static void test_verify_keyblock(const struct vb2_public_key *public_key,
const struct vb2_private_key *private_key,
const struct vb2_packed_key *data_key)
{
uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
struct vb2_workbuf wb;
struct vb2_keyblock *hdr;
struct vb2_keyblock *h;
uint32_t hsize;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
hdr = vb2_create_keyblock(data_key, private_key, 0x1234);
TEST_NEQ((size_t)hdr, 0, "vb2_verify_keyblock() prerequisites");
if (!hdr)
return;
hsize = hdr->keyblock_size;
h = (struct vb2_keyblock *)malloc(hsize + 2048);
memcpy(h, hdr, hsize);
TEST_SUCC(vb2_verify_keyblock(h, hsize, public_key, &wb),
"vb2_verify_keyblock() ok using key");
/* Failures in keyblock check also cause verify to fail */
memcpy(h, hdr, hsize);
TEST_EQ(vb2_verify_keyblock(h, hsize - 1, public_key, &wb),
VB2_ERROR_KEYBLOCK_SIZE, "vb2_verify_keyblock() check");
/* Check signature */
memcpy(h, hdr, hsize);
h->keyblock_signature.sig_size--;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, public_key, &wb),
VB2_ERROR_KEYBLOCK_SIG_INVALID,
"vb2_verify_keyblock() sig too small");
memcpy(h, hdr, hsize);
((uint8_t *)vb2_packed_key_data(&h->data_key))[0] ^= 0x34;
TEST_EQ(vb2_verify_keyblock(h, hsize, public_key, &wb),
VB2_ERROR_KEYBLOCK_SIG_INVALID,
"vb2_verify_keyblock() sig mismatch");
/*
* TODO: verify parser can support a bigger header (i.e., one where
* data_key.key_offset is bigger than expected).
*/
free(h);
free(hdr);
}
static void keyblock_tests(const char *keys_dir)
{
struct vb2_public_key *pubk2048, *pubk4096, *pubk8192, pubkhash;
struct vb2_private_key *prik4096, *prik8192;
struct vb2_packed_key *pak, *pakgood;
struct vb2_keyblock *kb;
const struct vb2_private_key *prikhash;
const struct vb2_private_key *prik[2];
char fname[1024];
const char test_desc[] = "Test keyblock";
uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
struct vb2_workbuf wb;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
/* Read keys */
sprintf(fname, "%s/key_rsa2048.keyb", keys_dir);
TEST_SUCC(vb2_public_key_read_keyb(&pubk2048, fname),
"Read public key 2");
vb2_public_key_set_desc(pubk2048, "Test RSA2048 public key");
pubk2048->hash_alg = VB2_HASH_SHA256;
sprintf(fname, "%s/key_rsa4096.keyb", keys_dir);
TEST_SUCC(vb2_public_key_read_keyb(&pubk4096, fname),
"Read public key 1");
vb2_public_key_set_desc(pubk4096, "Test RSA4096 public key");
pubk4096->hash_alg = VB2_HASH_SHA256;
sprintf(fname, "%s/key_rsa8192.keyb", keys_dir);
TEST_SUCC(vb2_public_key_read_keyb(&pubk8192, fname),
"Read public key 2");
vb2_public_key_set_desc(pubk8192, "Test RSA8192 public key");
pubk8192->hash_alg = VB2_HASH_SHA512;
sprintf(fname, "%s/key_rsa4096.pem", keys_dir);
TEST_SUCC(vb2_private_key_read_pem(&prik4096, fname),
"Read private key 2");
vb2_private_key_set_desc(prik4096, "Test RSA4096 private key");
prik4096->sig_alg = VB2_SIG_RSA4096;
prik4096->hash_alg = VB2_HASH_SHA256;
sprintf(fname, "%s/key_rsa8192.pem", keys_dir);
TEST_SUCC(vb2_private_key_read_pem(&prik8192, fname),
"Read private key 1");
vb2_private_key_set_desc(prik8192, "Test RSA8192 private key");
prik8192->sig_alg = VB2_SIG_RSA8192;
prik8192->hash_alg = VB2_HASH_SHA512;
TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA512),
"Create private hash key");
TEST_SUCC(vb2_public_key_hash(&pubkhash, VB2_HASH_SHA512),
"Create public hash key");
TEST_SUCC(vb2_public_key_pack(&pakgood, pubk2048), "Test packed key");
/* Sign a keyblock with one key */
prik[0] = prik4096;
TEST_SUCC(vb2_keyblock_create(&kb, pubk2048, prik, 1, 0x1234, NULL),
"Keyblock single");
TEST_PTR_NEQ(kb, NULL, " kb_ptr");
TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, pubk4096, &wb),
" verify");
TEST_EQ(strcmp(vb2_common_desc(kb), pubk2048->desc), 0, " desc");
TEST_EQ(kb->flags, 0x1234, " flags");
pak = (struct vb2_packed_key *)((uint8_t *)kb + kb->key_offset);
TEST_EQ(0, memcmp(pak, pakgood, pakgood->c.total_size), " data key");
free(kb);
/* Sign a keyblock with two keys */
prik[0] = prik8192;
prik[1] = prikhash;
TEST_SUCC(vb2_keyblock_create(&kb, pubk4096, prik, 2, 0, test_desc),
"Keyblock multiple");
TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, pubk8192, &wb),
" verify 1");
TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, &pubkhash, &wb),
" verify 2");
