/**
* Test valid and invalid signatures.
*/
static void test_signatures(const struct vb2_public_key *key)
{
uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
uint8_t sig[RSA1024NUMBYTES];
struct vb2_workbuf wb;
int unexpected_success;
int i;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
/* The first test signature is valid. */
Memcpy(sig, signatures[0], sizeof(sig));
TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
"RSA Padding Test valid sig");
/* All other signatures should fail verification. */
unexpected_success = 0;
for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
Memcpy(sig, signatures[i], sizeof(sig));
if (!vb2_rsa_verify_digest(key, sig,
test_message_sha1_hash, &wb)) {
fprintf(stderr,
"RSA Padding Test vector %d FAILED!\n", i);
unexpected_success++;
}
}
TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs");
}
/**
* Test other error conditions in vb2_rsa_verify_digest().
*/
static void test_verify_digest(struct vb2_public_key *key) {
uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
uint8_t sig[RSA1024NUMBYTES];
struct vb2_workbuf wb;
enum vb2_signature_algorithm orig_key_alg = key->sig_alg;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
Memcpy(sig, signatures[0], sizeof(sig));
TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
"vb2_rsa_verify_digest() good");
Memcpy(sig, signatures[0], sizeof(sig));
vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_WORKBUF,
"vb2_rsa_verify_digest() small workbuf");
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
key->sig_alg = VB2_SIG_INVALID;
Memcpy(sig, signatures[0], sizeof(sig));
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_ALGORITHM,
"vb2_rsa_verify_digest() bad key alg");
key->sig_alg = orig_key_alg;
key->arrsize *= 2;
Memcpy(sig, signatures[0], sizeof(sig));
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_SIG_LEN,
"vb2_rsa_verify_digest() bad sig len");
key->arrsize /= 2;
/* Corrupt the signature near start and end */
Memcpy(sig, signatures[0], sizeof(sig));
sig[3] ^= 0x42;
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig");
Memcpy(sig, signatures[0], sizeof(sig));
sig[RSA1024NUMBYTES - 3] ^= 0x56;
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end");
}
static void test_verify_keyblock(const struct vb2_public_key *public_key,
const struct vb2_private_key *private_key,
const struct vb2_packed_key *data_key)
{
uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
struct vb2_workbuf wb;
struct vb2_keyblock *hdr;
struct vb2_keyblock *h;
uint32_t hsize;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
hdr = vb2_create_keyblock(data_key, private_key, 0x1234);
TEST_NEQ((size_t)hdr, 0, "vb2_verify_keyblock() prerequisites");
if (!hdr)
return;
hsize = hdr->keyblock_size;
h = (struct vb2_keyblock *)malloc(hsize + 2048);
memcpy(h, hdr, hsize);
TEST_SUCC(vb2_verify_keyblock(h, hsize, public_key, &wb),
"vb2_verify_keyblock() ok using key");
/* Failures in keyblock check also cause verify to fail */
memcpy(h, hdr, hsize);
TEST_EQ(vb2_verify_keyblock(h, hsize - 1, public_key, &wb),
VB2_ERROR_KEYBLOCK_SIZE, "vb2_verify_keyblock() check");
/* Check signature */
memcpy(h, hdr, hsize);
h->keyblock_signature.sig_size--;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, public_key, &wb),
VB2_ERROR_KEYBLOCK_SIG_INVALID,
"vb2_verify_keyblock() sig too small");
memcpy(h, hdr, hsize);
((uint8_t *)vb2_packed_key_data(&h->data_key))[0] ^= 0x34;
TEST_EQ(vb2_verify_keyblock(h, hsize, public_key, &wb),
VB2_ERROR_KEYBLOCK_SIG_INVALID,
"vb2_verify_keyblock() sig mismatch");
/*
* TODO: verify parser can support a bigger header (i.e., one where
* data_key.key_offset is bigger than expected).
