| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Tests for firmware image library. | 5 * Tests for firmware image library. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include <stdio.h> | 8 #include <stdio.h> |
| 9 #include <stdlib.h> | 9 #include <stdlib.h> |
| 10 | 10 |
| 11 #include "file_keys.h" | 11 #include "file_keys.h" |
| 12 #include "firmware_image.h" | 12 #include "firmware_image.h" |
| 13 #include "rsa_utility.h" | 13 #include "rsa_utility.h" |
| 14 #include "test_common.h" |
| 14 #include "utility.h" | 15 #include "utility.h" |
| 15 #include "rollback_index.h" | |
| 16 | |
| 17 /* ANSI Color coding sequences. */ | |
| 18 #define COL_GREEN "\e[1;32m" | |
| 19 #define COL_RED "\e[0;31m" | |
| 20 #define COL_STOP "\e[m" | |
| 21 | |
| 22 int TEST_EQ(int result, int expected_result, char* testname) { | |
| 23 if (result == expected_result) { | |
| 24 fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); | |
| 25 return 1; | |
| 26 } else { | |
| 27 fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); | |
| 28 return 0; | |
| 29 } | |
| 30 } | |
| 31 | |
| 32 FirmwareImage* GenerateTestFirmwareImage(int algorithm, | |
| 33 uint8_t* firmware_sign_key, | |
| 34 int firmware_key_version, | |
| 35 int firmware_version, | |
| 36 int firmware_len, | |
| 37 const char* root_key_file, | |
| 38 const char* firmware_key_file) { | |
| 39 FirmwareImage* image = FirmwareImageNew(); | |
| 40 | |
| 41 Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); | |
| 42 image->firmware_sign_algorithm = algorithm; | |
| 43 image->firmware_sign_key = (uint8_t*) Malloc( | |
| 44 RSAProcessedKeySize(image->firmware_sign_algorithm)); | |
| 45 Memcpy(image->firmware_sign_key, firmware_sign_key, | |
| 46 RSAProcessedKeySize(image->firmware_sign_algorithm)); | |
| 47 image->firmware_key_version = firmware_key_version; | |
| 48 | |
| 49 /* Update correct header length. */ | |
| 50 image->header_len = GetFirmwareHeaderLen(image); | |
| 51 | |
| 52 /* Calculate SHA-512 digest on header and populate header_checksum. */ | |
| 53 CalculateFirmwareHeaderChecksum(image, image->header_checksum); | |
| 54 | |
| 55 /* Populate firmware and preamble with dummy data. */ | |
| 56 image->firmware_version = firmware_version; | |
| 57 image->firmware_len = firmware_len; | |
| 58 image->preamble_signature = image->firmware_signature = NULL; | |
| 59 Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); | |
| 60 image->firmware_data = Malloc(image->firmware_len); | |
| 61 Memset(image->firmware_data, 'F', image->firmware_len); | |
| 62 | |
| 63 /* Generate and populate signatures. */ | |
| 64 if (!AddFirmwareKeySignature(image, root_key_file)) { | |
| 65 fprintf(stderr, "Couldn't create key signature.\n"); | |
| 66 FirmwareImageFree(image); | |
| 67 return NULL; | |
| 68 } | |
| 69 | |
| 70 if (!AddFirmwareSignature(image, firmware_key_file)) { | |
| 71 fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); | |
| 72 FirmwareImageFree(image); | |
| 73 return NULL; | |
| 74 } | |
| 75 return image; | |
| 76 } | |
| 77 | |
| 78 #define DEV_MODE_ENABLED 1 | |
| 79 #define DEV_MODE_DISABLED 0 | |
| 80 | 16 |
| 81 /* Normal Firmware Blob Verification Tests. */ | 17 /* Normal Firmware Blob Verification Tests. */ |
| 82 int VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { | 18 void VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { |
| 83 int success = 1; | 19 TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob), |
| 84 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_ENABLED), | 20 VERIFY_FIRMWARE_SUCCESS, |
| 85 VERIFY_FIRMWARE_SUCCESS, | 21 "Normal Firmware Blob Verification"); |
| 86 "Normal Firmware Blob Verification (Dev Mode)")) | |
| 87 success = 0; | |
| 88 | |
| 89 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_DISABLED), | |
| 90 VERIFY_FIRMWARE_SUCCESS, | |
