OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Tests for kernel image library. | 5 * Tests for kernel image library. |
6 */ | 6 */ |
7 | 7 |
8 #include <stdio.h> | 8 #include <stdio.h> |
9 #include <stdlib.h> | 9 #include <stdlib.h> |
10 | 10 |
11 #include "file_keys.h" | 11 #include "file_keys.h" |
12 #include "kernel_image.h" | 12 #include "kernel_image.h" |
13 #include "rsa_utility.h" | 13 #include "rsa_utility.h" |
| 14 #include "test_common.h" |
14 #include "utility.h" | 15 #include "utility.h" |
15 | 16 |
16 /* ANSI Color coding sequences. */ | |
17 #define COL_GREEN "\e[1;32m" | |
18 #define COL_RED "\e[0;31m" | |
19 #define COL_STOP "\e[m" | |
20 | |
21 int TEST_EQ(int result, int expected_result, char* testname) { | |
22 if (result == expected_result) { | |
23 fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); | |
24 return 1; | |
25 } | |
26 else { | |
27 fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); | |
28 return 0; | |
29 } | |
30 } | |
31 | |
32 KernelImage* GenerateTestKernelImage(int firmware_sign_algorithm, | |
33 int kernel_sign_algorithm, | |
34 uint8_t* kernel_sign_key, | |
35 int kernel_key_version, | |
36 int kernel_version, | |
37 int kernel_len) { | |
38 KernelImage* image = KernelImageNew(); | |
39 | |
40 Memcpy(image->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE); | |
41 image->header_version = 1; | |
42 image->firmware_sign_algorithm = firmware_sign_algorithm; | |
43 image->kernel_sign_algorithm = kernel_sign_algorithm; | |
44 image->kernel_key_version = kernel_key_version; | |
45 image->kernel_sign_key = (uint8_t*) Malloc( | |
46 RSAProcessedKeySize(image->kernel_sign_algorithm)); | |
47 Memcpy(image->kernel_sign_key, kernel_sign_key, | |
48 RSAProcessedKeySize(image->kernel_sign_algorithm)); | |
49 | |
50 /* Update correct header length. */ | |
51 image->header_len = GetKernelHeaderLen(image); | |
52 | |
53 /* Calculate SHA-512 digest on header and populate header_checksum. */ | |
54 CalculateKernelHeaderChecksum(image, image->header_checksum); | |
55 | |
56 /* Populate kernel options and data with dummy data. */ | |
57 image->kernel_version = kernel_version; | |
58 image->options.version[0] = 1; | |
59 image->options.version[1] = 0; | |
60 Memset(image->options.cmd_line, 0, sizeof(image->options.cmd_line)); | |
61 image->options.kernel_len = kernel_len; | |
62 image->options.kernel_load_addr = 0; | |
63 image->options.kernel_entry_addr = 0; | |
64 image->kernel_key_signature = image->kernel_signature = NULL; | |
65 image->kernel_data = Malloc(kernel_len); | |
66 Memset(image->kernel_data, 'F', kernel_len); | |
67 | |
68 return image; | |
69 } | |
70 | |
71 #define DEV_MODE_ENABLED 1 | 17 #define DEV_MODE_ENABLED 1 |
72 #define DEV_MODE_DISABLED 0 | 18 #define DEV_MODE_DISABLED 0 |
73 | 19 |
74 /* Normal Kernel Blob Verification Tests. */ | 20 /* Normal Kernel Blob Verification Tests. */ |
75 int VerifyKernelTest(uint8_t* kernel_blob, uint8_t* firmware_key_blob) { | 21 void VerifyKernelTest(uint8_t* kernel_blob, uint8_t* firmware_key_blob) { |
76 int success = 1; | 22 TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_ENABLED), |
77 if (!TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_ENABLED), | 23 VERIFY_KERNEL_SUCCESS, |
78 VERIFY_KERNEL_SUCCESS, | 24 "Normal Kernel Blob Verification (Dev Mode)"); |
79 "Normal Kernel Blob Verification (Dev Mode)")) | |
80 success = 0; | |
81 | 25 |
82 if (!TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_DISABLED), | 26 TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_DISABLED), |
83 VERIFY_KERNEL_SUCCESS, | 27 VERIFY_KERNEL_SUCCESS, |
84 "Normal Kernel Blob Verification (Trusted)")) | 28 "Normal Kernel Blob Verification (Trusted)"); |
85 success = 0; | |
86 return success; | |
87 } | 29 } |
88 | 30 |
89 | 31 |
90 /* Normal KernelImage Verification Tests. */ | 32 /* Normal KernelImage Verification Tests. */ |
91 int VerifyKernelImageTest(KernelImage* image, | 33 void VerifyKernelImageTest(KernelImage* image, |
92 RSAPublicKey* firmware_key) { | 34 RSAPublicKey* firmware_key) { |
93 int success = 1; | 35 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), |
