blob: dbfdc38f87b3378efd81e5e84ce915c40178aecf [file] [log] [blame]
Randall Spanglere166d042014-05-13 09:24:52 -07001/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 */
5
Randall Spanglere166d042014-05-13 09:24:52 -07006#include <stdint.h>
7#include <stdio.h>
8
Randall Spanglere166d042014-05-13 09:24:52 -07009#include "file_keys.h"
10#include "rsa_padding_test.h"
11#include "test_common.h"
12#include "utility.h"
13
14#include "2sysincludes.h"
Randall Spanglere166d042014-05-13 09:24:52 -070015#include "2rsa.h"
Randall Spangler5a9f4982016-10-14 15:37:25 -070016#include "host_key.h"
Randall Spangler6f1b82a2014-12-03 12:29:37 -080017#include "vb2_common.h"
Randall Spanglere166d042014-05-13 09:24:52 -070018
19/**
Randall Spanglere166d042014-05-13 09:24:52 -070020 * Test valid and invalid signatures.
21 */
22static void test_signatures(const struct vb2_public_key *key)
23{
Bill Richardson73e5eb32015-01-26 12:18:25 -080024 uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
25 __attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
Randall Spanglere166d042014-05-13 09:24:52 -070026 uint8_t sig[RSA1024NUMBYTES];
27 struct vb2_workbuf wb;
28 int unexpected_success;
29 int i;
30
31 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
32
33 /* The first test signature is valid. */
Randall Spangler664096b2016-10-13 16:16:41 -070034 memcpy(sig, signatures[0], sizeof(sig));
Randall Spangler95047542014-10-17 16:41:46 -070035 TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
Randall Spanglerb9be5362014-06-05 13:32:11 -070036 "RSA Padding Test valid sig");
Randall Spanglere166d042014-05-13 09:24:52 -070037
38 /* All other signatures should fail verification. */
39 unexpected_success = 0;
40 for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
Randall Spangler664096b2016-10-13 16:16:41 -070041 memcpy(sig, signatures[i], sizeof(sig));
Randall Spangler95047542014-10-17 16:41:46 -070042 if (!vb2_rsa_verify_digest(key, sig,
43 test_message_sha1_hash, &wb)) {
Randall Spanglere166d042014-05-13 09:24:52 -070044 fprintf(stderr,
45 "RSA Padding Test vector %d FAILED!\n", i);
46 unexpected_success++;
47 }
48 }
49 TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs");
50}
51
52
53/**
Randall Spangler95047542014-10-17 16:41:46 -070054 * Test other error conditions in vb2_rsa_verify_digest().
Randall Spanglere166d042014-05-13 09:24:52 -070055 */
56static void test_verify_digest(struct vb2_public_key *key) {
Bill Richardson73e5eb32015-01-26 12:18:25 -080057 uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
58 __attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
Randall Spanglere166d042014-05-13 09:24:52 -070059 uint8_t sig[RSA1024NUMBYTES];
60 struct vb2_workbuf wb;
Randall Spanglerc8c2f022014-10-23 09:48:20 -070061 enum vb2_signature_algorithm orig_key_alg = key->sig_alg;
Randall Spanglere166d042014-05-13 09:24:52 -070062
63 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
64
Randall Spangler664096b2016-10-13 16:16:41 -070065 memcpy(sig, signatures[0], sizeof(sig));
Randall Spangler95047542014-10-17 16:41:46 -070066 TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
67 "vb2_rsa_verify_digest() good");
Randall Spanglere166d042014-05-13 09:24:52 -070068
Randall Spangler664096b2016-10-13 16:16:41 -070069 memcpy(sig, signatures[0], sizeof(sig));
Randall Spanglere166d042014-05-13 09:24:52 -070070 vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
