vboot2: Use more specific error codes
Error codes reported by the crypto and storage APIs are now very
specific, and tests verify the proper errors are reported.
More specific error codes coming to other files next, but I don't want
this CL to get too long.
This also changes test_common.c so TEST_EQ() reports mismatched values
in both decimal and hex, and adds TEST_SUCC() to test for a successful
return value.
BUG=chromium:370082
BRANCH=none
TEST=make clean && VBOOT2=1 COV=1 make
Change-Id: I255c8e5769284fbc286b9d94631b19677a71cdd0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/202778
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
diff --git a/firmware/2lib/2nvstorage.c b/firmware/2lib/2nvstorage.c
index 3bfe151..be63582 100644
--- a/firmware/2lib/2nvstorage.c
+++ b/firmware/2lib/2nvstorage.c
@@ -82,11 +82,11 @@
/* Check header */
if (VB2_NV_HEADER_SIGNATURE !=
(p[VB2_NV_OFFS_HEADER] & VB2_NV_HEADER_MASK))
- return VB2_ERROR_UNKNOWN;
+ return VB2_ERROR_NV_HEADER;
/* Check CRC */
if (vb2_crc8(p, VB2_NV_OFFS_CRC) != p[VB2_NV_OFFS_CRC])
- return VB2_ERROR_UNKNOWN;
+ return VB2_ERROR_NV_CRC;
return VB2_SUCCESS;
}
diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c
index e619e78..cc39b1d 100644
--- a/firmware/2lib/2rsa.c
+++ b/firmware/2lib/2rsa.c
@@ -286,7 +286,7 @@
tail_size = sizeof(sha512_tail);
break;
default:
- return VB2_ERROR_BAD_ALGORITHM;
+ return VB2_ERROR_RSA_PADDING_ALGORITHM;
}
/* First 2 bytes are always 0x00 0x01 */
@@ -303,7 +303,7 @@
*/
result |= vb2_safe_memcmp(sig, tail, tail_size);
- return result ? VB2_ERROR_BAD_SIGNATURE : VB2_SUCCESS;
+ return result ? VB2_ERROR_RSA_PADDING : VB2_SUCCESS;
}
int vb2_verify_digest(const struct vb2_public_key *key,
@@ -318,22 +318,22 @@
int rv;
if (!key || !sig || !digest)
- return VB2_ERROR_UNKNOWN;
+ return VB2_ERROR_RSA_VERIFY_PARAM;
if (key->algorithm >= VB2_ALG_COUNT) {
VB2_DEBUG("Invalid signature type!\n");
- return VB2_ERROR_BAD_ALGORITHM;
+ return VB2_ERROR_RSA_VERIFY_ALGORITHM;
}
/* Signature length should be same as key length */
if (key_bytes != vb2_rsa_sig_size(key->algorithm)) {
VB2_DEBUG("Signature is of incorrect length!\n");
- return VB2_ERROR_BAD_SIGNATURE;
+ return VB2_ERROR_RSA_VERIFY_SIG_LEN;
}
workbuf32 = vb2_workbuf_alloc(&wblocal, 3 * key_bytes);
if (!workbuf32)
- return VB2_ERROR_UNKNOWN;
+ return VB2_ERROR_RSA_VERIFY_WORKBUF;
modpowF4(key, sig, workbuf32);
@@ -354,7 +354,7 @@
if (vb2_safe_memcmp(sig + pad_size, digest, key_bytes - pad_size)) {
VB2_DEBUG("Digest check failed!\n");
- rv = VB2_ERROR_BAD_SIGNATURE;
+ rv = VB2_ERROR_RSA_VERIFY_DIGEST;
}
return rv;
diff --git a/firmware/2lib/2secdata.c b/firmware/2lib/2secdata.c
index 668bc50..2987e03 100644
--- a/firmware/2lib/2secdata.c
+++ b/firmware/2lib/2secdata.c
@@ -18,7 +18,7 @@
/* Verify CRC */
if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdata, crc8)))
- return VB2_ERROR_BAD_SECDATA;
+ return VB2_ERROR_SECDATA_CRC;
return VB2_SUCCESS;
}
@@ -47,7 +47,7 @@
/* Data must be new enough to have a CRC */
if (sec->struct_version < 2)
- return VB2_ERROR_BAD_SECDATA;
+ return VB2_ERROR_SECDATA_VERSION;
rv = vb2_secdata_check_crc(ctx);
if (rv)
