Index: src/platform/vboot_reference/tests/firmware_image_tests.c |
diff --git a/src/platform/vboot_reference/tests/firmware_image_tests.c b/src/platform/vboot_reference/tests/firmware_image_tests.c |
index 42b44aba9dfa0118686db8847eff44d7eee9a6e4..40018d7d3dac241fcc0058d9163bb34684898880 100644 |
--- a/src/platform/vboot_reference/tests/firmware_image_tests.c |
+++ b/src/platform/vboot_reference/tests/firmware_image_tests.c |
@@ -31,7 +31,7 @@ FirmwareImage* GenerateTestFirmwareImage(int algorithm, |
int firmware_version, |
int firmware_len) { |
FirmwareImage* image = FirmwareImageNew(); |
- uint8_t* header_hash; |
+ uint8_t* header_checksum; |
DigestContext ctx; |
Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); |
@@ -41,7 +41,14 @@ FirmwareImage* GenerateTestFirmwareImage(int algorithm, |
Memcpy(image->sign_key, sign_key, RSAProcessedKeySize(image->sign_algorithm)); |
image->key_version = key_version; |
- /* Calculate SHA-512 digest on header and populate header_hash. */ |
+ /* Update correct header length. */ |
+ image->header_len = (sizeof(image->header_len) + |
+ sizeof(image->sign_algorithm) + |
+ RSAProcessedKeySize(image->sign_algorithm) + |
+ sizeof(image->key_version) + |
+ sizeof(image->header_checksum)); |
+ |
+ /* Calculate SHA-512 digest on header and populate header_checksum. */ |
DigestInit(&ctx, ROOT_SIGNATURE_ALGORITHM); |
DigestUpdate(&ctx, (uint8_t*) &image->header_len, |
sizeof(image->header_len)); |
@@ -51,16 +58,10 @@ FirmwareImage* GenerateTestFirmwareImage(int algorithm, |
RSAProcessedKeySize(image->sign_algorithm)); |
DigestUpdate(&ctx, (uint8_t*) &image->key_version, |
sizeof(image->key_version)); |
- header_hash = DigestFinal(&ctx); |
- Memcpy(image->header_hash, header_hash, SHA512_DIGEST_SIZE); |
- Free(header_hash); |
+ header_checksum = DigestFinal(&ctx); |
+ Memcpy(image->header_checksum, header_checksum, SHA512_DIGEST_SIZE); |
+ Free(header_checksum); |
- /* Update correct header length. */ |
- image->header_len = (sizeof(image->header_len) + |
- sizeof(image->sign_algorithm) + |
- RSAProcessedKeySize(image->sign_algorithm) + |
- sizeof(image->key_version) + |
- sizeof(image->header_hash)); |
/* Populate firmware and preamble with dummy data. */ |
image->firmware_version = firmware_version; |
@@ -76,59 +77,77 @@ FirmwareImage* GenerateTestFirmwareImage(int algorithm, |
#define DEV_MODE_ENABLED 1 |
#define DEV_MODE_DISABLED 0 |
-/* Normal Firmware Verification Tests. */ |
-int VerifyFirmwareTest(FirmwareImage* image, RSAPublicKey* root_key) { |
+/* Normal Firmware Blob Verification Tests. */ |
+int VerifyFirmwareTest(uint8_t* firmware_blob, uint8_t* root_key_blob) { |
+ int success = 1; |
+ if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_ENABLED), |
+ VERIFY_FIRMWARE_SUCCESS, |
+ "Normal Firmware Blob Verification (Dev Mode)")) |
+ success = 0; |
+ |
+ if (!TEST_EQ(VerifyFirmware(root_key_blob, firmware_blob, DEV_MODE_DISABLED), |
+ VERIFY_FIRMWARE_SUCCESS, |
+ "Normal Firmware Blob Verification (Trusted)")) |
+ success = 0; |
+ return success; |
+} |
+ |
+ |
+/* Normal FirmwareImage Verification Tests. */ |
+int VerifyFirmwareImageTest(FirmwareImage* image, |
+ RSAPublicKey* root_key) { |
int success = 1; |
- if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_ENABLED), |
- VERIFY_SUCCESS, |
- "Normal Verification (Dev Mode)")) |
+ if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
+ VERIFY_FIRMWARE_SUCCESS, |
+ "Normal FirmwareImage Verification (Dev Mode)")) |
success = 0; |
- if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_DISABLED), |
- VERIFY_SUCCESS, |
- "Normal Verification (Trusted)")) |
+ if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
+ VERIFY_FIRMWARE_SUCCESS, |
+ "Normal FirmwareImage Verification (Trusted)")) |
success = 0; |
return success; |
} |
-/* Tampered Firmware Verification Tests. */ |
-int VerifyFirmwareTamperTest(FirmwareImage* image, RSAPublicKey* root_key) { |
+/* Tampered FirmwareImage Verification Tests. */ |
+int VerifyFirmwareImageTamperTest(FirmwareImage* image, |
+ RSAPublicKey* root_key) { |
int success = 1; |
- fprintf(stderr, "Tampering with firmware preamble....\n"); |
+ fprintf(stderr, "[[Tampering with firmware preamble....]]\n"); |
image->firmware_version = 0; |
