| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Tests for kernel image library. | 5 * Tests for kernel image library. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include <stdio.h> | 8 #include <stdio.h> |
| 9 #include <stdlib.h> | 9 #include <stdlib.h> |
| 10 | 10 |
| 11 #include "file_keys.h" | 11 #include "file_keys.h" |
| 12 #include "kernel_image.h" | 12 #include "kernel_image.h" |
| 13 #include "rsa_utility.h" | 13 #include "rsa_utility.h" |
| 14 #include "test_common.h" |
| 14 #include "utility.h" | 15 #include "utility.h" |
| 15 | 16 |
| 16 /* ANSI Color coding sequences. */ | |
| 17 #define COL_GREEN "\e[1;32m" | |
| 18 #define COL_RED "\e[0;31m" | |
| 19 #define COL_STOP "\e[m" | |
| 20 | |
| 21 int TEST_EQ(int result, int expected_result, char* testname) { | |
| 22 if (result == expected_result) { | |
| 23 fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); | |
| 24 return 1; | |
| 25 } | |
| 26 else { | |
| 27 fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); | |
| 28 return 0; | |
| 29 } | |
| 30 } | |
| 31 | |
| 32 KernelImage* GenerateTestKernelImage(int firmware_sign_algorithm, | |
| 33 int kernel_sign_algorithm, | |
| 34 uint8_t* kernel_sign_key, | |
| 35 int kernel_key_version, | |
| 36 int kernel_version, | |
| 37 int kernel_len) { | |
| 38 KernelImage* image = KernelImageNew(); | |
| 39 | |
| 40 Memcpy(image->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE); | |
| 41 image->header_version = 1; | |
| 42 image->firmware_sign_algorithm = firmware_sign_algorithm; | |
| 43 image->kernel_sign_algorithm = kernel_sign_algorithm; | |
| 44 image->kernel_key_version = kernel_key_version; | |
| 45 image->kernel_sign_key = (uint8_t*) Malloc( | |
| 46 RSAProcessedKeySize(image->kernel_sign_algorithm)); | |
| 47 Memcpy(image->kernel_sign_key, kernel_sign_key, | |
| 48 RSAProcessedKeySize(image->kernel_sign_algorithm)); | |
| 49 | |
| 50 /* Update correct header length. */ | |
| 51 image->header_len = GetKernelHeaderLen(image); | |
| 52 | |
| 53 /* Calculate SHA-512 digest on header and populate header_checksum. */ | |
| 54 CalculateKernelHeaderChecksum(image, image->header_checksum); | |
| 55 | |
| 56 /* Populate kernel options and data with dummy data. */ | |
| 57 image->kernel_version = kernel_version; | |
| 58 image->options.version[0] = 1; | |
| 59 image->options.version[1] = 0; | |
| 60 Memset(image->options.cmd_line, 0, sizeof(image->options.cmd_line)); | |
| 61 image->options.kernel_len = kernel_len; | |
| 62 image->options.kernel_load_addr = 0; | |
| 63 image->options.kernel_entry_addr = 0; | |
| 64 image->kernel_key_signature = image->kernel_signature = NULL; | |
| 65 image->kernel_data = Malloc(kernel_len); | |
| 66 Memset(image->kernel_data, 'F', kernel_len); | |
| 67 | |
| 68 return image; | |
| 69 } | |
| 70 | |
| 71 #define DEV_MODE_ENABLED 1 | 17 #define DEV_MODE_ENABLED 1 |
| 72 #define DEV_MODE_DISABLED 0 | 18 #define DEV_MODE_DISABLED 0 |
| 73 | 19 |
| 74 /* Normal Kernel Blob Verification Tests. */ | 20 /* Normal Kernel Blob Verification Tests. */ |
| 75 int VerifyKernelTest(uint8_t* kernel_blob, uint8_t* firmware_key_blob) { | 21 void VerifyKernelTest(uint8_t* kernel_blob, uint8_t* firmware_key_blob) { |
