1 /* Copyright 2014 The ChromiumOS Authors
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Tests for firmware image library.
6 */
7
8 #include <stdio.h>
9
10 #include "2common.h"
11 #include "2rsa.h"
12 #include "2sysincludes.h"
13 #include "common/tests.h"
14 #include "file_keys.h"
15 #include "host_common.h"
16 #include "host_keyblock.h"
17 #include "host_key.h"
18 #include "host_signature.h"
19
resign_keyblock(struct vb2_keyblock * h,const struct vb2_private_key * key)20 static void resign_keyblock(struct vb2_keyblock *h,
21 const struct vb2_private_key *key)
22 {
23 struct vb2_signature *sig =
24 vb2_calculate_signature((const uint8_t *)h,
25 h->keyblock_signature.data_size, key);
26
27 vb2_copy_signature(&h->keyblock_signature, sig);
28 free(sig);
29 }
30
test_check_keyblock(const struct vb2_public_key * public_key,const struct vb2_private_key * private_key,const struct vb2_packed_key * data_key)31 static void test_check_keyblock(const struct vb2_public_key *public_key,
32 const struct vb2_private_key *private_key,
33 const struct vb2_packed_key *data_key)
34 {
35 struct vb2_keyblock *hdr;
36 struct vb2_keyblock *h;
37 struct vb2_signature *sig;
38 uint32_t hsize;
39
40 hdr = vb2_create_keyblock(data_key, private_key, 0x1234);
41 TEST_NEQ((size_t)hdr, 0, "vb2_verify_keyblock() prerequisites");
42 if (!hdr)
43 return;
44 hsize = hdr->keyblock_size;
45 h = (struct vb2_keyblock *)malloc(hsize + 2048);
46 sig = &h->keyblock_signature;
47
48 memcpy(h, hdr, hsize);
49 TEST_SUCC(vb2_check_keyblock(h, hsize, sig),
50 "vb2_check_keyblock() ok");
51
52 memcpy(h, hdr, hsize);
53 TEST_EQ(vb2_check_keyblock(h, hsize - 1, sig),
54 VB2_ERROR_KEYBLOCK_SIZE, "vb2_check_keyblock() size--");
55
56 /* Buffer is allowed to be bigger than keyblock */
57 memcpy(h, hdr, hsize);
58 TEST_SUCC(vb2_check_keyblock(h, hsize + 1, sig),
59 "vb2_check_keyblock() size++");
60
61 memcpy(h, hdr, hsize);
62 h->magic[0] &= 0x12;
63 TEST_EQ(vb2_check_keyblock(h, hsize, sig),
64 VB2_ERROR_KEYBLOCK_MAGIC, "vb2_check_keyblock() magic");
65
66 /* Care about major version but not minor */
67 memcpy(h, hdr, hsize);
68 h->header_version_major++;
69 resign_keyblock(h, private_key);
70 TEST_EQ(vb2_check_keyblock(h, hsize, sig),
71 VB2_ERROR_KEYBLOCK_HEADER_VERSION,
72 "vb2_check_keyblock() major++");
73
74 memcpy(h, hdr, hsize);
75 h->header_version_major--;
76 resign_keyblock(h, private_key);
77 TEST_EQ(vb2_check_keyblock(h, hsize, sig),
78 VB2_ERROR_KEYBLOCK_HEADER_VERSION,
79 "vb2_check_keyblock() major--");
80
81 memcpy(h, hdr, hsize);
82 h->header_version_minor++;
83 resign_keyblock(h, private_key);
84 TEST_SUCC(vb2_check_keyblock(h, hsize, sig),
85 "vb2_check_keyblock() minor++");
86
87 memcpy(h, hdr, hsize);
88 h->header_version_minor--;
89 resign_keyblock(h, private_key);
90 TEST_SUCC(vb2_check_keyblock(h, hsize, sig),
91 "vb2_check_keyblock() minor--");
92
93 /* Check signature */
94 memcpy(h, hdr, hsize);
95 h->keyblock_signature.sig_offset = hsize;
96 resign_keyblock(h, private_key);
97 TEST_EQ(vb2_check_keyblock(h, hsize, sig),
98 VB2_ERROR_KEYBLOCK_SIG_OUTSIDE,
99 "vb2_check_keyblock() sig off end");
100
101 memcpy(h, hdr, hsize);
102 h->keyblock_signature.data_size = h->keyblock_size + 1;
103 TEST_EQ(vb2_check_keyblock(h, hsize, sig),
104 VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH,
105 "vb2_check_keyblock() sig data past end of block");
106
107 /* Check that we signed header and data key */
108 memcpy(h, hdr, hsize);
109 h->keyblock_signature.data_size = 4;
110 h->data_key.key_offset = 0;
111 h->data_key.key_size = 0;
112 resign_keyblock(h, private_key);
113 TEST_EQ(vb2_check_keyblock(h, hsize, sig),
114 VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE,
115 "vb2_check_keyblock() didn't sign header");
116
117 memcpy(h, hdr, hsize);
118 h->data_key.key_offset = hsize;
119 resign_keyblock(h, private_key);
120 TEST_EQ(vb2_check_keyblock(h, hsize, sig),
121 VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE,
122 "vb2_check_keyblock() data key off end");
123
124 /* Corner cases for error checking */
125 TEST_EQ(vb2_check_keyblock(NULL, 4, sig),
126 VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER,
127 "vb2_check_keyblock size too small");
128
129 /*
130 * TODO: verify parser can support a bigger header (i.e., one where
131 * data_key.key_offset is bigger than expected).
