diff options
-rw-r--r-- | firmware/2lib/2common.c | 24 | ||||
-rw-r--r-- | firmware/2lib/2rsa.c | 101 | ||||
-rw-r--r-- | firmware/2lib/include/2return_codes.h | 7 | ||||
-rw-r--r-- | firmware/2lib/include/2rsa.h | 31 | ||||
-rw-r--r-- | tests/vb2_api_tests.c | 4 | ||||
-rw-r--r-- | tests/vb2_common2_tests.c | 24 | ||||
-rw-r--r-- | tests/vb2_misc2_tests.c | 8 | ||||
-rw-r--r-- | tests/vb2_rsa_padding_tests.c | 7 | ||||
-rw-r--r-- | tests/vb2_rsa_utility_tests.c | 67 |
9 files changed, 166 insertions, 107 deletions
diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c index 0da3a611..f1707969 100644 --- a/firmware/2lib/2common.c +++ b/firmware/2lib/2common.c @@ -192,12 +192,12 @@ int vb2_unpack_key(struct vb2_public_key *key, if (rv) return rv; - /* Check key algorithm */ - if (packed_key->algorithm >= VB2_ALG_COUNT) { - VB2_DEBUG("Invalid algorithm.\n"); - return VB2_ERROR_UNPACK_KEY_ALGORITHM; + /* Unpack key algorithm */ + key->sig_alg = vb2_crypto_to_signature(packed_key->algorithm); + if (key->sig_alg == VB2_SIG_INVALID) { + VB2_DEBUG("Unsupported signature algorithm.\n"); + return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; } - key->algorithm = packed_key->algorithm; key->hash_alg = vb2_crypto_to_hash(packed_key->algorithm); if (key->hash_alg == VB2_HASH_INVALID) { @@ -205,7 +205,7 @@ int vb2_unpack_key(struct vb2_public_key *key, return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; } - expected_key_size = vb2_packed_key_size(packed_key->algorithm); + expected_key_size = vb2_packed_key_size(key->sig_alg); if (!expected_key_size || expected_key_size != packed_key->key_size) { VB2_DEBUG("Wrong key size for algorithm\n"); return VB2_ERROR_UNPACK_KEY_SIZE; @@ -218,8 +218,7 @@ int vb2_unpack_key(struct vb2_public_key *key, /* Sanity check key array size */ key->arrsize = buf32[0]; - if (key->arrsize * sizeof(uint32_t) != - vb2_rsa_sig_size(packed_key->algorithm)) + if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg)) return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE; key->n0inv = buf32[1]; @@ -238,11 +237,11 @@ int vb2_verify_digest(const struct vb2_public_key *key, { uint8_t *sig_data = vb2_signature_data(sig); - if (sig->sig_size != vb2_rsa_sig_size(key->algorithm)) { + if (sig->sig_size != vb2_rsa_sig_size(key->sig_alg)) { VB2_DEBUG("Wrong data signature size for algorithm, " "sig_size=%d, expected %d for algorithm %d.\n", - sig->sig_size, vb2_rsa_sig_size(key->algorithm), - key->algorithm); + sig->sig_size, vb2_rsa_sig_size(key->sig_alg), + key->sig_alg); return VB2_ERROR_VDATA_SIG_SIZE; } @@ -261,9 +260,6 @@ int vb2_verify_data(const uint8_t *data, uint32_t digest_size; int rv; - if (key->algorithm >= VB2_ALG_COUNT) - return VB2_ERROR_VDATA_ALGORITHM; - if (sig->data_size > size) { VB2_DEBUG("Data buffer smaller than length of signed data.\n"); return VB2_ERROR_VDATA_NOT_ENOUGH_DATA; diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c index 15951c5d..37c5cf51 100644 --- a/firmware/2lib/2rsa.c +++ b/firmware/2lib/2rsa.c @@ -139,33 +139,58 @@ static void modpowF4(const struct vb2_public_key *key, uint8_t *inout, } } -uint32_t vb2_rsa_sig_size(uint32_t algorithm) + +static const uint8_t crypto_to_sig[] = { + VB2_SIG_RSA1024, + VB2_SIG_RSA1024, + VB2_SIG_RSA1024, + VB2_SIG_RSA2048, + VB2_SIG_RSA2048, + VB2_SIG_RSA2048, + VB2_SIG_RSA4096, + VB2_SIG_RSA4096, + VB2_SIG_RSA4096, + VB2_SIG_RSA8192, + VB2_SIG_RSA8192, + VB2_SIG_RSA8192, +}; + +/** + * Convert