xref: /aosp_15_r20/external/vboot_reference/tests/vb2_common2_tests.c (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1 /* Copyright 2014 The ChromiumOS Authors
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  *
5  * Tests for firmware image library.
6  */
7 
8 #include <stdint.h>
9 #include <stdio.h>
10 #include <string.h>
11 
12 #include "2common.h"
13 #include "2rsa.h"
14 #include "2sysincludes.h"
15 #include "common/tests.h"
16 #include "file_keys.h"
17 #include "host_common.h"
18 #include "host_key21.h"
19 
20 static const uint8_t test_data[] = "This is some test data to sign.";
21 static const uint32_t test_size = sizeof(test_data);
22 static const uint8_t test_data_sha1[VB2_SHA1_DIGEST_SIZE] = {
23 	0x6f, 0xde, 0xe7, 0x73, 0x93, 0xbe, 0x23, 0x34,
24 	0xb3, 0x54, 0xc2, 0xe9, 0x18, 0xb8, 0x1b, 0xf8,
25 	0x99, 0x36, 0x63, 0x09,
26 };
27 static const uint8_t test_data_sha256[VB2_SHA256_DIGEST_SIZE] = {
28 	0xc0, 0x2c, 0xdb, 0x18, 0xe4, 0xd9, 0xfc, 0x65,
29 	0xcb, 0xea, 0x11, 0x8e, 0x9e, 0x1c, 0x51, 0x2d,
30 	0xeb, 0x69, 0x5f, 0x56, 0x1f, 0xd8, 0x77, 0x7b,
31 	0x7d, 0x9d, 0x4f, 0x21, 0x81, 0xac, 0x9e, 0xd5,
32 };
33 static const uint8_t test_data_sha512[VB2_SHA512_DIGEST_SIZE] = {
34 	0x0e, 0x0c, 0x9c, 0xf7, 0x08, 0x28, 0xee, 0xd7,
35 	0x0d, 0x62, 0xf5, 0x46, 0xa1, 0x2d, 0xf3, 0x79,
36 	0x41, 0x0c, 0x80, 0xbf, 0xaf, 0x1f, 0xfa, 0x41,
37 	0xdb, 0x8e, 0x30, 0x02, 0x16, 0xf1, 0x4b, 0x2c,
38 	0x67, 0x1f, 0x5b, 0xfb, 0x06, 0x49, 0xc9, 0xf4,
39 	0x6b, 0x62, 0xb9, 0x27, 0x94, 0xc3, 0xf4, 0xb8,
40 	0xc7, 0x23, 0x40, 0xc5, 0xfb, 0x74, 0xab, 0xa4,
41 	0x63, 0xfd, 0x3f, 0xf3, 0x2b, 0xa3, 0xc5, 0x3b,
42 };
43 static const uint8_t *hwcrypto_next_hash;
44 
45 static enum hwcrypto_state {
46 	HWCRYPTO_OK,
47 	HWCRYPTO_NOTSUPPORTED,
48 	HWCRYPTO_ERROR,
49 	HWCRYPTO_ABORT,
50 } hwcrypto_state_rsa, hwcrypto_state_digest;
51 
hwcrypto_mock(enum hwcrypto_state * state)52 static vb2_error_t hwcrypto_mock(enum hwcrypto_state *state)
53 {
54 	switch (*state) {
55 		case HWCRYPTO_OK:
56 			return VB2_SUCCESS;
57 		case HWCRYPTO_NOTSUPPORTED:
58 			return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
59 		case HWCRYPTO_ERROR:
60 			return VB2_ERROR_MOCK;
61 		case HWCRYPTO_ABORT:
62 			vb2ex_abort();
63 			/* shouldn't reach here but added for compiler */
64 			return VB2_ERROR_MOCK;
65 	}
66 	return VB2_ERROR_MOCK;
67 }
68 
vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm algo,uint32_t data_size)69 vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm algo,
70 				       uint32_t data_size)
71 {
72 	switch (algo) {
73 	case VB2_HASH_SHA1:
74 		hwcrypto_next_hash = test_data_sha1;
75 		break;
76 	case VB2_HASH_SHA256:
77 		hwcrypto_next_hash = test_data_sha256;
78 		break;
79 	case VB2_HASH_SHA512:
80 		hwcrypto_next_hash = test_data_sha512;
81 		break;
82 	default:
83 		TEST_TRUE(false, "  no mock hash for algorithm");
84 		break;
85 	}
86 	return hwcrypto_mock(&hwcrypto_state_digest);
87 }
88 
vb2ex_hwcrypto_digest_extend(const uint8_t * buf,uint32_t size)89 vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
90 {
91 	return hwcrypto_mock(&hwcrypto_state_digest);
92 }
93 
vb2ex_hwcrypto_digest_finalize(uint8_t * digest,uint32_t digest_size)94 vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