Randall Spangler95047542014-10-17 16:41:46 -070071 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
Randall Spanglerb9be5362014-06-05 13:32:11 -070072 VB2_ERROR_RSA_VERIFY_WORKBUF,
Randall Spangler95047542014-10-17 16:41:46 -070073 "vb2_rsa_verify_digest() small workbuf");
Randall Spanglere166d042014-05-13 09:24:52 -070074 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
75
Randall Spanglerc8c2f022014-10-23 09:48:20 -070076 key->sig_alg = VB2_SIG_INVALID;
Randall Spangler664096b2016-10-13 16:16:41 -070077 memcpy(sig, signatures[0], sizeof(sig));
Randall Spangler95047542014-10-17 16:41:46 -070078 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
Randall Spanglerb9be5362014-06-05 13:32:11 -070079 VB2_ERROR_RSA_VERIFY_ALGORITHM,
Randall Spangler95047542014-10-17 16:41:46 -070080 "vb2_rsa_verify_digest() bad key alg");
Randall Spanglerc8c2f022014-10-23 09:48:20 -070081 key->sig_alg = orig_key_alg;
Randall Spanglere166d042014-05-13 09:24:52 -070082
83 key->arrsize *= 2;
Randall Spangler664096b2016-10-13 16:16:41 -070084 memcpy(sig, signatures[0], sizeof(sig));
Randall Spangler95047542014-10-17 16:41:46 -070085 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
Randall Spanglerb9be5362014-06-05 13:32:11 -070086 VB2_ERROR_RSA_VERIFY_SIG_LEN,
Randall Spangler95047542014-10-17 16:41:46 -070087 "vb2_rsa_verify_digest() bad sig len");
Randall Spanglere166d042014-05-13 09:24:52 -070088 key->arrsize /= 2;
89
90 /* Corrupt the signature near start and end */
Randall Spangler664096b2016-10-13 16:16:41 -070091 memcpy(sig, signatures[0], sizeof(sig));
Randall Spanglere166d042014-05-13 09:24:52 -070092 sig[3] ^= 0x42;
Randall Spangler95047542014-10-17 16:41:46 -070093 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
94 VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig");
Randall Spanglere166d042014-05-13 09:24:52 -070095
Randall Spangler664096b2016-10-13 16:16:41 -070096 memcpy(sig, signatures[0], sizeof(sig));
Randall Spanglere166d042014-05-13 09:24:52 -070097 sig[RSA1024NUMBYTES - 3] ^= 0x56;
Randall Spangler95047542014-10-17 16:41:46 -070098 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
99 VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end");
Randall Spanglere166d042014-05-13 09:24:52 -0700100}
101
102int main(int argc, char *argv[])
103{
Randall Spanglere166d042014-05-13 09:24:52 -0700104 struct vb2_public_key k2;
Randall Spangler5a9f4982016-10-14 15:37:25 -0700105 struct vb2_packed_key *pk;
Randall Spanglere166d042014-05-13 09:24:52 -0700106
107 /* Read test key */
108 if (argc != 2) {
109 fprintf(stderr, "Usage: %s <test public key>\n", argv[0]);
110 return 1;
111 }
Randall Spangler5a9f4982016-10-14 15:37:25 -0700112 pk = vb2_read_packed_keyb(argv[1], VB2_ALG_RSA1024_SHA1, 0);
113 if (!pk) {
Randall Spanglere166d042014-05-13 09:24:52 -0700114 fprintf(stderr, "Couldn't read RSA public key for the test.\n");
115 return 1;
116 }
117
Randall Spangler5a9f4982016-10-14 15:37:25 -0700118 if (VB2_SUCCESS != vb2_unpack_key(&k2, (const uint8_t *)pk,
119 pk->key_offset + pk->key_size)) {
120 fprintf(stderr, "Couldn't unpack RSA public key.\n");
121 free(pk);
122 return 1;
123 }
Randall Spanglere166d042014-05-13 09:24:52 -0700124
125 /* Run tests */
126 test_signatures(&k2);
127 test_verify_digest(&k2);
128
129 /* Clean up and exit */
Randall Spangler5a9f4982016-10-14 15:37:25 -0700130 free(pk);
131 return gTestSuccess ? 0 : 255;
Randall Spanglere166d042014-05-13 09:24:52 -0700132}