vb2_crypto_algorithm to vb2_signature_algorithm. + * + * @param algorithm Crypto algorithm (vb2_crypto_algorithm) + * + * @return The signature algorithm for that crypto algorithm, or + * VB2_SIG_INVALID if the crypto algorithm or its corresponding signature + * algorithm is invalid or not supported. + */ +enum vb2_signature_algorithm vb2_crypto_to_signature(uint32_t algorithm) +{ + if (algorithm < ARRAY_SIZE(crypto_to_sig)) + return crypto_to_sig[algorithm]; + else + return VB2_SIG_INVALID; +} + +uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg) { - switch (algorithm) { - case VB2_ALG_RSA1024_SHA1: - case VB2_ALG_RSA1024_SHA256: - case VB2_ALG_RSA1024_SHA512: + switch (sig_alg) { + case VB2_SIG_RSA1024: return 1024 / 8; - case VB2_ALG_RSA2048_SHA1: - case VB2_ALG_RSA2048_SHA256: - case VB2_ALG_RSA2048_SHA512: + case VB2_SIG_RSA2048: return 2048 / 8; - case VB2_ALG_RSA4096_SHA1: - case VB2_ALG_RSA4096_SHA256: - case VB2_ALG_RSA4096_SHA512: + case VB2_SIG_RSA4096: return 4096 / 8; - case VB2_ALG_RSA8192_SHA1: - case VB2_ALG_RSA8192_SHA256: - case VB2_ALG_RSA8192_SHA512: + case VB2_SIG_RSA8192: return 8192 / 8; default: return 0; } } -uint32_t vb2_packed_key_size(uint32_t algorithm) +uint32_t vb2_packed_key_size(enum vb2_signature_algorithm sig_alg) { - uint32_t sig_size = vb2_rsa_sig_size(algorithm); + uint32_t sig_size = vb2_rsa_sig_size(sig_alg); if (!sig_size) return 0; @@ -215,26 +240,21 @@ static const uint8_t sha512_tail[] = { 0x05,0x00,0x04,0x40 }; -/** - * Check pkcs 1.5 padding bytes - * - * @param sig Signature to verify - * @param algorithm Key algorithm - * @return VB2_SUCCESS, or non-zero if error. - */ -int vb2_check_padding(uint8_t *sig, int algorithm) +int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key) { /* Determine padding to use depending on the signature type */ - uint32_t hash_alg = vb2_crypto_to_hash(algorithm); - uint32_t pad_size = vb2_rsa_sig_size(algorithm) - - vb2_digest_size(hash_alg); + uint32_t sig_size = vb2_rsa_sig_size(key->sig_alg); + uint32_t hash_size = vb2_digest_size(key->hash_alg); + uint32_t pad_size = sig_size - hash_size; const uint8_t *tail; uint32_t tail_size; int result = 0; - int i; - switch (hash_alg) { + if (!sig_size || !hash_size || hash_size > sig_size) + return VB2_ERROR_RSA_PADDING_SIZE; + + switch (key->hash_alg) { case VB2_HASH_SHA1: tail = sha1_tail; tail_size = sizeof(sha1_tail); @@ -276,20 +296,22 @@ int vb2_rsa_verify_digest(const struct vb2_public_key *key, struct vb2_workbuf wblocal = *wb; uint32_t *workbuf32; uint32_t key_bytes; + int sig_size; int pad_size; int rv; if (!key || !sig || !digest) return VB2_ERROR_RSA_VERIFY_PARAM; - if (key->algorithm > VB2_ALG_RSA8192_SHA512) { + sig_size = vb2_rsa_sig_size(key->sig_alg); + if (!sig_size) { VB2_DEBUG("Invalid signature type!\n"); return VB2_ERROR_RSA_VERIFY_ALGORITHM; } /* Signature length should be same as key length */ key_bytes = key->arrsize * sizeof(uint32_t); - if (key_bytes != vb2_rsa_sig_size(key->algorithm)) { + if (key_bytes != sig_size) { VB2_DEBUG("Signature is of incorrect length!