diff options
-rw-r--r-- | firmware/2lib/2nvstorage.c | 4 | ||||
-rw-r--r-- | firmware/2lib/2rsa.c | 14 | ||||
-rw-r--r-- | firmware/2lib/2secdata.c | 10 | ||||
-rw-r--r-- | firmware/2lib/2sha_utility.c | 8 | ||||
-rw-r--r-- | firmware/2lib/include/2return_codes.h | 98 | ||||
-rw-r--r-- | tests/test_common.c | 17 | ||||
-rw-r--r-- | tests/test_common.h | 4 | ||||
-rw-r--r-- | tests/vb2_nvstorage_tests.c | 5 | ||||
-rw-r--r-- | tests/vb2_rsa_padding_tests.c | 31 | ||||
-rw-r--r-- | tests/vb2_rsa_utility_tests.c | 3 | ||||
-rw-r--r-- | tests/vb2_secdata_tests.c | 54 | ||||
-rw-r--r-- | tests/vb2_sha_tests.c | 71 |
12 files changed, 222 insertions, 97 deletions
diff --git a/firmware/2lib/2nvstorage.c b/firmware/2lib/2nvstorage.c index 3bfe151c..be635825 100644 --- a/firmware/2lib/2nvstorage.c +++ b/firmware/2lib/2nvstorage.c @@ -82,11 +82,11 @@ int vb2_nv_check_crc(const struct vb2_context *ctx) /* Check header */ if (VB2_NV_HEADER_SIGNATURE != (p[VB2_NV_OFFS_HEADER] & VB2_NV_HEADER_MASK)) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_NV_HEADER; /* Check CRC */ if (vb2_crc8(p, VB2_NV_OFFS_CRC) != p[VB2_NV_OFFS_CRC]) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_NV_CRC; return VB2_SUCCESS; } diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c index e619e78b..cc39b1d6 100644 --- a/firmware/2lib/2rsa.c +++ b/firmware/2lib/2rsa.c @@ -286,7 +286,7 @@ int vb2_check_padding(uint8_t *sig, int algorithm) tail_size = sizeof(sha512_tail); break; default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_RSA_PADDING_ALGORITHM; } /* First 2 bytes are always 0x00 0x01 */ @@ -303,7 +303,7 @@ int vb2_check_padding(uint8_t *sig, int algorithm) */ result |= vb2_safe_memcmp(sig, tail, tail_size); - return result ? VB2_ERROR_BAD_SIGNATURE : VB2_SUCCESS; + return result ? VB2_ERROR_RSA_PADDING : VB2_SUCCESS; } int vb2_verify_digest(const struct vb2_public_key *key, @@ -318,22 +318,22 @@ int vb2_verify_digest(const struct vb2_public_key *key, int rv; if (!key || !sig || !digest) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_RSA_VERIFY_PARAM; if (key->algorithm >= VB2_ALG_COUNT) { VB2_DEBUG("Invalid signature type!\n"); - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_RSA_VERIFY_ALGORITHM; } /* Signature length should be same as key length */ if (key_bytes != vb2_rsa_sig_size(key->algorithm)) { VB2_DEBUG("Signature is of incorrect length!\n"); - return VB2_ERROR_BAD_SIGNATURE; + return VB2_ERROR_RSA_VERIFY_SIG_LEN; } workbuf32 = vb2_workbuf_alloc(&wblocal, 3 * key_bytes); if (!workbuf32) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_RSA_VERIFY_WORKBUF; modpowF4(key, sig, workbuf32); @@ -354,7 +354,7 @@ int vb2_verify_digest(const struct vb2_public_key *key, if (vb2_safe_memcmp(sig + pad_size, digest, key_bytes - pad_size)) { VB2_DEBUG("Digest check failed!