@@ -77,97 +74,6 @@ static void test_unpack_key(const struct vb2_packed_key *key1)
 	free(key);
 }
 
-static void test_unpack_key2(const struct vb2_packed_key *key1,
-			     const struct vb2_packed_key2 *key)
-{
-	struct vb2_public_key pubk;
-	struct vb2_packed_key2 *key2;
-	uint32_t size = key->c.total_size;
-
-	/* Make a copy of the key for testing */
-	key2 = (struct vb2_packed_key2 *)malloc(size);
-
-	memcpy(key2, key, size);
-	TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		  "vb2_unpack_key2() ok");
-
-	memcpy(key2, key, size);
-	key2->key_offset += 4;
-	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		VB2_ERROR_COMMON_MEMBER_SIZE,
-		"vb2_unpack_key2() buffer too small");
-
-	memcpy(key2, key, size);
-	key2->c.fixed_size += size;
-	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		VB2_ERROR_COMMON_FIXED_SIZE,
-		"vb2_unpack_key2() buffer too small for desc");
-
-	memcpy(key2, key, size);
-	key2->c.desc_size = 0;
-	TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		  "vb2_unpack_key2() no desc");
-	TEST_EQ(strcmp(pubk.desc, ""), 0, "  empty desc string");
-
-	memcpy(key2, key, size);
-	key2->c.magic++;
-	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		VB2_ERROR_UNPACK_KEY_MAGIC,
-		"vb2_unpack_key2() bad magic");
-
-	memcpy(key2, key, size);
-	key2->c.struct_version_major++;
-	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		VB2_ERROR_UNPACK_KEY_STRUCT_VERSION,
-		"vb2_unpack_key2() bad major version");
-
-	/*
-	 * Minor version changes are ok.  Note that this test assumes that the
-	 * source key struct version is the highest actually known to the
-	 * reader.  If the reader does know about minor version + 1 and that
-	 * adds fields, this test will likely fail.  But at that point, we
-	 * should have already added a test for minor version compatibility to
-	 * handle both old and new struct versions, so someone will have
-	 * noticed this comment.
-	 */
-	memcpy(key2, key, size);
-	key2->c.struct_version_minor++;
-	TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		  "vb2_unpack_key2() minor version change ok");
-
-	memcpy(key2, key, size);
-	key2->sig_alg = VB2_SIG_INVALID;
-	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM,
-		"vb2_unpack_key2() bad sig algorithm");
-
-	memcpy(key2, key, size);
-	key2->hash_alg = VB2_HASH_INVALID;
-	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM,
-		"vb2_unpack_key2() bad hash algorithm");
-
-	memcpy(key2, key, size);
-	key2->key_size -= 4;
-	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		VB2_ERROR_UNPACK_KEY_SIZE,
-		"vb2_unpack_key2() invalid size");
-
-	memcpy(key2, key, size);
-	key2->key_offset--;
-	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		VB2_ERROR_COMMON_MEMBER_UNALIGNED,
-		"vb2_unpack_key2() unaligned data");
-
-	memcpy(key2, key, size);
-	*(uint32_t *)((uint8_t *)key2 + key2->key_offset) /= 2;
-	TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size),
-		VB2_ERROR_UNPACK_KEY_ARRAY_SIZE,
-		"vb2_unpack_key2() invalid key array size");
-
-	free(key2);
-}
-
 static void test_verify_data(const struct vb2_packed_key *key1,
 			     const struct vb2_signature *sig)
 {
@@ -227,145 +133,15 @@ static void test_verify_data(const struct vb2_packed_key *key1,
 	free(sig2);
 }
 
