OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Tests for firmware image library. | 5 * Tests for firmware image library. |
6 */ | 6 */ |
7 | 7 |
8 #include <stdio.h> | 8 #include <stdio.h> |
9 #include <stdlib.h> | 9 #include <stdlib.h> |
10 | 10 |
(...skipping 13 matching lines...) Expand all Loading... |
24 fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); | 24 fprintf(stderr, "%s Test " COL_GREEN " PASSED\n" COL_STOP, testname); |
25 return 1; | 25 return 1; |
26 } | 26 } |
27 else { | 27 else { |
28 fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); | 28 fprintf(stderr, "%s Test " COL_RED " FAILED\n" COL_STOP, testname); |
29 return 0; | 29 return 0; |
30 } | 30 } |
31 } | 31 } |
32 | 32 |
33 FirmwareImage* GenerateTestFirmwareImage(int algorithm, | 33 FirmwareImage* GenerateTestFirmwareImage(int algorithm, |
34 uint8_t* sign_key, | 34 uint8_t* firmware_sign_key, |
35 int key_version, | 35 int firmware_key_version, |
36 int firmware_version, | 36 int firmware_version, |
37 int firmware_len) { | 37 int firmware_len) { |
38 FirmwareImage* image = FirmwareImageNew(); | 38 FirmwareImage* image = FirmwareImageNew(); |
39 uint8_t* header_checksum; | 39 uint8_t* header_checksum; |
40 DigestContext ctx; | 40 DigestContext ctx; |
41 | 41 |
42 Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); | 42 Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); |
43 image->sign_algorithm = algorithm; | 43 image->firmware_sign_algorithm = algorithm; |
44 image->sign_key = (uint8_t*) Malloc( | 44 image->firmware_sign_key = (uint8_t*) Malloc( |
45 RSAProcessedKeySize(image->sign_algorithm)); | 45 RSAProcessedKeySize(image->firmware_sign_algorithm)); |
46 Memcpy(image->sign_key, sign_key, RSAProcessedKeySize(image->sign_algorithm)); | 46 Memcpy(image->firmware_sign_key, firmware_sign_key, |
47 image->key_version = key_version; | 47 RSAProcessedKeySize(image->firmware_sign_algorithm)); |
| 48 image->firmware_key_version = firmware_key_version; |
48 | 49 |
49 /* Update correct header length. */ | 50 /* Update correct header length. */ |
50 image->header_len = (sizeof(image->header_len) + | 51 image->header_len = (sizeof(image->header_len) + |
51 sizeof(image->sign_algorithm) + | 52 sizeof(image->firmware_sign_algorithm) + |
52 RSAProcessedKeySize(image->sign_algorithm) + | 53 RSAProcessedKeySize(image->firmware_sign_algorithm) + |
53 sizeof(image->key_version) + | 54 sizeof(image->firmware_key_version) + |
54 sizeof(image->header_checksum)); | 55 sizeof(image->header_checksum)); |
55 | 56 |
56 /* Calculate SHA-512 digest on header and populate header_checksum. */ | 57 /* Calculate SHA-512 digest on header and populate header_checksum. */ |
57 DigestInit(&ctx, ROOT_SIGNATURE_ALGORITHM); | 58 DigestInit(&ctx, ROOT_SIGNATURE_ALGORITHM); |
58 DigestUpdate(&ctx, (uint8_t*) &image->header_len, | 59 DigestUpdate(&ctx, (uint8_t*) &image->header_len, |
59 sizeof(image->header_len)); | 60 sizeof(image->header_len)); |
60 DigestUpdate(&ctx, (uint8_t*) &image->sign_algorithm, | 61 DigestUpdate(&ctx, (uint8_t*) &image->firmware_sign_algorithm, |
61 sizeof(image->sign_algorithm)); | 62 sizeof(image->firmware_sign_algorithm)); |
62 DigestUpdate(&ctx, image->sign_key, | 63 DigestUpdate(&ctx, image->firmware_sign_key, |
63 RSAProcessedKeySize(image->sign_algorithm)); | 64 RSAProcessedKeySize(image->firmware_sign_algorithm)); |
64 DigestUpdate(&ctx, (uint8_t*) &image->key_version, | 65 DigestUpdate(&ctx, (uint8_t*) &image->firmware_key_version, |
65 sizeof(image->key_version)); | 66 sizeof(image->firmware_key_version)); |