132 */
133
134 free(h);
135 free(hdr);
136 }
137
test_verify_keyblock(const struct vb2_public_key * public_key,const struct vb2_private_key * private_key,const struct vb2_packed_key * data_key)138 static void test_verify_keyblock(const struct vb2_public_key *public_key,
139 const struct vb2_private_key *private_key,
140 const struct vb2_packed_key *data_key)
141 {
142 uint8_t workbuf[VB2_KEYBLOCK_VERIFY_WORKBUF_BYTES]
143 __attribute__((aligned(VB2_WORKBUF_ALIGN)));
144 struct vb2_workbuf wb;
145 struct vb2_keyblock *hdr;
146 struct vb2_keyblock *h;
147 uint32_t hsize;
148
149 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
150
151 hdr = vb2_create_keyblock(data_key, private_key, 0x1234);
152 TEST_NEQ((size_t)hdr, 0, "vb2_verify_keyblock() prerequisites");
153 if (!hdr)
154 return;
155 hsize = hdr->keyblock_size;
156 h = (struct vb2_keyblock *)malloc(hsize + 2048);
157
158 memcpy(h, hdr, hsize);
159 TEST_SUCC(vb2_verify_keyblock(h, hsize, public_key, &wb),
160 "vb2_verify_keyblock() ok using key");
161
162 /* Failures in keyblock check also cause verify to fail */
163 memcpy(h, hdr, hsize);
164 TEST_EQ(vb2_verify_keyblock(h, hsize - 1, public_key, &wb),
165 VB2_ERROR_KEYBLOCK_SIZE, "vb2_verify_keyblock() check");
166
167 /* Check signature */
168 memcpy(h, hdr, hsize);
169 h->keyblock_signature.sig_size--;
170 resign_keyblock(h, private_key);
171 TEST_EQ(vb2_verify_keyblock(h, hsize, public_key, &wb),
172 VB2_ERROR_KEYBLOCK_SIG_INVALID,
173 "vb2_verify_keyblock() sig too small");
174
175 memcpy(h, hdr, hsize);
176 ((uint8_t *)vb2_packed_key_data_mutable(&h->data_key))[0] ^= 0x34;
177 TEST_EQ(vb2_verify_keyblock(h, hsize, public_key, &wb),
178 VB2_ERROR_KEYBLOCK_SIG_INVALID,
179 "vb2_verify_keyblock() sig mismatch");
180
181 /*
182 * TODO: verify parser can support a bigger header (i.e., one where
183 * data_key.key_offset is bigger than expected).