-static void test_verify_signature2(const struct vb2_signature2 *sig)
-{
-	struct vb2_signature2 *sig2;
-	uint8_t *buf2;
-	uint32_t size;
-
-	/* Make a copy of the signature */
-	size = sig->c.total_size;
-	buf2 = malloc(size);
-	sig2 = (struct vb2_signature2 *)buf2;
-
-	memcpy(buf2, sig, size);
-	TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig ok");
-	sig2->c.magic = VB2_MAGIC_PACKED_KEY2;
-	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_MAGIC,
-		"verify_sig magic");
-
-	memcpy(buf2, sig, size);
-	sig2->c.total_size += 4;
-	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_TOTAL_SIZE,
-		"verify_sig common header");
-
-	memcpy(buf2, sig, size);
-	sig2->c.struct_version_minor++;
-	TEST_SUCC(vb2_verify_signature2(sig2, size), "verify_sig minor ver");
-	sig2->c.struct_version_major++;
-	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_VERSION,
-		"verify_sig major ver");
-
-	memcpy(buf2, sig, size);
-	sig2->c.fixed_size -= 4;
-	sig2->c.desc_size += 4;
-	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_HEADER_SIZE,
-		"verify_sig header size");
-
-	memcpy(buf2, sig, size);
-	sig2->sig_size += 4;
-	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_COMMON_MEMBER_SIZE,
-		"verify_sig sig size");
-
-	memcpy(buf2, sig, size);
-	sig2->sig_alg = VB2_SIG_INVALID;
-	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_ALGORITHM,
-		"verify_sig sig alg");
-
-	memcpy(buf2, sig, size);
-	sig2->sig_alg = (sig2->sig_alg == VB2_SIG_NONE ?
-			 VB2_SIG_RSA1024 : VB2_SIG_NONE);
-	TEST_EQ(vb2_verify_signature2(sig2, size), VB2_ERROR_SIG_SIZE,
-		"verify_sig sig size");
-
-	free(buf2);
-}
-
-static void test_verify_data2(const struct vb2_public_key *pubk_orig,
-			      const struct vb2_signature2 *sig)
-{
-	uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES];
-	struct vb2_workbuf wb;
-
-	struct vb2_public_key pubk;
-	struct vb2_signature2 *sig2;
-	uint8_t *buf2;
-	uint32_t size;
-
-	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
-
-	pubk = *pubk_orig;
-
-	/* Allocate signature copy for tests */
-	size = sig->c.total_size;
-	buf2 = malloc(size);
-	sig2 = (struct vb2_signature2 *)buf2;
-
-	memcpy(buf2, sig, size);
-	pubk.sig_alg = VB2_SIG_INVALID;
-	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
-		VB2_ERROR_VDATA_ALGORITHM, "vb2_verify_data2() bad sig alg");
-	pubk = *pubk_orig;
-
-	memcpy(buf2, sig, size);
-	pubk.hash_alg = VB2_HASH_INVALID;
-	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
-		VB2_ERROR_VDATA_DIGEST_SIZE,
-		"vb2_verify_data2() bad hash alg");
-	pubk = *pubk_orig;
-
-	vb2_workbuf_init(&wb, workbuf, 4);
-	memcpy(buf2, sig, size);
-	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
-		VB2_ERROR_VDATA_WORKBUF_DIGEST,
-		"vb2_verify_data2() workbuf too small");
-	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
-
-	memcpy(buf2, sig, size);
-	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
-		0, "vb2_verify_data2() ok");
-
-	memcpy(buf2, sig, size);
-	sig2->sig_size -= 16;
-	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
-		VB2_ERROR_VDATA_SIG_SIZE, "vb2_verify_data2() wrong sig size");
-
-	memcpy(buf2, sig, size);
-	TEST_EQ(vb2_verify_data2(test_data, test_size - 1, sig2, &pubk, &wb),
-		VB2_ERROR_VDATA_SIZE, "vb2_verify_data2() wrong data size");
-
-	memcpy(buf2, sig, size);
-	sig2->hash_alg = (sig2->hash_alg == VB2_HASH_SHA1 ?
-			  VB2_HASH_SHA256 : VB2_HASH_SHA1);
-	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
-		VB2_ERROR_VDATA_ALGORITHM_MISMATCH,
-		"vb2_verify_data2() alg mismatch");
-
-
-	memcpy(buf2, sig, size);
-	buf2[sig2->sig_offset] ^= 0x5A;
-	TEST_EQ(vb2_verify_data2(test_data, test_size, sig2, &pubk, &wb),
-		VB2_ERROR_RSA_PADDING, "vb2_verify_data2() wrong sig");
-
-	free(buf2);
-}
 
 int test_algorithm(int key_algorithm, const char *keys_dir)
 {
 	char filename[1024];
 	int rsa_len = siglen_map[key_algorithm] * 8;
 
