1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
|
/* Copyright 2015 The ChromiumOS Authors
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Tests for kernel secure storage library.
*/
#include "2api.h"
#include "2common.h"
#include "2crc8.h"
#include "2misc.h"
#include "2secdata.h"
#include "2secdata_struct.h"
#include "2sysincludes.h"
#include "common/tests.h"
static uint8_t workbuf[VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE]
__attribute__((aligned(VB2_WORKBUF_ALIGN)));
static struct vb2_context *ctx;
static struct vb2_shared_data *sd;
static struct vb2_secdata_kernel_v0 *sec02;
static struct vb2_secdata_kernel_v1 *sec10;
static void reset_common_data(void)
{
memset(workbuf, 0xaa, sizeof(workbuf));
TEST_SUCC(vb2api_init(workbuf, sizeof(workbuf), &ctx),
"vb2api_init failed");
sd = vb2_get_sd(ctx);
/* Most tests assume we have passed fw_phase1() */
sd->status |= VB2_SD_STATUS_RECOVERY_DECIDED;
sec02 = (struct vb2_secdata_kernel_v0 *)ctx->secdata_kernel;
sec10 = (struct vb2_secdata_kernel_v1 *)ctx->secdata_kernel;
}
static void test_init(struct vb2_shared_data *s, int init, const char *why)
{
if (init)
TEST_NEQ(s->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT, 0, why);
else
TEST_EQ(s->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT, 0, why);
}
static void test_changed(struct vb2_context *c, int changed, const char *why)
{
if (changed)
TEST_NEQ(c->flags & VB2_CONTEXT_SECDATA_KERNEL_CHANGED, 0, why);
else
TEST_EQ(c->flags & VB2_CONTEXT_SECDATA_KERNEL_CHANGED, 0, why);
c->flags &= ~VB2_CONTEXT_SECDATA_KERNEL_CHANGED;
}
/*
* Version-independent tests
*/
static void secdata_kernel_test(void)
{
uint8_t size;
reset_common_data();
/* Blank data is invalid */
size = VB2_SECDATA_KERNEL_MIN_SIZE;
memset(&ctx->secdata_kernel, 0xa6, size);
TEST_EQ(vb2api_secdata_kernel_check(ctx, &size),
VB2_ERROR_SECDATA_KERNEL_VERSION, "Check blank bad version");
TEST_EQ(vb2_secdata_kernel_init(ctx),
VB2_ERROR_SECDATA_KERNEL_VERSION, "Init blank bad version");
test_init(sd, 0, "Init set SD status");
/* Ensure zeroed buffers are invalid */
size = VB2_SECDATA_KERNEL_MIN_SIZE;
memset(&ctx->secdata_kernel, 0, size);
TEST_EQ(vb2api_secdata_kernel_check(ctx, &size),
VB2_ERROR_SECDATA_KERNEL_VERSION, "Check zero bad version");
TEST_EQ(vb2_secdata_kernel_init(ctx),
VB2_ERROR_SECDATA_KERNEL_VERSION, "Init zero incomplete");
test_init(sd, 0, "Init set SD status");
/* Read data less than minimum size */
size = VB2_SECDATA_KERNEL_MIN_SIZE - 1;
TEST_EQ(vb2api_secdata_kernel_check(ctx, &size),
VB2_ERROR_SECDATA_KERNEL_INCOMPLETE, "Check incomplete");
TEST_EQ(size, VB2_SECDATA_KERNEL_MIN_SIZE, "Return minimum size");
}
static void secdata_kernel_test_v10(void)
{
uint8_t size;
reset_common_data();
/* Create good data */
size = VB2_SECDATA_KERNEL_SIZE_V10;
TEST_EQ(vb2api_secdata_kernel_create(ctx),
VB2_SECDATA_KERNEL_SIZE_V10, "Create v1.0");
TEST_SUCC(vb2api_secdata_kernel_check(ctx, &size), "Check created CRC");
TEST_SUCC(vb2_secdata_kernel_init(ctx), "Init created CRC");
test_init(sd, 1, "Init set SD status");
test_changed(ctx, 1, "Create changes data");
/* Check excessive data */
size = VB2_SECDATA_KERNEL_SIZE_V10 + 1;
TEST_SUCC(vb2api_secdata_kernel_check(ctx, &size),
"Check large v1.0 data");
TEST_EQ(size, VB2_SECDATA_KERNEL_SIZE_V10, "Return expected size");
/* Check incomplete data */
size = VB2_SECDATA_KERNEL_SIZE_V10 - 1;
vb2api_secdata_kernel_create(ctx);
TEST_EQ(vb2api_secdata_kernel_check(ctx, &size),
VB2_ERROR_SECDATA_KERNEL_INCOMPLETE, "Check incomplete");
TEST_EQ(size, VB2_SECDATA_KERNEL_SIZE_V10, "Return expected size");
reset_common_data();
/* Bad version */
size = VB2_SECDATA_KERNEL_SIZE_V10;
vb2api_secdata_kernel_create(ctx);
sec10->struct_version -= 1;
TEST_EQ(vb2api_secdata_kernel_check(ctx, &size),
VB2_ERROR_SECDATA_KERNEL_VERSION, "Check invalid version");
TEST_EQ(vb2_secdata_kernel_init(ctx),
VB2_ERROR_SECDATA_KERNEL_VERSION, "Init invalid version");
test_init(sd, 0, "Init set SD status");
/* Higher minor version */
vb2api_secdata_kernel_create(ctx);