@@ -76,7 +76,7 @@
return VB2_SUCCESS;
default:
- return VB2_ERROR_UNKNOWN;
+ return VB2_ERROR_SECDATA_GET_PARAM;
}
}
@@ -95,7 +95,7 @@
case VB2_SECDATA_FLAGS:
/* Make sure flags is in valid range */
if (value > 0xff)
- return VB2_ERROR_UNKNOWN;
+ return VB2_ERROR_SECDATA_SET_FLAGS;
sec->flags = value;
break;
@@ -105,7 +105,7 @@
break;
default:
- return VB2_ERROR_UNKNOWN;
+ return VB2_ERROR_SECDATA_SET_PARAM;
}
/* Regenerate CRC */
diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c
index 66e8b69..0f9adfa 100644
--- a/firmware/2lib/2sha_utility.c
+++ b/firmware/2lib/2sha_utility.c
@@ -72,7 +72,7 @@
return VB2_SUCCESS;
#endif
default:
- return VB2_ERROR_BAD_ALGORITHM;
+ return VB2_ERROR_SHA_INIT_ALGORITHM;
}
}
@@ -97,7 +97,7 @@
return VB2_SUCCESS;
#endif
default:
- return VB2_ERROR_BAD_ALGORITHM;
+ return VB2_ERROR_SHA_EXTEND_ALGORITHM;
}
}
@@ -106,7 +106,7 @@
uint32_t digest_size)
{
if (digest_size < vb2_digest_size(dc->algorithm))
- return VB2_ERROR_BUFFER_TOO_SMALL;
+ return VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE;
switch (vb2_hash_alg(dc->algorithm)) {
#if VB2_SUPPORT_SHA1
@@ -125,6 +125,6 @@
return VB2_SUCCESS;
#endif
default:
- return VB2_ERROR_BAD_ALGORITHM;
+ return VB2_ERROR_SHA_FINALIZE_ALGORITHM;
}
}
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index 73a37b5..28c0f91 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -16,8 +16,93 @@
/* Success - no error */
VB2_SUCCESS = 0,
+ /*
+ * All vboot2 error codes start at a large offset from zero, to reduce
+ * the risk of overlap with other error codes (TPM, etc.).
+ */
+ VB2_ERROR_BASE = 0x0100000,
+
/* Unknown / unspecified error */
- VB2_ERROR_UNKNOWN = 0x10000,
+ VB2_ERROR_UNKNOWN = VB2_ERROR_BASE + 1,
+
+ /**********************************************************************
+ * SHA errors
+ */
+ VB2_ERROR_SHA = VB2_ERROR_BASE + 0x010000,
+
+ /* Bad algorithm in vb2_digest_init() */
+ VB2_ERROR_SHA_INIT_ALGORITHM,
+
+ /* Bad algorithm in vb2_digest_extend() */
+ VB2_ERROR_SHA_EXTEND_ALGORITHM,
+
+ /* Bad algorithm in vb2_digest_finalize() */
+ VB2_ERROR_SHA_FINALIZE_ALGORITHM,
+
+ /* Digest size buffer too small in vb2_digest_finalize() */
+ VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE,
+
+ /**********************************************************************
+ * RSA errors
+ */
+ VB2_ERROR_RSA = VB2_ERROR_BASE + 0x020000,
+
+ /* Padding mismatch in vb2_check_padding() */
+ VB2_ERROR_RSA_PADDING,
+
+ /* Bad algorithm in vb2_check_padding() */
+ VB2_ERROR_RSA_PADDING_ALGORITHM,
+
+ /* Null param passed to vb2_verify_digest() */
+ VB2_ERROR_RSA_VERIFY_PARAM,
+
+ /* Bad algorithm in vb2_verify_digest() */
+ VB2_ERROR_RSA_VERIFY_ALGORITHM,
+
+ /* Bad signature length in vb2_verify_digest() */
+ VB2_ERROR_RSA_VERIFY_SIG_LEN,
+
+ /* Work buffer too small in vb2_verify_digest() */
+ VB2_ERROR_RSA_VERIFY_WORKBUF,
+
+ /* Digest mismatch in vb2_verify_digest() */
+ VB2_ERROR_RSA_VERIFY_DIGEST,
+
+ /**********************************************************************
+ * NV storage errors
+ */
+ VB2_ERROR_NV = VB2_ERROR_BASE + 0x030000,
+
+ /* Bad header in vb2_nv_check_crc() */
+ VB2_ERROR_NV_HEADER,
+
