blob: 03a38ee1f7fe756ef0d60a79887a267a80feffba [file] [log] [blame]
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include <stdint.h>
#include <stdio.h>
#include "2rsa.h"
#include "2sysincludes.h"
#include "file_keys.h"
#include "host_key.h"
#include "rsa_padding_test.h"
#include "test_common.h"
#include "vb2_common.h"
vb2_error_t hwcrypto_modexp_return_value = VB2_SUCCESS;
vb2_error_t vb2ex_hwcrypto_modexp(const struct vb2_public_key *key,
uint8_t *inout,
uint32_t *workbuf32, int exp) {
return hwcrypto_modexp_return_value;
}
/**
* Test valid and invalid signatures.
*/
static void test_signatures(const struct vb2_public_key *key)
{
uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
__attribute__((aligned(VB2_WORKBUF_ALIGN)));
uint8_t sig[RSA1024NUMBYTES];
struct vb2_workbuf wb;
int unexpected_success;
int i;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
/* The first test signature is valid. */
memcpy(sig, signatures[0], sizeof(sig));
TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
"RSA Padding Test valid sig");
/* All other signatures should fail verification. */
unexpected_success = 0;
for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
memcpy(sig, signatures[i], sizeof(sig));
if (!vb2_rsa_verify_digest(key, sig,
test_message_sha1_hash, &wb)) {
fprintf(stderr,
"RSA Padding Test vector %d FAILED!\n", i);
unexpected_success++;
}
}
TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs");
}
/**
* Test other error conditions in vb2_rsa_verify_digest().
*/
static void test_verify_digest(struct vb2_public_key *key) {
uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
__attribute__((aligned(VB2_WORKBUF_ALIGN)));
uint8_t sig[RSA1024NUMBYTES];
struct vb2_workbuf wb;
enum vb2_signature_algorithm orig_key_alg = key->sig_alg;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
memcpy(sig, signatures[0], sizeof(sig));
TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
"vb2_rsa_verify_digest() good");
TEST_EQ(vb2_rsa_verify_digest(key, NULL, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_PARAM, "vb2_rsa_verify_digest() bad arg");
key->allow_hwcrypto = 1;
memcpy(sig, signatures[0], sizeof(sig));
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
hwcrypto_modexp_return_value = VB2_SUCCESS;
TEST_NEQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_SUCCESS, "vb2_rsa_verify_digest() hwcrypto modexp fails");
memcpy(sig, signatures[0], sizeof(sig));
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
hwcrypto_modexp_return_value = VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
"vb2_rsa_verify_digest() hwcrypto modexp fallback to sw");
key->allow_hwcrypto = 0;
memcpy(sig, signatures[0], sizeof(sig));
vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_WORKBUF,
"vb2_rsa_verify_digest() small workbuf");
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
key->sig_alg = VB2_SIG_INVALID;
memcpy(sig, signatures[0], sizeof(sig));
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_ALGORITHM,
"vb2_rsa_verify_digest() bad key alg");
key->sig_alg = orig_key_alg;
key->arrsize *= 2;
memcpy(sig, signatures[0], sizeof(sig));
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_SIG_LEN,
"vb2_rsa_verify_digest() bad sig len");
key->arrsize /= 2;
/* Corrupt the signature near start and end */
memcpy(sig, signatures[0], sizeof(sig));
sig[3] ^= 0x42;
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig");
memcpy(sig, signatures[0], sizeof(sig));
sig[RSA1024NUMBYTES - 3] ^= 0x56;
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end");
}
int main(int argc, char *argv[])
{
struct vb2_public_key k2;
struct vb2_packed_key *pk;
/* Read test key */
if (argc != 2) {
fprintf(stderr, "Usage: %s <test public key>\n", argv[0]);
return 1;
}
pk = vb2_read_packed_keyb(argv[1], VB2_ALG_RSA1024_SHA1, 0);
if (!pk) {
fprintf(stderr, "Couldn't read RSA public key for the test.\n");
return 1;
}
if (VB2_SUCCESS != vb2_unpack_key(&k2, pk)) {
fprintf(stderr, "Couldn't unpack RSA public key.\n");
free(pk);
return 1;
}
/* Run tests */
test_signatures(&k2);
test_verify_digest(&k2);
/* Clean up and exit */
free(pk);
return gTestSuccess ? 0 : 255;
}