1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include <stdint.h>
#include <stdio.h>
#include "file_keys.h"
#include "rsa_padding_test.h"
#include "test_common.h"
#include "utility.h"
#include "2sysincludes.h"
#include "2rsa.h"
#include "host_key.h"
#include "vb2_common.h"
/**
* Test valid and invalid signatures.
*/
static void test_signatures(const struct vb2_public_key *key)
{
uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
uint8_t sig[RSA1024NUMBYTES];
struct vb2_workbuf wb;
int unexpected_success;
int i;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
/* The first test signature is valid. */
memcpy(sig, signatures[0], sizeof(sig));
TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
"RSA Padding Test valid sig");
/* All other signatures should fail verification. */
unexpected_success = 0;
for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
memcpy(sig, signatures[i], sizeof(sig));
if (!vb2_rsa_verify_digest(key, sig,
test_message_sha1_hash, &wb)) {
fprintf(stderr,
"RSA Padding Test vector %d FAILED!\n", i);
unexpected_success++;
}
}
TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs");
}
/**
* Test other error conditions in vb2_rsa_verify_digest().
*/
static void test_verify_digest(struct vb2_public_key *key) {
uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
uint8_t sig[RSA1024NUMBYTES];
struct vb2_workbuf wb;
enum vb2_signature_algorithm orig_key_alg = key->sig_alg;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
memcpy(sig, signatures[0], sizeof(sig));
TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
"vb2_rsa_verify_digest() good");
memcpy(sig, signatures[0], sizeof(sig));
vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_WORKBUF,
"vb2_rsa_verify_digest() small workbuf");
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
key->sig_alg = VB2_SIG_INVALID;
memcpy(sig, signatures[0], sizeof(sig));
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_ALGORITHM,
"vb2_rsa_verify_digest() bad key alg");
key->sig_alg = orig_key_alg;
key->arrsize *= 2;
memcpy(sig, signatures[0], sizeof(sig));
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_SIG_LEN,
"vb2_rsa_verify_digest() bad sig len");
key->arrsize /= 2;
/* Corrupt the signature near start and end */
memcpy(sig, signatures[0], sizeof(sig));
sig[3] ^= 0x42;
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig");
memcpy(sig, signatures[0], sizeof(sig));
sig[RSA1024NUMBYTES - 3] ^= 0x56;
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end");
}
int main(int argc, char *argv[])
{
struct vb2_public_key k2;
struct vb2_packed_key *pk;
/* Read test key */
if (argc != 2) {
fprintf(stderr, "Usage: %s <test public key>\n", argv[0]);
return 1;
}
pk = vb2_read_packed_keyb(argv[1], VB2_ALG_RSA1024_SHA1, 0);
if (!pk) {
fprintf(stderr, "Couldn't read RSA public key for the test.\n");
return 1;
}
if (VB2_SUCCESS != vb2_unpack_key(&k2, pk)) {
fprintf(stderr, "Couldn't unpack RSA public key.\n");
free(pk);
return 1;
}
/* Run tests */
test_signatures(&k2);
test_verify_digest(&k2);
/* Clean up and exit */
free(pk);
return gTestSuccess ? 0 : 255;
}
|