\n"); - rv = VB2_ERROR_BAD_SIGNATURE; + rv = VB2_ERROR_RSA_VERIFY_DIGEST; } return rv; diff --git a/firmware/2lib/2secdata.c b/firmware/2lib/2secdata.c index 668bc507..2987e037 100644 --- a/firmware/2lib/2secdata.c +++ b/firmware/2lib/2secdata.c @@ -18,7 +18,7 @@ int vb2_secdata_check_crc(const struct vb2_context *ctx) /* Verify CRC */ if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdata, crc8))) - return VB2_ERROR_BAD_SECDATA; + return VB2_ERROR_SECDATA_CRC; return VB2_SUCCESS; } @@ -47,7 +47,7 @@ int vb2_secdata_init(struct vb2_context *ctx) /* Data must be new enough to have a CRC */ if (sec->struct_version < 2) - return VB2_ERROR_BAD_SECDATA; + return VB2_ERROR_SECDATA_VERSION; rv = vb2_secdata_check_crc(ctx); if (rv) @@ -76,7 +76,7 @@ int vb2_secdata_get(struct vb2_context *ctx, return VB2_SUCCESS; default: - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_SECDATA_GET_PARAM; } } @@ -95,7 +95,7 @@ int vb2_secdata_set(struct vb2_context *ctx, case VB2_SECDATA_FLAGS: /* Make sure flags is in valid range */ if (value > 0xff) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_SECDATA_SET_FLAGS; sec->flags = value; break; @@ -105,7 +105,7 @@ int vb2_secdata_set(struct vb2_context *ctx, break; default: - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_SECDATA_SET_PARAM; } /* Regenerate CRC */ diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c index 66e8b692..0f9adfa3 100644 --- a/firmware/2lib/2sha_utility.c +++ b/firmware/2lib/2sha_utility.c @@ -72,7 +72,7 @@ int vb2_digest_init(struct vb2_digest_context *dc, uint32_t algorithm) return VB2_SUCCESS; #endif default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_SHA_INIT_ALGORITHM; } } @@ -97,7 +97,7 @@ int vb2_digest_extend(struct vb2_digest_context *dc, return VB2_SUCCESS; #endif default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_SHA_EXTEND_ALGORITHM; } } @@ -106,7 +106,7 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, uint32_t digest_size) { if (digest_size < vb2_digest_size(dc->algorithm)) - return VB2_ERROR_BUFFER_TOO_SMALL; + return VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE; switch (vb2_hash_alg(dc->algorithm)) { #if VB2_SUPPORT_SHA1 @@ -125,6 +125,6 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, return VB2_SUCCESS; #endif default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_SHA_FINALIZE_ALGORITHM; } } diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 73a37b5e..28c0f91d 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -16,8 +16,93 @@ enum vb2_return_code { /* Success - no error */ VB2_SUCCESS = 0, + /* + * All vboot2 error codes start at a large offset from zero, to reduce + * the risk of overlap with other error codes (TPM, etc.). + */ + VB2_ERROR_BASE = 0x0100000, + /* Unknown / unspecified error */ - VB2_ERROR_UNKNOWN = 0x10000, + VB2_ERROR_UNKNOWN = VB2_ERROR_BASE + 1, + + /********************************************************************** + * SHA errors + */ + VB2_ERROR_SHA = VB2_ERROR_BASE + 0x010000, + + /* Bad algorithm in vb2_digest_init() */ + VB2_ERROR_SHA_INIT_ALGORITHM, + + /* Bad algorithm in vb2_digest_extend() */ + VB2_ERROR_SHA_EXTEND_ALGORITHM, + + /* Bad algorithm in vb2_digest_finalize() */ + VB2_ERROR_SHA_FINALIZE_ALGORITHM, + + /* Digest size buffer too small in vb2_digest_finalize() */ + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, + + /********************************************************************** + * RSA errors + */ + VB2_ERROR_RSA = VB2_ERROR_BASE + 0x020000, + + /* Padding mismatch in vb2_check_padding() */ + VB2_ERROR_RSA_PADDING, + + /* Bad algorithm in vb2_check_padding() */ + VB2_ERROR_RSA_PADDING_ALGORITHM, + + /* Null param passed to vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_PARAM, + + /* Bad algorithm in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_ALGORITHM, + + /* Bad signature length in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_SIG_LEN, + + /* Work buffer too small in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_WORKBUF, + + /* Digest mismatch in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_DIGEST, + + /********************************************************************** + * NV storage errors + */ + VB2_ERROR_NV = VB2_ERROR_BASE + 0x030000, + + /* Bad header in vb2_nv_check_crc() */ + VB2_ERROR_NV_HEADER, + + /* Bad CRC in vb2_nv_check_crc() */ + VB2_ERROR_NV_CRC, + + /********************************************************************** + * Secure data storage errors + */ + VB2_ERROR_SECDATA = VB2_ERROR_BASE + 0x040000, + + /* Bad CRC in vb2_secdata_check_crc() */ + VB2_ERROR_SECDATA_CRC, + + /* Bad struct version in vb2_secdata_init() */ + VB2_ERROR_SECDATA_VERSION, + + /* Invalid param in vb2_secdata_get() */ + VB2_ERROR_SECDATA_GET_PARAM, + + /* Invalid param in vb2_secdata_set() */ + VB2_ERROR_SECDATA_SET_PARAM, + + /* Invalid flags passed to vb2_secdata_set() */ + VB2_ERROR_SECDATA_SET_FLAGS, + + /********************************************************************** + * TODO: errors which must still be made specific + */ + VB2_ERROR_TODO = VB2_ERROR_BASE + 0xff0000, /* Work buffer too small */ VB2_ERROR_WORKBUF_TOO_SMALL, @@ -37,9 +122,6 @@ enum vb2_return_code { /* Signature check failed */ VB2_ERROR_BAD_SIGNATURE, - /* Bad secure data */ - VB2_ERROR_BAD_SECDATA, - /* Bad key */ VB2_ERROR_BAD_KEY, @@ -57,6 +139,14 @@ enum vb2_return_code { /* Bad hash tag */ VB2_ERROR_BAD_TAG, + + /********************************************************************** + * Highest non-zero error generated inside vboot library. Note that + * error codes passed through vboot when it calls external APIs may + * still be outside this range. + */ + VB2_ERROR_MAX = VB2_ERROR_BASE + 0xffffff, + }; #endif /* VBOOT_2_RETURN_CODES_H_ */ diff --git a/tests/test_common.c b/tests/test_common.c index 2fa445f6..3804245e 100644 --- a/tests/test_common.c +++ b/tests/test_common.c @@ -24,7 +24,8 @@ int TEST_EQ(int result, int expected_result, const char* testname) { return 1; } else { fprintf(stderr, "%s Test " COL_RED "FAILED\n" COL_STOP, testname); - fprintf(stderr, " Expected: %d, got: %d\n", expected_result, result); + fprintf(stderr, " Expected: 0x%x (%d), got: 0x%x (%d)\n", + expected_result, expected_result, result, result); gTestSuccess = 0; return 0; } @@ -36,7 +37,8 @@ int TEST_NEQ(int result, int not_expected_result, const char* testname) { return 1; } else { fprintf(stderr, "%s Test " COL_RED "FAILED\n" COL_STOP, testname); - fprintf(stderr, " Didn't expect %d, but got it.\n", not_expected_result); + fprintf(stderr, " Didn't expect 0x%x (%d), but got it.