VBoot Reference: Add version checking to for preventing rollbacks.

src/platform/vboot_reference/tests/firmware_rollback_tests.c

Index: src/platform/vboot_reference/tests/firmware_rollback_tests.c
diff --git a/src/platform/vboot_reference/tests/firmware_rollback_tests.c b/src/platform/vboot_reference/tests/firmware_rollback_tests.c
new file mode 100644
index 0000000000000000000000000000000000000000..19ac850c4f64e52b963ce4d15a690199e6d7181d
--- /dev/null
+++ b/src/platform/vboot_reference/tests/firmware_rollback_tests.c
@@ -0,0 +1,145 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Tests for checking firmware rollback-prevention logic.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "file_keys.h"
+#include "firmware_image.h"
+#include "rsa_utility.h"
+#include "utility.h"
+#include "rollback_index.h"
+#include "test_common.h"
+
+/* Generates a test firmware image for rollback tests with a given
+ * [firmware_key_version] and [firmware_version]. If [is_corrupt] is 1,
+ * then the image has invalid signatures and will fail verification. */
+uint8_t* GenerateRollbackTestImage(int firmware_key_version,
+                                   int firmware_version,
+                                   int is_corrupt) {
+  FirmwareImage* image = NULL;
+  uint8_t* firmware_blob = NULL;
+  const char* firmare_sign_key_pub_file = "testkeys/key_rsa1024.keyb";
+  uint8_t* firmware_sign_key = NULL;
+  const char* root_key_file = "testkeys/key_rsa8192.pem";
+  const char* firmware_key_file = "testkeys/key_rsa1024.pem";
+  uint64_t len;
+  firmware_sign_key = BufferFromFile(firmare_sign_key_pub_file,
+                                     &len);
+  if (!firmware_sign_key)
+    return NULL;
+
+  image = FirmwareImageNew();
+  if (!image)
+    return NULL;
+
+  Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE);
+  image->firmware_sign_algorithm = 0;  /* RSA1024/SHA1 */
+  image->firmware_sign_key = (uint8_t*) Malloc(
+      RSAProcessedKeySize(image->firmware_sign_algorithm));
+  Memcpy(image->firmware_sign_key, firmware_sign_key,
+         RSAProcessedKeySize(image->firmware_sign_algorithm));
+  image->firmware_key_version = firmware_key_version;
+  Free(firmware_sign_key);
+
+  /* Update correct header length. */
+  image->header_len = GetFirmwareHeaderLen(image);
+
+  /* Calculate SHA-512 digest on header and populate header_checksum. */
+  CalculateFirmwareHeaderChecksum(image, image->header_checksum);
+
+  /* Populate firmware and preamble with dummy data. */
+  image->firmware_version = firmware_version;
+  image->firmware_len = 1;
+  image->preamble_signature = image->firmware_signature = NULL;
+  Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE);
+  image->firmware_data = Malloc(image->firmware_len);
+  Memset(image->firmware_data, 'F', image->firmware_len);
+
+  /* Generate and populate signatures. */
+  if (!AddFirmwareKeySignature(image, root_key_file)) {
+    fprintf(stderr, "Couldn't create key signature.\n");
+    FirmwareImageFree(image);
+    return NULL;
+  }
+
+  if (!AddFirmwareSignature(image, firmware_key_file)) {
+    fprintf(stderr, "Couldn't create firmware and preamble signature.\n");
+    FirmwareImageFree(image);
+    return NULL;
+  }
+  if (is_corrupt) {
+    /* Invalidate image. */
+    Memset(image->firmware_data, 'X', image->firmware_len);
+  }
+
+  firmware_blob = GetFirmwareBlob(image, &len);
+  FirmwareImageFree(image);
+  return firmware_blob;
+}
+
+/* Tests that check for correctness of the VerifyFirmwareDriver_f() logic
+ * and rollback prevention. */
+void VerifyFirmwareDriverTest(void) {
+  uint8_t* valid_firmwareA = NULL;
+  uint8_t* valid_firmwareB = NULL;
+  uint8_t* corrupt_firmwareA = NULL;
+  uint8_t* corrupt_firmwareB = NULL;
+  uint64_t len;
+  uint8_t* root_key_pub = BufferFromFile("testkeys/key_rsa8192.keyb",
+                                         &len);
+
+  /* Initialize rollback index state. */
+  g_firmware_key_version = 1;
+  g_firmware_version = 1;
+
+  valid_firmwareA = GenerateRollbackTestImage(1, 1, 0);
+  valid_firmwareB = GenerateRollbackTestImage(1, 1, 0);
+  corrupt_firmwareA = GenerateRollbackTestImage(1, 1, 1);
+  corrupt_firmwareB = GenerateRollbackTestImage(1, 1, 1);
+
+  TEST_EQ(VerifyFirmwareDriver_f(root_key_pub,
+                                 valid_firmwareA, valid_firmwareB),
+          BOOT_FIRMWARE_A_CONTINUE,
+          "Firmware A (Valid with current version), "
+          "Firmware B (Valid with current version)");
+  TEST_EQ(VerifyFirmwareDriver_f(root_key_pub,
+                                 corrupt_firmwareA, valid_firmwareB),
+          BOOT_FIRMWARE_B_CONTINUE,
+          "Firmware A (Corrupt with current version), "
+          "FirmwareB (Valid with current version)");
+  TEST_EQ(VerifyFirmwareDriver_f(root_key_pub,
+                                 valid_firmwareA, corrupt_firmwareB),
+          BOOT_FIRMWARE_A_CONTINUE,
+          "Firmware A (Valid with current version), "
+          "FirmwareB (Corrupt with current version)");
+  TEST_EQ(VerifyFirmwareDriver_f(root_key_pub,
+                                 corrupt_firmwareA, corrupt_firmwareB),
+          BOOT_FIRMWARE_RECOVERY_CONTINUE,
+          "Firmware A (Corrupt with current version), "
+          "FirmwareB (Corrupt with current version");
+  g_firmware_key_version = 2;
+  g_firmware_version = 2;
+  TEST_EQ(VerifyFirmwareDriver_f(root_key_pub, valid_firmwareA, valid_firmwareB),
+          BOOT_FIRMWARE_RECOVERY_CONTINUE,
+          "Firmware A (Valid with old version), "
+          "Old Firmware B (Valid with old version)");
+
+  Free(root_key_pub);
+  Free(valid_firmwareA);
+  Free(valid_firmwareB);
+  Free(corrupt_firmwareA);
+  Free(corrupt_firmwareB);
+}
+
+int main(int argc, char* argv[]) {
+  int error_code = 0;
+  VerifyFirmwareDriverTest();
+  if (!gTestSuccess)
+    error_code = 255;
+  return error_code;
+}