*/
free(h);
free(hdr);
}
void vb2_workbuf_from_ctx(struct vb2_context *ctx, struct vb2_workbuf *wb)
{
vb2_workbuf_init(wb, ctx->workbuf + ctx->workbuf_used,
ctx->workbuf_size - ctx->workbuf_used);
}
static void keyblock_tests(const char *keys_dir)
{
struct vb2_public_key *pubk2048, *pubk4096, *pubk8192, pubkhash;
struct vb2_private_key *prik4096, *prik8192;
struct vb2_packed_key *pak, *pakgood;
struct vb2_keyblock *kb;
const struct vb2_private_key *prikhash;
const struct vb2_private_key *prik[2];
char fname[1024];
const char test_desc[] = "Test keyblock";
uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
struct vb2_workbuf wb;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
/* Read keys */
sprintf(fname, "%s/key_rsa2048.keyb", keys_dir);
TEST_SUCC(vb2_public_key_read_keyb(&pubk2048, fname),
"Read public key 2");
vb2_public_key_set_desc(pubk2048, "Test RSA2048 public key");
pubk2048->hash_alg = VB2_HASH_SHA256;
sprintf(fname, "%s/key_rsa4096.keyb", keys_dir);
TEST_SUCC(vb2_public_key_read_keyb(&pubk4096, fname),
"Read public key 1");
vb2_public_key_set_desc(pubk4096, "Test RSA4096 public key");
pubk4096->hash_alg = VB2_HASH_SHA256;
sprintf(fname, "%s/key_rsa8192.keyb", keys_dir);
TEST_SUCC(vb2_public_key_read_keyb(&pubk8192, fname),
"Read public key 2");
vb2_public_key_set_desc(pubk8192, "Test RSA8192 public key");
pubk8192->hash_alg = VB2_HASH_SHA512;
sprintf(fname, "%s/key_rsa4096.pem", keys_dir);
TEST_SUCC(vb2_private_key_read_pem(&prik4096, fname),
"Read private key 2");
vb2_private_key_set_desc(prik4096, "Test RSA4096 private key");
prik4096->sig_alg = VB2_SIG_RSA4096;
prik4096->hash_alg = VB2_HASH_SHA256;
sprintf(fname, "%s/key_rsa8192.pem", keys_dir);
TEST_SUCC(vb2_private_key_read_pem(&prik8192, fname),
"Read private key 1");
vb2_private_key_set_desc(prik8192, "Test RSA8192 private key");
prik8192->sig_alg = VB2_SIG_RSA8192;
prik8192->hash_alg = VB2_HASH_SHA512;
TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA512),
"Create private hash key");
TEST_SUCC(vb2_public_key_hash(&pubkhash, VB2_HASH_SHA512),
"Create public hash key");
TEST_SUCC(vb2_public_key_pack(&pakgood, pubk2048), "Test packed key");
/* Sign a keyblock with one key */
prik[0] = prik4096;
TEST_SUCC(vb2_keyblock_create(&kb, pubk2048, prik, 1, 0x1234, NULL),
"Keyblock single");
TEST_PTR_NEQ(kb, NULL, " kb_ptr");
TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, pubk4096, &wb),
" verify");
TEST_EQ(strcmp(vb2_common_desc(kb), pubk2048->desc), 0, " desc");
TEST_EQ(kb->flags, 0x1234, " flags");
pak = (struct vb2_packed_key *)((uint8_t *)kb + kb->key_offset);
TEST_EQ(0, memcmp(pak, pakgood, pakgood->c.total_size), " data key");
free(kb);
/* Sign a keyblock with two keys */
prik[0] = prik8192;
prik[1] = prikhash;
TEST_SUCC(vb2_keyblock_create(&kb, pubk4096, prik, 2, 0, test_desc),
"Keyblock multiple");
TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, pubk8192, &wb),
" verify 1");
TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, &pubkhash, &wb),
" verify 2");
TEST_EQ(strcmp(vb2_common_desc(kb), test_desc), 0, " desc");
TEST_EQ(kb->flags, 0, " flags");
free(kb);
/* Test errors */
prik[0] = prik8192;
prik8192->hash_alg = VB2_HASH_INVALID;
TEST_EQ(vb2_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL),
VB2_KEYBLOCK_CREATE_SIG_SIZE, "Keyblock bad sig size");
TEST_PTR_EQ(kb, NULL, " kb_ptr");
prik[0] = prik4096;
pubk4096->sig_alg = VB2_SIG_INVALID;
TEST_EQ(vb2_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL),
VB2_KEYBLOCK_CREATE_DATA_KEY, "Keyblock bad data key");
/* Free keys */
free(pakgood);
vb2_public_key_free(pubk2048);
