/** * Test valid and invalid signatures. */ static void test_signatures(const struct vb2_public_key *key) { uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); uint8_t sig[RSA1024NUMBYTES]; struct vb2_workbuf wb; int unexpected_success; int i; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); /* The first test signature is valid. */ Memcpy(sig, signatures[0], sizeof(sig)); TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), "RSA Padding Test valid sig"); /* All other signatures should fail verification. */ unexpected_success = 0; for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) { Memcpy(sig, signatures[i], sizeof(sig)); if (!vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb)) { fprintf(stderr, "RSA Padding Test vector %d FAILED!\n", i); unexpected_success++; } } TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs"); }
/** * Test other error conditions in vb2_rsa_verify_digest(). */ static void test_verify_digest(struct vb2_public_key *key) { uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); uint8_t sig[RSA1024NUMBYTES]; struct vb2_workbuf wb; enum vb2_signature_algorithm orig_key_alg = key->sig_alg; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); Memcpy(sig, signatures[0], sizeof(sig)); TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), "vb2_rsa_verify_digest() good"); Memcpy(sig, signatures[0], sizeof(sig)); vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1); TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), VB2_ERROR_RSA_VERIFY_WORKBUF, "vb2_rsa_verify_digest() small workbuf"); vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); key->sig_alg = VB2_SIG_INVALID; Memcpy(sig, signatures[0], sizeof(sig)); TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), VB2_ERROR_RSA_VERIFY_ALGORITHM, "vb2_rsa_verify_digest() bad key alg"); key->sig_alg = orig_key_alg; key->arrsize *= 2; Memcpy(sig, signatures[0], sizeof(sig)); TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), VB2_ERROR_RSA_VERIFY_SIG_LEN, "vb2_rsa_verify_digest() bad sig len"); key->arrsize /= 2; /* Corrupt the signature near start and end */ Memcpy(sig, signatures[0], sizeof(sig)); sig[3] ^= 0x42; TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig"); Memcpy(sig, signatures[0], sizeof(sig)); sig[RSA1024NUMBYTES - 3] ^= 0x56; TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end"); }
static void test_verify_keyblock(const struct vb2_public_key *public_key, const struct vb2_private_key *private_key, const struct vb2_packed_key *data_key) { uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; struct vb2_keyblock *hdr; struct vb2_keyblock *h; uint32_t hsize; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); hdr = vb2_create_keyblock(data_key, private_key, 0x1234); TEST_NEQ((size_t)hdr, 0, "vb2_verify_keyblock() prerequisites"); if (!hdr) return; hsize = hdr->keyblock_size; h = (struct vb2_keyblock *)malloc(hsize + 2048); memcpy(h, hdr, hsize); TEST_SUCC(vb2_verify_keyblock(h, hsize, public_key, &wb), "vb2_verify_keyblock() ok using key"); /* Failures in keyblock check also cause verify to fail */ memcpy(h, hdr, hsize); TEST_EQ(vb2_verify_keyblock(h, hsize - 1, public_key, &wb), VB2_ERROR_KEYBLOCK_SIZE, "vb2_verify_keyblock() check"); /* Check signature */ memcpy(h, hdr, hsize); h->keyblock_signature.sig_size--; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, public_key, &wb), VB2_ERROR_KEYBLOCK_SIG_INVALID, "vb2_verify_keyblock() sig too small"); memcpy(h, hdr, hsize); ((uint8_t *)vb2_packed_key_data(&h->data_key))[0] ^= 0x34; TEST_EQ(vb2_verify_keyblock(h, hsize, public_key, &wb), VB2_ERROR_KEYBLOCK_SIG_INVALID, "vb2_verify_keyblock() sig mismatch"); /* * TODO: verify parser can support a bigger header (i.e., one where * data_key.key_offset is bigger than expected). */ free(h); free(hdr); }
void vb2_workbuf_from_ctx(struct vb2_context *ctx, struct vb2_workbuf *wb) { vb2_workbuf_init(wb, ctx->workbuf + ctx->workbuf_used, ctx->workbuf_size - ctx->workbuf_used); }