\n"); return VB2_ERROR_RSA_VERIFY_SIG_LEN; } @@ -302,9 +324,13 @@ int vb2_rsa_verify_digest(const struct vb2_public_key *key, vb2_workbuf_free(&wblocal, 3 * key_bytes); - /* Check padding */ - rv = vb2_check_padding(sig, key->algorithm); - if (rv) + /* + * Check padding. Only fail immediately if the padding size is bad. + * Otherwise, continue on to check the digest to reduce the risk of + * timing based attacks. + */ + rv = vb2_check_padding(sig, key); + if (rv == VB2_ERROR_RSA_PADDING_SIZE) return rv; /* @@ -312,12 +338,11 @@ int vb2_rsa_verify_digest(const struct vb2_public_key *key, * use vb2_safe_memcmp() just to be on the safe side. (That's also why * we don't return before this check if the padding check failed.) */ - pad_size = vb2_rsa_sig_size(key->algorithm) - - vb2_digest_size(key->hash_alg); - + pad_size = sig_size - vb2_digest_size(key->hash_alg); if (vb2_safe_memcmp(sig + pad_size, digest, key_bytes - pad_size)) { VB2_DEBUG("Digest check failed!\n"); - rv = VB2_ERROR_RSA_VERIFY_DIGEST; + if (!rv) + rv = VB2_ERROR_RSA_VERIFY_DIGEST; } return rv; diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 4070f007..9f41b8b8 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -71,6 +71,9 @@ enum vb2_return_code { /* Digest mismatch in vb2_verify_digest() */ VB2_ERROR_RSA_VERIFY_DIGEST, + /* Bad size calculation in vb2_check_padding() */ + VB2_ERROR_RSA_PADDING_SIZE, + /********************************************************************** * NV storage errors */ @@ -128,8 +131,8 @@ enum vb2_return_code { /* Member data outside parent in vb2_verify_member_inside() */ VB2_ERROR_INSIDE_DATA_OUTSIDE, - /* Bad algorithm in vb2_unpack_key() */ - VB2_ERROR_UNPACK_KEY_ALGORITHM, + /* Unsupported signature algorithm in vb2_unpack_key() */ + VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, /* Bad key size in vb2_unpack_key() */ VB2_ERROR_UNPACK_KEY_SIZE, diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h index 5409ce31..8e21cd4d 100644 --- a/firmware/2lib/include/2rsa.h +++ b/firmware/2lib/include/2rsa.h @@ -17,34 +17,45 @@ struct vb2_public_key { uint32_t n0inv; /* -1 / n[0] mod 2^32 */ const uint32_t *n; /* Modulus as little endian array */ const uint32_t *rr; /* R^2 as little endian array */ - uint32_t algorithm; /* Algorithm to use when verifying with the key */ - enum vb2_hash_algorithm hash_alg; /* Hash algorithm */ + enum vb2_signature_algorithm sig_alg; /* Signature algorithm */ + enum vb2_hash_algorithm hash_alg; /* Hash algorithm */ }; /** + * Convert vb2_crypto_algorithm to vb2_signature_algorithm. + * + * @param algorithm Crypto algorithm (vb2_crypto_algorithm) + * + * @return The signature algorithm for that crypto algorithm, or + * VB2_SIG_INVALID if the crypto algorithm or its corresponding signature + * algorithm is invalid or not supported. + */ +enum vb2_signature_algorithm vb2_crypto_to_signature(uint32_t algorithm); + +/** * Return the size of a RSA signature * - * @param algorithm Key algorithm (enum vb2_crypto_algorithm) - * @return The size of the signature, or 0 if error. + * @param sig_alg Signature algorithm + * @return The size of the signature in bytes, or 0 if error. */ -uint32_t vb2_rsa_sig_size(uint32_t algorithm); +uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg); /** * Return the size of a pre-processed RSA public key. * - * @param algorithm Key algorithm (enum vb2_crypto_algorithm) - * @return The size of the preprocessed key, or 0 if error. + * @param sig_alg