+ /* Bad CRC in vb2_nv_check_crc() */
+ VB2_ERROR_NV_CRC,
+
+ /**********************************************************************
+ * Secure data storage errors
+ */
+ VB2_ERROR_SECDATA = VB2_ERROR_BASE + 0x040000,
+
+ /* Bad CRC in vb2_secdata_check_crc() */
+ VB2_ERROR_SECDATA_CRC,
+
+ /* Bad struct version in vb2_secdata_init() */
+ VB2_ERROR_SECDATA_VERSION,
+
+ /* Invalid param in vb2_secdata_get() */
+ VB2_ERROR_SECDATA_GET_PARAM,
+
+ /* Invalid param in vb2_secdata_set() */
+ VB2_ERROR_SECDATA_SET_PARAM,
+
+ /* Invalid flags passed to vb2_secdata_set() */
+ VB2_ERROR_SECDATA_SET_FLAGS,
+
+ /**********************************************************************
+ * TODO: errors which must still be made specific
+ */
+ VB2_ERROR_TODO = VB2_ERROR_BASE + 0xff0000,
/* Work buffer too small */
VB2_ERROR_WORKBUF_TOO_SMALL,
@@ -37,9 +122,6 @@
/* Signature check failed */
VB2_ERROR_BAD_SIGNATURE,
- /* Bad secure data */
- VB2_ERROR_BAD_SECDATA,
-
/* Bad key */
VB2_ERROR_BAD_KEY,
@@ -57,6 +139,14 @@
/* Bad hash tag */
VB2_ERROR_BAD_TAG,
+
+ /**********************************************************************
+ * Highest non-zero error generated inside vboot library. Note that
+ * error codes passed through vboot when it calls external APIs may
+ * still be outside this range.
+ */
+ VB2_ERROR_MAX = VB2_ERROR_BASE + 0xffffff,
+
};
#endif /* VBOOT_2_RETURN_CODES_H_ */
diff --git a/tests/test_common.c b/tests/test_common.c
index 2fa445f..3804245 100644
--- a/tests/test_common.c
+++ b/tests/test_common.c
@@ -24,7 +24,8 @@
return 1;
} else {
fprintf(stderr, "%s Test " COL_RED "FAILED\n" COL_STOP, testname);
- fprintf(stderr, " Expected: %d, got: %d\n", expected_result, result);
+ fprintf(stderr, " Expected: 0x%x (%d), got: 0x%x (%d)\n",
+ expected_result, expected_result, result, result);
gTestSuccess = 0;
return 0;
}
@@ -36,7 +37,8 @@
return 1;
} else {
fprintf(stderr, "%s Test " COL_RED "FAILED\n" COL_STOP, testname);
- fprintf(stderr, " Didn't expect %d, but got it.\n", not_expected_result);
+ fprintf(stderr, " Didn't expect 0x%x (%d), but got it.\n",
+ not_expected_result, not_expected_result);
gTestSuccess = 0;
return 0;
}
@@ -91,6 +93,17 @@
}
+int TEST_SUCC(int result, const char* testname) {
+ if (result == 0) {
+ fprintf(stderr, "%s Test " COL_GREEN "PASSED\n" COL_STOP, testname);
+ } else {
+ fprintf(stderr, "%s Test " COL_RED "FAILED\n" COL_STOP, testname);
+ fprintf(stderr, " Expected SUCCESS, got: 0x%lx\n", (long)result);
+ gTestSuccess = 0;
+ }
+ return !result;
+}
+
int TEST_TRUE(int result, const char* testname) {
if (result) {
fprintf(stderr, "%s Test " COL_GREEN "PASSED\n" COL_STOP, testname);
diff --git a/tests/test_common.h b/tests/test_common.h
index 4acf588..9a84f50 100644
--- a/tests/test_common.h
+++ b/tests/test_common.h
@@ -42,6 +42,10 @@
* Also update the global gTestSuccess flag if test fails. */
int TEST_FALSE(int result, const char* testname);
+/* Return 1 if result is 0 (VB_ERROR_SUCCESS / VB2_SUCCESS), else return 0.
+ * Also update the global gTestSuccess flag if test fails. */
+int TEST_SUCC(int result, const char* testname);
+
/* ANSI Color coding sequences.
