OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Tests for firmware image library. | 5 * Tests for firmware image library. |
6 */ | 6 */ |
7 | 7 |
8 #include <stdio.h> | 8 #include <stdio.h> |
9 #include <stdlib.h> | 9 #include <stdlib.h> |
10 | 10 |
11 #include "file_keys.h" | 11 #include "file_keys.h" |
12 #include "firmware_image.h" | 12 #include "firmware_image.h" |
13 #include "rsa_utility.h" | 13 #include "rsa_utility.h" |
14 #include "utility.h" | 14 #include "utility.h" |
| 15 #include "rollback_index.h" |
15 | 16 |
16 /* ANSI Color coding sequences. */ | 17 /* ANSI Color coding sequences. */ |
17 #define COL_GREEN "\e[1;32m" | 18 #define COL_GREEN "\e[1;32m" |
18 #define COL_RED "\e[0;31m]" | 19 #define COL_RED "\e[0;31m" |
19 #define COL_STOP "\e[m" | 20 #define COL_STOP "\e[m" |
20 | 21 |
21 int TEST_EQ(int result, int expected_result, char* testname) { | 22 int TEST_EQ(int result, int expected_result, char* testname) { |
22 if (result == expected_result) { | 23 if (result == expected_result) { |
23 fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); | 24 fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); |
24 return 1; | 25 return 1; |
25 } | 26 } else { |
26 else { | |
27 fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); | 27 fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); |
28 return 0; | 28 return 0; |
29 } | 29 } |
30 } | 30 } |
31 | 31 |
32 FirmwareImage* GenerateTestFirmwareImage(int algorithm, | 32 FirmwareImage* GenerateTestFirmwareImage(int algorithm, |
33 uint8_t* firmware_sign_key, | 33 uint8_t* firmware_sign_key, |
34 int firmware_key_version, | 34 int firmware_key_version, |
35 int firmware_version, | 35 int firmware_version, |
36 int firmware_len) { | 36 int firmware_len, |
| 37 const char* root_key_file, |
| 38 const char* firmware_key_file) { |
37 FirmwareImage* image = FirmwareImageNew(); | 39 FirmwareImage* image = FirmwareImageNew(); |
38 | 40 |
39 Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); | 41 Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); |
40 image->firmware_sign_algorithm = algorithm; | 42 image->firmware_sign_algorithm = algorithm; |
41 image->firmware_sign_key = (uint8_t*) Malloc( | 43 image->firmware_sign_key = (uint8_t*) Malloc( |
42 RSAProcessedKeySize(image->firmware_sign_algorithm)); | 44 RSAProcessedKeySize(image->firmware_sign_algorithm)); |
43 Memcpy(image->firmware_sign_key, firmware_sign_key, | 45 Memcpy(image->firmware_sign_key, firmware_sign_key, |
44 RSAProcessedKeySize(image->firmware_sign_algorithm)); | 46 RSAProcessedKeySize(image->firmware_sign_algorithm)); |
45 image->firmware_key_version = firmware_key_version; | 47 image->firmware_key_version = firmware_key_version; |
46 | 48 |
47 /* Update correct header length. */ | 49 /* Update correct header length. */ |
48 image->header_len = GetFirmwareHeaderLen(image); | 50 image->header_len = GetFirmwareHeaderLen(image); |
49 | 51 |
50 /* Calculate SHA-512 digest on header and populate header_checksum. */ | 52 /* Calculate SHA-512 digest on header and populate header_checksum. */ |
51 CalculateFirmwareHeaderChecksum(image, image->header_checksum); | 53 CalculateFirmwareHeaderChecksum(image, image->header_checksum); |
52 | 54 |
53 /* Populate firmware and preamble with dummy data. */ | 55 /* Populate firmware and preamble with dummy data. */ |
54 image->firmware_version = firmware_version; | 56 image->firmware_version = firmware_version; |
55 image->firmware_len = firmware_len; | 57 image->firmware_len = firmware_len; |
56 image->preamble_signature = image->firmware_signature = NULL; | 58 image->preamble_signature = image->firmware_signature = NULL; |