184 */
185
186 free(h);
187 free(hdr);
188 }
189
resign_fw_preamble(struct vb2_fw_preamble * h,struct vb2_private_key * key)190 static void resign_fw_preamble(struct vb2_fw_preamble *h,
191 struct vb2_private_key *key)
192 {
193 struct vb2_signature *sig = vb2_calculate_signature(
194 (const uint8_t *)h, h->preamble_signature.data_size, key);
195
196 vb2_copy_signature(&h->preamble_signature, sig);
197 free(sig);
198 }
199
test_verify_fw_preamble(struct vb2_packed_key * public_key,struct vb2_private_key * private_key,struct vb2_packed_key * kernel_subkey)200 static void test_verify_fw_preamble(struct vb2_packed_key *public_key,
201 struct vb2_private_key *private_key,
202 struct vb2_packed_key *kernel_subkey)
203 {
204 struct vb2_fw_preamble *hdr;
205 struct vb2_fw_preamble *h;
206 struct vb2_public_key rsa;
207 uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES]
208 __attribute__((aligned(VB2_WORKBUF_ALIGN)));
209 struct vb2_workbuf wb;
210 uint32_t hsize;
211
212 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
213
214 /* Create a dummy signature */
215 struct vb2_signature *body_sig = vb2_alloc_signature(56, 78);
216
217 TEST_SUCC(vb2_unpack_key(&rsa, public_key),
218 "vb2_verify_fw_preamble() prereq key");
219
220 hdr = vb2_create_fw_preamble(0x1234, kernel_subkey, body_sig,
221 private_key, 0x5678);
222 TEST_PTR_NEQ(hdr, NULL,
223 "vb2_verify_fw_preamble() prereq test preamble");
224 if (!hdr) {
225 free(body_sig);
226 return;
227 }
228
229 hsize = (uint32_t) hdr->preamble_size;
230 h = (struct vb2_fw_preamble *)malloc(hsize + 16384);
231
232 memcpy(h, hdr, hsize);
233 TEST_SUCC(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
234 "vb2_verify_fw_preamble() ok using key");
235
236 memcpy(h, hdr, hsize);
237 TEST_EQ(vb2_verify_fw_preamble(h, 4, &rsa, &wb),
238 VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER,
239 "vb2_verify_fw_preamble() size tiny");
240
241 memcpy(h, hdr, hsize);
242 TEST_EQ(vb2_verify_fw_preamble(h, hsize - 1, &rsa, &wb),
243 VB2_ERROR_PREAMBLE_SIZE,
244 "vb2_verify_fw_preamble() size--");
245
246 /* Buffer is allowed to be bigger than preamble */
247 memcpy(h, hdr, hsize);
248 TEST_SUCC(vb2_verify_fw_preamble(h, hsize + 1, &rsa, &wb),
249 "vb2_verify_fw_preamble() size++");
250
251 /* Care about major version but not minor */
252 memcpy(h, hdr, hsize);
253 h->header_version_major++;
254 resign_fw_preamble(h, private_key);
255 TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
256 VB2_ERROR_PREAMBLE_HEADER_VERSION
257 , "vb2_verify_fw_preamble() major++");
258
259 memcpy(h, hdr, hsize);
260 h->header_version_major--;
261 resign_fw_preamble(h, private_key);
262 TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
263 VB2_ERROR_PREAMBLE_HEADER_VERSION,
264 "vb2_verify_fw_preamble() major--");
265
266 memcpy(h, hdr, hsize);
267 h->header_version_minor++;
268 resign_fw_preamble(h, private_key);
269 TEST_SUCC(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
270 "vb2_verify_fw_preamble() minor++");
271
272 memcpy(h, hdr, hsize);
273 h->header_version_minor--;
274 resign_fw_preamble(h, private_key);
275 TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
276 VB2_ERROR_PREAMBLE_HEADER_OLD,
277 "vb2_verify_fw_preamble() 2.0 not supported");
278
279 /* Check signature */
280 memcpy(h, hdr, hsize);
281 h->preamble_signature.sig_offset = hsize;
282 resign_fw_preamble(h, private_key);
283 TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
284 VB2_ERROR_PREAMBLE_SIG_OUTSIDE,
285 "vb2_verify_fw_preamble() sig off end");
286
287 memcpy(h, hdr, hsize);
288 h->preamble_signature.sig_size--;
289 resign_fw_preamble(h, private_key);
290 TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
291 VB2_ERROR_PREAMBLE_SIG_INVALID,
292 "vb2_verify_fw_preamble() sig too small");
293
294 memcpy(h, hdr, hsize);
295 ((uint8_t *)vb2_packed_key_data_mutable(&h->kernel_subkey))[0] ^= 0x34;
296 TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