*
* Don't use \e as MSC does not recognize it as a valid escape sequence.
diff --git a/tests/vb2_nvstorage_tests.c b/tests/vb2_nvstorage_tests.c
index 061f869..88ffe47 100644
--- a/tests/vb2_nvstorage_tests.c
+++ b/tests/vb2_nvstorage_tests.c
@@ -79,6 +79,7 @@
"vb2_nv_init() status changed");
test_changed(&c, 1, "vb2_nv_init() reset changed");
goodcrc = c.nvdata[15];
+ TEST_SUCC(vb2_nv_check_crc(&c), "vb2_nv_check_crc() good");
/* Another init should not cause further changes */
c.flags = 0;
@@ -90,6 +91,8 @@
/* Perturbing the header should force defaults */
c.nvdata[0] ^= 0x40;
+ TEST_EQ(vb2_nv_check_crc(&c),
+ VB2_ERROR_NV_HEADER, "vb2_nv_check_crc() bad header");
vb2_nv_init(&c);
TEST_EQ(c.nvdata[0], 0x70, "vb2_nv_init() reset header byte again");
test_changed(&c, 1, "vb2_nv_init() corrupt changed");
@@ -98,6 +101,8 @@
/* So should perturbing some other byte */
TEST_EQ(c.nvdata[11], 0, "Kernel byte starts at 0");
c.nvdata[11] = 12;
+ TEST_EQ(vb2_nv_check_crc(&c),
+ VB2_ERROR_NV_CRC, "vb2_nv_check_crc() bad CRC");
vb2_nv_init(&c);
TEST_EQ(c.nvdata[11], 0, "vb2_nv_init() reset kernel byte");
test_changed(&c, 1, "vb2_nv_init() corrupt elsewhere changed");
diff --git a/tests/vb2_rsa_padding_tests.c b/tests/vb2_rsa_padding_tests.c
index 233f729..f1b7aa4 100644
--- a/tests/vb2_rsa_padding_tests.c
+++ b/tests/vb2_rsa_padding_tests.c
@@ -51,8 +51,8 @@
/* The first test signature is valid. */
Memcpy(sig, signatures[0], sizeof(sig));
- TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
- 0, "RSA Padding Test valid sig");
+ TEST_SUCC(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+ "RSA Padding Test valid sig");
/* All other signatures should fail verification. */
unexpected_success = 0;
@@ -79,37 +79,40 @@
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
Memcpy(sig, signatures[0], sizeof(sig));
- TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
- 0, "vb2_verify_digest() good");
+ TEST_SUCC(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+ "vb2_verify_digest() good");
Memcpy(sig, signatures[0], sizeof(sig));
vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
- TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
- 0, "vb2_verify_digest() small workbuf");
+ TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+ VB2_ERROR_RSA_VERIFY_WORKBUF,
+ "vb2_verify_digest() small workbuf");
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
key->algorithm += VB2_ALG_COUNT;
Memcpy(sig, signatures[0], sizeof(sig));
- TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
- 0, "vb2_verify_digest() bad key alg");
+ TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+ VB2_ERROR_RSA_VERIFY_ALGORITHM,
+ "vb2_verify_digest() bad key alg");
key->algorithm -= VB2_ALG_COUNT;
key->arrsize *= 2;
Memcpy(sig, signatures[0], sizeof(sig));
- TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
- 0, "vb2_verify_digest() bad key len");
+ TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+ VB2_ERROR_RSA_VERIFY_SIG_LEN,
+ "vb2_verify_digest() bad sig len");
key->arrsize /= 2;
/* Corrupt the signature near start and end */
Memcpy(sig, signatures[0], sizeof(sig));
sig[3] ^= 0x42;
- TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
- 0, "vb2_verify_digest() bad sig");
+ TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+ VB2_ERROR_RSA_PADDING, "vb2_verify_digest() bad sig");
Memcpy(sig, signatures[0], sizeof(sig));
sig[RSA1024NUMBYTES - 3] ^= 0x56;
- TEST_NEQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
- 0, "vb2_verify_digest() bad sig end");
+ TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+ VB2_ERROR_RSA_PADDING, "vb2_verify_digest() bad sig end");
}
int main(int argc, char *argv[])
diff --git a/tests/vb2_rsa_utility_tests.c b/tests/vb2_rsa_utility_tests.c
index df3eb37..2a74f35 100644
--- a/tests/vb2_rsa_utility_tests.c