57 Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); | 59 Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); |
58 image->firmware_data = Malloc(image->firmware_len); | 60 image->firmware_data = Malloc(image->firmware_len); |
59 Memset(image->firmware_data, 'F', image->firmware_len); | 61 Memset(image->firmware_data, 'F', image->firmware_len); |
60 | 62 |
| 63 /* Generate and populate signatures. */ |
| 64 if (!AddFirmwareKeySignature(image, root_key_file)) { |
| 65 fprintf(stderr, "Couldn't create key signature.\n"); |
| 66 FirmwareImageFree(image); |
| 67 return NULL; |
| 68 } |
| 69 |
| 70 if (!AddFirmwareSignature(image, firmware_key_file)) { |
| 71 fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); |
| 72 FirmwareImageFree(image); |
| 73 return NULL; |
| 74 } |
61 return image; | 75 return image; |
62 } | 76 } |
63 | 77 |
64 #define DEV_MODE_ENABLED 1 | 78 #define DEV_MODE_ENABLED 1 |
65 #define DEV_MODE_DISABLED 0 | 79 #define DEV_MODE_DISABLED 0 |
66 | 80 |
67 /* Normal Firmware Blob Verification Tests. */ | 81 /* Normal Firmware Blob Verification Tests. */ |
68 int VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { | 82 int VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { |
69 int success = 1; | 83 int success = 1; |
70 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_ENABLED), | 84 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_ENABLED), |
71 VERIFY_FIRMWARE_SUCCESS, | 85 VERIFY_FIRMWARE_SUCCESS, |
72 "Normal Firmware Blob Verification (Dev Mode)")) | 86 "Normal Firmware Blob Verification (Dev Mode)")) |
73 success = 0; | 87 success = 0; |
74 | 88 |
75 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_DISABLED), | 89 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_DISABLED), |
76 VERIFY_FIRMWARE_SUCCESS, | 90 VERIFY_FIRMWARE_SUCCESS, |
77 "Normal Firmware Blob Verification (Trusted)")) | 91 "Normal Firmware Blob Verification (Trusted)")) |
78 success = 0; | 92 success = 0; |
79 return success; | 93 return success; |
80 } | 94 } |
81 | 95 |
82 | |
83 /* Normal FirmwareImage Verification Tests. */ | 96 /* Normal FirmwareImage Verification Tests. */ |
84 int VerifyFirmwareImageTest(FirmwareImage* image, | 97 int VerifyFirmwareImageTest(FirmwareImage* image, |
85 RSAPublicKey* root_key) { | 98 RSAPublicKey* root_key) { |
86 int success = 1; | 99 int success = 1; |
87 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 100 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
88 VERIFY_FIRMWARE_SUCCESS, | 101 VERIFY_FIRMWARE_SUCCESS, |
89 "Normal FirmwareImage Verification (Dev Mode)")) | 102 "Normal FirmwareImage Verification (Dev Mode)")) |
90 success = 0; | 103 success = 0; |
91 | 104 |
92 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | 105 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
135 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | 148 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
136 VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, | 149 VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, |
137 "FirmwareImage Root Signature Tamper Verification (Trusted)")) | 150 "FirmwareImage Root Signature Tamper Verification (Trusted)")) |
138 success = 0; | 151 success = 0; |
139 | 152 |
140 return success; | 153 return success; |
141 } | 154 } |
142 | 155 |
143 int main(int argc, char* argv[]) { | 156 int main(int argc, char* argv[]) { |
144 uint64_t len; | 157 uint64_t len; |
| 158 const char* root_key_file = NULL; |
| 159 const char* firmware_key_file = NULL; |
145 uint8_t* firmware_sign_key_buf = NULL; | 160 uint8_t* firmware_sign_key_buf = NULL; |