| 76 int success = 1; | 22 TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_ENABLED), |
| 77 if (!TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_ENABLED), | 23 VERIFY_KERNEL_SUCCESS, |
| 78 VERIFY_KERNEL_SUCCESS, | 24 "Normal Kernel Blob Verification (Dev Mode)"); |
| 79 "Normal Kernel Blob Verification (Dev Mode)")) | |
| 80 success = 0; | |
| 81 | 25 |
| 82 if (!TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_DISABLED), | 26 TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_DISABLED), |
| 83 VERIFY_KERNEL_SUCCESS, | 27 VERIFY_KERNEL_SUCCESS, |
| 84 "Normal Kernel Blob Verification (Trusted)")) | 28 "Normal Kernel Blob Verification (Trusted)"); |
| 85 success = 0; | |
| 86 return success; | |
| 87 } | 29 } |
| 88 | 30 |
| 89 | 31 |
| 90 /* Normal KernelImage Verification Tests. */ | 32 /* Normal KernelImage Verification Tests. */ |
| 91 int VerifyKernelImageTest(KernelImage* image, | 33 void VerifyKernelImageTest(KernelImage* image, |
| 92 RSAPublicKey* firmware_key) { | 34 RSAPublicKey* firmware_key) { |
| 93 int success = 1; | 35 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), |
| 94 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), | 36 VERIFY_KERNEL_SUCCESS, |
| 95 VERIFY_KERNEL_SUCCESS, | 37 "Normal KernelImage Verification (Dev Mode)"); |
| 96 "Normal KernelImage Verification (Dev Mode)")) | 38 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), |
| 97 success = 0; | 39 VERIFY_KERNEL_SUCCESS, |
| 98 | 40 "Normal KernelImage Verification (Trusted)"); |
| 99 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), | |
| 100 VERIFY_KERNEL_SUCCESS, | |
| 101 "Normal KernelImage Verification (Trusted)")) | |
| 102 success = 0; | |
| 103 return success; | |
| 104 } | 41 } |
| 105 | 42 |
| 106 /* Tampered KernelImage Verification Tests. */ | 43 /* Tampered KernelImage Verification Tests. */ |
| 107 int VerifyKernelImageTamperTest(KernelImage* image, | 44 void VerifyKernelImageTamperTest(KernelImage* image, |
| 108 RSAPublicKey* firmware_key) { | 45 RSAPublicKey* firmware_key) { |
| 109 int success = 1; | |
| 110 fprintf(stderr, "[[Tampering with kernel config....]]\n"); | |
| 111 image->options.kernel_load_addr = 0xFFFF; | 46 image->options.kernel_load_addr = 0xFFFF; |
| 112 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), | 47 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), |
| 113 VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, | 48 VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, |
| 114 "KernelImage Config Tamper Verification (Dev Mode)")) | 49 "KernelImage Config Tamper Verification (Dev Mode)"); |
| 115 success = 0; | 50 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), |
| 116 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), | 51 VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, |
| 117 VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, | 52 "KernelImage Config Tamper Verification (Trusted)"); |
| 118 "KernelImage Config Tamper Verification (Trusted)")) | |
| 119 success = 0; | |
| 120 image->options.kernel_load_addr = 0; | 53 image->options.kernel_load_addr = 0; |
| 121 | 54 |
| 122 image->kernel_data[0] = 'T'; | 55 image->kernel_data[0] = 'T'; |
| 123 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), | 56 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), |