| 91 "Normal Firmware Blob Verification (Trusted)")) | |
| 92 success = 0; | |
| 93 return success; | |
| 94 } | 22 } |
| 95 | 23 |
| 96 /* Normal FirmwareImage Verification Tests. */ | 24 /* Normal FirmwareImage Verification Tests. */ |
| 97 int VerifyFirmwareImageTest(FirmwareImage* image, | 25 void VerifyFirmwareImageTest(FirmwareImage* image, |
| 98 RSAPublicKey* root_key) { | 26 RSAPublicKey* root_key) { |
| 99 int success = 1; | 27 TEST_EQ(VerifyFirmwareImage(root_key, image), |
| 100 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 28 VERIFY_FIRMWARE_SUCCESS, |
| 101 VERIFY_FIRMWARE_SUCCESS, | 29 "Normal FirmwareImage Verification"); |
| 102 "Normal FirmwareImage Verification (Dev Mode)")) | |
| 103 success = 0; | |
| 104 | |
| 105 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | |
| 106 VERIFY_FIRMWARE_SUCCESS, | |
| 107 "Normal FirmwareImage Verification (Trusted)")) | |
| 108 success = 0; | |
| 109 return success; | |
| 110 } | 30 } |
| 111 | 31 |
| 112 /* Tampered FirmwareImage Verification Tests. */ | 32 /* Tampered FirmwareImage Verification Tests. */ |
| 113 int VerifyFirmwareImageTamperTest(FirmwareImage* image, | 33 void VerifyFirmwareImageTamperTest(FirmwareImage* image, |
| 114 RSAPublicKey* root_key) { | 34 RSAPublicKey* root_key) { |
| 115 int success = 1; | |
| 116 fprintf(stderr, "[[Tampering with firmware preamble....]]\n"); | |
| 117 image->firmware_version = 0; | 35 image->firmware_version = 0; |
| 118 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 36 TEST_EQ(VerifyFirmwareImage(root_key, image), |
| 119 VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, | 37 VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, |
| 120 "FirmwareImage Preamble Tamper Verification (Dev Mode)")) | 38 "FirmwareImage Preamble Tamper Verification"); |
| 121 success = 0; | |
| 122 | |
| 123 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | |
| 124 VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, | |
| 125 "FirmwareImage Preamble Tamper Verification (Trusted)")) | |
| 126 success = 0; | |
| 127 image->firmware_version = 1; | 39 image->firmware_version = 1; |
| 128 | 40 |
| 129 image->firmware_data[0] = 'T'; | 41 image->firmware_data[0] = 'T'; |
| 130 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 42 TEST_EQ(VerifyFirmwareImage(root_key, image), |
| 131 VERIFY_FIRMWARE_SIGNATURE_FAILED, | 43 VERIFY_FIRMWARE_SIGNATURE_FAILED, |
| 132 "FirmwareImage Tamper Verification (Dev Mode)")) | 44 "FirmwareImage Data Tamper Verification"); |
| 133 success = 0; | |
| 134 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | |
| 135 VERIFY_FIRMWARE_SIGNATURE_FAILED, | |
| 136 "FirmwareImage Tamper Verification (Trusted)")) | |
| 137 success = 0; | |
| 138 image->firmware_data[0] = 'F'; | 45 image->firmware_data[0] = 'F'; |
| 139 | 46 |
| 140 | |
| 141 fprintf(stderr, "[[Tampering with root key signature...]]\n"); | |
| 142 image->firmware_key_signature[0] = 0xFF; | 47 image->firmware_key_signature[0] = 0xFF; |
| 143 image->firmware_key_signature[1] = 0x00; | 48 image->firmware_key_signature[1] = 0x00; |
| 144 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 49 TEST_EQ(VerifyFirmwareImage(root_key, image), |
| 145 VERIFY_FIRMWARE_SUCCESS, | 50 VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, |
| 146 "FirmwareImage Root Signature Tamper Verification (Dev Mode)")) | 51 "FirmwareImage Root Signature Tamper Verification"); |
| 147 success = 0; | |
| 148 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | |
| 149 VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, | |
| 150 "FirmwareImage Root Signature Tamper Verification (Trusted)")) | |
| 151 success = 0; | |
| 152 | |
| 153 return success; | |
| 154 } | 52 } |
| 155 | 53 |
| 156 int main(int argc, char* argv[]) { | 54 int main(int argc, char* argv[]) { |
| 157 uint64_t len; | 55 uint64_t len; |
