OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Tests for firmware image library. | 5 * Tests for firmware image library. |
6 */ | 6 */ |
7 | 7 |
8 #include <stdio.h> | 8 #include <stdio.h> |
9 #include <stdlib.h> | 9 #include <stdlib.h> |
10 | 10 |
11 #include "file_keys.h" | 11 #include "file_keys.h" |
12 #include "firmware_image.h" | 12 #include "firmware_image.h" |
13 #include "rsa_utility.h" | 13 #include "rsa_utility.h" |
| 14 #include "test_common.h" |
14 #include "utility.h" | 15 #include "utility.h" |
15 #include "rollback_index.h" | |
16 | |
17 /* ANSI Color coding sequences. */ | |
18 #define COL_GREEN "\e[1;32m" | |
19 #define COL_RED "\e[0;31m" | |
20 #define COL_STOP "\e[m" | |
21 | |
22 int TEST_EQ(int result, int expected_result, char* testname) { | |
23 if (result == expected_result) { | |
24 fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); | |
25 return 1; | |
26 } else { | |
27 fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); | |
28 return 0; | |
29 } | |
30 } | |
31 | |
32 FirmwareImage* GenerateTestFirmwareImage(int algorithm, | |
33 uint8_t* firmware_sign_key, | |
34 int firmware_key_version, | |
35 int firmware_version, | |
36 int firmware_len, | |
37 const char* root_key_file, | |
38 const char* firmware_key_file) { | |
39 FirmwareImage* image = FirmwareImageNew(); | |
40 | |
41 Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); | |
42 image->firmware_sign_algorithm = algorithm; | |
43 image->firmware_sign_key = (uint8_t*) Malloc( | |
44 RSAProcessedKeySize(image->firmware_sign_algorithm)); | |
45 Memcpy(image->firmware_sign_key, firmware_sign_key, | |
46 RSAProcessedKeySize(image->firmware_sign_algorithm)); | |
47 image->firmware_key_version = firmware_key_version; | |
48 | |
49 /* Update correct header length. */ | |
50 image->header_len = GetFirmwareHeaderLen(image); | |
51 | |
52 /* Calculate SHA-512 digest on header and populate header_checksum. */ | |
53 CalculateFirmwareHeaderChecksum(image, image->header_checksum); | |
54 | |
55 /* Populate firmware and preamble with dummy data. */ | |
56 image->firmware_version = firmware_version; | |
57 image->firmware_len = firmware_len; | |
58 image->preamble_signature = image->firmware_signature = NULL; | |
59 Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); | |
60 image->firmware_data = Malloc(image->firmware_len); | |
61 Memset(image->firmware_data, 'F', image->firmware_len); | |
62 | |
63 /* Generate and populate signatures. */ | |
64 if (!AddFirmwareKeySignature(image, root_key_file)) { | |
65 fprintf(stderr, "Couldn't create key signature.\n"); | |
66 FirmwareImageFree(image); | |
67 return NULL; | |
68 } | |
69 | |
70 if (!AddFirmwareSignature(image, firmware_key_file)) { | |
71 fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); | |
72 FirmwareImageFree(image); | |
73 return NULL; | |
74 } | |
75 return image; | |
76 } | |
77 | |
78 #define DEV_MODE_ENABLED 1 | |
79 #define DEV_MODE_DISABLED 0 | |
80 | 16 |
81 /* Normal Firmware Blob Verification Tests. */ | 17 /* Normal Firmware Blob Verification Tests. */ |
82 int VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { | 18 void VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { |
83 int success = 1; | 19 TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob), |
84 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_ENABLED), | 20 VERIFY_FIRMWARE_SUCCESS, |
85 VERIFY_FIRMWARE_SUCCESS, | 21 "Normal Firmware Blob Verification"); |
86 "Normal Firmware Blob Verification (Dev Mode)")) | |
87 success = 0; | |
88 | |
89 if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_DISABLED), | |
90 VERIFY_FIRMWARE_SUCCESS, | |
91 "Normal Firmware Blob Verification (Trusted)")) | |