| 124 VERIFY_KERNEL_SIGNATURE_FAILED, | 57 VERIFY_KERNEL_SIGNATURE_FAILED, |
| 125 "KernelImage Tamper Verification (Dev Mode)")) | 58 "KernelImage Tamper Verification (Dev Mode)"); |
| 126 success = 0; | 59 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), |
| 127 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), | 60 VERIFY_KERNEL_SIGNATURE_FAILED, |
| 128 VERIFY_KERNEL_SIGNATURE_FAILED, | 61 "KernelImage Tamper Verification (Trusted)"); |
| 129 "KernelImage Tamper Verification (Trusted)")) | |
| 130 success = 0; | |
| 131 image->kernel_data[0] = 'F'; | 62 image->kernel_data[0] = 'F'; |
| 132 | 63 |
| 133 | |
| 134 fprintf(stderr, "[[Tampering with kernel key signature...]]\n"); | |
| 135 image->kernel_key_signature[0] = 0xFF; | 64 image->kernel_key_signature[0] = 0xFF; |
| 136 image->kernel_key_signature[1] = 0x00; | 65 image->kernel_key_signature[1] = 0x00; |
| 137 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), | 66 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), |
| 138 VERIFY_KERNEL_SUCCESS, | 67 VERIFY_KERNEL_SUCCESS, |
| 139 "KernelImage Key Signature Tamper Verification (Dev Mode)")) | 68 "KernelImage Key Signature Tamper Verification (Dev Mode)"); |
| 140 success = 0; | 69 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), |
| 141 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), | 70 VERIFY_KERNEL_KEY_SIGNATURE_FAILED, |
| 142 VERIFY_KERNEL_KEY_SIGNATURE_FAILED, | 71 "KernelImage Key Signature Tamper Verification (Trusted)"); |
| 143 "KernelImage Key Signature Tamper Verification (Trusted)")) | |
| 144 success = 0; | |
| 145 | |
| 146 return success; | |
| 147 } | 72 } |
| 148 | 73 |
| 149 int main(int argc, char* argv[]) { | 74 int main(int argc, char* argv[]) { |
| 150 uint64_t len; | 75 uint64_t len; |
| 76 const char* firmware_key_file = NULL; |
| 77 const char* kernel_key_file = NULL; |
| 151 uint8_t* kernel_sign_key_buf = NULL; | 78 uint8_t* kernel_sign_key_buf = NULL; |
| 152 uint8_t* firmware_key_blob = NULL; | 79 uint8_t* firmware_key_blob = NULL; |
| 153 uint8_t* kernel_blob = NULL; | 80 uint8_t* kernel_blob = NULL; |
| 154 uint64_t kernel_blob_len = 0; | 81 uint64_t kernel_blob_len = 0; |
| 155 KernelImage* image = NULL; | 82 KernelImage* image = NULL; |
| 156 RSAPublicKey* firmware_key = NULL; | 83 RSAPublicKey* firmware_key = NULL; |
| 157 int error_code = 0; | 84 int error_code = 0; |
| 158 | 85 |
| 159 if(argc != 7) { | 86 if(argc != 7) { |
| 160 fprintf(stderr, "Usage: %s <firmware signing algorithm> " /* argv[1] */ | 87 fprintf(stderr, "Usage: %s <firmware signing algorithm> " /* argv[1] */ |
| 161 "<kernel signing algorithm> " /* argv[2] */ | 88 "<kernel signing algorithm> " /* argv[2] */ |
| 162 "<firmware key> " /* argv[3] */ | 89 "<firmware key> " /* argv[3] */ |
| 163 "<processed firmware pubkey> " /* argv[4] */ | 90 "<processed firmware pubkey> " /* argv[4] */ |
| 164 "<kernel signing key> " /* argv[5] */ | 91 "<kernel signing key> " /* argv[5] */ |
| 165 "<processed kernel signing key>\n", /* argv[6] */ | 92 "<processed kernel signing key>\n", /* argv[6] */ |
| 166 argv[0]); | 93 argv[0]); |
| 167 return -1; | 94 return -1; |
| 168 } | 95 } |
| 169 | 96 |