vb2_public_key_free(pubk4096);
vb2_public_key_free(pubk8192);
vb2_private_key_free(prik4096);
vb2_private_key_free(prik8192);
}
static void test_verify_keyblock(const VbPublicKey *public_key,
const VbPrivateKey *private_key,
const VbPublicKey *data_key)
{
uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
struct vb2_workbuf wb;
struct vb2_public_key key;
struct vb2_keyblock *hdr;
struct vb2_keyblock *h;
uint32_t hsize;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
/* Unpack public key */
TEST_SUCC(vb2_unpack_key(&key, (uint8_t *)public_key,
public_key->key_offset + public_key->key_size),
"vb2_verify_keyblock public key");
hdr = (struct vb2_keyblock *)
KeyBlockCreate(data_key, private_key, 0x1234);
TEST_NEQ((size_t)hdr, 0, "vb2_verify_keyblock() prerequisites");
if (!hdr)
return;
hsize = hdr->keyblock_size;
h = (struct vb2_keyblock *)malloc(hsize + 2048);
Memcpy(h, hdr, hsize);
TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb),
"vb2_verify_keyblock() ok using key");
Memcpy(h, hdr, hsize);
TEST_EQ(vb2_verify_keyblock(h, hsize - 1, &key, &wb),
VB2_ERROR_KEYBLOCK_SIZE, "vb2_verify_keyblock() size--");
/* Buffer is allowed to be bigger than keyblock */
Memcpy(h, hdr, hsize);
TEST_SUCC(vb2_verify_keyblock(h, hsize + 1, &key, &wb),
"vb2_verify_keyblock() size++");
Memcpy(h, hdr, hsize);
h->magic[0] &= 0x12;
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_MAGIC, "vb2_verify_keyblock() magic");
/* Care about major version but not minor */
Memcpy(h, hdr, hsize);
h->header_version_major++;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_HEADER_VERSION,
"vb2_verify_keyblock() major++");
Memcpy(h, hdr, hsize);
h->header_version_major--;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_HEADER_VERSION,
"vb2_verify_keyblock() major--");
Memcpy(h, hdr, hsize);
h->header_version_minor++;
resign_keyblock(h, private_key);
TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb),
"vb2_verify_keyblock() minor++");
Memcpy(h, hdr, hsize);
h->header_version_minor--;
resign_keyblock(h, private_key);
TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb),
"vb2_verify_keyblock() minor--");
/* Check signature */
Memcpy(h, hdr, hsize);
h->keyblock_signature.sig_offset = hsize;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_SIG_OUTSIDE,
"vb2_verify_keyblock() sig off end");
Memcpy(h, hdr, hsize);
h->keyblock_signature.sig_size--;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_SIG_INVALID,
"vb2_verify_keyblock() sig too small");
Memcpy(h, hdr, hsize);
((uint8_t *)vb2_packed_key_data(&h->data_key))[0] ^= 0x34;
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_SIG_INVALID,
"vb2_verify_keyblock() sig mismatch");
Memcpy(h, hdr, hsize);
h->keyblock_signature.data_size = h->keyblock_size + 1;
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH,
"vb2_verify_keyblock() sig data past end of block");
/* Check that we signed header and data key */
Memcpy(h, hdr, hsize);
h->keyblock_signature.data_size = 4;
h->data_key.key_offset = 0;
h->data_key.key_size = 0;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE,
"vb2_verify_keyblock() didn't sign header");
Memcpy(h, hdr, hsize);
h->data_key.key_offset = hsize;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE,
"vb2_verify_keyblock() data key off end");
/* Corner cases for error checking */
TEST_EQ(vb2_verify_keyblock(NULL, 4, &key, &wb),
VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER,
"vb2_verify_keyblock size too small");
/*
* TODO: verify parser can support a bigger header (i.e., one where
* data_key.key_offset is bigger than expected).
