static void test_verify_keyblock(const struct vb2_public_key *public_key, const struct vb2_private_key *private_key, const struct vb2_packed_key *data_key) { uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; struct vb2_keyblock *hdr; struct vb2_keyblock *h; uint32_t hsize; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); hdr = vb2_create_keyblock(data_key, private_key, 0x1234); TEST_NEQ((size_t)hdr, 0, "vb2_verify_keyblock() prerequisites"); if (!hdr) return; hsize = hdr->keyblock_size; h = (struct vb2_keyblock *)malloc(hsize + 2048); memcpy(h, hdr, hsize); TEST_SUCC(vb2_verify_keyblock(h, hsize, public_key, &wb), "vb2_verify_keyblock() ok using key"); /* Failures in keyblock check also cause verify to fail */ memcpy(h, hdr, hsize); TEST_EQ(vb2_verify_keyblock(h, hsize - 1, public_key, &wb), VB2_ERROR_KEYBLOCK_SIZE, "vb2_verify_keyblock() check"); /* Check signature */ memcpy(h, hdr, hsize); h->keyblock_signature.sig_size--; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, public_key, &wb), VB2_ERROR_KEYBLOCK_SIG_INVALID, "vb2_verify_keyblock() sig too small"); memcpy(h, hdr, hsize); ((uint8_t *)vb2_packed_key_data(&h->data_key))[0] ^= 0x34; TEST_EQ(vb2_verify_keyblock(h, hsize, public_key, &wb), VB2_ERROR_KEYBLOCK_SIG_INVALID, "vb2_verify_keyblock() sig mismatch"); /* * TODO: verify parser can support a bigger header (i.e., one where * data_key.key_offset is bigger than expected). */ free(h); free(hdr); }
static void keyblock_tests(const char *keys_dir) { struct vb2_public_key *pubk2048, *pubk4096, *pubk8192, pubkhash; struct vb2_private_key *prik4096, *prik8192; struct vb2_packed_key *pak, *pakgood; struct vb2_keyblock *kb; const struct vb2_private_key *prikhash; const struct vb2_private_key *prik[2]; char fname[1024]; const char test_desc[] = "Test keyblock"; uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); /* Read keys */ sprintf(fname, "%s/key_rsa2048.keyb", keys_dir); TEST_SUCC(vb2_public_key_read_keyb(&pubk2048, fname), "Read public key 2"); vb2_public_key_set_desc(pubk2048, "Test RSA2048 public key"); pubk2048->hash_alg = VB2_HASH_SHA256; sprintf(fname, "%s/key_rsa4096.keyb", keys_dir); TEST_SUCC(vb2_public_key_read_keyb(&pubk4096, fname), "Read public key 1"); vb2_public_key_set_desc(pubk4096, "Test RSA4096 public key"); pubk4096->hash_alg = VB2_HASH_SHA256; sprintf(fname, "%s/key_rsa8192.keyb", keys_dir); TEST_SUCC(vb2_public_key_read_keyb(&pubk8192, fname), "Read public key 2"); vb2_public_key_set_desc(pubk8192, "Test RSA8192 public key"); pubk8192->hash_alg = VB2_HASH_SHA512; sprintf(fname, "%s/key_rsa4096.pem", keys_dir); TEST_SUCC(vb2_private_key_read_pem(&prik4096, fname), "Read private key 2"); vb2_private_key_set_desc(prik4096, "Test RSA4096 private key"); prik4096->sig_alg = VB2_SIG_RSA4096; prik4096->hash_alg = VB2_HASH_SHA256; sprintf(fname, "%s/key_rsa8192.pem", keys_dir); TEST_SUCC(vb2_private_key_read_pem(&prik8192, fname), "Read private key 1"); vb2_private_key_set_desc(prik8192, "Test RSA8192 private key"); prik8192->sig_alg = VB2_SIG_RSA8192; prik8192->hash_alg = VB2_HASH_SHA512; TEST_SUCC(vb2_private_key_hash(&prikhash, VB2_HASH_SHA512), "Create private hash key"); TEST_SUCC(vb2_public_key_hash(&pubkhash, VB2_HASH_SHA512), "Create public hash key"); TEST_SUCC(vb2_public_key_pack(&pakgood, pubk2048), "Test packed key"); /* Sign a keyblock with one key */ prik[0] = prik4096; TEST_SUCC(vb2_keyblock_create(&kb, pubk2048, prik, 1, 0x1234, NULL), "Keyblock single"); TEST_PTR_NEQ(kb, NULL, " kb_ptr"); TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, pubk4096, &wb), " verify"); TEST_EQ(strcmp(vb2_common_desc(kb), pubk2048->desc), 0, " desc"); TEST_EQ(kb->flags, 0x1234, " flags"); pak = (struct vb2_packed_key *)((uint8_t *)kb + kb->key_offset); TEST_EQ(0, memcmp(pak, pakgood, pakgood->c.total_size), " data key"); free(kb); /* Sign a keyblock with two keys */ prik[0] = prik8192; prik[1] = prikhash; TEST_SUCC(vb2_keyblock_create(&kb, pubk4096, prik, 2, 0, test_desc), "Keyblock multiple"); TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, pubk8192, &wb), " verify 1"); TEST_SUCC(vb2_verify_keyblock(kb, kb->c.total_size, &pubkhash, &wb), " verify 2"); TEST_EQ(strcmp(vb2_common_desc(kb), test_desc), 