-	enum vb2_signature_algorithm sig_alg =
-		vb2_crypto_to_signature(key_algorithm);
-	enum vb2_hash_algorithm hash_alg = vb2_crypto_to_hash(key_algorithm);
-
 	VbPrivateKey *private_key = NULL;
-	struct vb2_private_key *prik = NULL;
 	struct vb2_signature *sig = NULL;
-	struct vb2_signature2 *sig2 = NULL;
-	struct vb2_public_key *pubk = NULL;
 	struct vb2_packed_key *key1;
-	struct vb2_packed_key2 *key2 = NULL;
 
 	printf("***Testing algorithm: %s\n", algo_strings[key_algorithm]);
 
@@ -376,12 +152,6 @@ int test_algorithm(int key_algorithm, const char *keys_dir)
 		return 1;
 	}
 
-	TEST_SUCC(vb2_private_key_read_pem(&prik, filename),
-		  "Read private key");
-	prik->hash_alg = hash_alg;
-	prik->sig_alg = sig_alg;
-	vb2_private_key_set_desc(prik, "private key");
-
 	sprintf(filename, "%s/key_rsa%d.keyb", keys_dir, rsa_len);
 	key1 = (struct vb2_packed_key *)
 		PublicKeyReadKeyb(filename, key_algorithm, 1);
@@ -390,12 +160,6 @@ int test_algorithm(int key_algorithm, const char *keys_dir)
 		return 1;
 	}
 
-	TEST_SUCC(vb2_public_key_read_keyb(&pubk, filename),
-		  "Read public key");
-	pubk->hash_alg = hash_alg;
-	vb2_public_key_set_desc(pubk, "public key");
-	TEST_SUCC(vb2_public_key_pack(&key2, pubk), "Pack public key");
-
 	/* Calculate good signatures */
 	sig = (struct vb2_signature *)
 		CalculateSignature(test_data, sizeof(test_data), private_key);
@@ -403,23 +167,12 @@ int test_algorithm(int key_algorithm, const char *keys_dir)
 	if (!sig)
 		return 1;
 
-	TEST_SUCC(vb2_sign_data(&sig2, test_data, test_size, prik, ""),
-		  "Make test signature");
-
 	test_unpack_key(key1);
 	test_verify_data(key1, sig);
 
-	test_unpack_key2(key1, key2);
-	test_verify_data2(pubk, sig2);
-	test_verify_signature2(sig2);
-
 	free(key1);
-	free(key2);
 	free(private_key);
 	free(sig);
-	free(sig2);
-	vb2_private_key_free(prik);
-	vb2_public_key_free(pubk);
 
 	return 0;
 }
diff --git a/tests/vb2_common_tests.c b/tests/vb2_common_tests.c
index d520f1c6..f8502957 100644
--- a/tests/vb2_common_tests.c
+++ b/tests/vb2_common_tests.c
@@ -8,18 +8,10 @@
 #include "2sysincludes.h"
 #include "2common.h"
 #include "2rsa.h"
-#include "host_fw_preamble2.h"
-#include "host_key2.h"
-#include "host_keyblock2.h"
-#include "host_signature2.h"
 #include "vboot_struct.h"  /* For old struct sizes */
 
 #include "test_common.h"
 