static void keyblock_tests(const char *keys_dir) { struct vb2_public_key *pubk2048, *pubk4096, *pubk8192, pubkhash; struct vb2_private_key *prik4096, *prik8192; struct vb2_packed_key *pak, *pakgood; struct vb2_keyblock *kb; const struct vb2_private_key *prikhash; const struct vb2_private_key *prik[2]; char fname[1024]; const char test_desc[] = "Test keyblock"; uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); /* Read keys */ sprintf(fname, "%s/key_rsa2048.keyb", keys_dir); TEST_SUCC(vb2_public_key_read_keyb(&pubk2048, fname), "Read public key 2"); vb2_public_key_set_desc(pubk2048, "Test RSA2048 public key"); pubk2048->hash_alg = VB2_HASH_SHA256; sprintf(fname, "%s/key_rsa4096.keyb", keys_dir); TEST_SUCC(vb2_public_key_read_keyb(&pubk4096, fname), "Read public key 1"); vb2_public_key_set_desc(pubk4096, "Test RSA4096 public key"); pubk4096->hash_alg = VB2_HASH_SHA256; sprintf(fname, "%s/key_rsa8192.keyb", keys_dir); TEST_SUCC(vb2_public_key_read_keyb(&pubk8192, fname), "Read public key 2"); vb2_public_key_set_desc(pubk8192, "Test RSA8192 public key"); pubk8192->hash_alg = VB2_HASH_SHA512; sprintf(fname, "%s/key_rsa4096.pem", keys_dir); TEST_SUCC(vb2_private_key_read_pem(&prik4096, fname), "Read private key 2"); vb2_private_key_set_desc(prik4096, "Test RSA4096 private key"); prik4096->sig_alg = VB2_SIG_RSA4096; prik4096->hash_alg = VB2_HASH_SHA256; sprintf(fname, "%s/key_rsa8192.pem", keys_dir); TEST_SUCC(vb2_private_key_read_pem(&prik8192, fname), "Read private key 1"); vb2_private_key_set_desc(prik8192, "Test RSA8192 private key"); prik8192->sig_alg = VB2_SIG_RSA8192; prik8192->hash_alg = VB2_HASH_SHA512; TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA512), "Create private hash key"); TEST_SUCC(vb2_public_key_hash(&pubkhash, VB2_HASH_SHA512), "Create public hash key"); TEST_SUCC(vb2_public_key_pack(&pakgood, pubk2048), "Test packed key"); /* Sign a keyblock with one key */ prik[0] = prik4096; TEST_SUCC(vb2_keyblock_create(&kb, pubk2048, prik, 1, 0x1234, NULL), "Keyblock single"); TEST_PTR_NEQ(kb, NULL, " kb_ptr"); TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, pubk4096, &wb), " verify"); TEST_EQ(strcmp(vb2_common_desc(kb), pubk2048->desc), 0, " desc"); TEST_EQ(kb->flags, 0x1234, " flags"); pak = (struct vb2_packed_key *)((uint8_t *)kb + kb->key_offset); TEST_EQ(0, memcmp(pak, pakgood, pakgood->c.total_size), " data key"); free(kb); /* Sign a keyblock with two keys */ prik[0] = prik8192; prik[1] = prikhash; TEST_SUCC(vb2_keyblock_create(&kb, pubk4096, prik, 2, 0, test_desc), "Keyblock multiple"); TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, pubk8192, &wb), " verify 1"); TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, &pubkhash, &wb), " verify 2"); TEST_EQ(strcmp(vb2_common_desc(kb), test_desc), 0, " desc"); TEST_EQ(kb->flags, 0, " flags"); free(kb); /* Test errors */ prik[0] = prik8192; prik8192->hash_alg = VB2_HASH_INVALID; TEST_EQ(vb2_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL), VB2_KEYBLOCK_CREATE_SIG_SIZE, "Keyblock bad sig size"); TEST_PTR_EQ(kb, NULL, " kb_ptr"); prik[0] = prik4096; pubk4096->sig_alg = VB2_SIG_INVALID; TEST_EQ(vb2_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL), VB2_KEYBLOCK_CREATE_DATA_KEY, "Keyblock bad data key"); /* Free keys */ free(pakgood); vb2_public_key_free(pubk2048); vb2_public_key_free(pubk4096); vb2_public_key_free(pubk8192); vb2_private_key_free(prik4096); vb2_private_key_free(prik8192); }