| 170 /* Read verification keys and create a test image. */ | 97 /* Read verification keys and create a test image. */ |
| 171 firmware_key = RSAPublicKeyFromFile(argv[4]); | 98 firmware_key = RSAPublicKeyFromFile(argv[4]); |
| 172 firmware_key_blob = BufferFromFile(argv[4], &len); | 99 firmware_key_blob = BufferFromFile(argv[4], &len); |
| 173 kernel_sign_key_buf = BufferFromFile(argv[6], &len); | 100 kernel_sign_key_buf = BufferFromFile(argv[6], &len); |
| 101 firmware_key_file = argv[3]; |
| 102 kernel_key_file = argv[5]; |
| 103 |
| 174 if (!firmware_key || !kernel_sign_key_buf || !kernel_sign_key_buf) { | 104 if (!firmware_key || !kernel_sign_key_buf || !kernel_sign_key_buf) { |
| 175 error_code = 1; | 105 error_code = 1; |
| 176 goto failure; | 106 goto failure; |
| 177 } | 107 } |
| 178 | 108 |
| 179 image = GenerateTestKernelImage(atoi(argv[1]), | 109 image = GenerateTestKernelImage(atoi(argv[1]), |
| 180 atoi(argv[2]), | 110 atoi(argv[2]), |
| 181 kernel_sign_key_buf, | 111 kernel_sign_key_buf, |
| 182 1, /* Kernel Key Version */ | 112 1, /* Kernel Key Version */ |
| 183 1, /* Kernel Version */ | 113 1, /* Kernel Version */ |
| 184 1000); /* Kernel Size */ | 114 1000, /* Kernel Size */ |
| 115 firmware_key_file, |
| 116 kernel_key_file); |
| 185 if (!image) { | 117 if (!image) { |
| 186 error_code = 1; | 118 error_code = 1; |
| 187 goto failure; | 119 goto failure; |
| 188 } | 120 } |
| 189 | 121 |
| 190 /* Generate and populate signatures. */ | |
| 191 if (!AddKernelKeySignature(image, argv[3])) { | |
| 192 fprintf(stderr, "Couldn't create key signature.\n"); | |
| 193 error_code = 1; | |
| 194 goto failure; | |
| 195 } | |
| 196 | |
| 197 if (!AddKernelSignature(image, argv[5])) { | |
| 198 fprintf(stderr, "Couldn't create kernel option and kernel signature.\n"); | |
| 199 error_code = 1; | |
| 200 goto failure; | |
| 201 } | |
| 202 | |
| 203 kernel_blob = GetKernelBlob(image, &kernel_blob_len); | 122 kernel_blob = GetKernelBlob(image, &kernel_blob_len); |
| 204 | 123 |
| 205 /* Test Kernel blob verify operations. */ | 124 /* Test Kernel blob verify operations. */ |
| 206 if (!VerifyKernelTest(kernel_blob, firmware_key_blob)) | 125 VerifyKernelTest(kernel_blob, firmware_key_blob); |
| 207 error_code = 255; | |
| 208 | 126 |
| 209 /* Test KernelImage verify operations. */ | 127 /* Test KernelImage verify operations. */ |
| 210 if (!VerifyKernelImageTest(image, firmware_key)) | 128 VerifyKernelImageTest(image, firmware_key); |
| 211 error_code = 255; | 129 VerifyKernelImageTamperTest(image, firmware_key); |
| 212 if (!VerifyKernelImageTamperTest(image, firmware_key)) | 130 |
| 131 if (!gTestSuccess) |
| 213 error_code = 255; | 132 error_code = 255; |
| 214 | 133 |
| 215 failure: | 134 failure: |
| 216 Free(kernel_blob); | 135 Free(kernel_blob); |
| 217 KernelImageFree(image); | 136 KernelImageFree(image); |
| 218 Free(kernel_sign_key_buf); | 137 Free(kernel_sign_key_buf); |
| 219 Free(firmware_key_blob); | 138 Free(firmware_key_blob); |
| 220 RSAPublicKeyFree(firmware_key); | 139 RSAPublicKeyFree(firmware_key); |
| 221 | 140 |
| 222 return error_code; | 141 return error_code; |
| 223 } | 142 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1280002:
Move test utility functions to a common place. (Closed)