Signature algorithm + * @return The size of the preprocessed key in bytes, or 0 if error. */ -uint32_t vb2_packed_key_size(uint32_t algorithm); +uint32_t vb2_packed_key_size(enum vb2_signature_algorithm sig_alg); /** * Check pkcs 1.5 padding bytes * * @param sig Signature to verify - * @param algorithm Key algorithm (enum vb2_crypto_algorithm) + * @param key Key to take signature and hash algorithms from * @return VB2_SUCCESS, or non-zero if error. */ -int vb2_check_padding(uint8_t *sig, int algorithm); +int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key); /* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */ #define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES (3 * 1024) diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c index 49b59b25..23e2d5e6 100644 --- a/tests/vb2_api_tests.c +++ b/tests/vb2_api_tests.c @@ -140,7 +140,7 @@ int vb2_unpack_key(struct vb2_public_key *key, if (size != sizeof(*k) + 8) return VB2_ERROR_UNPACK_KEY_SIZE; - key->algorithm = k->algorithm; + key->sig_alg = vb2_crypto_to_signature(k->algorithm); key->hash_alg = vb2_crypto_to_hash(k->algorithm); return VB2_SUCCESS; @@ -174,7 +174,7 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, return retval_vb2_digest_finalize; } -uint32_t vb2_rsa_sig_size(uint32_t algorithm) +uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg) { return mock_sig_size; } diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c index 2afa9f9e..4b3a34e6 100644 --- a/tests/vb2_common2_tests.c +++ b/tests/vb2_common2_tests.c @@ -35,7 +35,8 @@ static void test_unpack_key(const VbPublicKey *orig_key) PublicKeyCopy(key, orig_key); TEST_SUCC(vb2_unpack_key(&rsa, buf, size), "vb2_unpack_key() ok"); - TEST_EQ(rsa.algorithm, key2->algorithm, "vb2_unpack_key() algorithm"); + TEST_EQ(rsa.sig_alg, vb2_crypto_to_signature(key2->algorithm), + "vb2_unpack_key() sig_alg"); TEST_EQ(rsa.hash_alg, vb2_crypto_to_hash(key2->algorithm), "vb2_unpack_key() hash_alg"); @@ -43,7 +44,7 @@ static void test_unpack_key(const VbPublicKey *orig_key) PublicKeyCopy(key, orig_key); key2->algorithm = VB2_ALG_COUNT; TEST_EQ(vb2_unpack_key(&rsa, buf, size), - VB2_ERROR_UNPACK_KEY_ALGORITHM, + VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, "vb2_unpack_key() invalid algorithm"); PublicKeyCopy(key, orig_key); @@ -83,9 +84,8 @@ static void test_verify_data(const VbPublicKey *public_key, struct vb2_workbuf wb; VbSignature *sig; - struct vb2_public_key rsa; + struct vb2_public_key rsa, rsa_orig; struct vb2_signature *sig2; - struct vb2_packed_key *public_key2; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); @@ -106,13 +106,19 @@ static void test_verify_data(const VbPublicKey *public_key, TEST_EQ(vb2_unpack_key(&rsa, (uint8_t *)public_key2, pubkey_size), 0, "vb2_verify_data() unpack key"); + rsa_orig = rsa; + + memcpy(sig2, sig, sizeof(VbSignature) + sig->sig_size); + rsa.sig_alg = VB2_SIG_INVALID; + TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &rsa, &wb), + 0, "vb2_verify_data() bad sig alg"); + rsa.sig_alg = rsa_orig.sig_alg; memcpy(sig2, sig, sizeof(VbSignature) + sig->sig_size); - rsa.algorithm += VB2_ALG_COUNT; - TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &rsa, - &wb), - 0, "vb2_verify_data() bad key"); - rsa.algorithm -= VB2_ALG_COUNT; + rsa.hash_alg = VB2_HASH_INVALID; + TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &rsa, &wb), + 