| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Tests for firmware image library. | 5 * Tests for firmware image library. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include <stdio.h> | 8 #include <stdio.h> |
| 9 #include <stdlib.h> | 9 #include <stdlib.h> |
| 10 | 10 |
| 11 #include "file_keys.h" | 11 #include "file_keys.h" |
| 12 #include "firmware_image.h" | 12 #include "firmware_image.h" |
| 13 #include "rsa_utility.h" | 13 #include "rsa_utility.h" |
| 14 #include "utility.h" | 14 #include "utility.h" |
| 15 #include "rollback_index.h" |
| 15 | 16 |
| 16 /* ANSI Color coding sequences. */ | 17 /* ANSI Color coding sequences. */ |
| 17 #define COL_GREEN "\e[1;32m" | 18 #define COL_GREEN "\e[1;32m" |
| 18 #define COL_RED "\e[0;31m]" | 19 #define COL_RED "\e[0;31m" |
| 19 #define COL_STOP "\e[m" | 20 #define COL_STOP "\e[m" |
| 20 | 21 |
| 21 int TEST_EQ(int result, int expected_result, char* testname) { | 22 int TEST_EQ(int result, int expected_result, char* testname) { |
| 22 if (result == expected_result) { | 23 if (result == expected_result) { |
| 23 fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); | 24 fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); |
| 24 return 1; | 25 return 1; |
| 25 } | 26 } else { |
| 26 else { | |
| 27 fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); | 27 fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); |
| 28 return 0; | 28 return 0; |
| 29 } | 29 } |
| 30 } | 30 } |
| 31 | 31 |
| 32 FirmwareImage* GenerateTestFirmwareImage(int algorithm, | 32 FirmwareImage* GenerateTestFirmwareImage(int algorithm, |
| 33 uint8_t* firmware_sign_key, | 33 uint8_t* firmware_sign_key, |
| 34 int firmware_key_version, | 34 int firmware_key_version, |
| 35 int firmware_version, | 35 int firmware_version, |
| 36 int firmware_len) { | 36 int firmware_len, |
| 37 const char* root_key_file, |
| 38 const char* firmware_key_file) { |
| 37 FirmwareImage* image = FirmwareImageNew(); | 39 FirmwareImage* image = FirmwareImageNew(); |
| 38 | 40 |
| 39 Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); | 41 Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); |
| 40 image->firmware_sign_algorithm = algorithm; | 42 image->firmware_sign_algorithm = algorithm; |
| 41 image->firmware_sign_key = (uint8_t*) Malloc( | 43 image->firmware_sign_key = (uint8_t*) Malloc( |
| 42 RSAProcessedKeySize(image->firmware_sign_algorithm)); | 44 RSAProcessedKeySize(image->firmware_sign_algorithm)); |
| 43 Memcpy(image->firmware_sign_key, firmware_sign_key, | 45 Memcpy(image->firmware_sign_key, firmware_sign_key, |
| 44 RSAProcessedKeySize(image->firmware_sign_algorithm)); | 46 RSAProcessedKeySize(image->firmware_sign_algorithm)); |
| 45 image->firmware_key_version = firmware_key_version; | 47 image->firmware_key_version = firmware_key_version; |
| 46 | 48 |
| 47 /* Update correct header length. */ | 49 /* Update correct header length. */ |
| 48 image->header_len = GetFirmwareHeaderLen(image); | 50 image->header_len = GetFirmwareHeaderLen(image); |
| 49 | 51 |
| 50 /* Calculate SHA-512 digest on header and populate header_checksum. */ | 52 /* Calculate SHA-512 digest on header and populate header_checksum. */ |
| 51 CalculateFirmwareHeaderChecksum(image, image->header_checksum); | 53 CalculateFirmwareHeaderChecksum(image, image->header_checksum); |
| 52 | 54 |
| 53 /* Populate firmware and preamble with dummy data. */ | 55 /* Populate firmware and preamble with dummy data. */ |
| 54 image->firmware_version = firmware_version; | 56 image->firmware_version = firmware_version; |
| 55 image->firmware_len = firmware_len; | 57 image->firmware_len = firmware_len; |
| 56 image->preamble_signature = image->firmware_signature = NULL; | 58 image->preamble_signature = image->firmware_signature = NULL; |