95 					   uint32_t digest_size)
96 {
97 	memcpy(digest, hwcrypto_next_hash, digest_size);
98 	return hwcrypto_mock(&hwcrypto_state_digest);
99 }
100 
vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key * key,const uint8_t * sig,const uint8_t * digest)101 vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
102 					     const uint8_t *sig, const uint8_t *digest)
103 {
104 	return hwcrypto_mock(&hwcrypto_state_rsa);
105 }
106 
107 
test_unpack_key(const struct vb2_packed_key * key1)108 static void test_unpack_key(const struct vb2_packed_key *key1)
109 {
110 	struct vb2_public_key pubk;
111 
112 	/*
113 	 * Key data follows the header for a newly allocated key, so we can
114 	 * calculate the buffer size by looking at how far the key data goes.
115 	 */
116 	uint32_t size = key1->key_offset + key1->key_size;
117 	uint8_t *buf = malloc(size);
118 	struct vb2_packed_key *key = (struct vb2_packed_key *)buf;
119 
120 	memcpy(key, key1, size);
121 	TEST_SUCC(vb2_unpack_key_buffer(&pubk, buf, size),
122 		  "vb2_unpack_key_buffer() ok");
123 
124 	TEST_EQ(pubk.sig_alg, vb2_crypto_to_signature(key->algorithm),
125 		"vb2_unpack_key_buffer() sig_alg");
126 	TEST_EQ(pubk.hash_alg, vb2_crypto_to_hash(key->algorithm),
127 		"vb2_unpack_key_buffer() hash_alg");
128 
129 
130 	memcpy(key, key1, size);
131 	key->algorithm = VB2_ALG_COUNT;
132 	TEST_EQ(vb2_unpack_key_buffer(&pubk, buf, size),
133 		VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM,
134 		"vb2_unpack_key_buffer() invalid algorithm");
135 
136 	memcpy(key, key1, size);
137 	key->key_size--;
138 	TEST_EQ(vb2_unpack_key_buffer(&pubk, buf, size),
139 		VB2_ERROR_UNPACK_KEY_SIZE,
140 		"vb2_unpack_key_buffer() invalid size");
141 
142 	memcpy(key, key1, size);
143 	key->key_offset++;
144 	TEST_EQ(vb2_unpack_key_buffer(&pubk, buf, size + 1),
145 		VB2_ERROR_UNPACK_KEY_ALIGN,
146 		"vb2_unpack_key_buffer() unaligned data");
147 
148 	memcpy(key, key1, size);
149 	*(uint32_t *)(buf + key->key_offset) /= 2;
150 	TEST_EQ(vb2_unpack_key_buffer(&pubk, buf, size),
151 		VB2_ERROR_UNPACK_KEY_ARRAY_SIZE,
152 		"vb2_unpack_key_buffer() invalid key array size");
153 
154 	memcpy(key, key1, size);
155 	TEST_EQ(vb2_unpack_key_buffer(&pubk, buf, size - 1),
156 		VB2_ERROR_INSIDE_DATA_OUTSIDE,
157 		"vb2_unpack_key_buffer() buffer too small");
158 
159 	free(key);
160 
161 	TEST_EQ(vb2_unpack_key(&pubk, NULL),
162 		VB2_ERROR_UNPACK_KEY_BUFFER,
163 		"vb2_unpack_key_() buffer NULL");
164 }
165 
test_verify_data(const struct vb2_packed_key * key1,const struct vb2_signature * sig)166 static void test_verify_data(const struct vb2_packed_key *key1,
167 			     const struct vb2_signature *sig)
168 {
169 	uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES]
170 		 __attribute__((aligned(VB2_WORKBUF_ALIGN)));
171 	struct vb2_workbuf wb;
172 
173 	struct vb2_public_key pubk, pubk_orig;
174 	uint32_t sig_total_size = sig->sig_offset + sig->sig_size;
175 	struct vb2_signature *sig2;
176 
177 	hwcrypto_state_rsa = HWCRYPTO_ABORT;
178 	hwcrypto_state_digest = HWCRYPTO_ABORT;
179 
180 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
181 
182 	/* Allocate signature copy for tests */