| 158 const char* root_key_file = NULL; | 56 const char* root_key_file = NULL; |
| 159 const char* firmware_key_file = NULL; | 57 const char* firmware_key_file = NULL; |
| 160 uint8_t* firmware_sign_key_buf = NULL; | 58 uint8_t* firmware_sign_key_buf = NULL; |
| 161 uint8_t* root_key_blob = NULL; | 59 uint8_t* root_key_blob = NULL; |
| 162 uint8_t* firmware_blob = NULL; | 60 uint8_t* firmware_blob = NULL; |
| 163 uint64_t firmware_blob_len = 0; | 61 uint64_t firmware_blob_len = 0; |
| 164 FirmwareImage* image = NULL; | 62 FirmwareImage* image = NULL; |
| 165 RSAPublicKey* root_key_pub = NULL; | 63 RSAPublicKey* root_key_pub = NULL; |
| 166 int error_code = 0; | 64 int error_code = 0; |
| 167 int algorithm; | 65 int algorithm; |
| 168 SetupTPM(); | |
| 169 if(argc != 6) { | 66 if(argc != 6) { |
| 170 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" | 67 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" |
| 171 " <signing key> <processed signing key>\n", argv[0]); | 68 " <signing key> <processed signing key>\n", argv[0]); |
| 172 return -1; | 69 return -1; |
| 173 } | 70 } |
| 174 | 71 |
| 175 /* Read verification keys and create a test image. */ | 72 /* Read verification keys and create a test image. */ |
| 176 algorithm = atoi(argv[1]); | 73 algorithm = atoi(argv[1]); |
| 177 root_key_pub = RSAPublicKeyFromFile(argv[3]); | 74 root_key_pub = RSAPublicKeyFromFile(argv[3]); |
| 178 root_key_blob = BufferFromFile(argv[3], &len); | 75 root_key_blob = BufferFromFile(argv[3], &len); |
| 179 firmware_sign_key_buf = BufferFromFile(argv[5], &len); | 76 firmware_sign_key_buf = BufferFromFile(argv[5], &len); |
| 180 root_key_file = argv[2]; | 77 root_key_file = argv[2]; |
| 181 firmware_key_file = argv[4]; | 78 firmware_key_file = argv[4]; |
| 182 image = GenerateTestFirmwareImage(algorithm, | 79 image = GenerateTestFirmwareImage(algorithm, |
| 183 firmware_sign_key_buf, | 80 firmware_sign_key_buf, |
| 184 1, /* Firmware Key Version. */ | 81 1, /* Firmware Key Version. */ |
| 185 1, /* Firmware Version. */ | 82 1, /* Firmware Version. */ |
| 186 1000, /* Firmware length. */ | 83 1000, /* Firmware length. */ |
| 187 root_key_file, | 84 root_key_file, |
| 188 firmware_key_file); | 85 firmware_key_file); |
| 189 | 86 |
| 190 if (!root_key_pub || !firmware_sign_key_buf || !image) { | 87 if (!root_key_pub || !firmware_sign_key_buf || !image) { |
| 191 error_code = 1; | 88 error_code = 1; |
| 192 goto failure; | 89 goto failure; |
| 193 } | 90 } |
| 194 firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); | 91 firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); |
| 195 | 92 |
| 196 /* Test Firmware blob verify operations. */ | 93 /* Test Firmware blob verify operations. */ |
| 197 if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) | 94 VerifyFirmwareTest(firmware_blob, root_key_blob); |
| 198 error_code = 255; | |
| 199 | 95 |
| 200 /* Test FirmwareImage verify operations. */ | 96 /* Test FirmwareImage verify operations. */ |
| 201 if (!VerifyFirmwareImageTest(image, root_key_pub)) | 97 VerifyFirmwareImageTest(image, root_key_pub); |
| 202 error_code = 255; | 98 VerifyFirmwareImageTamperTest(image, root_key_pub); |
| 203 if (!VerifyFirmwareImageTamperTest(image, root_key_pub)) | 99 |
| 100 if (!gTestSuccess) |
| 204 error_code = 255; | 101 error_code = 255; |
| 205 | 102 |
| 206 failure: | 103 failure: |
| 207 Free(firmware_blob); | 104 Free(firmware_blob); |
| 208 FirmwareImageFree(image); | 105 FirmwareImageFree(image); |
| 209 Free(firmware_sign_key_buf); | 106 Free(firmware_sign_key_buf); |
| 210 Free(root_key_blob); | 107 Free(root_key_blob); |
| 211 RSAPublicKeyFree(root_key_pub); | 108 RSAPublicKeyFree(root_key_pub); |
| 212 | 109 |
| 213 return error_code; | 110 return error_code; |
| 214 } | 111 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1280002:
Move test utility functions to a common place. (Closed)