sec10->struct_version += 1;
TEST_SUCC(vb2api_secdata_kernel_check(ctx, &size), "Check v1.1 data");
TEST_SUCC(vb2_secdata_kernel_init(ctx), "Init v1.1 data");
test_init(sd, 1, "Init set SD status");
reset_common_data();
/* Higher major version */
vb2api_secdata_kernel_create(ctx);
sec10->struct_version += 0x10;
TEST_EQ(vb2api_secdata_kernel_check(ctx, &size),
VB2_ERROR_SECDATA_KERNEL_VERSION, "Check v2.0 data");
TEST_EQ(vb2_secdata_kernel_init(ctx),
VB2_ERROR_SECDATA_KERNEL_VERSION, "Init v2.0 data");
test_init(sd, 0, "Init set SD status");
reset_common_data();
/* Corrupt data */
size = VB2_SECDATA_KERNEL_SIZE_V10;
vb2api_secdata_kernel_create(ctx);
sec10->kernel_versions++;
TEST_EQ(vb2api_secdata_kernel_check(ctx, &size),
VB2_ERROR_SECDATA_KERNEL_CRC, "Check invalid CRC");
TEST_EQ(vb2_secdata_kernel_init(ctx),
VB2_ERROR_SECDATA_KERNEL_CRC, "Init invalid CRC");
test_init(sd, 0, "Init set SD status");
}
static void secdata_kernel_test_v02(void)
{
uint8_t size;
reset_common_data();
/* Create good data */
size = VB2_SECDATA_KERNEL_SIZE_V02;
TEST_EQ(vb2api_secdata_kernel_create_v0(ctx), size, "Create v0.2");
TEST_SUCC(vb2api_secdata_kernel_check(ctx, &size), "Check v0.2");
TEST_SUCC(vb2_secdata_kernel_init(ctx), "Init created CRC");
test_init(sd, 1, "Init set SD status");
/* Check excessive data */
size = VB2_SECDATA_KERNEL_SIZE_V02 + 1;
TEST_SUCC(vb2api_secdata_kernel_check(ctx, &size),
"Check large v0.2 data");
TEST_EQ(size, VB2_SECDATA_KERNEL_SIZE_V02, "Return expected size");
/* Check incomplete data */
size = VB2_SECDATA_KERNEL_SIZE_V02 - 1;
TEST_EQ(vb2api_secdata_kernel_check(ctx, &size),
VB2_ERROR_SECDATA_KERNEL_INCOMPLETE, "Check small v0.2 data");
TEST_EQ(size, VB2_SECDATA_KERNEL_SIZE_V02, "Return expected size");
reset_common_data();
/* Corrupt data */
vb2api_secdata_kernel_create_v0(ctx);
sec02->kernel_versions++;
TEST_EQ(vb2api_secdata_kernel_check(ctx, &size),
VB2_ERROR_SECDATA_KERNEL_CRC, "Check invalid CRC");
TEST_EQ(vb2_secdata_kernel_init(ctx),
VB2_ERROR_SECDATA_KERNEL_CRC, "Init invalid CRC");
}
static void secdata_kernel_access_test_v10(void)
{
uint32_t v = 1;
const uint8_t *p;
uint8_t ec_hash[VB2_SHA256_DIGEST_SIZE];
reset_common_data();
/* Read/write versions */
vb2api_secdata_kernel_create(ctx);
vb2_secdata_kernel_init(ctx);
ctx->flags = 0;
v = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS);
TEST_EQ(v, 0, "Versions created 0");
test_changed(ctx, 0, "Get doesn't change data");
vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS, 0x123456ff);
test_changed(ctx, 1, "Set changes data");
vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS, 0x123456ff);
test_changed(ctx, 0, "Set again doesn't change data");
v = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS);
TEST_EQ(v, 0x123456ff, "Versions changed");
/* Read/write flags */
vb2api_secdata_kernel_create(ctx);
vb2_secdata_kernel_init(ctx);
ctx->flags = 0;
v = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_FLAGS);
TEST_EQ(v, 0, "Flags created 0");
test_changed(ctx, 0, "Get doesn't change data");
vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, 0x12);
test_changed(ctx, 1, "Set changes data");
vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, 0x12);
test_changed(ctx, 0, "Set again doesn't change data");
v = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_FLAGS);
TEST_EQ(v, 0x12, "Flags changed");
TEST_ABORT(vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, 0x100),
"Bad flags");
/* Invalid field fails */
TEST_ABORT(vb2_secdata_kernel_get(ctx, -1), "Get invalid");
TEST_ABORT(vb2_secdata_kernel_set(ctx, -1, 456), "Set invalid");
test_changed(ctx, 0, "Set invalid field doesn't change data");
/* Read/write uninitialized data fails */
sd->status &= ~VB2_SD_STATUS_SECDATA_KERNEL_INIT;
TEST_ABORT(vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS),
"Get uninitialized");
test_changed(ctx, 0, "Get uninitialized doesn't change data");
TEST_ABORT(vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS,
0x123456ff),
"Set uninitialized");
test_changed(ctx, 0, "Set uninitialized doesn't change data");