-static const uint8_t test_data[] = "This is some test data to sign.";
-static const uint8_t test_data2[] = "Some more test data";
-static const uint8_t test_data3[] = "Even more test data";
-
 /**
  * Test memory compare functions
  */
@@ -152,26 +144,6 @@ static void test_struct_packing(void)
 	TEST_EQ(EXPECTED_VB2_FW_PREAMBLE_SIZE,
 		EXPECTED_VBFIRMWAREPREAMBLEHEADER2_1_SIZE,
 		"vboot1->2 firmware preamble sizes same");
-
-	/* Test new struct sizes */
-	TEST_EQ(EXPECTED_GUID_SIZE,
-		sizeof(struct vb2_guid),
-		"sizeof(vb2_guid)");
-	TEST_EQ(EXPECTED_VB2_STRUCT_COMMON_SIZE,
-		sizeof(struct vb2_struct_common),
-		"sizeof(vb2_struct_common)");
-	TEST_EQ(EXPECTED_VB2_PACKED_KEY2_SIZE,
-		sizeof(struct vb2_packed_key2),
-		"sizeof(vb2_packed_key2)");
-	TEST_EQ(EXPECTED_VB2_SIGNATURE2_SIZE,
-		sizeof(struct vb2_signature2),
-		"sizeof(vb2_signature2)");
-	TEST_EQ(EXPECTED_VB2_KEYBLOCK2_SIZE,
-		sizeof(struct vb2_keyblock2),
-		"sizeof(vb2_keyblock2)");
-	TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_SIZE,
-		sizeof(struct vb2_fw_preamble2),
-		"sizeof(vb2_fw_preamble2)");
 }
 