66 header_checksum = DigestFinal(&ctx); | 67 header_checksum = DigestFinal(&ctx); |
67 Memcpy(image->header_checksum, header_checksum, SHA512_DIGEST_SIZE); | 68 Memcpy(image->header_checksum, header_checksum, SHA512_DIGEST_SIZE); |
68 Free(header_checksum); | 69 Free(header_checksum); |
69 | 70 |
70 | 71 |
71 /* Populate firmware and preamble with dummy data. */ | 72 /* Populate firmware and preamble with dummy data. */ |
72 image->firmware_version = firmware_version; | 73 image->firmware_version = firmware_version; |
73 image->firmware_len = firmware_len; | 74 image->firmware_len = firmware_len; |
74 image->preamble_signature = image->firmware_signature = NULL; | 75 image->preamble_signature = image->firmware_signature = NULL; |
75 Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); | 76 Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
137 "FirmwareImage Tamper Verification (Dev Mode)")) | 138 "FirmwareImage Tamper Verification (Dev Mode)")) |
138 success = 0; | 139 success = 0; |
139 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | 140 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
140 VERIFY_FIRMWARE_SIGNATURE_FAILED, | 141 VERIFY_FIRMWARE_SIGNATURE_FAILED, |
141 "FirmwareImage Tamper Verification (Trusted)")) | 142 "FirmwareImage Tamper Verification (Trusted)")) |
142 success = 0; | 143 success = 0; |
143 image->firmware_data[0] = 'F'; | 144 image->firmware_data[0] = 'F'; |
144 | 145 |
145 | 146 |
146 fprintf(stderr, "[[Tampering with root key signature...]]\n"); | 147 fprintf(stderr, "[[Tampering with root key signature...]]\n"); |
147 image->key_signature[0] = 0xFF; | 148 image->firmware_key_signature[0] = 0xFF; |
148 image->key_signature[1] = 0x00; | 149 image->firmware_key_signature[1] = 0x00; |
149 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), | 150 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_ENABLED), |
150 VERIFY_FIRMWARE_SUCCESS, | 151 VERIFY_FIRMWARE_SUCCESS, |
151 "FirmwareImage Root Signature Tamper Verification (Dev Mode)")) | 152 "FirmwareImage Root Signature Tamper Verification (Dev Mode)")) |
152 success = 0; | 153 success = 0; |
153 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), | 154 if (!TEST_EQ(VerifyFirmwareImage(root_key, image, DEV_MODE_DISABLED), |
154 VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, | 155 VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED, |
155 "FirmwareImage Root Signature Tamper Verification (Trusted)")) | 156 "FirmwareImage Root Signature Tamper Verification (Trusted)")) |
156 success = 0; | 157 success = 0; |
157 | 158 |
158 return success; | 159 return success; |
159 } | 160 } |
160 | 161 |
161 int main(int argc, char* argv[]) { | 162 int main(int argc, char* argv[]) { |
162 uint32_t len; | 163 uint32_t len; |
163 uint8_t* sign_key_buf = NULL; | 164 uint8_t* firmware_sign_key_buf = NULL; |
164 uint8_t* root_key_blob = NULL; | 165 uint8_t* root_key_blob = NULL; |
165 uint8_t* firmware_blob = NULL; | 166 uint8_t* firmware_blob = NULL; |
| 167 int firmware_blob_len = 0; |
166 FirmwareImage* image = NULL; | 168 FirmwareImage* image = NULL; |
167 RSAPublicKey* root_key = NULL; | 169 RSAPublicKey* root_key = NULL; |
168 int error_code = 1; | 170 int error_code = 1; |
169 char* tmp_firmwareblob_file = ".tmpFirmwareBlob"; | |
170 | 171 |
171 if(argc != 6) { | 172 if(argc != 6) { |
172 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" | 173 fprintf(stderr, "Usage: %s <algorithm> <root key> <processed root pubkey>" |