| 57 Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); | 59 Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); |
| 58 image->firmware_data = Malloc(image->firmware_len); | 60 image->firmware_data = Malloc(image->firmware_len); |
| 59 Memset(image->firmware_data, 'F', image->firmware_len); | 61 Memset(image->firmware_data, 'F', image->firmware_len); |
| 60 | 62 |
| 63 /* Generate and populate signatures. */ |
| 64 if (!AddFirmwareKeySignature(image, root_key_file)) { |
| 65 fprintf(stderr, "Couldn't create key signature.\n"); |
| 66 FirmwareImageFree(image); |
| 67 return NULL; |
| 68 } |
| 69 |
| 70 if (!AddFirmwareSignature(image, firmware_key_file)) { |
| 71 fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); |
| 72 FirmwareImageFree(image); |
| 73 return NULL; |
| 74 } |
| 61 return image; | 75 return image; |
| 62 } | 76 } |
| 63 | 77 |
| 64 #define DEV_MODE_ENABLED 1 | 78 #define DEV_MODE_ENABLED 1 |
| 65 #define DEV_MODE_DISABLED 0 | 79 #define DEV_MODE_DISABLED 0 |
| 66 | 80 |
| 67 /* Normal Firmware Blob Verification Tests. */ | 81 /* Normal Firmware Blob Verification Tests. */ |
| 68 int VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { | 82 int VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { |
| 69 int success = 1; | 83 int success = 1; |
| 70 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_ENABLED), | 84 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_ENABLED), |
| 71 VERIFY_FIRMWARE_SUCCESS, | 85 VERIFY_FIRMWARE_SUCCESS, |
| 72 "Normal Firmware Blob Verification (Dev Mode)")) | 86 "Normal Firmware Blob Verification (Dev Mode)")) |
| 73 success = 0; | 87 success = 0; |
| 74 | 88 |
| 75 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_DISABLED), | 89 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_DISABLED), |
| 76 VERIFY_FIRMWARE_SUCCESS, | 90 VERIFY_FIRMWARE_SUCCESS, |
| 77 "Normal Firmware Blob Verification (Trusted)")) | 91 "Normal Firmware Blob Verification (Trusted)")) |
| 78 success = 0; | 92 success = 0; |
| 79 return success; | 93 return success; |
| 80 } | 94 } |
| 81 | 95 |
| 82 | |
| 83 /* Normal FirmwareImage Verification Tests. */ | 96 /* Normal FirmwareImage Verification Tests. */ |
| 84 int VerifyFirmwareImageTest(FirmwareImage* image, | 97 int VerifyFirmwareImageTest(FirmwareImage* image, |
| 85 RSAPublicKey* root_key) { | 98 RSAPublicKey* root_key) { |
| 86 int success = 1; | 99 int success = 1; |
| 87 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 100 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
| 88 VERIFY_FIRMWARE_SUCCESS, | 101 VERIFY_FIRMWARE_SUCCESS, |
| 89 "Normal FirmwareImage Verification (Dev Mode)")) | 102 "Normal FirmwareImage Verification (Dev Mode)")) |
| 90 success = 0; | 103 success = 0; |
| 91 | 104 |
| 92 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | 105 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 135 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | 148 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
| 136 VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, | 149 VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, |
| 137 "FirmwareImage Root Signature Tamper Verification (Trusted)")) | 150 "FirmwareImage Root Signature Tamper Verification (Trusted)")) |
| 138 success = 0; | 151 success = 0; |
| 139 | 152 |
| 140 return success; | 153 return success; |
| 141 } | 154 } |
| 142 | 155 |
| 143 int main(int argc, char* argv[]) { | 156 int main(int argc, char* argv[]) { |
| 144 uint64_t len; | 157 uint64_t len; |
| 158 const char* root_key_file = NULL; |
| 159 const char* firmware_key_file = NULL; |
| 145 uint8_t* firmware_sign_key_buf = NULL; | 160 uint8_t* firmware_sign_key_buf = NULL; |
| 146 uint8_t* root_key_blob = NULL; | 161 uint8_t* root_key_blob = NULL; |