\n", + not_expected_result, not_expected_result); gTestSuccess = 0; return 0; } @@ -91,6 +93,17 @@ int TEST_STR_EQ(const char* result, const char* expected_result, } +int TEST_SUCC(int result, const char* testname) { + if (result == 0) { + fprintf(stderr, "%s Test " COL_GREEN "PASSED\n" COL_STOP, testname); + } else { + fprintf(stderr, "%s Test " COL_RED "FAILED\n" COL_STOP, testname); + fprintf(stderr, " Expected SUCCESS, got: 0x%lx\n", (long)result); + gTestSuccess = 0; + } + return !result; +} + int TEST_TRUE(int result, const char* testname) { if (result) { fprintf(stderr, "%s Test " COL_GREEN "PASSED\n" COL_STOP, testname); diff --git a/tests/test_common.h b/tests/test_common.h index 4acf5887..9a84f505 100644 --- a/tests/test_common.h +++ b/tests/test_common.h @@ -42,6 +42,10 @@ int TEST_TRUE(int result, const char* testname); * Also update the global gTestSuccess flag if test fails. */ int TEST_FALSE(int result, const char* testname); +/* Return 1 if result is 0 (VB_ERROR_SUCCESS / VB2_SUCCESS), else return 0. + * Also update the global gTestSuccess flag if test fails. */ +int TEST_SUCC(int result, const char* testname); + /* ANSI Color coding sequences. * * Don't use \e as MSC does not recognize it as a valid escape sequence. diff --git a/tests/vb2_nvstorage_tests.c b/tests/vb2_nvstorage_tests.c index 061f8691..88ffe477 100644 --- a/tests/vb2_nvstorage_tests.c +++ b/tests/vb2_nvstorage_tests.c @@ -79,6 +79,7 @@ static void nv_storage_test(void) "vb2_nv_init() status changed"); test_changed(&c, 1, "vb2_nv_init() reset changed"); goodcrc = c.nvdata[15]; + TEST_SUCC(vb2_nv_check_crc(&c), "vb2_nv_check_crc() good"); /* Another init should not cause further changes */ c.flags = 0; @@ -90,6 +91,8 @@ static void nv_storage_test(void) /* Perturbing the header should force defaults */ c.nvdata[0] ^= 0x40; + TEST_EQ(vb2_nv_check_crc(&c), + VB2_ERROR_NV_HEADER, "vb2_nv_check_crc() bad header"); vb2_nv_init(&c); TEST_EQ(c.nvdata[0], 0x70, "vb2_nv_init() reset header byte again"); test_changed(&c, 1, "vb2_nv_init() corrupt changed"); @@ -98,6 +101,8 @@ static void nv_storage_test(void) /* So should perturbing some other byte */ TEST_EQ(c.nvdata[11], 0, "Kernel byte starts at 0"); c.nvdata[11] = 12; + TEST_EQ(vb2_nv_check_crc(&c), + VB2_ERROR_NV_CRC, "vb2_nv_check_crc() bad CRC"); vb2_nv_init(&c); TEST_EQ(c.nvdata[11], 0, "vb2_nv_init() reset kernel byte"); test_changed(&c, 1, "vb2_nv_init() corrupt elsewhere changed"); diff --git a/tests/vb2_rsa_padding_tests.c b/tests/vb2_rsa_padding_tests.c index 233f7298..f1b7aa43 100644 --- a/tests/vb2_rsa_padding_tests.c +++ b/tests/vb2_rsa_padding_tests.c @@ -51,8 +51,8 @@ static void test_signatures(const struct vb2_public_key *key) /* The first test signature is valid. */ Memcpy(sig, signatures[0], sizeof(sig)); - TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "RSA Padding Test valid sig"); + TEST_SUCC(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + "RSA Padding Test valid sig"); /* All other signatures should fail verification. */ unexpected_success = 0; @@ -79,37 +79,40 @@ static void test_verify_digest(struct vb2_public_key *key) { vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); Memcpy(sig, signatures[0], sizeof(sig)); - TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() good"); + TEST_SUCC(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + "vb2_verify_digest() good"); Memcpy(sig, signatures[0], sizeof(sig)); vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1); - TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() small workbuf"); + TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + VB2_ERROR_RSA_VERIFY_WORKBUF, + "vb2_verify_digest() small workbuf"); vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); key->algorithm += VB2_ALG_COUNT; Memcpy(sig, signatures[0], sizeof(sig)); - TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() bad key alg"); + TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + VB2_ERROR_RSA_VERIFY_ALGORITHM, + "vb2_verify_digest() bad key alg"); key->algorithm -= VB2_ALG_COUNT; key->arrsize *= 2; Memcpy(sig, signatures[0], sizeof(sig)); - TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() bad key len"); + TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + VB2_ERROR_RSA_VERIFY_SIG_LEN, + "vb2_verify_digest() bad sig len"); key->arrsize /= 2; /* Corrupt the signature near start and end */ Memcpy(sig, signatures[0], sizeof(sig)); sig[3] ^= 0x42; - TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() bad sig"); + TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + VB2_ERROR_RSA_PADDING, "vb2_verify_digest() bad sig"); Memcpy(sig, signatures[0], sizeof(sig)); sig[RSA1024NUMBYTES - 3] ^= 0x56; - TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), - 0, "vb2_verify_digest() bad sig end"); + TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb), + VB2_ERROR_RSA_PADDING, "vb2_verify_digest() bad sig end"); } int main(int argc, char *argv[]) diff --git a/tests/vb2_rsa_utility_tests.c b/tests/vb2_rsa_utility_tests.c index df3eb37a..2a74f35e 100644 --- a/tests/vb2_rsa_utility_tests.c +++ b/tests/vb2_rsa_utility_tests.c @@ -72,7 +72,8 @@ static void test_utils(void) /* Test padding check with bad algorithm */ Memcpy(sig, signatures[0], sizeof(sig)); TEST_EQ(vb2_check_padding(sig, VB2_ALG_COUNT), - VB2_ERROR_BAD_ALGORITHM, "vb2_check_padding() bad alg"); + VB2_ERROR_RSA_PADDING_ALGORITHM, + "vb2_check_padding() bad alg"); /* Test safe memcmp */ TEST_EQ(vb2_safe_memcmp("foo", "foo", 3), 0, "vb2_safe_memcmp() good"); diff --git a/tests/vb2_secdata_tests.c b/tests/vb2_secdata_tests.c index 3451b324..51283317 100644 --- a/tests/vb2_secdata_tests.c +++ b/tests/vb2_secdata_tests.c @@ -40,58 +40,66 @@ static void secdata_test(void) /* Blank data is invalid */ memset(c.secdata, 0xa6, sizeof(c.secdata)); - TEST_NEQ(vb2_secdata_check_crc(&c), 0, "Check blank CRC"); - TEST_NEQ(vb2_secdata_init(&c), 0, "Init blank CRC"); + TEST_EQ(vb2_secdata_check_crc(&c), + VB2_ERROR_SECDATA_CRC, "Check blank CRC"); + TEST_EQ(vb2_secdata_init(&c), + VB2_ERROR_SECDATA_CRC, "Init blank CRC"); /* Create good data */ - TEST_EQ(vb2_secdata_create(&c), 0, "Create"); - TEST_EQ(vb2_secdata_check_crc(&c), 0, "Check created CRC"); - TEST_EQ(vb2_secdata_init(&c), 0, "Init created CRC"); + TEST_SUCC(vb2_secdata_create(&c), "Create"); + TEST_SUCC(vb2_secdata_check_crc(&c), "Check created CRC"); + TEST_SUCC(vb2_secdata_init(&c), "Init created CRC"); test_changed(&c, 1, "Create changes data"); /* Now corrupt it */ c.secdata[2]++; - TEST_NEQ(vb2_secdata_check_crc(&c), 0, "Check invalid CRC"); - TEST_NEQ(vb2_secdata_init(&c), 0, "Init invalid CRC"); + TEST_EQ(vb2_secdata_check_crc(&c), + VB2_ERROR_SECDATA_CRC, "Check invalid CRC"); + TEST_EQ(vb2_secdata_init(&c), + VB2_ERROR_SECDATA_CRC, "Init invalid CRC"); /* Version 1 didn't have a CRC, so init should reject it */ vb2_secdata_create(&c); s->struct_version = 