TEST_EQ(strcmp(vb2_common_desc(kb), test_desc), 0, " desc");
TEST_EQ(kb->flags, 0, " flags");
free(kb);
/* Test errors */
prik[0] = prik8192;
prik8192->hash_alg = VB2_HASH_INVALID;
TEST_EQ(vb2_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL),
VB2_KEYBLOCK_CREATE_SIG_SIZE, "Keyblock bad sig size");
TEST_PTR_EQ(kb, NULL, " kb_ptr");
prik[0] = prik4096;
pubk4096->sig_alg = VB2_SIG_INVALID;
TEST_EQ(vb2_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL),
VB2_KEYBLOCK_CREATE_DATA_KEY, "Keyblock bad data key");
/* Free keys */
free(pakgood);
vb2_public_key_free(pubk2048);
vb2_public_key_free(pubk4096);
vb2_public_key_free(pubk8192);
vb2_private_key_free(prik4096);
vb2_private_key_free(prik8192);
}
static void test_verify_keyblock(const VbPublicKey *public_key,
const VbPrivateKey *private_key,
const VbPublicKey *data_key)
{
uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
struct vb2_workbuf wb;
struct vb2_public_key key;
struct vb2_keyblock *hdr;
struct vb2_keyblock *h;
uint32_t hsize;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
/* Unpack public key */
TEST_SUCC(vb2_unpack_key(&key, (uint8_t *)public_key,
public_key->key_offset + public_key->key_size),
"vb2_verify_keyblock public key");
hdr = (struct vb2_keyblock *)
KeyBlockCreate(data_key, private_key, 0x1234);
TEST_NEQ((size_t)hdr, 0, "vb2_verify_keyblock() prerequisites");
if (!hdr)
return;
hsize = hdr->keyblock_size;
h = (struct vb2_keyblock *)malloc(hsize + 2048);
Memcpy(h, hdr, hsize);
TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb),
"vb2_verify_keyblock() ok using key");
Memcpy(h, hdr, hsize);
TEST_EQ(vb2_verify_keyblock(h, hsize - 1, &key, &wb),
VB2_ERROR_KEYBLOCK_SIZE, "vb2_verify_keyblock() size--");
/* Buffer is allowed to be bigger than keyblock */
Memcpy(h, hdr, hsize);
TEST_SUCC(vb2_verify_keyblock(h, hsize + 1, &key, &wb),
"vb2_verify_keyblock() size++");
Memcpy(h, hdr, hsize);
h->magic[0] &= 0x12;
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_MAGIC, "vb2_verify_keyblock() magic");
/* Care about major version but not minor */
Memcpy(h, hdr, hsize);
h->header_version_major++;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_HEADER_VERSION,
"vb2_verify_keyblock() major++");
Memcpy(h, hdr, hsize);
h->header_version_major--;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_HEADER_VERSION,
"vb2_verify_keyblock() major--");
Memcpy(h, hdr, hsize);
h->header_version_minor++;
resign_keyblock(h, private_key);
TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb),
"vb2_verify_keyblock() minor++");
Memcpy(h, hdr, hsize);
h->header_version_minor--;
resign_keyblock(h, private_key);
TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb),
"vb2_verify_keyblock() minor--");
/* Check signature */
Memcpy(h, hdr, hsize);
h->keyblock_signature.sig_offset = hsize;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_SIG_OUTSIDE,
"vb2_verify_keyblock() sig off end");
Memcpy(h, hdr, hsize);
h->keyblock_signature.sig_size--;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_SIG_INVALID,
"vb2_verify_keyblock() sig too small");
Memcpy(h, hdr, hsize);
((uint8_t *)vb2_packed_key_data(&h->data_key))[0] ^= 0x34;
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_SIG_INVALID,
"vb2_verify_keyblock() sig mismatch");
Memcpy(h, hdr, hsize);
h->keyblock_signature.data_size = h->keyblock_size + 1;
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH,
"vb2_verify_keyblock() sig data past end of block");
/* Check that we signed header and data key */
Memcpy(h, hdr, hsize);
h->keyblock_signature.data_size = 4;
h->data_key.key_offset = 0;
h->data_key.key_size = 0;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE,
"vb2_verify_keyblock() didn't sign header");
Memcpy(h, hdr, hsize);
h->data_key.key_offset = hsize;
resign_keyblock(h, private_key);
TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb),
VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE,
"vb2_verify_keyblock() data key off end");
/* Corner cases for error checking */
TEST_EQ(vb2_verify_keyblock(NULL, 4, &key, &wb),
VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER,
"vb2_verify_keyblock size too small");
/*
* TODO: verify parser can support a bigger header (i.e., one where
* data_key.key_offset is bigger than expected).
*/
free(h);
free(hdr);
}