297 VB2_ERROR_PREAMBLE_SIG_INVALID,
298 "vb2_verify_fw_preamble() sig mismatch");
299
300 /* Check that we signed header, kernel subkey, and body sig */
301 memcpy(h, hdr, hsize);
302 h->preamble_signature.data_size = 4;
303 h->kernel_subkey.key_offset = 0;
304 h->kernel_subkey.key_size = 0;
305 h->body_signature.sig_offset = 0;
306 h->body_signature.sig_size = 0;
307 resign_fw_preamble(h, private_key);
308 TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
309 VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE,
310 "vb2_verify_fw_preamble() didn't sign header");
311
312 memcpy(h, hdr, hsize);
313 h->kernel_subkey.key_offset = hsize;
314 resign_fw_preamble(h, private_key);
315 TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
316 VB2_ERROR_PREAMBLE_KERNEL_SUBKEY_OUTSIDE,
317 "vb2_verify_fw_preamble() kernel subkey off end");
318
319 memcpy(h, hdr, hsize);
320 h->body_signature.sig_offset = hsize;
321 resign_fw_preamble(h, private_key);
322 TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
323 VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE,
324 "vb2_verify_fw_preamble() body sig off end");
325
326 /* TODO: verify with extra padding at end of header. */
327
328 free(h);
329 free(hdr);
330 free(body_sig);
331 }
332
resign_kernel_preamble(struct vb2_kernel_preamble * h,const struct vb2_private_key * key)333 static void resign_kernel_preamble(struct vb2_kernel_preamble *h,
334 const struct vb2_private_key *key)
335 {
336 struct vb2_signature *sig = vb2_calculate_signature(
337 (const uint8_t *)h, h->preamble_signature.data_size, key);
338
339 vb2_copy_signature(&h->preamble_signature, sig);
340 free(sig);
341 }
342
test_verify_kernel_preamble(const struct vb2_packed_key * public_key,const struct vb2_private_key * private_key)343 static void test_verify_kernel_preamble(
344 const struct vb2_packed_key *public_key,
345 const struct vb2_private_key *private_key)
346 {
347 struct vb2_public_key rsa;
348 // TODO: how many workbuf bytes?
349 uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES]
350 __attribute__((aligned(VB2_WORKBUF_ALIGN)));
351 struct vb2_workbuf wb;
352 uint32_t hsize;
353
354 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
355
356 /* Create a dummy signature */
357 struct vb2_signature *body_sig = vb2_alloc_signature(56, 0x214000);
358
359 TEST_SUCC(vb2_unpack_key(&rsa, public_key),
360 "vb2_verify_kernel_preamble() prereq key");
361
362 struct vb2_kernel_preamble *hdr =
363 vb2_create_kernel_preamble(0x1234, 0x100000, 0x300000, 0x4000,
364 body_sig, 0x304000, 0x10000, 0, 0,
365 private_key);
366 TEST_PTR_NEQ(hdr, NULL,
367 "vb2_verify_kernel_preamble() prereq test preamble");
368 if (!hdr) {
369 free(body_sig);
370 return;
371 }
372
373 hsize = (uint32_t) hdr->preamble_size;
374 struct vb2_kernel_preamble *h =
375 (struct vb2_kernel_preamble *)malloc(hsize + 16384);
376
377 memcpy(h, hdr, hsize);
378 TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
379 "vb2_verify_kernel_preamble() ok using key");
380
381 memcpy(h, hdr, hsize);
382 TEST_EQ(vb2_verify_kernel_preamble(h, 4, &rsa, &wb),
383 VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER,
384 "vb2_verify_kernel_preamble() size tiny");
385
386 memcpy(h, hdr, hsize);
387 TEST_EQ(vb2_verify_kernel_preamble(h, hsize - 1, &rsa, &wb),
388 VB2_ERROR_PREAMBLE_SIZE,
389 "vb2_verify_kernel_preamble() size--");
390
391 /* Buffer is allowed to be bigger than preamble */
392 memcpy(h, hdr, hsize);
393 TEST_SUCC(vb2_verify_kernel_preamble(h, hsize + 1, &rsa, &wb),
394 "vb2_verify_kernel_preamble() size++");
395
396 /* Care about major version but not minor */
397 memcpy(h, hdr, hsize);
398 h->header_version_major++;
399 resign_kernel_preamble(h, private_key);
400 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
401 VB2_ERROR_PREAMBLE_HEADER_VERSION
402 , "vb2_verify_kernel_preamble() major++");
403
404 memcpy(h, hdr, hsize);