 /**
@@ -291,467 +263,6 @@ static void test_helper_functions(void)
 	}
 }
 
-/**
- * Common header functions
- */
-static void test_common_header_functions(void)
-{
-	uint8_t cbuf[sizeof(struct vb2_struct_common) + 128];
-	uint8_t cbufgood[sizeof(cbuf)];
-	struct vb2_struct_common *c = (struct vb2_struct_common *)cbuf;
-	struct vb2_struct_common *c2;
-	const char test_desc[32] = "test desc";
-	uint32_t desc_end, m;
-
-	c->total_size = sizeof(cbuf);
-	c->fixed_size = sizeof(*c);
-	c->desc_size = sizeof(test_desc);
-	memcpy(cbuf + c->fixed_size, test_desc, sizeof(test_desc));
-	desc_end = c->fixed_size + c->desc_size;
-
-	c2 = (struct vb2_struct_common *)(cbuf + desc_end);
-	c2->total_size = c->total_size - desc_end;
-	c2->fixed_size = sizeof(*c2);
-	c2->desc_size = 0;
-
-	/* Description helper */
-	TEST_EQ(0, strcmp(vb2_common_desc(c), test_desc), "vb2_common_desc()");
-	TEST_EQ(0, strcmp(vb2_common_desc(c2), ""), "vb2_common_desc() empty");
-
-	TEST_SUCC(vb2_verify_common_header(cbuf, sizeof(cbuf)),
-		  "vb2_verify_common_header() good");
-	memcpy(cbufgood, cbuf, sizeof(cbufgood));
-
-	memcpy(cbuf, cbufgood, sizeof(cbuf));
-	c->total_size += 4;
-	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
-		VB2_ERROR_COMMON_TOTAL_SIZE,
-		"vb2_verify_common_header() total size");
-
-	memcpy(cbuf, cbufgood, sizeof(cbuf));
-	c->fixed_size = c->total_size + 4;
-	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
-		VB2_ERROR_COMMON_FIXED_SIZE,
-		"vb2_verify_common_header() fixed size");
-
-	memcpy(cbuf, cbufgood, sizeof(cbuf));
-	c->desc_size = c->total_size - c->fixed_size + 4;
-	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
-		VB2_ERROR_COMMON_DESC_SIZE,
-		"vb2_verify_common_header() desc size");
-
-	memcpy(cbuf, cbufgood, sizeof(cbuf));
-	c->total_size--;
-	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
-		VB2_ERROR_COMMON_TOTAL_UNALIGNED,
-		"vb2_verify_common_header() total unaligned");
-
-	memcpy(cbuf, cbufgood, sizeof(cbuf));
-	c->fixed_size++;
-	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
-		VB2_ERROR_COMMON_FIXED_UNALIGNED,
-		"vb2_verify_common_header() fixed unaligned");
-
-	memcpy(cbuf, cbufgood, sizeof(cbuf));
-	c->desc_size--;
-	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
-		VB2_ERROR_COMMON_DESC_UNALIGNED,
-		"vb2_verify_common_header() desc unaligned");
-
-	memcpy(cbuf, cbufgood, sizeof(cbuf));
-	c->desc_size = -4;
-	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
-		VB2_ERROR_COMMON_DESC_WRAPS,
-		"vb2_verify_common_header() desc wraps");
-
-	memcpy(cbuf, cbufgood, sizeof(cbuf));
-	cbuf[desc_end - 1] = 1;
-	TEST_EQ(vb2_verify_common_header(cbuf, sizeof(cbuf)),
-		VB2_ERROR_COMMON_DESC_TERMINATOR,
-		"vb2_verify_common_header() desc not terminated");
-
-	/* Member checking function */
-	memcpy(cbuf, cbufgood, sizeof(cbuf));
-	m = 0;
-	TEST_SUCC(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 4),
-		  "vb2_verify_common_member()");
-	TEST_EQ(m, c->total_size - 4, "  new minimum");
-
-	m = desc_end;
-	TEST_SUCC(vb2_verify_common_member(cbuf, &m, desc_end, 4),
-		  "vb2_verify_common_member() good offset");
-	TEST_EQ(m, desc_end + 4, "  new minimum");
-
-	m = 0;
-	TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, -4),
-		VB2_ERROR_COMMON_MEMBER_WRAPS,
-		"vb2_verify_common_member() wraps");
-
-	m = 0;
-	TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 7, 4),
-		VB2_ERROR_COMMON_MEMBER_UNALIGNED,
-		"vb2_verify_common_member() offset unaligned");
-
-	m = 0;
-	TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 8, 5),
-		VB2_ERROR_COMMON_MEMBER_UNALIGNED,
-		"vb2_verify_common_member() size unaligned");
-
-	m = 0;
-	TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end - 4, 4),
-		VB2_ERROR_COMMON_MEMBER_OVERLAP,
-		"vb2_verify_common_member() overlap");
-
-	m = desc_end + 4;