static void test_verify_keyblock(const VbPublicKey *public_key, const VbPrivateKey *private_key, const VbPublicKey *data_key) { uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; struct vb2_public_key key; struct vb2_keyblock *hdr; struct vb2_keyblock *h; uint32_t hsize; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); /* Unpack public key */ TEST_SUCC(vb2_unpack_key(&key, (uint8_t *)public_key, public_key->key_offset + public_key->key_size), "vb2_verify_keyblock public key"); hdr = (struct vb2_keyblock *) KeyBlockCreate(data_key, private_key, 0x1234); TEST_NEQ((size_t)hdr, 0, "vb2_verify_keyblock() prerequisites"); if (!hdr) return; hsize = hdr->keyblock_size; h = (struct vb2_keyblock *)malloc(hsize + 2048); Memcpy(h, hdr, hsize); TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb), "vb2_verify_keyblock() ok using key"); Memcpy(h, hdr, hsize); TEST_EQ(vb2_verify_keyblock(h, hsize - 1, &key, &wb), VB2_ERROR_KEYBLOCK_SIZE, "vb2_verify_keyblock() size--"); /* Buffer is allowed to be bigger than keyblock */ Memcpy(h, hdr, hsize); TEST_SUCC(vb2_verify_keyblock(h, hsize + 1, &key, &wb), "vb2_verify_keyblock() size++"); Memcpy(h, hdr, hsize); h->magic[0] &= 0x12; TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_MAGIC, "vb2_verify_keyblock() magic"); /* Care about major version but not minor */ Memcpy(h, hdr, hsize); h->header_version_major++; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_HEADER_VERSION, "vb2_verify_keyblock() major++"); Memcpy(h, hdr, hsize); h->header_version_major--; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_HEADER_VERSION, "vb2_verify_keyblock() major--"); Memcpy(h, hdr, hsize); h->header_version_minor++; resign_keyblock(h, private_key); TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb), "vb2_verify_keyblock() minor++"); Memcpy(h, hdr, hsize); h->header_version_minor--; resign_keyblock(h, private_key); TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb), "vb2_verify_keyblock() minor--"); /* Check signature */ Memcpy(h, hdr, hsize); h->keyblock_signature.sig_offset = hsize; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_SIG_OUTSIDE, "vb2_verify_keyblock() sig off end"); Memcpy(h, hdr, hsize); h->keyblock_signature.sig_size--; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_SIG_INVALID, "vb2_verify_keyblock() sig too small"); Memcpy(h, hdr, hsize); ((uint8_t *)vb2_packed_key_data(&h->data_key))[0] ^= 0x34; TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_SIG_INVALID, "vb2_verify_keyblock() sig mismatch"); Memcpy(h, hdr, hsize); h->keyblock_signature.data_size = h->keyblock_size + 1; TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH, "vb2_verify_keyblock() sig data past end of block"); /* Check that we signed header and data key */ Memcpy(h, hdr, hsize); h->keyblock_signature.data_size = 4; h->data_key.key_offset = 0; h->data_key.key_size = 0; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE, "vb2_verify_keyblock() didn't sign header"); Memcpy(h, hdr, hsize); h->data_key.key_offset = hsize; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE, "vb2_verify_keyblock() data key off end"); /* Corner cases for error checking */ TEST_EQ(vb2_verify_keyblock(NULL, 4, &key, &wb), VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER, "vb2_verify_keyblock size too small"); /* * TODO: verify parser can support a bigger header (i.e., one where * data_key.key_offset is bigger than expected). */ free(h); free(hdr); }
static void test_verify_fw_preamble(const VbPublicKey *public_key, const VbPrivateKey *private_key, const VbPublicKey *kernel_subkey) { struct vb2_fw_preamble *hdr; struct vb2_fw_preamble *h; struct vb2_public_key rsa; uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; uint32_t hsize; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); /* Create a dummy signature */ VbSignature *body_sig = SignatureAlloc(56, 78); TEST_SUCC(vb2_unpack_key(&rsa, (uint8_t *)public_key, public_key->key_offset + public_key->key_size), "vb2_verify_fw_preamble() prereq key"); hdr = (struct vb2_fw_preamble *) CreateFirmwarePreamble(0x1234, kernel_subkey, body_sig, private_key, 0x5678); TEST_PTR_NEQ(hdr, NULL, "VerifyFirmwarePreamble() prereq test preamble"); if (!hdr) return; hsize = (uint32_t) hdr->preamble_size; h = (struct vb2_fw_preamble *)malloc(hsize + 16384); Memcpy(h, hdr, hsize); TEST_SUCC(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), "vb2_verify_fw_preamble() ok using key"); Memcpy(h, hdr, hsize); TEST_EQ(vb2_verify_fw_preamble(h, 