1; - TEST_NEQ(vb2_secdata_init(&c), 0, "Init old version"); + TEST_EQ(vb2_secdata_init(&c), + VB2_ERROR_SECDATA_VERSION, "Init old version"); vb2_secdata_create(&c); c.flags = 0; /* Read/write flags */ - TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), 0, "Get flags"); + TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), "Get flags"); TEST_EQ(v, 0, "Flags created 0"); test_changed(&c, 0, "Get doesn't change data"); - TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), 0, "Set flags"); + TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), "Set flags"); test_changed(&c, 1, "Set changes data"); - TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), 0, "Set flags 2"); + TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), "Set flags 2"); test_changed(&c, 0, "Set again doesn't change data"); - TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), 0, "Get flags 2"); + TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), "Get flags 2"); TEST_EQ(v, 0x12, "Flags changed"); - TEST_NEQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x100), 0, "Bad flags"); + TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x100), + VB2_ERROR_SECDATA_SET_FLAGS, "Bad flags"); /* Read/write versions */ - TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), - 0, "Get versions"); + TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), + "Get versions"); TEST_EQ(v, 0, "Versions created 0"); test_changed(&c, 0, "Get doesn't change data"); - TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), - 0, "Set versions"); + TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), + "Set versions"); test_changed(&c, 1, "Set changes data"); - TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), - 0, "Set versions 2"); + TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), + "Set versions 2"); test_changed(&c, 0, "Set again doesn't change data"); - TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), 0, - "Get versions 2"); + TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), + "Get versions 2"); TEST_EQ(v, 0x123456ff, "Versions changed"); /* Invalid field fails */ - TEST_NEQ(vb2_secdata_get(&c, -1, &v), 0, "Get invalid"); - TEST_NEQ(vb2_secdata_set(&c, -1, 456), 0, "Set invalid"); + TEST_EQ(vb2_secdata_get(&c, -1, &v), + VB2_ERROR_SECDATA_GET_PARAM, "Get invalid"); + TEST_EQ(vb2_secdata_set(&c, -1, 456), + VB2_ERROR_SECDATA_SET_PARAM, "Set invalid"); test_changed(&c, 0, "Set invalid field doesn't change data"); } diff --git a/tests/vb2_sha_tests.c b/tests/vb2_sha_tests.c index cbcd7282..c60bbd15 100644 --- a/tests/vb2_sha_tests.c +++ b/tests/vb2_sha_tests.c @@ -5,18 +5,13 @@ /* FIPS 180-2 Tests for message digest functions. */ -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "test_common.h" - +#include "2sysincludes.h" #include "2rsa.h" #include "2sha.h" +#include "2return_codes.h" -#include "cryptolib.h" #include "sha_test_vectors.h" +#include "test_common.h" static int vb2_digest(const uint8_t *buf, uint32_t size, @@ -49,17 +44,18 @@ void sha1_tests(void) test_inputs[2] = (uint8_t *) long_msg; for (i = 0; i < 3; i++) { - TEST_EQ(vb2_digest(test_inputs[i], - strlen((char *)test_inputs[i]), - VB2_ALG_RSA1024_SHA1, digest, - sizeof(digest)), 0, "vb2_digest() SHA1"); + TEST_SUCC(vb2_digest(test_inputs[i], + strlen((char *)test_inputs[i]), + VB2_ALG_RSA1024_SHA1, digest, + sizeof(digest)), + "vb2_digest() SHA1"); TEST_EQ(memcmp(digest, sha1_results[i], sizeof(digest)), 0, "SHA1 digest"); } - TEST_NEQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), + TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), VB2_ALG_RSA1024_SHA1, digest, sizeof(digest) - 1), - 0, "vb2_digest() too small"); + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small"); } void sha256_tests(void) @@ -73,17 +69,18 @@ void sha256_tests(void) test_inputs[2] = (uint8_t *) long_msg; for (i = 0; i < 3; i++) { - TEST_EQ(vb2_digest(test_inputs[i], - strlen((char *)test_inputs[i]), - VB2_ALG_RSA1024_SHA256, digest, - sizeof(digest)), 0, "vb2_digest() SHA256"); + TEST_SUCC(vb2_digest(test_inputs[i], + strlen((char *)test_inputs[i]), + VB2_ALG_RSA1024_SHA256, digest, + sizeof(digest)), + "vb2_digest() SHA256"); TEST_EQ(memcmp(digest, sha256_results[i], sizeof(digest)), 0, "SHA-256 digest"); } - TEST_NEQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), - VB2_ALG_RSA1024_SHA256, digest, sizeof(digest) - 1), - 0, "vb2_digest() too small"); + TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), + VB2_ALG_RSA1024_SHA256, digest, sizeof(digest) - 1), + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small"); } void sha512_tests(void) @@ -97,17 +94,18 @@ void sha512_tests(void) test_inputs[2] = (uint8_t *) long_msg; for (i = 0; i < 3; i++) { - TEST_EQ(vb2_digest(test_inputs[i], - strlen((char *)test_inputs[i]), - VB2_ALG_RSA1024_SHA512, digest, - sizeof(digest)), 0, "vb2_digest() SHA512"); + TEST_SUCC(vb2_digest(test_inputs[i], + strlen((char *)test_inputs[i]), + VB2_ALG_RSA1024_SHA512, digest, + sizeof(digest)), + "vb2_digest() SHA512"); TEST_EQ(memcmp(digest, sha512_results[i], sizeof(digest)), 0, "SHA-512 digest"); } - TEST_NEQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), - VB2_ALG_RSA1024_SHA512, digest, sizeof(digest) - 1), - 0, "vb2_digest() too small"); + TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]), + VB2_ALG_RSA1024_SHA512, digest, sizeof(digest) - 1), + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small"); } void misc_tests(void) @@ -117,17 +115,20 @@ void misc_tests(void) TEST_EQ(vb2_digest_size(VB2_ALG_COUNT), 0, "digest size invalid alg"); - TEST_NEQ(vb2_digest((uint8_t *)oneblock_msg, strlen(oneblock_msg), - VB2_ALG_COUNT, digest, sizeof(digest)), - 0, "vb2_digest() invalid alg"); + TEST_EQ(vb2_digest((uint8_t *)oneblock_msg, strlen(oneblock_msg), + VB2_ALG_COUNT, digest, sizeof(digest)), + VB2_ERROR_SHA_INIT_ALGORITHM, + "vb2_digest() invalid alg"); /* Test bad algorithm inside extend and finalize */ vb2_digest_init(&dc, VB2_ALG_RSA1024_SHA1); dc.algorithm = VB2_ALG_COUNT; - TEST_NEQ(vb2_digest_extend(&dc, digest, sizeof(digest)), - 0, "vb2_digest_extend() invalid alg"); - TEST_NEQ(vb2_digest_finalize(&dc, digest, sizeof(digest)), - 0, "vb2_digest_finalize() invalid alg"); + TEST_EQ(vb2_digest_extend(&dc, digest, sizeof(digest)), + VB2_ERROR_SHA_EXTEND_ALGORITHM, + "vb2_digest_extend() invalid alg"); + TEST_EQ(vb2_digest_finalize(&dc, digest, sizeof(digest)), + VB2_ERROR_SHA_FINALIZE_ALGORITHM, + "vb2_digest_finalize() invalid alg"); } int main(int argc, char *argv[]) |