92 success = 0; | |
93 return success; | |
94 } | 22 } |
95 | 23 |
96 /* Normal FirmwareImage Verification Tests. */ | 24 /* Normal FirmwareImage Verification Tests. */ |
97 int VerifyFirmwareImageTest(FirmwareImage* image, | 25 void VerifyFirmwareImageTest(FirmwareImage* image, |
98 RSAPublicKey* root_key) { | 26 RSAPublicKey* root_key) { |
99 int success = 1; | 27 TEST_EQ(VerifyFirmwareImage(root_key, image), |
100 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 28 VERIFY_FIRMWARE_SUCCESS, |
101 VERIFY_FIRMWARE_SUCCESS, | 29 "Normal FirmwareImage Verification"); |
102 "Normal FirmwareImage Verification (Dev Mode)")) | |
103 success = 0; | |
104 | |
105 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | |
106 VERIFY_FIRMWARE_SUCCESS, | |
107 "Normal FirmwareImage Verification (Trusted)")) | |
108 success = 0; | |
109 return success; | |
110 } | 30 } |
111 | 31 |
112 /* Tampered FirmwareImage Verification Tests. */ | 32 /* Tampered FirmwareImage Verification Tests. */ |
113 int VerifyFirmwareImageTamperTest(FirmwareImage* image, | 33 void VerifyFirmwareImageTamperTest(FirmwareImage* image, |
114 RSAPublicKey* root_key) { | 34 RSAPublicKey* root_key) { |
115 int success = 1; | |
116 fprintf(stderr, "[[Tampering with firmware preamble....]]\n"); | |
117 image->firmware_version = 0; | 35 image->firmware_version = 0; |
118 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 36 TEST_EQ(VerifyFirmwareImage(root_key, image), |
119 VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, | 37 VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, |
120 "FirmwareImage Preamble Tamper Verification (Dev Mode)")) | 38 "FirmwareImage Preamble Tamper Verification"); |
121 success = 0; | |
122 | |
123 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | |
124 VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, | |
125 "FirmwareImage Preamble Tamper Verification (Trusted)")) | |
126 success = 0; | |
127 image->firmware_version = 1; | 39 image->firmware_version = 1; |
128 | 40 |
129 image->firmware_data[0] = 'T'; | 41 image->firmware_data[0] = 'T'; |
130 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 42 TEST_EQ(VerifyFirmwareImage(root_key, image), |
131 VERIFY_FIRMWARE_SIGNATURE_FAILED, | 43 VERIFY_FIRMWARE_SIGNATURE_FAILED, |
132 "FirmwareImage Tamper Verification (Dev Mode)")) | 44 "FirmwareImage Data Tamper Verification"); |
133 success = 0; | |
134 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | |
135 VERIFY_FIRMWARE_SIGNATURE_FAILED, | |
136 "FirmwareImage Tamper Verification (Trusted)")) | |
137 success = 0; | |
138 image->firmware_data[0] = 'F'; | 45 image->firmware_data[0] = 'F'; |
139 | 46 |
140 | |
141 fprintf(stderr, "[[Tampering with root key signature...]]\n"); | |
142 image->firmware_key_signature[0] = 0xFF; | 47 image->firmware_key_signature[0] = 0xFF; |
143 image->firmware_key_signature[1] = 0x00; | 48 image->firmware_key_signature[1] = 0x00; |
144 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 49 TEST_EQ(VerifyFirmwareImage(root_key, image), |
145 VERIFY_FIRMWARE_SUCCESS, | 50 VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, |
146 "FirmwareImage Root Signature Tamper Verification (Dev Mode)")) | 51 "FirmwareImage Root Signature Tamper Verification"); |
147 success = 0; | |
148 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | |
149 VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, | |
150 "FirmwareImage Root Signature Tamper Verification (Trusted)")) | |
151 success = 0; | |
152 | |
153 return success; | |
154 } | 52 } |
155 | 53 |
156 int main(int argc, char* argv[]) { | 54 int main(int argc, char* argv[]) { |
157 uint64_t len; | 55 uint64_t len; |