94 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), | 36 VERIFY_KERNEL_SUCCESS, |
95 VERIFY_KERNEL_SUCCESS, | 37 "Normal KernelImage Verification (Dev Mode)"); |
96 "Normal KernelImage Verification (Dev Mode)")) | 38 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), |
97 success = 0; | 39 VERIFY_KERNEL_SUCCESS, |
98 | 40 "Normal KernelImage Verification (Trusted)"); |
99 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), | |
100 VERIFY_KERNEL_SUCCESS, | |
101 "Normal KernelImage Verification (Trusted)")) | |
102 success = 0; | |
103 return success; | |
104 } | 41 } |
105 | 42 |
106 /* Tampered KernelImage Verification Tests. */ | 43 /* Tampered KernelImage Verification Tests. */ |
107 int VerifyKernelImageTamperTest(KernelImage* image, | 44 void VerifyKernelImageTamperTest(KernelImage* image, |
108 RSAPublicKey* firmware_key) { | 45 RSAPublicKey* firmware_key) { |
109 int success = 1; | |
110 fprintf(stderr, "[[Tampering with kernel config....]]\n"); | |
111 image->options.kernel_load_addr = 0xFFFF; | 46 image->options.kernel_load_addr = 0xFFFF; |
112 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), | 47 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), |
113 VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, | 48 VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, |
114 "KernelImage Config Tamper Verification (Dev Mode)")) | 49 "KernelImage Config Tamper Verification (Dev Mode)"); |
115 success = 0; | 50 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), |
116 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), | 51 VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, |
117 VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED, | 52 "KernelImage Config Tamper Verification (Trusted)"); |
118 "KernelImage Config Tamper Verification (Trusted)")) | |
119 success = 0; | |
120 image->options.kernel_load_addr = 0; | 53 image->options.kernel_load_addr = 0; |
121 | 54 |
122 image->kernel_data[0] = 'T'; | 55 image->kernel_data[0] = 'T'; |
123 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), | 56 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), |
124 VERIFY_KERNEL_SIGNATURE_FAILED, | 57 VERIFY_KERNEL_SIGNATURE_FAILED, |
125 "KernelImage Tamper Verification (Dev Mode)")) | 58 "KernelImage Tamper Verification (Dev Mode)"); |
126 success = 0; | 59 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), |
127 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), | 60 VERIFY_KERNEL_SIGNATURE_FAILED, |
128 VERIFY_KERNEL_SIGNATURE_FAILED, | 61 "KernelImage Tamper Verification (Trusted)"); |
129 "KernelImage Tamper Verification (Trusted)")) | |
130 success = 0; | |
131 image->kernel_data[0] = 'F'; | 62 image->kernel_data[0] = 'F'; |
132 | 63 |
133 | |
134 fprintf(stderr, "[[Tampering with kernel key signature...]]\n"); | |
135 image->kernel_key_signature[0] = 0xFF; | 64 image->kernel_key_signature[0] = 0xFF; |
136 image->kernel_key_signature[1] = 0x00; | 65 image->kernel_key_signature[1] = 0x00; |
137 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), | 66 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED), |
138 VERIFY_KERNEL_SUCCESS, | 67 VERIFY_KERNEL_SUCCESS, |
139 "KernelImage Key Signature Tamper Verification (Dev Mode)")) | 68 "KernelImage Key Signature Tamper Verification (Dev Mode)"); |
140 success = 0; | 69 TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), |
141 if (!TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED), | 70 VERIFY_KERNEL_KEY_SIGNATURE_FAILED, |
142 VERIFY_KERNEL_KEY_SIGNATURE_FAILED, | 71 "KernelImage Key Signature Tamper Verification (Trusted)"); |
143 "KernelImage Key Signature Tamper Verification (Trusted)")) | |
144 success = 0; | |
145 | |
146 return success; | |
147 } | 72 } |
148 | 73 |
149 int main(int argc, char* argv[]) { | 74 int main(int argc, char* argv[]) { |
150 uint64_t len; | 75 uint64_t len; |
| 76 const char* firmware_key_file = NULL; |
| 77 const char* kernel_key_file = NULL; |
151 uint8_t* kernel_sign_key_buf = NULL; | 78 uint8_t* kernel_sign_key_buf = NULL; |
152 uint8_t* firmware_key_blob = NULL; | 79 uint8_t* firmware_key_blob = NULL; |
