1 /* Copyright 2011 The ChromiumOS Authors
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 */
5
6 #include <stdint.h>
7 #include <stdio.h>
8
9 #include "2common.h"
10 #include "2rsa.h"
11 #include "2sysincludes.h"
12 #include "common/tests.h"
13 #include "file_keys.h"
14 #include "host_key.h"
15 #include "rsa_padding_test.h"
16
17 #if defined(ENABLE_HWCRYPTO_RSA_TESTS)
vb2_modexp(const struct vb2_public_key * key,uint8_t * inout,void * workbuf,int exp)18 void vb2_modexp(const struct vb2_public_key *key, uint8_t *inout,
19 void *workbuf, int exp) {
20 TEST_TRUE(0, "vb2_modexp() unexpectedly executed");
21 }
22 #else
23 vb2_error_t hwcrypto_modexp_return_value = VB2_SUCCESS;
vb2ex_hwcrypto_modexp(const struct vb2_public_key * key,uint8_t * inout,void * workbuf,size_t workbuf_size,int exp)24 vb2_error_t vb2ex_hwcrypto_modexp(const struct vb2_public_key *key,
25 uint8_t *inout, void *workbuf,
26 size_t workbuf_size, int exp) {
27 return hwcrypto_modexp_return_value;
28 }
29 #endif
30
31
32 /**
33 * Test valid and invalid signatures.
34 */
test_signatures(struct vb2_public_key * key)35 static void test_signatures(struct vb2_public_key *key)
36 {
37 uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
38 __attribute__((aligned(VB2_WORKBUF_ALIGN)));
39 uint8_t sig[RSA1024NUMBYTES];
40 struct vb2_workbuf wb;
41 int unexpected_success;
42 int i;
43
44 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
45
46 #if defined(ENABLE_HWCRYPTO_RSA_TESTS)
47 key->allow_hwcrypto = 1;
48 #endif
49
50 /* The first test signature is valid. */
51 memcpy(sig, signatures[0], sizeof(sig));
52 TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
53 "RSA Padding Test valid sig");
54
55 /* All other signatures should fail verification. */
56 unexpected_success = 0;
57 for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
58 memcpy(sig, signatures[i], sizeof(sig));
59 if (!vb2_rsa_verify_digest(key, sig,
60 test_message_sha1_hash, &wb)) {
61 fprintf(stderr,
62 "RSA Padding Test vector %d FAILED!\n", i);
63 unexpected_success++;
64 }
65 }
66 TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs");
67 }
68
69
70 /**
71 * Test other error conditions in vb2_rsa_verify_digest().
72 */
test_verify_digest(struct vb2_public_key * key)73 static void test_verify_digest(struct vb2_public_key *key) {
74 uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
75 __attribute__((aligned(VB2_WORKBUF_ALIGN)));
76 uint8_t sig[RSA1024NUMBYTES];
77 struct vb2_workbuf wb;
78 enum vb2_signature_algorithm orig_key_alg = key->sig_alg;
79
80 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
81
82 memcpy(sig, signatures[0], sizeof(sig));
83 TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
84 "vb2_rsa_verify_digest() good");
85
86 TEST_EQ(vb2_rsa_verify_digest(key, NULL, test_message_sha1_hash, &wb),
87 VB2_ERROR_RSA_VERIFY_PARAM, "vb2_rsa_verify_digest() bad arg");
88
89 key->allow_hwcrypto = 1;
90 memcpy(sig, signatures[0], sizeof(sig));
91 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
92 #if defined(ENABLE_HWCRYPTO_RSA_TESTS)
93 TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
94 "vb2_rsa_verify_digest() hwcrypto modexp");
95 #else
96 hwcrypto_modexp_return_value = VB2_SUCCESS;
97 TEST_NEQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
98 VB2_SUCCESS, "vb2_rsa_verify_digest() hwcrypto modexp fails");
99
100 memcpy(sig, signatures[0], sizeof(sig));
101 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
102 hwcrypto_modexp_return_value = VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
103 TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
104 "vb2_rsa_verify_digest() hwcrypto modexp fallback to sw");
105 key->allow_hwcrypto = 0;
106 #endif
107
108 memcpy(sig, signatures[0], sizeof(sig));
109 vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
110 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
111 VB2_ERROR_RSA_VERIFY_WORKBUF,
112 "vb2_rsa_verify_digest() small workbuf");
113 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
114
115 key->sig_alg = VB2_SIG_INVALID;
116 memcpy(sig, signatures[0], sizeof(sig));
117 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
118 VB2_ERROR_RSA_VERIFY_ALGORITHM,
119 "vb2_rsa_verify_digest() bad key alg");
120 key->sig_alg = orig_key_alg;
121
122 key->arrsize *= 2;
123 memcpy(sig, signatures[0], sizeof(sig));
124 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
125 VB2_ERROR_RSA_VERIFY_SIG_LEN,
126 "vb2_rsa_verify_digest() bad sig len");
127 key->arrsize /= 2;
128
129 /* Corrupt the signature near start and end */
130 memcpy(sig, signatures[0], sizeof(sig));
131 sig[3] ^= 0x42;
132 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
133 VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig");
134
135 memcpy(sig, signatures[0], sizeof(sig));
136 sig[RSA1024NUMBYTES - 3] ^= 0x56;
137 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
138 VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end");
139 }
140
main(int argc,char * argv[])141 int main(int argc, char *argv[])
142 {
143 struct vb2_public_key k2;
144 struct vb2_packed_key *pk;
145
146 /* Read test key */
147 if (argc != 2) {
148 fprintf(stderr, "Usage: %s <test public key>\n", argv[0]);
149 return 1;
150 }
151 pk = vb2_read_packed_keyb(argv[1], VB2_ALG_RSA1024_SHA1, 0);
152 if (!pk) {
153 fprintf(stderr, "Couldn't read RSA public key for the test.\n");
154 return 1;
155 }
156 if (VB2_SUCCESS != vb2_unpack_key(&k2, pk)) {
157 fprintf(stderr, "Couldn't unpack RSA public key.\n");
158 free(pk);
159 return 1;
160 }
161
162 /* Run tests */
163 test_signatures(&k2);
164 test_verify_digest(&k2);
165
166 /* Clean up and exit */
167 free(pk);
168 return gTestSuccess ? 0 : 255;
169 }
170