158 const char* root_key_file = NULL; | 56 const char* root_key_file = NULL; |
159 const char* firmware_key_file = NULL; | 57 const char* firmware_key_file = NULL; |
160 uint8_t* firmware_sign_key_buf = NULL; | 58 uint8_t* firmware_sign_key_buf = NULL; |
161 uint8_t* root_key_blob = NULL; | 59 uint8_t* root_key_blob = NULL; |
162 uint8_t* firmware_blob = NULL; | 60 uint8_t* firmware_blob = NULL; |
163 uint64_t firmware_blob_len = 0; | 61 uint64_t firmware_blob_len = 0; |
164 FirmwareImage* image = NULL; | 62 FirmwareImage* image = NULL; |
165 RSAPublicKey* root_key_pub = NULL; | 63 RSAPublicKey* root_key_pub = NULL; |
166 int error_code = 0; | 64 int error_code = 0; |
167 int algorithm; | 65 int algorithm; |
168 SetupTPM(); | |
169 if(argc != 6) { | 66 if(argc != 6) { |
170 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" | 67 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" |
171 " <signing key> <processed signing key>\n", argv[0]); | 68 " <signing key> <processed signing key>\n", argv[0]); |
172 return -1; | 69 return -1; |
173 } | 70 } |
174 | 71 |
175 /* Read verification keys and create a test image. */ | 72 /* Read verification keys and create a test image. */ |
176 algorithm = atoi(argv[1]); | 73 algorithm = atoi(argv[1]); |
177 root_key_pub = RSAPublicKeyFromFile(argv[3]); | 74 root_key_pub = RSAPublicKeyFromFile(argv[3]); |
178 root_key_blob = BufferFromFile(argv[3], &len); | 75 root_key_blob = BufferFromFile(argv[3], &len); |
179 firmware_sign_key_buf = BufferFromFile(argv[5], &len); | 76 firmware_sign_key_buf = BufferFromFile(argv[5], &len); |
180 root_key_file = argv[2]; | 77 root_key_file = argv[2]; |
181 firmware_key_file = argv[4]; | 78 firmware_key_file = argv[4]; |
182 image = GenerateTestFirmwareImage(algorithm, | 79 image = GenerateTestFirmwareImage(algorithm, |
183 firmware_sign_key_buf, | 80 firmware_sign_key_buf, |
184 1, /* Firmware Key Version. */ | 81 1, /* Firmware Key Version. */ |
185 1, /* Firmware Version. */ | 82 1, /* Firmware Version. */ |
186 1000, /* Firmware length. */ | 83 1000, /* Firmware length. */ |
187 root_key_file, | 84 root_key_file, |
188 firmware_key_file); | 85 firmware_key_file); |
189 | 86 |
190 if (!root_key_pub || !firmware_sign_key_buf || !image) { | 87 if (!root_key_pub || !firmware_sign_key_buf || !image) { |
191 error_code = 1; | 88 error_code = 1; |
192 goto failure; | 89 goto failure; |
193 } | 90 } |
194 firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); | 91 firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); |
195 | 92 |
196 /* Test Firmware blob verify operations. */ | 93 /* Test Firmware blob verify operations. */ |
197 if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) | 94 VerifyFirmwareTest(firmware_blob, root_key_blob); |
198 error_code = 255; | |
199 | 95 |
200 /* Test FirmwareImage verify operations. */ | 96 /* Test FirmwareImage verify operations. */ |
201 if (!VerifyFirmwareImageTest(image, root_key_pub)) | 97 VerifyFirmwareImageTest(image, root_key_pub); |
202 error_code = 255; | 98 VerifyFirmwareImageTamperTest(image, root_key_pub); |
203 if (!VerifyFirmwareImageTamperTest(image, root_key_pub)) | 99 |
| 100 if (!gTestSuccess) |
204 error_code = 255; | 101 error_code = 255; |
205 | 102 |
206 failure: | 103 failure: |
207 Free(firmware_blob); | 104 Free(firmware_blob); |
208 FirmwareImageFree(image); | 105 FirmwareImageFree(image); |
209 Free(firmware_sign_key_buf); | 106 Free(firmware_sign_key_buf); |
210 Free(root_key_blob); | 107 Free(root_key_blob); |
211 RSAPublicKeyFree(root_key_pub); | 108 RSAPublicKeyFree(root_key_pub); |
212 | 109 |
213 return error_code; | 110 return error_code; |
214 } | 111 } |
OLD | NEW |