0, "vb2_verify_data() bad hash alg"); + rsa.hash_alg = rsa_orig.hash_alg; vb2_workbuf_init(&wb, workbuf, 4); memcpy(sig2, sig, sizeof(VbSignature) + sig->sig_size); diff --git a/tests/vb2_misc2_tests.c b/tests/vb2_misc2_tests.c index 14526f70..05a379ee 100644 --- a/tests/vb2_misc2_tests.c +++ b/tests/vb2_misc2_tests.c @@ -218,9 +218,9 @@ static void verify_keyblock_tests(void) "keyblock read root key"); reset_common_data(FOR_KEYBLOCK); - mock_unpack_key_retval = VB2_ERROR_UNPACK_KEY_ALGORITHM; + mock_unpack_key_retval = VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; TEST_EQ(vb2_verify_fw_keyblock(&cc), - VB2_ERROR_UNPACK_KEY_ALGORITHM, + VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, "keyblock unpack root key"); reset_common_data(FOR_KEYBLOCK); @@ -295,9 +295,9 @@ static void verify_preamble_tests(void) "preamble no data key"); reset_common_data(FOR_PREAMBLE); - mock_unpack_key_retval = VB2_ERROR_UNPACK_KEY_ALGORITHM; + mock_unpack_key_retval = VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; TEST_EQ(vb2_verify_fw_preamble2(&cc), - VB2_ERROR_UNPACK_KEY_ALGORITHM, + VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM, "preamble unpack data key"); reset_common_data(FOR_PREAMBLE); diff --git a/tests/vb2_rsa_padding_tests.c b/tests/vb2_rsa_padding_tests.c index 3dd33162..8c9e80b6 100644 --- a/tests/vb2_rsa_padding_tests.c +++ b/tests/vb2_rsa_padding_tests.c @@ -33,7 +33,7 @@ void vb2_public_key_to_vb2(struct vb2_public_key *k2, k2->n0inv = key->n0inv; k2->n = key->n; k2->rr = key->rr; - k2->algorithm = key->algorithm; + k2->sig_alg = vb2_crypto_to_signature(key->algorithm); k2->hash_alg = vb2_crypto_to_hash(key->algorithm); } @@ -77,6 +77,7 @@ static void test_verify_digest(struct vb2_public_key *key) { uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]; uint8_t sig[RSA1024NUMBYTES]; struct vb2_workbuf wb; + enum vb2_signature_algorithm orig_key_alg = key->sig_alg; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); @@ -91,12 +92,12 @@ static void test_verify_digest(struct vb2_public_key *key) { "vb2_rsa_verify_digest() small workbuf"); vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - key->algorithm += VB2_ALG_COUNT; + key->sig_alg = VB2_SIG_INVALID; Memcpy(sig, signatures[0], sizeof(sig)); TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), VB2_ERROR_RSA_VERIFY_ALGORITHM, "vb2_rsa_verify_digest() bad key alg"); - key->algorithm -= VB2_ALG_COUNT; + key->sig_alg = orig_key_alg; key->arrsize *= 2; Memcpy(sig, signatures[0], sizeof(sig)); diff --git a/tests/vb2_rsa_utility_tests.c b/tests/vb2_rsa_utility_tests.c index 2a74f35e..1293d50f 100644 --- a/tests/vb2_rsa_utility_tests.c +++ b/tests/vb2_rsa_utility_tests.c @@ -28,52 +28,69 @@ * APIs. */ int vb2_mont_ge(const struct vb2_public_key *key, uint32_t *a); -int vb2_check_padding(uint8_t *sig, int algorithm); -int vb2_safe_memcmp(const void *s1, const void *s2, size_t size); +int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key); /** * Test RSA utility funcs */ static void test_utils(void) { + uint8_t sig[RSA1024NUMBYTES]; + struct vb2_public_key kbad = {.sig_alg = VB2_SIG_INVALID, + .hash_alg = VB2_HASH_INVALID}; + /* Verify old and new algorithm count constants match */ TEST_EQ(kNumAlgorithms, VB2_ALG_COUNT, "Algorithm counts"); + /* Crypto