Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/platform/vboot_reference/tests/firmware_image_tests.c

Issue 564020: Data structure and interface for manipulating and handing firmware images for verified boot. (Closed)
Patch Set: Fix spaces etc. Created 10 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/platform/vboot_reference/tests/Makefile ('k') | src/platform/vboot_reference/tests/run_tests.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Tests for firmware image library.
6 */
7
8 #include <stdio.h>
9 #include <stdlib.h>
10
11 #include "file_keys.h"
12 #include "firmware_image.h"
13 #include "rsa_utility.h"
14 #include "sha_utility.h"
15 #include "utility.h"
16
17 int TEST_EQ(int result, int expected_result, char* testname) {
18 if (result == expected_result) {
19 fprintf(stderr, "%s Test \e[1;32mSUCCEEDED\e[m\n", testname);
20 return 1;
21 }
22 else {
23 fprintf(stderr, "%s Test \e[0;31mFAILED\e[m\n", testname);
24 return 0;
25 }
26 }
27
28 FirmwareImage* GenerateTestFirmwareImage(int algorithm,
29 uint8_t* sign_key,
30 int key_version,
31 int firmware_version,
32 int firmware_len) {
33 FirmwareImage* image = FirmwareImageNew();
34 uint8_t* header_hash;
35 DigestContext ctx;
36
37 Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE);
38 image->sign_algorithm = algorithm;
39 image->sign_key = (uint8_t*) Malloc(
40 RSAProcessedKeySize(image->sign_algorithm));
41 Memcpy(image->sign_key, sign_key, RSAProcessedKeySize(image->sign_algorithm));
42 image->key_version = key_version;
43
44 /* Calculate SHA-512 digest on header and populate header_hash. */
45 DigestInit(&ctx, ROOT_SIGNATURE_ALGORITHM);
46 DigestUpdate(&ctx, (uint8_t*) &image->header_len,
47 sizeof(image->header_len));
48 DigestUpdate(&ctx, (uint8_t*) &image->sign_algorithm,
49 sizeof(image->sign_algorithm));
50 DigestUpdate(&ctx, image->sign_key,
51 RSAProcessedKeySize(image->sign_algorithm));
52 DigestUpdate(&ctx, (uint8_t*) &image->key_version,
53 sizeof(image->key_version));
54 header_hash = DigestFinal(&ctx);
55 Memcpy(image->header_hash, header_hash, SHA512_DIGEST_SIZE);
56 Free(header_hash);
57
58 /* Update correct header length. */
59 image->header_len = (sizeof(image->header_len) +
60 sizeof(image->sign_algorithm) +
61 RSAProcessedKeySize(image->sign_algorithm) +
62 sizeof(image->key_version) +
63 sizeof(image->header_hash));
64
65 /* Populate firmware and preamble with dummy data. */
66 image->firmware_version = firmware_version;
67 image->firmware_len = firmware_len;
68 image->preamble_signature = image->firmware_signature = NULL;
69 Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE);
70 image->firmware_data = Malloc(image->firmware_len);
71 Memset(image->firmware_data, 'F', image->firmware_len);
72
73 return image;
74 }
75
76 #define DEV_MODE_ENABLED 1
77 #define DEV_MODE_DISABLED 0
78
79 /* Normal Firmware Verification Tests. */
80 int VerifyFirmwareTest(FirmwareImage* image, RSAPublicKey* root_key) {
81 int success = 1;
82 if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_ENABLED),
83 VERIFY_SUCCESS,
84 "Normal Verification (Dev Mode)"))
85 success = 0;
86
87 if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_DISABLED),
88 VERIFY_SUCCESS,
89 "Normal Verification (Trusted)"))
90 success = 0;
91 return success;
92 }
93
94 /* Tampered Firmware Verification Tests. */
95 int VerifyFirmwareTamperTest(FirmwareImage* image, RSAPublicKey* root_key) {
96 int success = 1;
97 fprintf(stderr, "Tampering with firmware preamble....\n");
98 image->firmware_version = 0;
99 if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_ENABLED),
100 VERIFY_PREAMBLE_SIGNATURE_FAILED,
101 "Firmware Preamble Tamper Verification (Dev Mode)"))
102 success = 0;
103
104 if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_DISABLED),
105 VERIFY_PREAMBLE_SIGNATURE_FAILED,
106 "Firmware Preamble Tamper Verification (Trusted)"))
107 success = 0;
108 image->firmware_version = 1;
109
110 image->firmware_data[0] = 'T';
111 if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_ENABLED),
112 VERIFY_FIRMWARE_SIGNATURE_FAILED,
113 "Firmware Tamper Verification (Dev Mode)"))
114 success = 0;
115 if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_DISABLED),
116 VERIFY_FIRMWARE_SIGNATURE_FAILED,
117 "Firmware Tamper Verification (Trusted)"))
118 success = 0;
119 image->firmware_data[0] = 'F';
120
121
122 fprintf(stderr, "Tampering with root key signature...\n");
123 image->key_signature[0] = 0xFF;
124 image->key_signature[1] = 0x00;
125 if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_ENABLED),
126 VERIFY_SUCCESS,
127 "Root Signature Tamper Verification (Dev Mode)"))
128 success = 0;
129 if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_DISABLED),
130 VERIFY_ROOT_SIGNATURE_FAILED,
131 "Root Signature Tamper Verification (Trusted)"))
132 success = 0;
133
134 return success;
135 }
136
137 int main(int argc, char* argv[]) {
138 int len;
139 uint8_t* sign_key_buf;
140 FirmwareImage* image;
141 RSAPublicKey* root_key;
142 int success = 1;
143
144 if(argc != 6) {
145 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>"
146 " <signing key> <processed signing key>\n", argv[0]);
147 return -1;
148 }
149
150 /* Read verification keys and create a test image. */
151 root_key = RSAPublicKeyFromFile(argv[3]);
152 sign_key_buf = BufferFromFile(argv[5], &len);
153 image = GenerateTestFirmwareImage(atoi(argv[1]), sign_key_buf, 1,
154 1, 1000);
155
156 /* Generate and populate signatures. */
157 if (!AddKeySignature(image, argv[2])) {
158 fprintf(stderr, "Couldn't create key signature.\n");
159 return -1;
160 }
161
162 if (!AddFirmwareSignature(image, argv[4], image->sign_algorithm)) {
163 fprintf(stderr, "Couldn't create firmware and preamble signature.\n");
164 return -1;
165 }
166
167 if (!VerifyFirmwareTest(image, root_key))
168 success = 0;
169 if (!VerifyFirmwareTamperTest(image, root_key))
170 success = 0;
171
172 /* Clean up. */
173 Free(root_key);
174 Free(sign_key_buf);
175 Free(image);
176
177 return !success;
178 }
OLDNEW
« no previous file with comments | « src/platform/vboot_reference/tests/Makefile ('k') | src/platform/vboot_reference/tests/run_tests.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698