From 463be3f135b547e24f1e0e36ed207fe5a9c31433 Mon Sep 17 00:00:00 2001
From: Gaurav Shah <gauravsh@chromium.org>
Date: Mon, 29 Mar 2010 16:13:45 -0700
Subject: VBoot Reference: Fix splicing bugs in Firmware and Kernel
 verification.

BUG=670
TESTS=Adds new tests which verify this doesn't occur anymore. Existing tests still pass.

The existing code computes and verifies signatures on firmware/kernel data and firmware/kernel versions separately. This causes a image splicing bug where it is possible to combine together a version signature from a valid new firmware with firmware data and signature from an older version. The same problem exists with kernel verification.

This CL fixes this by changing the firmware/kernel signatures to also include the version information.

For the Firmware, there's a separate signature on the preamble (which contains the version) but the firmware signature now also includes this preamble in addition to the firmware data.

For the Kernel, there's a separate signature on the kernel config/options (wich also contains the version), but the kernel signature now also includes these config/options in addition to the kernel data.

Review URL: http://codereview.chromium.org/1430001
---
 tests/test_common.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

(limited to 'tests/test_common.c')

diff --git a/tests/test_common.c b/tests/test_common.c
index c1d1108e..929e91f3 100644
--- a/tests/test_common.c
+++ b/tests/test_common.c
@@ -39,7 +39,8 @@ FirmwareImage* GenerateTestFirmwareImage(int algorithm,
                                          int firmware_version,
                                          int firmware_len,
                                          const char* root_key_file,
-                                         const char* firmware_key_file) {
+                                         const char* firmware_key_file,
+                                         uint8_t firmware_data_fill_char) {
   FirmwareImage* image = FirmwareImageNew();
 
   Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE);
@@ -62,7 +63,7 @@ FirmwareImage* GenerateTestFirmwareImage(int algorithm,
   image->preamble_signature = image->firmware_signature = NULL;
   Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE);
   image->firmware_data = Malloc(image->firmware_len);
-  Memset(image->firmware_data, 'F', image->firmware_len);
+  Memset(image->firmware_data, firmware_data_fill_char, image->firmware_len);
 
   /* Generate and populate signatures. */
   if (!AddFirmwareKeySignature(image, root_key_file)) {
@@ -96,7 +97,8 @@ uint8_t* GenerateTestFirmwareBlob(int algorithm,
                                     firmware_version,
                                     firmware_len,
                                     root_key_file,
-                                    firmware_key_file);
+                                    firmware_key_file,
+                                    'F');
   firmware_blob = GetFirmwareBlob(image, &firmware_blob_len);
   FirmwareImageFree(image);
   return firmware_blob;
@@ -120,7 +122,8 @@ uint8_t* GenerateRollbackTestFirmwareBlob(int firmware_key_version,
                                     firmware_version,
                                     1,  /* Firmware length. */
                                     "testkeys/key_rsa8192.pem",
-                                    "testkeys/key_rsa1024.pem");
+                                    "testkeys/key_rsa1024.pem",
+                                    'F');
   if (!image)
     return NULL;
   if (is_corrupt) {
@@ -141,7 +144,8 @@ KernelImage* GenerateTestKernelImage(int firmware_sign_algorithm,
                                      int kernel_version,
                                      int kernel_len,
                                      const char* firmware_key_file,
-                                     const char* kernel_key_file) {
+                                     const char* kernel_key_file,
+                                     uint8_t kernel_data_fill_char) {
   KernelImage* image = KernelImageNew();
 
   Memcpy(image->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE);
@@ -170,7 +174,7 @@ KernelImage* GenerateTestKernelImage(int firmware_sign_algorithm,
   image->options.kernel_entry_addr = 0;
   image->kernel_key_signature = image->kernel_signature = NULL;
   image->kernel_data = Malloc(kernel_len);
-  Memset(image->kernel_data, 'F', kernel_len);
+  Memset(image->kernel_data, kernel_data_fill_char, kernel_len);
 
   /* Generate and populate signatures. */
   if (!AddKernelKeySignature(image, firmware_key_file)) {
@@ -207,7 +211,8 @@ uint8_t* GenerateTestKernelBlob(int firmware_sign_algorithm,
                                   kernel_version,
                                   kernel_len,
                                   firmware_key_file,
-                                  kernel_key_file);
+                                  kernel_key_file,
+                                  'K');
 
   kernel_blob = GetKernelBlob(image, &kernel_blob_len);
   KernelImageFree(image);
@@ -232,7 +237,8 @@ uint8_t* GenerateRollbackTestKernelBlob(int kernel_key_version,
                                  kernel_version,
                                  1,  /* kernel length. */
                                  "testkeys/key_rsa1024.pem",
-                                 "testkeys/key_rsa1024.pem");
+                                 "testkeys/key_rsa1024.pem",
+                                 'K');
  if (!image)
    return NULL;
  if (is_corrupt) {
-- 
cgit v1.2.1