183 	sig2 = (struct vb2_signature *)malloc(sig_total_size);
184 
185 	TEST_SUCC(vb2_unpack_key(&pubk, key1), "vb2_verify_data() unpack key");
186 	pubk_orig = pubk;
187 
188 	memcpy(sig2, sig, sig_total_size);
189 	pubk.sig_alg = VB2_SIG_INVALID;
190 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
191 		 0, "vb2_verify_data() bad sig alg");
192 	pubk.sig_alg = pubk_orig.sig_alg;
193 
194 	memcpy(sig2, sig, sig_total_size);
195 	pubk.hash_alg = VB2_HASH_INVALID;
196 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
197 		 0, "vb2_verify_data() bad hash alg");
198 	pubk.hash_alg = pubk_orig.hash_alg;
199 
200 	vb2_workbuf_init(&wb, workbuf, 4);
201 	memcpy(sig2, sig, sig_total_size);
202 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
203 		 0, "vb2_verify_data() workbuf too small");
204 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
205 
206 	memcpy(sig2, sig, sig_total_size);
207 	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
208 		0, "vb2_verify_data() ok");
209 
210 	memcpy(sig2, sig, sig_total_size);
211 	sig2->sig_size -= 16;
212 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
213 		 0, "vb2_verify_data() wrong sig size");
214 
215 	memcpy(sig2, sig, sig_total_size);
216 	TEST_NEQ(vb2_verify_data(test_data, test_size - 1, sig2, &pubk, &wb),
217 		 0, "vb2_verify_data() input buffer too small");
218 
219 	memcpy(sig2, sig, sig_total_size);
220 	vb2_signature_data_mutable(sig2)[0] ^= 0x5A;
221 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
222 		 0, "vb2_verify_data() wrong sig");
223 
224 	pubk.allow_hwcrypto = 1;
225 
226 	hwcrypto_state_digest = HWCRYPTO_OK;
227 	hwcrypto_state_rsa = HWCRYPTO_OK;
228 	memcpy(sig2, sig, sig_total_size);
229 	vb2_signature_data_mutable(sig2)[0] ^= 0x5A;
230 	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
231 		0, "vb2_verify_data() hwcrypto ok");
232 
233 	hwcrypto_state_rsa = HWCRYPTO_ERROR;
234 	memcpy(sig2, sig, sig_total_size);
235 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
236 		0, "vb2_verify_data() hwcrypto error");
237 
238 	hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED;
239 	memcpy(sig2, sig, sig_total_size);
240 	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
241 		0, "vb2_verify_data() hwcrypto fallback ok");
242 
243 	memcpy(sig2, sig, sig_total_size);
244 	sig2->sig_size -= 16;
245 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
246 		0, "vb2_verify_data() hwcrypto fallback error");
247 
248 	hwcrypto_state_digest = HWCRYPTO_ERROR;
249 	hwcrypto_state_rsa = HWCRYPTO_OK;
250 	memcpy(sig2, sig, sig_total_size);
251 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
252 		0, "vb2_verify_data() hwcrypto error");
253 
254 	hwcrypto_state_rsa = HWCRYPTO_ERROR;
255 	memcpy(sig2, sig, sig_total_size);
256 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
257 		0, "vb2_verify_data() hwcrypto error");
258 
259 	hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED;
260 	memcpy(sig2, sig, sig_total_size);
261 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
262 		0, "vb2_verify_data() hwcrypto fallback error");
263 
264 	hwcrypto_state_digest = HWCRYPTO_NOTSUPPORTED;
265 	hwcrypto_state_rsa = HWCRYPTO_OK;