146 uint8_t* root_key_blob = NULL; | 161 uint8_t* root_key_blob = NULL; |
147 uint8_t* firmware_blob = NULL; | 162 uint8_t* firmware_blob = NULL; |
148 uint64_t firmware_blob_len = 0; | 163 uint64_t firmware_blob_len = 0; |
149 FirmwareImage* image = NULL; | 164 FirmwareImage* image = NULL; |
150 RSAPublicKey* root_key = NULL; | 165 RSAPublicKey* root_key_pub = NULL; |
151 int error_code = 0; | 166 int error_code = 0; |
152 | 167 int algorithm; |
| 168 SetupTPM(); |
153 if(argc != 6) { | 169 if(argc != 6) { |
154 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" | 170 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" |
155 " <signing key> <processed signing key>\n", argv[0]); | 171 " <signing key> <processed signing key>\n", argv[0]); |
156 return -1; | 172 return -1; |
157 } | 173 } |
158 | 174 |
159 /* Read verification keys and create a test image. */ | 175 /* Read verification keys and create a test image. */ |
160 root_key = RSAPublicKeyFromFile(argv[3]); | 176 algorithm = atoi(argv[1]); |
| 177 root_key_pub = RSAPublicKeyFromFile(argv[3]); |
161 root_key_blob = BufferFromFile(argv[3], &len); | 178 root_key_blob = BufferFromFile(argv[3], &len); |
162 firmware_sign_key_buf = BufferFromFile(argv[5], &len); | 179 firmware_sign_key_buf = BufferFromFile(argv[5], &len); |
163 image = GenerateTestFirmwareImage(atoi(argv[1]), firmware_sign_key_buf, 1, | 180 root_key_file = argv[2]; |
164 1, 1000); | 181 firmware_key_file = argv[4]; |
| 182 image = GenerateTestFirmwareImage(algorithm, |
| 183 firmware_sign_key_buf, |
| 184 1, /* Firmware Key Version. */ |
| 185 1, /* Firmware Version. */ |
| 186 1000, /* Firmware length. */ |
| 187 root_key_file, |
| 188 firmware_key_file); |
165 | 189 |
166 if (!root_key || !firmware_sign_key_buf || !image) { | 190 if (!root_key_pub || !firmware_sign_key_buf || !image) { |
167 error_code = 1; | 191 error_code = 1; |
168 goto failure; | 192 goto failure; |
169 } | 193 } |
170 | |
171 /* Generate and populate signatures. */ | |
172 if (!AddFirmwareKeySignature(image, argv[2])) { | |
173 fprintf(stderr, "Couldn't create key signature.\n"); | |
174 error_code = 1; | |
175 goto failure; | |
176 } | |
177 | |
178 if (!AddFirmwareSignature(image, argv[4])) { | |
179 fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); | |
180 error_code = 1; | |
181 goto failure; | |
182 } | |
183 | |
184 firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); | 194 firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); |
185 | 195 |
186 /* Test Firmware blob verify operations. */ | 196 /* Test Firmware blob verify operations. */ |
187 if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) | 197 if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) |
188 error_code = 255; | 198 error_code = 255; |
189 | 199 |
190 /* Test FirmwareImage verify operations. */ | 200 /* Test FirmwareImage verify operations. */ |
191 if (!VerifyFirmwareImageTest(image, root_key)) | 201 if (!VerifyFirmwareImageTest(image, root_key_pub)) |
192 error_code = 255; | 202 error_code = 255; |
193 if (!VerifyFirmwareImageTamperTest(image, root_key)) | 203 if (!VerifyFirmwareImageTamperTest(image, root_key_pub)) |
194 error_code = 255; | 204 error_code = 255; |
195 | 205 |
196 failure: | 206 failure: |
197 Free(firmware_blob); | 207 Free(firmware_blob); |
198 FirmwareImageFree(image); | 208 FirmwareImageFree(image); |
199 Free(firmware_sign_key_buf); | 209 Free(firmware_sign_key_buf); |
200 Free(root_key_blob); | 210 Free(root_key_blob); |
201 RSAPublicKeyFree(root_key); | 211 RSAPublicKeyFree(root_key_pub); |
202 | 212 |
203 return error_code; | 213 return error_code; |
204 } | 214 } |
OLD | NEW |