-	TEST_EQ(vb2_verify_common_member(cbuf, &m, desc_end, 4),
-		VB2_ERROR_COMMON_MEMBER_OVERLAP,
-		"vb2_verify_common_member() overlap 2");
-
-	m = 0;
-	TEST_EQ(vb2_verify_common_member(cbuf, &m, c->total_size - 4, 8),
-		VB2_ERROR_COMMON_MEMBER_SIZE,
-		"vb2_verify_common_member() size");
-
-	/* Subobject checking */
-	m = 0;
-	TEST_SUCC(vb2_verify_common_subobject(cbuf, &m, desc_end),
-		  "vb2_verify_common_subobject() good offset");
-	TEST_EQ(m, sizeof(cbuf), "  new minimum");
-
-	m = desc_end + 4;
-	TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end),
-		VB2_ERROR_COMMON_MEMBER_OVERLAP,
-		"vb2_verify_common_subobject() overlap");
-
-	m = 0;
-	c2->total_size += 4;
-	TEST_EQ(vb2_verify_common_subobject(cbuf, &m, desc_end),
-		VB2_ERROR_COMMON_TOTAL_SIZE,
-		"vb2_verify_common_subobject() size");
-}
-
-/**
- * Signature size
- */
-static void test_sig_size(void)
-{
-	TEST_EQ(vb2_sig_size(VB2_SIG_INVALID, VB2_HASH_SHA256), 0,
-		"vb2_sig_size() sig invalid");
-
-	TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_INVALID), 0,
-		"vb2_sig_size() hash invalid");
-
-	TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_SHA256), 2048 / 8,
-		"vb2_sig_size() RSA2048");
-	TEST_EQ(vb2_sig_size(VB2_SIG_RSA4096, VB2_HASH_SHA256), 4096 / 8,
-		"vb2_sig_size() RSA4096");
-	TEST_EQ(vb2_sig_size(VB2_SIG_RSA8192, VB2_HASH_SHA512), 8192 / 8,
-		"vb2_sig_size() RSA8192");
-
-	TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA1),
-		VB2_SHA1_DIGEST_SIZE, "vb2_sig_size() SHA1");
-	TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA256),
-		VB2_SHA256_DIGEST_SIZE, "vb2_sig_size() SHA256");
-	TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA512),
-		VB2_SHA512_DIGEST_SIZE, "vb2_sig_size() SHA512");
-}
-
-/**
- * Verify data on bare hash
- */
-static void test_verify_hash(void)
-{
-	struct vb2_signature2 *sig;
-	const struct vb2_private_key *prik;
-	struct vb2_public_key pubk;
-	uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES];
-	struct vb2_workbuf wb;
-
-	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
-
-	TEST_SUCC(vb2_private_key_hash(&prik, VB2_HASH_SHA256),
-		  "create private hash key");
-	TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
-		  "create hash key");
-
-	/* Create the signature */
-	TEST_SUCC(vb2_sign_data(&sig, test_data, sizeof(test_data),
-				prik, NULL),
-		  "create hash sig");
-
-	TEST_SUCC(vb2_verify_data2(test_data, sizeof(test_data),
-				   sig, &pubk, &wb),
-		  "vb2_verify_data2() hash ok");
-
-	*((uint8_t *)sig + sig->sig_offset) ^= 0xab;
-	TEST_EQ(vb2_verify_data2(test_data, sizeof(test_data), sig, &pubk, &wb),
-		VB2_ERROR_VDATA_VERIFY_DIGEST, "vb2_verify_data2() hash bad");
-
-	free(sig);
-}
-
-/**
- * Verify keyblock
- */
-static void test_verify_keyblock(void)
-{
-	const char desc[16] = "test keyblock";
-	const struct vb2_private_key *prik[2];
-	struct vb2_public_key pubk, pubk2, pubk3;
-	struct vb2_signature2 *sig;
-	struct vb2_keyblock2 *kbuf;
-	uint32_t buf_size;
-	uint8_t *buf, *buf2;
-
-	uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES];
-	struct vb2_workbuf wb;
-
-	TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
-		  "create hash key 1");
-	TEST_SUCC(vb2_public_key_hash(&pubk2, VB2_HASH_SHA512),
-		  "create hash key 2");
-	TEST_SUCC(vb2_public_key_hash(&pubk3, VB2_HASH_SHA1),
-		  "create hash key 3");
-
-	TEST_SUCC(vb2_private_key_hash(prik + 0, VB2_HASH_SHA256),
-		  "create private key 1");
-	TEST_SUCC(vb2_private_key_hash(prik + 1, VB2_HASH_SHA512),
-		  "create private key 2");
-
-	/* Create the test keyblock */
-	TEST_SUCC(vb2_keyblock_create(&kbuf, &pubk3, prik, 2, 0x4321, desc),
-		  "create keyblock");
-
-	buf = (uint8_t *)kbuf;
-	buf_size = kbuf->c.total_size;
-
-	/* Make a copy of the buffer, so we can mangle it for tests */
-	buf2 = malloc(buf_size);
-	memcpy(buf2, buf, buf_size);
-