- if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_ENABLED), |
- VERIFY_PREAMBLE_SIGNATURE_FAILED, |
- "Firmware Preamble Tamper Verification (Dev Mode)")) |
+ if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
+ VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, |
+ "FirmwareImage Preamble Tamper Verification (Dev Mode)")) |
success = 0; |
- if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_DISABLED), |
- VERIFY_PREAMBLE_SIGNATURE_FAILED, |
- "Firmware Preamble Tamper Verification (Trusted)")) |
+ if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
+ VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED, |
+ "FirmwareImage Preamble Tamper Verification (Trusted)")) |
success = 0; |
image->firmware_version = 1; |
image->firmware_data[0] = 'T'; |
- if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_ENABLED), |
+ if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
VERIFY_FIRMWARE_SIGNATURE_FAILED, |
- "Firmware Tamper Verification (Dev Mode)")) |
+ "FirmwareImage Tamper Verification (Dev Mode)")) |
success = 0; |
- if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_DISABLED), |
+ if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
VERIFY_FIRMWARE_SIGNATURE_FAILED, |
- "Firmware Tamper Verification (Trusted)")) |
+ "FirmwareImage Tamper Verification (Trusted)")) |
success = 0; |
image->firmware_data[0] = 'F'; |
- fprintf(stderr, "Tampering with root key signature...\n"); |
+ fprintf(stderr, "[[Tampering with root key signature...]]\n"); |
image->key_signature[0] = 0xFF; |
image->key_signature[1] = 0x00; |
- if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_ENABLED), |
- VERIFY_SUCCESS, |
- "Root Signature Tamper Verification (Dev Mode)")) |
+ if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
+ VERIFY_FIRMWARE_SUCCESS, |
+ "FirmwareImage Root Signature Tamper Verification (Dev Mode)")) |
success = 0; |
- if (!TEST_EQ(VerifyFirmware(root_key, image, DEV_MODE_DISABLED), |
- VERIFY_ROOT_SIGNATURE_FAILED, |
- "Root Signature Tamper Verification (Trusted)")) |
+ if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
+ VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, |
+ "FirmwareImage Root Signature Tamper Verification (Trusted)")) |
success = 0; |
return success; |
@@ -137,9 +156,12 @@ int VerifyFirmwareTamperTest(FirmwareImage* image, RSAPublicKey* root_key) { |
int main(int argc, char* argv[]) { |
int len; |
uint8_t* sign_key_buf = NULL; |
+ uint8_t* root_key_blob = NULL; |
+ uint8_t* firmware_blob = NULL; |
FirmwareImage* image = NULL; |
RSAPublicKey* root_key = NULL; |
int error_code = 1; |
+ char* tmp_firmwareblob_file = ".tmpFirmwareBlob"; |
if(argc != 6) { |
fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" |
@@ -149,6 +171,7 @@ int main(int argc, char* argv[]) { |
/* Read verification keys and create a test image. */ |
root_key = RSAPublicKeyFromFile(argv[3]); |
+ root_key_blob = BufferFromFile(argv[3], &len); |
sign_key_buf = BufferFromFile(argv[5], &len); |
image = GenerateTestFirmwareImage(atoi(argv[1]), sign_key_buf, 1, |
1, 1000); |
@@ -171,15 +194,36 @@ int main(int argc, char* argv[]) { |
goto failure; |
} |
- if (!VerifyFirmwareTest(image, root_key)) |
+ |
+ /* Generate a firmware binary blob from image. |
+ * |
+ * TODO(gauravsh): There should be a function to directly generate a binary |
+ * blob buffer from a FirmwareImage instead of indirectly writing to a file |
+ * and reading it into a buffer. |
+ */ |
+ if (!WriteFirmwareImage(tmp_firmwareblob_file, image)) { |
+ fprintf(stderr, "Couldn't create a temporary firmware blob file.\n"); |
+ error_code = 1; |
+ goto failure; |
+ } |
+ firmware_blob = BufferFromFile(tmp_firmwareblob_file, &len); |
+ |
+ /* Test Firmware blob verify operations. */ |
+ if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) |
+ error_code = 255; |
+ |
+ /* Test FirmwareImage verify operations. */ |
+ if (!VerifyFirmwareImageTest(image, root_key)) |
error_code = 255; |
- if (!VerifyFirmwareTamperTest(image, root_key)) |
+ if (!VerifyFirmwareImageTamperTest(image, root_key)) |
error_code = 255; |
failure: |
- Free(root_key); |
- Free(sign_key_buf); |
+ Free(firmware_blob); |
Free(image); |
+ Free(sign_key_buf); |
+ Free(root_key_blob); |
+ Free(root_key); |
return error_code; |
} |