algorithm to sig algorithm mapping */ + TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA1024_SHA1), + VB2_SIG_RSA1024, "Crypto map to RSA1024"); + TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA2048_SHA256), + VB2_SIG_RSA2048, "Crypto map to RSA2048"); + TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA4096_SHA256), + VB2_SIG_RSA4096, "Crypto map to RSA4096"); + TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA8192_SHA512), + VB2_SIG_RSA8192, "Crypto map to RSA8192"); + TEST_EQ(vb2_crypto_to_signature(VB2_ALG_COUNT), + VB2_SIG_INVALID, "Crypto map to invalid"); + /* Sig size */ - TEST_EQ(vb2_rsa_sig_size(VB2_ALG_RSA1024_SHA1), RSA1024NUMBYTES, - "Sig size VB2_ALG_RSA1024_SHA1"); - TEST_EQ(vb2_rsa_sig_size(VB2_ALG_RSA2048_SHA1), RSA2048NUMBYTES, - "Sig size VB2_ALG_RSA2048_SHA1"); - TEST_EQ(vb2_rsa_sig_size(VB2_ALG_RSA4096_SHA256), RSA4096NUMBYTES, - "Sig size VB2_ALG_RSA4096_SHA256"); - TEST_EQ(vb2_rsa_sig_size(VB2_ALG_RSA8192_SHA512), RSA8192NUMBYTES, - "Sig size VB2_ALG_RSA8192_SHA512"); - TEST_EQ(vb2_rsa_sig_size(VB2_ALG_COUNT), 0, + TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA1024), RSA1024NUMBYTES, + "Sig size RSA1024"); + TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA2048), RSA2048NUMBYTES, + "Sig size RSA2048"); + TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA4096), RSA4096NUMBYTES, + "Sig size RSA4096"); + TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA8192), RSA8192NUMBYTES, + "Sig size RSA8192"); + TEST_EQ(vb2_rsa_sig_size(VB2_SIG_INVALID), 0, "Sig size invalid algorithm"); + TEST_EQ(vb2_rsa_sig_size(VB2_SIG_NONE), 0, + "Sig size no signing algorithm"); /* Packed key size */ - TEST_EQ(vb2_packed_key_size(VB2_ALG_RSA1024_SHA1), + TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA1024), RSA1024NUMBYTES * 2 + sizeof(uint32_t) * 2, - "Packed key size VB2_ALG_RSA1024_SHA1"); - TEST_EQ(vb2_packed_key_size(VB2_ALG_RSA2048_SHA1), + "Packed key size VB2_SIG_RSA1024"); + TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA2048), RSA2048NUMBYTES * 2 + sizeof(uint32_t) * 2, - "Packed key size VB2_ALG_RSA2048_SHA1"); - TEST_EQ(vb2_packed_key_size(VB2_ALG_RSA4096_SHA256), + "Packed key size VB2_SIG_RSA2048"); + TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA4096), RSA4096NUMBYTES * 2 + sizeof(uint32_t) * 2, - "Packed key size VB2_ALG_RSA4096_SHA256"); - TEST_EQ(vb2_packed_key_size(VB2_ALG_RSA8192_SHA512), + "Packed key size VB2_SIG_RSA4096"); + TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA8192), RSA8192NUMBYTES * 2 + sizeof(uint32_t) * 2, - "Packed key size VB2_ALG_RSA8192_SHA512"); - TEST_EQ(vb2_packed_key_size(VB2_ALG_COUNT), 0, + "Packed key size VB2_SIG_RSA8192"); + TEST_EQ(vb2_packed_key_size(VB2_SIG_INVALID), 0, "Packed key size invalid algorithm"); - - uint8_t sig[RSA1024NUMBYTES]; + TEST_EQ(vb2_packed_key_size(VB2_SIG_NONE), 0, + "Packed key size no signing algorithm"); /* Test padding check with bad algorithm */ Memcpy(sig, signatures[0], sizeof(sig)); - TEST_EQ(vb2_check_padding(sig, VB2_ALG_COUNT), - VB2_ERROR_RSA_PADDING_ALGORITHM, - "vb2_check_padding() bad alg"); + TEST_EQ(vb2_check_padding(sig, &kbad), + VB2_ERROR_RSA_PADDING_SIZE, + "vb2_check_padding() bad padding algorithm/size"); /* Test safe memcmp */ TEST_EQ(vb2_safe_memcmp("foo", "foo", 3), 0, "vb2_safe_memcmp() good"); |