4, &rsa, &wb), VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER, "vb2_verify_fw_preamble() size tiny"); Memcpy(h, hdr, hsize); TEST_EQ(vb2_verify_fw_preamble(h, hsize - 1, &rsa, &wb), VB2_ERROR_PREAMBLE_SIZE, "vb2_verify_fw_preamble() size--"); /* Buffer is allowed to be bigger than preamble */ Memcpy(h, hdr, hsize); TEST_SUCC(vb2_verify_fw_preamble(h, hsize + 1, &rsa, &wb), "vb2_verify_fw_preamble() size++"); /* Care about major version but not minor */ Memcpy(h, hdr, hsize); h->header_version_major++; resign_fw_preamble(h, private_key); TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_HEADER_VERSION , "vb2_verify_fw_preamble() major++"); Memcpy(h, hdr, hsize); h->header_version_major--; resign_fw_preamble(h, private_key); TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_HEADER_VERSION, "vb2_verify_fw_preamble() major--"); Memcpy(h, hdr, hsize); h->header_version_minor++; resign_fw_preamble(h, private_key); TEST_SUCC(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), "vb2_verify_fw_preamble() minor++"); Memcpy(h, hdr, hsize); h->header_version_minor--; resign_fw_preamble(h, private_key); TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_HEADER_OLD, "vb2_verify_fw_preamble() 2.0 not supported"); /* Check signature */ Memcpy(h, hdr, hsize); h->preamble_signature.sig_offset = hsize; resign_fw_preamble(h, private_key); TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_SIG_OUTSIDE, "vb2_verify_fw_preamble() sig off end"); Memcpy(h, hdr, hsize); h->preamble_signature.sig_size--; resign_fw_preamble(h, private_key); TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_SIG_INVALID, "vb2_verify_fw_preamble() sig too small"); Memcpy(h, hdr, hsize); ((uint8_t *)vb2_packed_key_data(&h->kernel_subkey))[0] ^= 0x34; TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_SIG_INVALID, "vb2_verify_fw_preamble() sig mismatch"); /* Check that we signed header, kernel subkey, and body sig */ Memcpy(h, hdr, hsize); h->preamble_signature.data_size = 4; h->kernel_subkey.key_offset = 0; h->kernel_subkey.key_size = 0; h->body_signature.sig_offset = 0; h->body_signature.sig_size = 0; resign_fw_preamble(h, private_key); TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE, "vb2_verify_fw_preamble() didn't sign header"); Memcpy(h, hdr, hsize); h->kernel_subkey.key_offset = hsize; resign_fw_preamble(h, private_key); TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_KERNEL_SUBKEY_OUTSIDE, "vb2_verify_fw_preamble() kernel subkey off end"); Memcpy(h, hdr, hsize); h->body_signature.sig_offset = hsize; resign_fw_preamble(h, private_key); TEST_EQ(vb2_verify_fw_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE, "vb2_verify_fw_preamble() body sig off end"); /* TODO: verify with extra padding at end of header. */ free(h); free(hdr); }
static void test_verify_kernel_preamble( const struct vb2_packed_key *public_key, const struct vb2_private_key *private_key) { struct vb2_public_key rsa; // TODO: how many workbuf bytes? uint8_t workbuf[VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; uint32_t hsize; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); /* Create a dummy signature */ struct vb2_signature *body_sig = vb2_alloc_signature(56, 0x214000); TEST_SUCC(vb2_unpack_key(&rsa, public_key), "vb2_verify_kernel_preamble() prereq key"); struct vb2_kernel_preamble *hdr = vb2_create_kernel_preamble(0x1234, 0x100000, 0x300000, 0x4000, body_sig, 0x304000, 0x10000, 0, 0, private_key); TEST_PTR_NEQ(hdr, NULL, "vb2_verify_kernel_preamble() prereq test preamble"); if (!hdr) { free(body_sig); return; } hsize = (uint32_t) hdr->preamble_size; struct vb2_kernel_preamble *h = (struct vb2_kernel_preamble *)malloc(hsize + 16384); memcpy(h, hdr, hsize); TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), "vb2_verify_kernel_preamble() ok using key"); memcpy(h, hdr, hsize); TEST_EQ(vb2_verify_kernel_preamble(h, 4, &rsa, &wb), VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER, "vb2_verify_kernel_preamble() size