| 147 uint8_t* firmware_blob = NULL; | 162 uint8_t* firmware_blob = NULL; |
| 148 uint64_t firmware_blob_len = 0; | 163 uint64_t firmware_blob_len = 0; |
| 149 FirmwareImage* image = NULL; | 164 FirmwareImage* image = NULL; |
| 150 RSAPublicKey* root_key = NULL; | 165 RSAPublicKey* root_key_pub = NULL; |
| 151 int error_code = 0; | 166 int error_code = 0; |
| 152 | 167 int algorithm; |
| 168 SetupTPM(); |
| 153 if(argc != 6) { | 169 if(argc != 6) { |
| 154 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" | 170 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" |
| 155 " <signing key> <processed signing key>\n", argv[0]); | 171 " <signing key> <processed signing key>\n", argv[0]); |
| 156 return -1; | 172 return -1; |
| 157 } | 173 } |
| 158 | 174 |
| 159 /* Read verification keys and create a test image. */ | 175 /* Read verification keys and create a test image. */ |
| 160 root_key = RSAPublicKeyFromFile(argv[3]); | 176 algorithm = atoi(argv[1]); |
| 177 root_key_pub = RSAPublicKeyFromFile(argv[3]); |
| 161 root_key_blob = BufferFromFile(argv[3], &len); | 178 root_key_blob = BufferFromFile(argv[3], &len); |
| 162 firmware_sign_key_buf = BufferFromFile(argv[5], &len); | 179 firmware_sign_key_buf = BufferFromFile(argv[5], &len); |
| 163 image = GenerateTestFirmwareImage(atoi(argv[1]), firmware_sign_key_buf, 1, | 180 root_key_file = argv[2]; |
| 164 1, 1000); | 181 firmware_key_file = argv[4]; |
| 182 image = GenerateTestFirmwareImage(algorithm, |
| 183 firmware_sign_key_buf, |
| 184 1, /* Firmware Key Version. */ |
| 185 1, /* Firmware Version. */ |
| 186 1000, /* Firmware length. */ |
| 187 root_key_file, |
| 188 firmware_key_file); |
| 165 | 189 |
| 166 if (!root_key || !firmware_sign_key_buf || !image) { | 190 if (!root_key_pub || !firmware_sign_key_buf || !image) { |
| 167 error_code = 1; | 191 error_code = 1; |
| 168 goto failure; | 192 goto failure; |
| 169 } | 193 } |
| 170 | |
| 171 /* Generate and populate signatures. */ | |
| 172 if (!AddFirmwareKeySignature(image, argv[2])) { | |
| 173 fprintf(stderr, "Couldn't create key signature.\n"); | |
| 174 error_code = 1; | |
| 175 goto failure; | |
| 176 } | |
| 177 | |
| 178 if (!AddFirmwareSignature(image, argv[4])) { | |
| 179 fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); | |
| 180 error_code = 1; | |
| 181 goto failure; | |
| 182 } | |
| 183 | |
| 184 firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); | 194 firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); |
| 185 | 195 |
| 186 /* Test Firmware blob verify operations. */ | 196 /* Test Firmware blob verify operations. */ |
| 187 if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) | 197 if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) |
| 188 error_code = 255; | 198 error_code = 255; |
| 189 | 199 |
| 190 /* Test FirmwareImage verify operations. */ | 200 /* Test FirmwareImage verify operations. */ |
| 191 if (!VerifyFirmwareImageTest(image, root_key)) | 201 if (!VerifyFirmwareImageTest(image, root_key_pub)) |
| 192 error_code = 255; | 202 error_code = 255; |
| 193 if (!VerifyFirmwareImageTamperTest(image, root_key)) | 203 if (!VerifyFirmwareImageTamperTest(image, root_key_pub)) |
| 194 error_code = 255; | 204 error_code = 255; |
| 195 | 205 |
| 196 failure: | 206 failure: |
| 197 Free(firmware_blob); | 207 Free(firmware_blob); |
| 198 FirmwareImageFree(image); | 208 FirmwareImageFree(image); |
| 199 Free(firmware_sign_key_buf); | 209 Free(firmware_sign_key_buf); |
| 200 Free(root_key_blob); | 210 Free(root_key_blob); |
| 201 RSAPublicKeyFree(root_key); | 211 RSAPublicKeyFree(root_key_pub); |
| 202 | 212 |
| 203 return error_code; | 213 return error_code; |
| 204 } | 214 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1241002:
VBoot Reference: Add version checking to for preventing rollbacks. (Closed)
