diff options
author | Bill Richardson <wfrichar@chromium.org> | 2012-05-03 08:40:44 -0700 |
---|---|---|
committer | Gerrit <chrome-bot@google.com> | 2012-05-04 12:16:45 -0700 |
commit | 2448d3b3bc8e80232e7943c16b41eaab19faa1a2 (patch) | |
tree | 602ed9451ec91f58fd60ab055ab9f531f50a921e /tests | |
parent | f47291926afce3235421f73811a04324195f3e13 (diff) | |
download | vboot-2448d3b3bc8e80232e7943c16b41eaab19faa1a2.tar.gz |
Create vbutil_ec tool for signing EC firmware.
This just adds the vbutil_ec tool (and a simple test of the library
functions related to it).
BUG=chrome-os-partner:7459, chromium-os:27142
TEST=manual
make
make runtests
Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5
Reviewed-on: https://gerrit.chromium.org/gerrit/21868
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Makefile | 2 | ||||
-rw-r--r-- | tests/devkeys/ec.keyblock | bin | 0 -> 1720 bytes | |||
-rw-r--r-- | tests/devkeys/ec_data_key.vbprivk | bin | 0 -> 2355 bytes | |||
-rw-r--r-- | tests/devkeys/ec_data_key.vbpubk | bin | 0 -> 1064 bytes | |||
-rw-r--r-- | tests/devkeys/ec_root_key.vbprivk | bin | 0 -> 2356 bytes | |||
-rw-r--r-- | tests/devkeys/ec_root_key.vbpubk | bin | 0 -> 1064 bytes | |||
-rwxr-xr-x | tests/run_vboot_common_tests.sh | 2 | ||||
-rwxr-xr-x | tests/run_vboot_ec_tests.sh | 19 | ||||
-rw-r--r-- | tests/vboot_ec_tests.c | 160 |
9 files changed, 182 insertions, 1 deletions
diff --git a/tests/Makefile b/tests/Makefile index f7f0cba6..9df9a696 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -40,6 +40,7 @@ TEST_NAMES = cgptlib_test \ vboot_common_tests \ vboot_common2_tests \ vboot_common3_tests \ + vboot_ec_tests \ vboot_firmware_tests \ vboot_nvstorage_test \ vboot_api_devmode_tests \ @@ -150,6 +151,7 @@ runcryptotests: ${BUILD_ROOT}/rsa_utility_tests ${BUILD_ROOT}/sha_tests ./run_vboot_common_tests.sh + ./run_vboot_ec_tests.sh # Run other misc tests runmisctests: diff --git a/tests/devkeys/ec.keyblock b/tests/devkeys/ec.keyblock Binary files differnew file mode 100644 index 00000000..6b088f32 --- /dev/null +++ b/tests/devkeys/ec.keyblock diff --git a/tests/devkeys/ec_data_key.vbprivk b/tests/devkeys/ec_data_key.vbprivk Binary files differnew file mode 100644 index 00000000..9f194ce9 --- /dev/null +++ b/tests/devkeys/ec_data_key.vbprivk diff --git a/tests/devkeys/ec_data_key.vbpubk b/tests/devkeys/ec_data_key.vbpubk Binary files differnew file mode 100644 index 00000000..5804dfd6 --- /dev/null +++ b/tests/devkeys/ec_data_key.vbpubk diff --git a/tests/devkeys/ec_root_key.vbprivk b/tests/devkeys/ec_root_key.vbprivk Binary files differnew file mode 100644 index 00000000..49144720 --- /dev/null +++ b/tests/devkeys/ec_root_key.vbprivk diff --git a/tests/devkeys/ec_root_key.vbpubk b/tests/devkeys/ec_root_key.vbpubk Binary files differnew file mode 100644 index 00000000..76c26f94 --- /dev/null +++ b/tests/devkeys/ec_root_key.vbpubk diff --git a/tests/run_vboot_common_tests.sh b/tests/run_vboot_common_tests.sh index 6295f404..9d4373f7 100755 --- a/tests/run_vboot_common_tests.sh +++ b/tests/run_vboot_common_tests.sh @@ -4,7 +4,7 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. -# Run verified boot firmware and kernel verification tests. +# Run verified boot firmware and kernel verification tests. # Load common constants and variables. . "$(dirname "$0")/common.sh" diff --git a/tests/run_vboot_ec_tests.sh b/tests/run_vboot_ec_tests.sh new file mode 100755 index 00000000..b5b0e7b1 --- /dev/null +++ b/tests/run_vboot_ec_tests.sh @@ -0,0 +1,19 @@ +#!/bin/bash -eu + +# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Run verified boot firmware and kernel verification tests. + +# Load common constants and variables. +. "$(dirname "$0")/common.sh" + +check_test_keys + +for priv in ${TESTKEY_DIR}/*.vbprivk; do + root=$(basename ${i%.vbprivk}) + pub="${priv%.vbprivk}.vbpubk" + echo "Trying $root ..." + ${TEST_DIR}/vboot_ec_tests "$priv" "$pub" +done diff --git a/tests/vboot_ec_tests.c b/tests/vboot_ec_tests.c new file mode 100644 index 00000000..831565fc --- /dev/null +++ b/tests/vboot_ec_tests.c @@ -0,0 +1,160 @@ +/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Tests for EC firmware vboot stuff. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "cryptolib.h" +#include "file_keys.h" +#include "host_common.h" +#include "test_common.h" +#include "vboot_common.h" + +static void ReSignECPreamble(VbECPreambleHeader* h, + const VbPrivateKey* key) { + VbSignature *sig = CalculateSignature((const uint8_t*)h, + h->preamble_signature.data_size, key); + + SignatureCopy(&h->preamble_signature, sig); + free(sig); +} + + +static void VerifyECPreambleTest(const VbPublicKey* public_key, + const VbPrivateKey* private_key) { + VbECPreambleHeader* hdr; + VbECPreambleHeader* h; + RSAPublicKey* rsa; + unsigned hsize; + + /* Create a dummy signature */ + VbSignature* body_sig = SignatureAlloc(56, 78); + + rsa = PublicKeyToRSA(public_key); + hdr = CreateECPreamble(0x1234, body_sig, private_key, + 0x5678, "Foo bar"); + TEST_NEQ(hdr && rsa, 0, "VerifyECPreamble() prerequisites"); + if (!hdr) + return; + + hsize = (unsigned) hdr->preamble_size; + h = (VbECPreambleHeader*)malloc(hsize + 16384); + + TEST_EQ(VerifyECPreamble(hdr, hsize, rsa), 0, + "VerifyECPreamble() ok using key"); + TEST_NEQ(VerifyECPreamble(hdr, hsize - 1, rsa), 0, + "VerifyECPreamble() size--"); + TEST_EQ(VerifyECPreamble(hdr, hsize + 1, rsa), 0, + "VerifyECPreamble() size++"); + + TEST_EQ(hdr->firmware_version, 0x1234, + "VerifyECPreamble() firmware version"); + TEST_EQ(hdr->flags, 0x5678, + "VerifyECPreamble() flags"); + TEST_EQ(strncmp(hdr->name, "Foo bar", sizeof(hdr->name)), 0, + "VerifyECPreamble() name"); + + /* Care about major version but not minor */ + Memcpy(h, hdr, hsize); + h->header_version_major++; + ReSignECPreamble(h, private_key); + TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0, + "VerifyECPreamble() major++"); + + Memcpy(h, hdr, hsize); + h->header_version_major--; + ReSignECPreamble(h, private_key); + TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0, + "VerifyECPreamble() major--"); + + Memcpy(h, hdr, hsize); + h->header_version_minor++; + ReSignECPreamble(h, private_key); + TEST_EQ(VerifyECPreamble(h, hsize, rsa), 0, + "VerifyECPreamble() minor++"); + + Memcpy(h, hdr, hsize); + h->header_version_minor--; + ReSignECPreamble(h, private_key); + TEST_EQ(VerifyECPreamble(h, hsize, rsa), 0, + "VerifyECPreamble() minor--"); + + /* Check signature */ + Memcpy(h, hdr, hsize); + h->preamble_signature.sig_offset = hsize; + ReSignECPreamble(h, private_key); + TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0, + "VerifyECPreamble() sig off end"); + + Memcpy(h, hdr, hsize); + h->preamble_signature.sig_size--; + ReSignECPreamble(h, private_key); + TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0, + "VerifyECPreamble() sig too small"); + + Memcpy(h, hdr, hsize); + GetSignatureData(&h->body_digest)[0] ^= 0x34; + TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0, + "VerifyECPreamble() sig mismatch"); + + /* Check that we signed header and body sig */ + Memcpy(h, hdr, hsize); + h->preamble_signature.data_size = 4; + h->body_digest.sig_offset = 0; + h->body_digest.sig_size = 0; + ReSignECPreamble(h, private_key); + TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0, + "VerifyECPreamble() didn't sign header"); + + Memcpy(h, hdr, hsize); + h->body_digest.sig_offset = hsize; + ReSignECPreamble(h, private_key); + TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0, + "VerifyECPreamble() body sig off end"); + + /* TODO: verify with extra padding at end of header. */ + + free(h); + RSAPublicKeyFree(rsa); + free(hdr); +} + + +int main(int argc, char* argv[]) { + VbPrivateKey* signing_private_key = NULL; + VbPublicKey* signing_public_key = NULL; + + int error_code = 0; + + if(argc != 3) { + fprintf(stderr, "Usage: %s <signing privkey> <signing pubkey>", argv[0]); + return -1; + } + + signing_private_key = PrivateKeyRead(argv[1]); + if (!signing_private_key) { + fprintf(stderr, "Error reading signing_private_key\n"); + return 1; + } + + signing_public_key = PublicKeyRead(argv[2]); + if (!signing_public_key) { + fprintf(stderr, "Error reading signing_public_key\n"); + return 1; + } + + VerifyECPreambleTest(signing_public_key, signing_private_key); + + + if (signing_public_key) + free(signing_public_key); + if (signing_private_key) + free(signing_private_key); + + return error_code; +} |