*/
free(h);
free(hdr);
}
static void test_verify_fw_preamble(const VbPublicKey *public_key,
const VbPrivateKey *private_key,
const VbPublicKey *kernel_subkey)
{
struct vb2_fw_preamble *hdr;
struct vb2_fw_preamble *h;
struct vb2_public_key rsa;
uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
struct vb2_workbuf wb;
uint32_t hsize;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
/* Create a dummy signature */
VbSignature *body_sig = SignatureAlloc(56, 78);
TEST_SUCC(vb2_unpack_key(&rsa, (uint8_t *)public_key,
public_key->key_offset + public_key->key_size),
"vb2_verify_fw_preamble() prereq key");
hdr = (struct vb2_fw_preamble *)
CreateFirmwarePreamble(0x1234, kernel_subkey, body_sig,
private_key, 0x5678);
TEST_PTR_NEQ(hdr, NULL,
"VerifyFirmwarePreamble() prereq test preamble");
if (!hdr)
return;
hsize = (uint32_t) hdr->preamble_size;
h = (struct vb2_fw_preamble *)malloc(hsize + 16384);
Memcpy(h, hdr, hsize);
TEST_SUCC(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
"vb2_verify_fw_preamble() ok using key");
Memcpy(h, hdr, hsize);
TEST_EQ(vb2_verify_fw_preamble(h, 4, &rsa, &wb),
VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER,
"vb2_verify_fw_preamble() size tiny");
Memcpy(h, hdr, hsize);
TEST_EQ(vb2_verify_fw_preamble(h, hsize - 1, &rsa, &wb),
VB2_ERROR_PREAMBLE_SIZE,
"vb2_verify_fw_preamble() size--");
/* Buffer is allowed to be bigger than preamble */
Memcpy(h, hdr, hsize);
TEST_SUCC(vb2_verify_fw_preamble(h, hsize + 1, &rsa, &wb),
"vb2_verify_fw_preamble() size++");
/* Care about major version but not minor */
Memcpy(h, hdr, hsize);
h->header_version_major++;
resign_fw_preamble(h, private_key);
TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_HEADER_VERSION
, "vb2_verify_fw_preamble() major++");
Memcpy(h, hdr, hsize);
h->header_version_major--;
resign_fw_preamble(h, private_key);
TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_HEADER_VERSION,
"vb2_verify_fw_preamble() major--");
Memcpy(h, hdr, hsize);
h->header_version_minor++;
resign_fw_preamble(h, private_key);
TEST_SUCC(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
"vb2_verify_fw_preamble() minor++");
Memcpy(h, hdr, hsize);
h->header_version_minor--;
resign_fw_preamble(h, private_key);
TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_HEADER_OLD,
"vb2_verify_fw_preamble() 2.0 not supported");
/* Check signature */
Memcpy(h, hdr, hsize);
h->preamble_signature.sig_offset = hsize;
resign_fw_preamble(h, private_key);
TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_SIG_OUTSIDE,
"vb2_verify_fw_preamble() sig off end");
Memcpy(h, hdr, hsize);
h->preamble_signature.sig_size--;
resign_fw_preamble(h, private_key);
TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_SIG_INVALID,
"vb2_verify_fw_preamble() sig too small");
Memcpy(h, hdr, hsize);
((uint8_t *)vb2_packed_key_data(&h->kernel_subkey))[0] ^= 0x34;
TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_SIG_INVALID,
"vb2_verify_fw_preamble() sig mismatch");
/* Check that we signed header, kernel subkey, and body sig */
Memcpy(h, hdr, hsize);
h->preamble_signature.data_size = 4;
h->kernel_subkey.key_offset = 0;
h->kernel_subkey.key_size = 0;
h->body_signature.sig_offset = 0;
h->body_signature.sig_size = 0;
resign_fw_preamble(h, private_key);
TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE,
"vb2_verify_fw_preamble() didn't sign header");
Memcpy(h, hdr, hsize);
h->kernel_subkey.key_offset = hsize;
resign_fw_preamble(h, private_key);
TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_KERNEL_SUBKEY_OUTSIDE,
"vb2_verify_fw_preamble() kernel subkey off end");
Memcpy(h, hdr, hsize);
h->body_signature.sig_offset = hsize;
resign_fw_preamble(h, private_key);
TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE,
"vb2_verify_fw_preamble() body sig off end");
/* TODO: verify with extra padding at end of header. */
free(h);
free(hdr);
}
static void test_verify_kernel_preamble(
const struct vb2_packed_key *public_key,
const struct vb2_private_key *private_key)
{
struct vb2_public_key rsa;
// TODO: how many workbuf bytes?
uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
struct vb2_workbuf wb;
uint32_t hsize;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
/* Create a dummy signature */
struct vb2_signature *body_sig = vb2_alloc_signature(56, 0x214000);
TEST_SUCC(vb2_unpack_key(&rsa, public_key),
"vb2_verify_kernel_preamble() prereq key");
struct vb2_kernel_preamble *hdr =
vb2_create_kernel_preamble(0x1234, 0x100000, 0x300000, 0x4000,
body_sig, 0x304000, 0x10000, 0, 0,
private_key);
TEST_PTR_NEQ(hdr, NULL,
"vb2_verify_kernel_preamble() prereq test preamble");
if (!hdr) {
free(body_sig);
return;
}
hsize = (uint32_t) hdr->preamble_size;
struct vb2_kernel_preamble *h =
(struct vb2_kernel_preamble *)malloc(hsize + 16384);
memcpy(h, hdr, hsize);
TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
"vb2_verify_kernel_preamble() ok using key");
memcpy(h, hdr, hsize);
TEST_EQ(vb2_verify_kernel_preamble(h, 4, &rsa, &wb),
VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER,
"vb2_verify_kernel_preamble() size tiny");
memcpy(h, hdr, hsize);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize - 1, &rsa, &wb),
VB2_ERROR_PREAMBLE_SIZE,
"vb2_verify_kernel_preamble() size--");
/* Buffer is allowed to be bigger than preamble */
memcpy(h, hdr, hsize);
TEST_SUCC(vb2_verify_kernel_preamble(h, hsize + 1, &rsa, &wb),
"vb2_verify_kernel_preamble() size++");
/* Care about major version but not minor */
memcpy(h, hdr, hsize);
h->header_version_major++;
resign_kernel_preamble(h, private_key);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_HEADER_VERSION
, "vb2_verify_kernel_preamble() major++");
memcpy(h, hdr, hsize);
h->header_version_major--;
resign_kernel_preamble(h, private_key);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_HEADER_VERSION,
"vb2_verify_kernel_preamble() major--");
memcpy(h, hdr, hsize);
h->header_version_minor++;
resign_kernel_preamble(h, private_key);
TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
"vb2_verify_kernel_preamble() minor++");
/* Check signature */
memcpy(h, hdr, hsize);
h->preamble_signature.sig_offset = hsize;
resign_kernel_preamble(h, private_key);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_SIG_OUTSIDE,
"vb2_verify_kernel_preamble() sig off end");
memcpy(h, hdr, hsize);
h->preamble_signature.sig_size--;
resign_kernel_preamble(h, private_key);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_SIG_INVALID,
"vb2_verify_kernel_preamble() sig too small");
memcpy(h, hdr, hsize);
h->flags++;
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_SIG_INVALID,
"vb2_verify_kernel_preamble() sig mismatch");
/* Check that we signed header and body sig */
memcpy(h, hdr, hsize);
h->preamble_signature.data_size = 4;
h->body_signature.sig_offset = 0;
h->body_signature.sig_size = 0;
resign_kernel_preamble(h, private_key);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE,
"vb2_verify_kernel_preamble() didn't sign header");
memcpy(h, hdr, hsize);
h->body_signature.sig_offset = hsize;
resign_kernel_preamble(h, private_key);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE,
"vb2_verify_kernel_preamble() body sig off end");
/* Check bootloader inside signed body */
memcpy(h, hdr, hsize);
h->bootloader_address = h->body_load_address - 1;
resign_kernel_preamble(h, private_key);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_BOOTLOADER_OUTSIDE,
"vb2_verify_kernel_preamble() bootloader before body");
memcpy(h, hdr, hsize);
h->bootloader_address = h->body_load_address +
h->body_signature.data_size + 1;
resign_kernel_preamble(h, private_key);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_BOOTLOADER_OUTSIDE,
"vb2_verify_kernel_preamble() bootloader off end of body");
memcpy(h, hdr, hsize);
h->bootloader_address = h->body_load_address +
h->body_signature.data_size + 1;
h->bootloader_size = 0;
resign_kernel_preamble(h, private_key);
TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
"vb2_verify_kernel_preamble() no bootloader");
/* Check vmlinuz inside signed body */
memcpy(h, hdr, hsize);
h->vmlinuz_header_address = h->body_load_address - 1;
resign_kernel_preamble(h, private_key);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_VMLINUZ_HEADER_OUTSIDE,
"vb2_verify_kernel_preamble() vmlinuz_header before body");
memcpy(h, hdr, hsize);
h->vmlinuz_header_address = h->body_load_address +
h->body_signature.data_size + 1;
resign_kernel_preamble(h, private_key);
TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
VB2_ERROR_PREAMBLE_VMLINUZ_HEADER_OUTSIDE,
"vb2_verify_kernel_preamble() vmlinuz_header off end of body");
memcpy(h, hdr, hsize);
h->vmlinuz_header_address = h->body_load_address +
h->body_signature.data_size + 1;
h->vmlinuz_header_size = 0;
resign_kernel_preamble(h, private_key);
TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb),
"vb2_verify_kernel_preamble() no vmlinuz_header");
/* TODO: verify with extra padding at end of header. */
free(h);
free(hdr);
free(body_sig);
}