/* Read/write uninitialized in recovery mode */
ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
TEST_EQ(vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS), 0,
"Get uninitialized (recmode)");
test_changed(ctx, 0, "Get uninitialized (recmode) doesn't change data");
vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS,
0x123456ff);
test_changed(ctx, 0, "Set uninitialized (recmode) doesn't change data");
/* Read/write early in fw_phase1 */
ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE;
sd->status &= ~VB2_SD_STATUS_RECOVERY_DECIDED;
TEST_EQ(vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS), 0,
"Get uninitialized (phase1)");
test_changed(ctx, 0, "Get uninitialized (phase1) doesn't change data");
vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS,
0x123456ff);
test_changed(ctx, 0, "Set uninitialized (phase1) doesn't change data");
/* Test EC hash set */
reset_common_data();
vb2api_secdata_kernel_create(ctx);
vb2_secdata_kernel_init(ctx);
memset(ec_hash, 0xaa, sizeof(ec_hash));
vb2_secdata_kernel_set_ec_hash(ctx, ec_hash);
TEST_EQ(memcmp(ec_hash, sec10->ec_hash, sizeof(ec_hash)), 0,
"Check EC hash");
test_changed(ctx, 1, "Set EC hash changes data");
sec10->struct_version = VB2_SECDATA_KERNEL_VERSION_V02;
TEST_ABORT(vb2_secdata_kernel_set_ec_hash(ctx, ec_hash),
"Can't set EC hash for v0.2");
test_changed(ctx, 0, "Failing to set EC hash doesn't change data");
sec10->struct_version = VB2_SECDATA_KERNEL_VERSION_V10;
sd->status &= ~VB2_SD_STATUS_SECDATA_KERNEL_INIT;
TEST_ABORT(vb2_secdata_kernel_set_ec_hash(ctx, ec_hash),
"Can't set EC hash before init");
sd->status |= VB2_SD_STATUS_SECDATA_KERNEL_INIT;
/* Test EC hash get */
p = vb2_secdata_kernel_get_ec_hash(ctx);
TEST_PTR_EQ(p, sec10->ec_hash, "Get EC hash returns pointer");
test_changed(ctx, 0, "Get EC hash doesn't change data");
sec10->struct_version = VB2_SECDATA_KERNEL_VERSION_V02;
TEST_PTR_EQ(vb2_secdata_kernel_get_ec_hash(ctx), NULL,
"Can't get EC hash for v0.2");
sec10->struct_version = VB2_SECDATA_KERNEL_VERSION_V10;
sd->status &= ~VB2_SD_STATUS_SECDATA_KERNEL_INIT;
TEST_ABORT(vb2_secdata_kernel_get_ec_hash(ctx),
"Can't get EC hash before init");
sd->status |= VB2_SD_STATUS_SECDATA_KERNEL_INIT;
}
static void secdata_kernel_access_test_v02(void)
{
uint32_t v = 1;
reset_common_data();
/* Read/write versions */
vb2api_secdata_kernel_create_v0(ctx);
vb2_secdata_kernel_init(ctx);
ctx->flags = 0;
v = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS);
TEST_EQ(v, 0, "Versions created 0");
test_changed(ctx, 0, "Get doesn't change data");
vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS, 0x123456ff);
test_changed(ctx, 1, "Set changes data");
vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS, 0x123456ff);
test_changed(ctx, 0, "Set again doesn't change data");
v = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS);
TEST_EQ(v, 0x123456ff, "Versions changed");
/* Read/write flags: should be no-op for v0 */
TEST_EQ(vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_FLAGS), 0,
"Get flags");
vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, 0x1);
TEST_EQ(vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_FLAGS), 0,
"Get flags again");
/* Invalid field fails */
TEST_ABORT(vb2_secdata_kernel_get(ctx, -1), "Get invalid");
TEST_ABORT(vb2_secdata_kernel_set(ctx, -1, 456), "Set invalid");
test_changed(ctx, 0, "Set invalid field doesn't change data");
/* Read/write uninitialized data fails */
sd->status &= ~VB2_SD_STATUS_SECDATA_KERNEL_INIT;
TEST_ABORT(vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS),
"Get uninitialized");
test_changed(ctx, 0, "Get uninitialized doesn't change data");
TEST_ABORT(vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS,
0x123456ff),
"Set uninitialized");
test_changed(ctx, 0, "Set uninitialized doesn't change data");
}
int main(int argc, char* argv[])
{
secdata_kernel_test();
secdata_kernel_test_v10();
secdata_kernel_test_v02();
secdata_kernel_access_test_v10();
secdata_kernel_access_test_v02();
return gTestSuccess ? 0 : 255;
}
|