0, " desc"); TEST_EQ(kb->flags, 0, " flags"); free(kb); /* Test errors */ prik[0] = prik8192; prik8192->hash_alg = VB2_HASH_INVALID; TEST_EQ(vb2_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL), VB2_KEYBLOCK_CREATE_SIG_SIZE, "Keyblock bad sig size"); TEST_PTR_EQ(kb, NULL, " kb_ptr"); prik[0] = prik4096; pubk4096->sig_alg = VB2_SIG_INVALID; TEST_EQ(vb2_keyblock_create(&kb, pubk4096, prik, 1, 0, NULL), VB2_KEYBLOCK_CREATE_DATA_KEY, "Keyblock bad data key"); /* Free keys */ free(pakgood); vb2_public_key_free(pubk2048); vb2_public_key_free(pubk4096); vb2_public_key_free(pubk8192); vb2_private_key_free(prik4096); vb2_private_key_free(prik8192); }
static void test_verify_keyblock(const VbPublicKey *public_key, const VbPrivateKey *private_key, const VbPublicKey *data_key) { uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; struct vb2_public_key key; struct vb2_keyblock *hdr; struct vb2_keyblock *h; uint32_t hsize; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); /* Unpack public key */ TEST_SUCC(vb2_unpack_key(&key, (uint8_t *)public_key, public_key->key_offset + public_key->key_size), "vb2_verify_keyblock public key"); hdr = (struct vb2_keyblock *) KeyBlockCreate(data_key, private_key, 0x1234); TEST_NEQ((size_t)hdr, 0, "vb2_verify_keyblock() prerequisites"); if (!hdr) return; hsize = hdr->keyblock_size; h = (struct vb2_keyblock *)malloc(hsize + 2048); Memcpy(h, hdr, hsize); TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb), "vb2_verify_keyblock() ok using key"); Memcpy(h, hdr, hsize); TEST_EQ(vb2_verify_keyblock(h, hsize - 1, &key, &wb), VB2_ERROR_KEYBLOCK_SIZE, "vb2_verify_keyblock() size--"); /* Buffer is allowed to be bigger than keyblock */ Memcpy(h, hdr, hsize); TEST_SUCC(vb2_verify_keyblock(h, hsize + 1, &key, &wb), "vb2_verify_keyblock() size++"); Memcpy(h, hdr, hsize); h->magic[0] &= 0x12; TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_MAGIC, "vb2_verify_keyblock() magic"); /* Care about major version but not minor */ Memcpy(h, hdr, hsize); h->header_version_major++; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_HEADER_VERSION, "vb2_verify_keyblock() major++"); Memcpy(h, hdr, hsize); h->header_version_major--; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_HEADER_VERSION, "vb2_verify_keyblock() major--"); Memcpy(h, hdr, hsize); h->header_version_minor++; resign_keyblock(h, private_key); TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb), "vb2_verify_keyblock() minor++"); Memcpy(h, hdr, hsize); h->header_version_minor--; resign_keyblock(h, private_key); TEST_SUCC(vb2_verify_keyblock(h, hsize, &key, &wb), "vb2_verify_keyblock() minor--"); /* Check signature */ Memcpy(h, hdr, hsize); h->keyblock_signature.sig_offset = hsize; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_SIG_OUTSIDE, "vb2_verify_keyblock() sig off end"); Memcpy(h, hdr, hsize); h->keyblock_signature.sig_size--; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_SIG_INVALID, "vb2_verify_keyblock() sig too small"); Memcpy(h, hdr, hsize); ((uint8_t *)vb2_packed_key_data(&h->data_key))[0] ^= 0x34; TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_SIG_INVALID, "vb2_verify_keyblock() sig mismatch"); Memcpy(h, hdr, hsize); h->keyblock_signature.data_size = h->keyblock_size + 1; TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH, "vb2_verify_keyblock() sig data past end of block"); /* Check that we signed header and data key */ Memcpy(h, hdr, hsize); h->keyblock_signature.data_size = 4; h->data_key.key_offset = 0; h->data_key.key_size = 0; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE, "vb2_verify_keyblock() didn't sign header"); Memcpy(h, hdr, hsize); h->data_key.key_offset = hsize; resign_keyblock(h, private_key); TEST_EQ(vb2_verify_keyblock(h, hsize, &key, &wb), VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE, "vb2_verify_keyblock() data key off end"); /* Corner cases for error checking */ TEST_EQ(vb2_verify_keyblock(NULL, 4, &key, &wb), VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER, "vb2_verify_keyblock size too small"); /* * TODO: verify parser can support a bigger header (i.e., one where * data_key.key_offset is bigger than expected). */ free(h); free(hdr); }