173 " <signing key> <processed signing key>\n", argv[0]); | 174 " <signing key> <processed signing key>\n", argv[0]); |
174 return -1; | 175 return -1; |
175 } | 176 } |
176 | 177 |
177 /* Read verification keys and create a test image. */ | 178 /* Read verification keys and create a test image. */ |
178 root_key = RSAPublicKeyFromFile(argv[3]); | 179 root_key = RSAPublicKeyFromFile(argv[3]); |
179 root_key_blob = BufferFromFile(argv[3], &len); | 180 root_key_blob = BufferFromFile(argv[3], &len); |
180 sign_key_buf = BufferFromFile(argv[5], &len); | 181 firmware_sign_key_buf = BufferFromFile(argv[5], &len); |
181 image = GenerateTestFirmwareImage(atoi(argv[1]), sign_key_buf, 1, | 182 image = GenerateTestFirmwareImage(atoi(argv[1]), firmware_sign_key_buf, 1, |
182 1, 1000); | 183 1, 1000); |
183 | 184 |
184 if (!root_key || !sign_key_buf || !image) { | 185 if (!root_key || !firmware_sign_key_buf || !image) { |
185 error_code = 1; | 186 error_code = 1; |
186 goto failure; | 187 goto failure; |
187 } | 188 } |
188 | 189 |
189 /* Generate and populate signatures. */ | 190 /* Generate and populate signatures. */ |
190 if (!AddFirmwareKeySignature(image, argv[2])) { | 191 if (!AddFirmwareKeySignature(image, argv[2])) { |
191 fprintf(stderr, "Couldn't create key signature.\n"); | 192 fprintf(stderr, "Couldn't create key signature.\n"); |
192 error_code = 1; | 193 error_code = 1; |
193 goto failure; | 194 goto failure; |
194 } | 195 } |
195 | 196 |
196 if (!AddFirmwareSignature(image, argv[4], image->sign_algorithm)) { | 197 if (!AddFirmwareSignature(image, argv[4])) { |
197 fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); | 198 fprintf(stderr, "Couldn't create firmware and preamble signature.\n"); |
198 error_code = 1; | 199 error_code = 1; |
199 goto failure; | 200 goto failure; |
200 } | 201 } |
201 | 202 |
202 | 203 firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); |
203 /* Generate a firmware binary blob from image. | |
204 * | |
205 * TODO(gauravsh): There should be a function to directly generate a binary | |
206 * blob buffer from a FirmwareImage instead of indirectly writing to a file | |
207 * and reading it into a buffer. | |
208 */ | |
209 if (!WriteFirmwareImage(tmp_firmwareblob_file, image)) { | |
210 fprintf(stderr, "Couldn't create a temporary firmware blob file.\n"); | |
211 error_code = 1; | |
212 goto failure; | |
213 } | |
214 firmware_blob = BufferFromFile(tmp_firmwareblob_file, &len); | |
215 | 204 |
216 /* Test Firmware blob verify operations. */ | 205 /* Test Firmware blob verify operations. */ |
217 if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) | 206 if (!VerifyFirmwareTest(firmware_blob, root_key_blob)) |
218 error_code = 255; | 207 error_code = 255; |
219 | 208 |
220 /* Test FirmwareImage verify operations. */ | 209 /* Test FirmwareImage verify operations. */ |
221 if (!VerifyFirmwareImageTest(image, root_key)) | 210 if (!VerifyFirmwareImageTest(image, root_key)) |
222 error_code = 255; | 211 error_code = 255; |
223 if (!VerifyFirmwareImageTamperTest(image, root_key)) | 212 if (!VerifyFirmwareImageTamperTest(image, root_key)) |
224 error_code = 255; | 213 error_code = 255; |
225 | 214 |
226 failure: | 215 failure: |
227 Free(firmware_blob); | 216 Free(firmware_blob); |
228 Free(image); | 217 Free(image); |
229 Free(sign_key_buf); | 218 Free(firmware_sign_key_buf); |
230 Free(root_key_blob); | 219 Free(root_key_blob); |
231 Free(root_key); | 220 Free(root_key); |
232 | 221 |
233 return error_code; | 222 return error_code; |
234 } | 223 } |
OLD | NEW |