-	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
-	kbuf = (struct vb2_keyblock2 *)buf;
-
-	TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		  "vb2_verify_keyblock2()");
-
-	memcpy(buf, buf2, buf_size);
-	TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk2, &wb),
-		  "vb2_verify_keyblock2() key 2");
-
-	memcpy(buf, buf2, buf_size);
-	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk3, &wb),
-		VB2_ERROR_KEYBLOCK_SIG_GUID,
-		"vb2_verify_keyblock2() key not present");
-
-	memcpy(buf, buf2, buf_size);
-	kbuf->c.magic = VB2_MAGIC_PACKED_KEY2;
-	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		VB2_ERROR_KEYBLOCK_MAGIC,
-		"vb2_verify_keyblock2() magic");
-
-	memcpy(buf, buf2, buf_size);
-	kbuf->c.fixed_size++;
-	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		VB2_ERROR_COMMON_FIXED_UNALIGNED,
-		"vb2_verify_keyblock2() header");
-
-	memcpy(buf, buf2, buf_size);
-	kbuf->c.struct_version_major++;
-	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		VB2_ERROR_KEYBLOCK_HEADER_VERSION,
-		"vb2_verify_keyblock2() major version");
-
-	memcpy(buf, buf2, buf_size);
-	kbuf->c.struct_version_minor++;
-	/* That changes the signature, so resign the keyblock */
-	vb2_sign_data(&sig, buf, kbuf->sig_offset, prik[0], NULL);
-	memcpy(buf + kbuf->sig_offset, sig, sig->c.total_size);
-	free(sig);
-	TEST_SUCC(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		  "vb2_verify_keyblock2() minor version");
-
-	memcpy(buf, buf2, buf_size);
-	kbuf->c.fixed_size -= 4;
-	kbuf->c.desc_size += 4;
-	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		VB2_ERROR_KEYBLOCK_SIZE,
-		"vb2_verify_keyblock2() header size");
-
-	memcpy(buf, buf2, buf_size);
-	kbuf->key_offset = kbuf->c.total_size - 4;
-	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		VB2_ERROR_COMMON_MEMBER_SIZE,
-		"vb2_verify_keyblock2() data key outside");
-
-	memcpy(buf, buf2, buf_size);
-	sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
-	sig->data_size--;
-	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		VB2_ERROR_KEYBLOCK_SIGNED_SIZE,
-		"vb2_verify_keyblock2() signed wrong size");
-
-	memcpy(buf, buf2, buf_size);
-	sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
-	sig->c.total_size = kbuf->c.total_size - 4;
-	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		VB2_ERROR_COMMON_TOTAL_SIZE,
-		"vb2_verify_keyblock2() key outside keyblock");
-
-	memcpy(buf, buf2, buf_size);
-	sig = (struct vb2_signature2 *)(buf + kbuf->sig_offset);
-	sig->c.struct_version_major++;
-	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		VB2_ERROR_SIG_VERSION,
-		"vb2_verify_keyblock2() corrupt key");
-
-	memcpy(buf, buf2, buf_size);
-	kbuf->c.struct_version_minor++;
-	TEST_EQ(vb2_verify_keyblock2(kbuf, buf_size, &pubk, &wb),
-		VB2_ERROR_VDATA_VERIFY_DIGEST,
-		"vb2_verify_keyblock2() corrupt");
-
-	free(buf);
-	free(buf2);
-}
-
-/**
- * Verify firmware preamble
- */
-static void test_verify_fw_preamble(void)
-{
-	const char desc[16] = "test preamble";
-	const struct vb2_private_key *prikhash;
-	struct vb2_signature2 *hashes[3];
-	struct vb2_public_key pubk;
-	struct vb2_signature2 *sig;
-	struct vb2_fw_preamble2 *pre;
-	uint32_t buf_size;
-	uint8_t *buf, *buf2;
-
-	uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES];
-	struct vb2_workbuf wb;
-
-	/*
-	 * Preambles will usually be signed with a real key not a bare hash,
-	 * but the call to vb2_verify_data2() inside the preamble check is the
-	 * same (and its functionality is verified separately), and using a
-	 * bare hash here saves us from needing to have a private key to do
-	 * this test.
-	 */
-	TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256),
-		  "create hash key");
-	TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA256),
-			  "Create private hash key");
-
-	/* Create some signatures */