tiny"); memcpy(h, hdr, hsize); TEST_EQ(vb2_verify_kernel_preamble(h, hsize - 1, &rsa, &wb), VB2_ERROR_PREAMBLE_SIZE, "vb2_verify_kernel_preamble() size--"); /* Buffer is allowed to be bigger than preamble */ memcpy(h, hdr, hsize); TEST_SUCC(vb2_verify_kernel_preamble(h, hsize + 1, &rsa, &wb), "vb2_verify_kernel_preamble() size++"); /* Care about major version but not minor */ memcpy(h, hdr, hsize); h->header_version_major++; resign_kernel_preamble(h, private_key); TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_HEADER_VERSION , "vb2_verify_kernel_preamble() major++"); memcpy(h, hdr, hsize); h->header_version_major--; resign_kernel_preamble(h, private_key); TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_HEADER_VERSION, "vb2_verify_kernel_preamble() major--"); memcpy(h, hdr, hsize); h->header_version_minor++; resign_kernel_preamble(h, private_key); TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), "vb2_verify_kernel_preamble() minor++"); /* Check signature */ memcpy(h, hdr, hsize); h->preamble_signature.sig_offset = hsize; resign_kernel_preamble(h, private_key); TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_SIG_OUTSIDE, "vb2_verify_kernel_preamble() sig off end"); memcpy(h, hdr, hsize); h->preamble_signature.sig_size--; resign_kernel_preamble(h, private_key); TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_SIG_INVALID, "vb2_verify_kernel_preamble() sig too small"); memcpy(h, hdr, hsize); h->flags++; TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_SIG_INVALID, "vb2_verify_kernel_preamble() sig mismatch"); /* Check that we signed header and body sig */ memcpy(h, hdr, hsize); h->preamble_signature.data_size = 4; h->body_signature.sig_offset = 0; h->body_signature.sig_size = 0; resign_kernel_preamble(h, private_key); TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE, "vb2_verify_kernel_preamble() didn't sign header"); memcpy(h, hdr, hsize); h->body_signature.sig_offset = hsize; resign_kernel_preamble(h, private_key); TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE, "vb2_verify_kernel_preamble() body sig off end"); /* Check bootloader inside signed body */ memcpy(h, hdr, hsize); h->bootloader_address = h->body_load_address - 1; resign_kernel_preamble(h, private_key); TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_BOOTLOADER_OUTSIDE, "vb2_verify_kernel_preamble() bootloader before body"); memcpy(h, hdr, hsize); h->bootloader_address = h->body_load_address + h->body_signature.data_size + 1; resign_kernel_preamble(h, private_key); TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_BOOTLOADER_OUTSIDE, "vb2_verify_kernel_preamble() bootloader off end of body"); memcpy(h, hdr, hsize); h->bootloader_address = h->body_load_address + h->body_signature.data_size + 1; h->bootloader_size = 0; resign_kernel_preamble(h, private_key); TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), "vb2_verify_kernel_preamble() no bootloader"); /* Check vmlinuz inside signed body */ memcpy(h, hdr, hsize); h->vmlinuz_header_address = h->body_load_address - 1; resign_kernel_preamble(h, private_key); TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_VMLINUZ_HEADER_OUTSIDE, "vb2_verify_kernel_preamble() vmlinuz_header before body"); memcpy(h, hdr, hsize); h->vmlinuz_header_address = h->body_load_address + h->body_signature.data_size + 1; resign_kernel_preamble(h, private_key); TEST_EQ(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), VB2_ERROR_PREAMBLE_VMLINUZ_HEADER_OUTSIDE, "vb2_verify_kernel_preamble() vmlinuz_header off end of body"); memcpy(h, hdr, hsize); h->vmlinuz_header_address = h->body_load_address + h->body_signature.data_size + 1; h->vmlinuz_header_size = 0; resign_kernel_preamble(h, private_key); TEST_SUCC(vb2_verify_kernel_preamble(h, hsize, &rsa, &wb), "vb2_verify_kernel_preamble() no vmlinuz_header"); /* TODO: verify with extra padding at end of header. */ free(h); free(hdr); free(body_sig); }