405 h->header_version_major--;
406 resign_kernel_preamble(h, private_key);
407 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
408 VB2_ERROR_PREAMBLE_HEADER_VERSION,
409 "vb2_verify_kernel_preamble() major--");
410
411 memcpy(h, hdr, hsize);
412 h->header_version_minor++;
413 resign_kernel_preamble(h, private_key);
414 TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
415 "vb2_verify_kernel_preamble() minor++");
416
417 /* Check signature */
418 memcpy(h, hdr, hsize);
419 h->preamble_signature.sig_offset = hsize;
420 resign_kernel_preamble(h, private_key);
421 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
422 VB2_ERROR_PREAMBLE_SIG_OUTSIDE,
423 "vb2_verify_kernel_preamble() sig off end");
424
425 memcpy(h, hdr, hsize);
426 h->preamble_signature.sig_size--;
427 resign_kernel_preamble(h, private_key);
428 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
429 VB2_ERROR_PREAMBLE_SIG_INVALID,
430 "vb2_verify_kernel_preamble() sig too small");
431
432 memcpy(h, hdr, hsize);
433 h->flags++;
434 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
435 VB2_ERROR_PREAMBLE_SIG_INVALID,
436 "vb2_verify_kernel_preamble() sig mismatch");
437
438 /* Check that we signed header and body sig */
439 memcpy(h, hdr, hsize);
440 h->preamble_signature.data_size = 4;
441 h->body_signature.sig_offset = 0;
442 h->body_signature.sig_size = 0;
443 resign_kernel_preamble(h, private_key);
444 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
445 VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE,
446 "vb2_verify_kernel_preamble() didn't sign header");
447
448 memcpy(h, hdr, hsize);
449 h->body_signature.sig_offset = hsize;
450 resign_kernel_preamble(h, private_key);
451 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
452 VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE,
453 "vb2_verify_kernel_preamble() body sig off end");
454
455 /* Check bootloader inside signed body */
456 memcpy(h, hdr, hsize);
457 h->bootloader_address = h->body_load_address - 1;
458 resign_kernel_preamble(h, private_key);
459 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
460 VB2_ERROR_PREAMBLE_BOOTLOADER_OUTSIDE,
461 "vb2_verify_kernel_preamble() bootloader before body");
462
463 memcpy(h, hdr, hsize);
464 h->bootloader_address = h->body_load_address +
465 h->body_signature.data_size + 1;
466 resign_kernel_preamble(h, private_key);
467 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
468 VB2_ERROR_PREAMBLE_BOOTLOADER_OUTSIDE,
469 "vb2_verify_kernel_preamble() bootloader off end of body");
470
471 memcpy(h, hdr, hsize);
472 h->bootloader_address = h->body_load_address +
473 h->body_signature.data_size + 1;
474 h->bootloader_size = 0;
475 resign_kernel_preamble(h, private_key);
476 TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
477 "vb2_verify_kernel_preamble() no bootloader");
478
479 /* Check vmlinuz inside signed body */
480 memcpy(h, hdr, hsize);
481 h->vmlinuz_header_address = h->body_load_address - 1;
482 resign_kernel_preamble(h, private_key);
483 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
484 VB2_ERROR_PREAMBLE_VMLINUZ_HEADER_OUTSIDE,
485 "vb2_verify_kernel_preamble() vmlinuz_header before body");
486
487 memcpy(h, hdr, hsize);
488 h->vmlinuz_header_address = h->body_load_address +
489 h->body_signature.data_size + 1;
490 resign_kernel_preamble(h, private_key);
491 TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
492 VB2_ERROR_PREAMBLE_VMLINUZ_HEADER_OUTSIDE,
493 "vb2_verify_kernel_preamble() vmlinuz_header off end of body");
494
495 memcpy(h, hdr, hsize);
496 h->vmlinuz_header_address = h->body_load_address +
497 h->body_signature.data_size + 1;
498 h->vmlinuz_header_size = 0;
499 resign_kernel_preamble(h, private_key);
500 TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
501 "vb2_verify_kernel_preamble() no vmlinuz_header");
502
503 /* TODO: verify with extra padding at end of header. */
504
505 free(h);
506 free(hdr);