153 uint8_t* kernel_blob = NULL; | 80 uint8_t* kernel_blob = NULL; |
154 uint64_t kernel_blob_len = 0; | 81 uint64_t kernel_blob_len = 0; |
155 KernelImage* image = NULL; | 82 KernelImage* image = NULL; |
156 RSAPublicKey* firmware_key = NULL; | 83 RSAPublicKey* firmware_key = NULL; |
157 int error_code = 0; | 84 int error_code = 0; |
158 | 85 |
159 if(argc != 7) { | 86 if(argc != 7) { |
160 fprintf(stderr, "Usage: %s <firmware signing algorithm> " /* argv[1] */ | 87 fprintf(stderr, "Usage: %s <firmware signing algorithm> " /* argv[1] */ |
161 "<kernel signing algorithm> " /* argv[2] */ | 88 "<kernel signing algorithm> " /* argv[2] */ |
162 "<firmware key> " /* argv[3] */ | 89 "<firmware key> " /* argv[3] */ |
163 "<processed firmware pubkey> " /* argv[4] */ | 90 "<processed firmware pubkey> " /* argv[4] */ |
164 "<kernel signing key> " /* argv[5] */ | 91 "<kernel signing key> " /* argv[5] */ |
165 "<processed kernel signing key>\n", /* argv[6] */ | 92 "<processed kernel signing key>\n", /* argv[6] */ |
166 argv[0]); | 93 argv[0]); |
167 return -1; | 94 return -1; |
168 } | 95 } |
169 | 96 |
170 /* Read verification keys and create a test image. */ | 97 /* Read verification keys and create a test image. */ |
171 firmware_key = RSAPublicKeyFromFile(argv[4]); | 98 firmware_key = RSAPublicKeyFromFile(argv[4]); |
172 firmware_key_blob = BufferFromFile(argv[4], &len); | 99 firmware_key_blob = BufferFromFile(argv[4], &len); |
173 kernel_sign_key_buf = BufferFromFile(argv[6], &len); | 100 kernel_sign_key_buf = BufferFromFile(argv[6], &len); |
| 101 firmware_key_file = argv[3]; |
| 102 kernel_key_file = argv[5]; |
| 103 |
174 if (!firmware_key || !kernel_sign_key_buf || !kernel_sign_key_buf) { | 104 if (!firmware_key || !kernel_sign_key_buf || !kernel_sign_key_buf) { |
175 error_code = 1; | 105 error_code = 1; |
176 goto failure; | 106 goto failure; |
177 } | 107 } |
178 | 108 |
179 image = GenerateTestKernelImage(atoi(argv[1]), | 109 image = GenerateTestKernelImage(atoi(argv[1]), |
180 atoi(argv[2]), | 110 atoi(argv[2]), |
181 kernel_sign_key_buf, | 111 kernel_sign_key_buf, |
182 1, /* Kernel Key Version */ | 112 1, /* Kernel Key Version */ |
183 1, /* Kernel Version */ | 113 1, /* Kernel Version */ |
184 1000); /* Kernel Size */ | 114 1000, /* Kernel Size */ |
| 115 firmware_key_file, |
| 116 kernel_key_file); |
185 if (!image) { | 117 if (!image) { |
186 error_code = 1; | 118 error_code = 1; |
187 goto failure; | 119 goto failure; |
188 } | 120 } |
189 | 121 |
190 /* Generate and populate signatures. */ | |
191 if (!AddKernelKeySignature(image, argv[3])) { | |
192 fprintf(stderr, "Couldn't create key signature.\n"); | |
193 error_code = 1; | |
194 goto failure; | |
195 } | |
196 | |
197 if (!AddKernelSignature(image, argv[5])) { | |
198 fprintf(stderr, "Couldn't create kernel option and kernel signature.\n"); | |
199 error_code = 1; | |
200 goto failure; | |
201 } | |
202 | |
203 kernel_blob = GetKernelBlob(image, &kernel_blob_len); | 122 kernel_blob = GetKernelBlob(image, &kernel_blob_len); |
204 | 123 |
205 /* Test Kernel blob verify operations. */ | 124 /* Test Kernel blob verify operations. */ |
206 if (!VerifyKernelTest(kernel_blob, firmware_key_blob)) | 125 VerifyKernelTest(kernel_blob, firmware_key_blob); |
207 error_code = 255; | |
208 | 126 |
209 /* Test KernelImage verify operations. */ | 127 /* Test KernelImage verify operations. */ |
210 if (!VerifyKernelImageTest(image, firmware_key)) | 128 VerifyKernelImageTest(image, firmware_key); |
211 error_code = 255; | 129 VerifyKernelImageTamperTest(image, firmware_key); |
212 if (!VerifyKernelImageTamperTest(image, firmware_key)) | 130 |
| 131 if (!gTestSuccess) |
213 error_code = 255; | 132 error_code = 255; |
214 | 133 |
215 failure: | 134 failure: |
216 Free(kernel_blob); | 135 Free(kernel_blob); |
217 KernelImageFree(image); | 136 KernelImageFree(image); |
218 Free(kernel_sign_key_buf); | 137 Free(kernel_sign_key_buf); |
219 Free(firmware_key_blob); | 138 Free(firmware_key_blob); |
220 RSAPublicKeyFree(firmware_key); | 139 RSAPublicKeyFree(firmware_key); |
221 | 140 |
222 return error_code; | 141 return error_code; |
223 } | 142 } |
OLD | NEW |