-	TEST_SUCC(vb2_sign_data(hashes + 0, test_data, sizeof(test_data),
-				prikhash, "Hash 1"),
-		  "Hash 1");
-	TEST_SUCC(vb2_sign_data(hashes + 1, test_data2, sizeof(test_data2),
-				prikhash, "Hash 2"),
-		  "Hash 2");
-	TEST_SUCC(vb2_sign_data(hashes + 2, test_data3, sizeof(test_data3),
-				prikhash, "Hash 3"),
-			  "Hash 3");
-
-	/* Test good preamble */
-	TEST_SUCC(vb2_fw_preamble_create(&pre, prikhash,
-					 (const struct vb2_signature2 **)hashes,
-					 3, 0x1234, 0x5678, desc),
-		  "Create preamble good");
-
-	buf = (uint8_t *)pre;
-	buf_size = pre->c.total_size;
-
-	/* Make a copy of the buffer, so we can mangle it for tests */
-	buf2 = malloc(buf_size);
-	memcpy(buf2, buf, buf_size);
-
-	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
-	pre = (struct vb2_fw_preamble2 *)buf;
-
-	TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		  "vb2_verify_fw_preamble2()");
-
-	memcpy(buf, buf2, buf_size);
-	pre->c.magic = VB2_MAGIC_PACKED_KEY2;
-	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		VB2_ERROR_PREAMBLE_MAGIC,
-		"vb2_verify_fw_preamble2() magic");
-
-	memcpy(buf, buf2, buf_size);
-	pre->c.fixed_size++;
-	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		VB2_ERROR_COMMON_FIXED_UNALIGNED,
-		"vb2_verify_fw_preamble2() header");
-
-	memcpy(buf, buf2, buf_size);
-	pre->c.struct_version_major++;
-	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		VB2_ERROR_PREAMBLE_HEADER_VERSION,
-		"vb2_verify_fw_preamble2() major version");
-
-	memcpy(buf, buf2, buf_size);
-	pre->c.struct_version_minor++;
-	/* That changes the signature, so resign the fw_preamble */
-	vb2_sign_data(&sig, buf, pre->sig_offset, prikhash, NULL);
-	memcpy(buf + pre->sig_offset, sig, sig->c.total_size);
-	free(sig);
-	TEST_SUCC(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		  "vb2_verify_fw_preamble2() minor version");
-
-	memcpy(buf, buf2, buf_size);
-	pre->c.fixed_size -= 4;
-	pre->c.desc_size += 4;
-	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		VB2_ERROR_PREAMBLE_SIZE,
-		"vb2_verify_fw_preamble2() header size");
-
-	memcpy(buf, buf2, buf_size);
-	sig = (struct vb2_signature2 *)(buf + pre->hash_offset);
-	sig->c.total_size += pre->c.total_size;
-	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		VB2_ERROR_COMMON_TOTAL_SIZE,
-		"vb2_verify_fw_preamble2() hash size");
-
-	memcpy(buf, buf2, buf_size);
-	sig = (struct vb2_signature2 *)(buf + pre->hash_offset);
-	sig->sig_size /= 2;
-	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		VB2_ERROR_SIG_SIZE,
-		"vb2_verify_fw_preamble2() hash integrity");
-
-	memcpy(buf, buf2, buf_size);
-	pre->hash_count++;
-	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		VB2_ERROR_COMMON_MEMBER_OVERLAP,
-		"vb2_verify_fw_preamble2() hash count");
-
-	memcpy(buf, buf2, buf_size);
-	sig = (struct vb2_signature2 *)(buf + pre->sig_offset);
-	sig->c.total_size += 4;
-	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		VB2_ERROR_COMMON_TOTAL_SIZE,
-		"vb2_verify_fw_preamble2() sig inside");
-
-	memcpy(buf, buf2, buf_size);
-	sig = (struct vb2_signature2 *)(buf + pre->sig_offset);
-	buf[pre->sig_offset + sig->sig_offset]++;
-	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		VB2_ERROR_VDATA_VERIFY_DIGEST,
-		"vb2_verify_fw_preamble2() sig corrupt");
-
-	memcpy(buf, buf2, buf_size);
-	pre->flags++;
-	TEST_EQ(vb2_verify_fw_preamble2(pre, buf_size, &pubk, &wb),
-		VB2_ERROR_VDATA_VERIFY_DIGEST,
-		"vb2_verify_fw_preamble2() preamble corrupt");
-
-	free(buf);
-	free(buf2);
-}
-
 int main(int argc, char* argv[])
 {
 	test_memcmp();
@@ -759,11 +270,6 @@ int main(int argc, char* argv[])
 	test_workbuf();
 	test_struct_packing();
 	test_helper_functions();
-	test_common_header_functions();
-	test_sig_size();
-	test_verify_hash();
-	test_verify_keyblock();
-	test_verify_fw_preamble();
 
 	return gTestSuccess ? 0 : 255;
 }