507 free(body_sig);
508 }
509
test_permutation(int signing_key_algorithm,int data_key_algorithm,const char * keys_dir)510 static int test_permutation(int signing_key_algorithm, int data_key_algorithm,
511 const char *keys_dir)
512 {
513 char filename[1024];
514 int retval = 1;
515
516 struct vb2_private_key *signing_private_key = NULL;
517 struct vb2_packed_key *signing_public_key = NULL;
518 struct vb2_packed_key *data_public_key = NULL;
519
520 printf("***Testing signing algorithm: %s\n",
521 vb2_get_crypto_algorithm_name(signing_key_algorithm));
522 printf("***With data key algorithm: %s\n",
523 vb2_get_crypto_algorithm_name(data_key_algorithm));
524
525 snprintf(filename, sizeof(filename), "%s/key_%s.pem",
526 keys_dir,
527 vb2_get_crypto_algorithm_file(signing_key_algorithm));
528 signing_private_key =
529 vb2_read_private_key_pem(filename, signing_key_algorithm);
530 if (!signing_private_key) {
531 fprintf(stderr, "Error reading signing_private_key: %s\n",
532 filename);
533 goto cleanup_permutation;
534 }
535
536 snprintf(filename, sizeof(filename), "%s/key_%s.keyb",
537 keys_dir,
538 vb2_get_crypto_algorithm_file(signing_key_algorithm));
539 signing_public_key =
540 vb2_read_packed_keyb(filename, signing_key_algorithm, 1);
541 if (!signing_public_key) {
542 fprintf(stderr, "Error reading signing_public_key: %s\n",
543 filename);
544 goto cleanup_permutation;
545 }
546
547 snprintf(filename, sizeof(filename), "%s/key_%s.keyb",
548 keys_dir,
549 vb2_get_crypto_algorithm_file(data_key_algorithm));
550 data_public_key =
551 vb2_read_packed_keyb(filename, data_key_algorithm, 1);
552 if (!data_public_key) {
553 fprintf(stderr, "Error reading data_public_key: %s\n",
554 filename);
555 goto cleanup_permutation;
556 }
557
558 /* Unpack public key */
559 struct vb2_public_key signing_public_key2;
560 if (VB2_SUCCESS !=
561 vb2_unpack_key_buffer(&signing_public_key2,
562 (uint8_t *)signing_public_key,
563 signing_public_key->key_offset +
564 signing_public_key->key_size)) {
565 fprintf(stderr, "Error unpacking signing_public_key: %s\n",
566 filename);
567 goto cleanup_permutation;
568 }
569
570 test_check_keyblock(&signing_public_key2, signing_private_key,
571 data_public_key);
572 test_verify_keyblock(&signing_public_key2, signing_private_key,
573 data_public_key);
574 test_verify_fw_preamble(signing_public_key, signing_private_key,
575 data_public_key);
576 test_verify_kernel_preamble(signing_public_key, signing_private_key);
577
578 retval = 0;
579
580 cleanup_permutation:
581 if (signing_public_key)
582 free(signing_public_key);
583 if (signing_private_key)
584 free(signing_private_key);
585 if (data_public_key)
586 free(data_public_key);
587
588 return retval;
589 }
590
591 struct test_perm
592 {
593 int signing_algorithm;
594 int data_key_algorithm;
595 };
596
597 /* Permutations of signing and data key algorithms in active use */
598 const struct test_perm test_perms[] = {
599 {VB2_ALG_RSA4096_SHA256, VB2_ALG_RSA2048_SHA256},
600 {VB2_ALG_RSA8192_SHA512, VB2_ALG_RSA2048_SHA256},
601 {VB2_ALG_RSA8192_SHA512, VB2_ALG_RSA4096_SHA256},
602 };
603
main(int argc,char * argv[])604 int main(int argc, char *argv[])
605 {
606 if (argc == 2) {
607 /* Test only the algorithms we use */
608 int i;
609
610 for (i = 0; i < ARRAY_SIZE(test_perms); i++) {
611 if (test_permutation(test_perms[i].signing_algorithm,
612 test_perms[i].data_key_algorithm,
613 argv[1]))
614 return 1;
615 }
616
617 } else if (argc == 3 && !strcasecmp(argv[2], "--all")) {
618 /* Test all the algorithms */
619 int sign_alg, data_alg;
620
621 for (sign_alg = 0; sign_alg < VB2_ALG_COUNT; sign_alg++) {
622 for (data_alg = 0; data_alg < VB2_ALG_COUNT;
623 data_alg++) {
624 if (test_permutation(sign_alg, data_alg,
625 argv[1]))
626 return 1;
627 }
628 }
629 } else {
630 fprintf(stderr, "Usage: %s <keys_dir> [--all]", argv[0]);
631 return -1;
632 }
633
634 return gTestSuccess ? 0 : 255;
635 }
636