266 	memcpy(sig2, sig, sig_total_size);
267 	vb2_signature_data_mutable(sig2)[0] ^= 0x5A;
268 	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
269 		0, "vb2_verify_data() hwcrypto ok");
270 
271 	hwcrypto_state_rsa = HWCRYPTO_ERROR;
272 	memcpy(sig2, sig, sig_total_size);
273 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
274 		0, "vb2_verify_data() hwcrypto error");
275 
276 	hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED;
277 	memcpy(sig2, sig, sig_total_size);
278 	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
279 		0, "vb2_verify_data() hwcrypto fallback ok");
280 
281 	memcpy(sig2, sig, sig_total_size);
282 	sig2->sig_size -= 16;
283 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
284 		0, "vb2_verify_data() hwcrypto fallback error");
285 
286 	pubk.allow_hwcrypto = 0;
287 
288 
289 	free(sig2);
290 }
291 
292 
test_algorithm(int key_algorithm,const char * keys_dir)293 static int test_algorithm(int key_algorithm, const char *keys_dir)
294 {
295 	char filename[1024];
296 	struct vb2_private_key *private_key = NULL;
297 	struct vb2_signature *sig = NULL;
298 	struct vb2_packed_key *key1 = NULL;
299 
300 	int retval = 1;
301 
302 	printf("***Testing algorithm: %s\n",
303 	       vb2_get_crypto_algorithm_name(key_algorithm));
304 
305 	snprintf(filename, sizeof(filename), "%s/key_%s.pem",
306 		 keys_dir,
307 		 vb2_get_crypto_algorithm_file(key_algorithm));
308 	private_key = vb2_read_private_key_pem(filename, key_algorithm);
309 	if (!private_key) {
310 		fprintf(stderr, "Error reading private_key: %s\n", filename);
311 		goto cleanup_algorithm;
312 	}
313 
314 	snprintf(filename, sizeof(filename), "%s/key_%s.keyb",
315 		 keys_dir,
316 		 vb2_get_crypto_algorithm_file(key_algorithm));
317 	key1 = vb2_read_packed_keyb(filename, key_algorithm, 1);
318 	if (!key1) {
319 		fprintf(stderr, "Error reading public_key: %s\n", filename);
320 		goto cleanup_algorithm;
321 	}
322 
323 	/* Calculate good signatures */
324 	sig = vb2_calculate_signature(test_data, sizeof(test_data),
325 				      private_key);
326 	TEST_PTR_NEQ(sig, 0, "Calculate signature");
327 	if (!sig)
328 		goto cleanup_algorithm;
329 
330 	test_unpack_key(key1);
331 	test_verify_data(key1, sig);
332 
333 	retval = 0;
334 
335 cleanup_algorithm:
336 	if (key1)
337 		free(key1);
338 	if (private_key)
339 		free(private_key);
340 	if (sig)
341 		free(sig);
342 
343 	return retval;
344 }
345 
346 /* Test only the algorithms we use */
347 const int key_algs[] = {
348 	VB2_ALG_RSA2048_SHA256,
349 	VB2_ALG_RSA4096_SHA256,
350 	VB2_ALG_RSA8192_SHA512,
351 };
352 
main(int argc,char * argv[])353 int main(int argc, char *argv[]) {
354 
355 	if (argc == 2) {
356 		int i;
357 
358 		for (i = 0; i < ARRAY_SIZE(key_algs); i++) {
359 			if (test_algorithm(key_algs[i], argv[1]))
360 				return 1;
361 		}
362 
363 	} else if (argc == 3 && !strcasecmp(argv[2], "--all")) {
364 		/* Test all the algorithms */
365 		int alg;
366 
367 		for (alg = 0; alg < VB2_ALG_COUNT; alg++) {
368 			if (test_algorithm(alg, argv[1]))
369 				return 1;
370 		}
371 
372 	} else {
373 		fprintf(stderr, "Usage: %s <keys_dir> [--all]", argv[0]);
374 		return -1;
375 	}
376 
377 	return gTestSuccess ? 0 : 255;
378 }
379