+++ b/tests/vb2_rsa_utility_tests.c
@@ -72,7 +72,8 @@
/* Test padding check with bad algorithm */
Memcpy(sig, signatures[0], sizeof(sig));
TEST_EQ(vb2_check_padding(sig, VB2_ALG_COUNT),
- VB2_ERROR_BAD_ALGORITHM, "vb2_check_padding() bad alg");
+ VB2_ERROR_RSA_PADDING_ALGORITHM,
+ "vb2_check_padding() bad alg");
/* Test safe memcmp */
TEST_EQ(vb2_safe_memcmp("foo", "foo", 3), 0, "vb2_safe_memcmp() good");
diff --git a/tests/vb2_secdata_tests.c b/tests/vb2_secdata_tests.c
index 3451b32..5128331 100644
--- a/tests/vb2_secdata_tests.c
+++ b/tests/vb2_secdata_tests.c
@@ -40,58 +40,66 @@
/* Blank data is invalid */
memset(c.secdata, 0xa6, sizeof(c.secdata));
- TEST_NEQ(vb2_secdata_check_crc(&c), 0, "Check blank CRC");
- TEST_NEQ(vb2_secdata_init(&c), 0, "Init blank CRC");
+ TEST_EQ(vb2_secdata_check_crc(&c),
+ VB2_ERROR_SECDATA_CRC, "Check blank CRC");
+ TEST_EQ(vb2_secdata_init(&c),
+ VB2_ERROR_SECDATA_CRC, "Init blank CRC");
/* Create good data */
- TEST_EQ(vb2_secdata_create(&c), 0, "Create");
- TEST_EQ(vb2_secdata_check_crc(&c), 0, "Check created CRC");
- TEST_EQ(vb2_secdata_init(&c), 0, "Init created CRC");
+ TEST_SUCC(vb2_secdata_create(&c), "Create");
+ TEST_SUCC(vb2_secdata_check_crc(&c), "Check created CRC");
+ TEST_SUCC(vb2_secdata_init(&c), "Init created CRC");
test_changed(&c, 1, "Create changes data");
/* Now corrupt it */
c.secdata[2]++;
- TEST_NEQ(vb2_secdata_check_crc(&c), 0, "Check invalid CRC");
- TEST_NEQ(vb2_secdata_init(&c), 0, "Init invalid CRC");
+ TEST_EQ(vb2_secdata_check_crc(&c),
+ VB2_ERROR_SECDATA_CRC, "Check invalid CRC");
+ TEST_EQ(vb2_secdata_init(&c),
+ VB2_ERROR_SECDATA_CRC, "Init invalid CRC");
/* Version 1 didn't have a CRC, so init should reject it */
vb2_secdata_create(&c);
s->struct_version = 1;
- TEST_NEQ(vb2_secdata_init(&c), 0, "Init old version");
+ TEST_EQ(vb2_secdata_init(&c),
+ VB2_ERROR_SECDATA_VERSION, "Init old version");
vb2_secdata_create(&c);
c.flags = 0;
/* Read/write flags */
- TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), 0, "Get flags");
+ TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), "Get flags");
TEST_EQ(v, 0, "Flags created 0");
test_changed(&c, 0, "Get doesn't change data");
- TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), 0, "Set flags");
+ TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), "Set flags");
test_changed(&c, 1, "Set changes data");
- TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), 0, "Set flags 2");
+ TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), "Set flags 2");
test_changed(&c, 0, "Set again doesn't change data");
- TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), 0, "Get flags 2");
+ TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), "Get flags 2");
TEST_EQ(v, 0x12, "Flags changed");
- TEST_NEQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x100), 0, "Bad flags");
+ TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x100),
+ VB2_ERROR_SECDATA_SET_FLAGS, "Bad flags");
/* Read/write versions */
- TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v),
- 0, "Get versions");
+ TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v),
+ "Get versions");
TEST_EQ(v, 0, "Versions created 0");
test_changed(&c, 0, "Get doesn't change data");
- TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff),
- 0, "Set versions");
+ TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff),
+ "Set versions");
test_changed(&c, 1, "Set changes data");
- TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff),
- 0, "Set versions 2");
+ TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff),
+ "Set versions 2");
test_changed(&c, 0, "Set again doesn't change data");
- TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), 0,
- "Get versions 2");
+ TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v),
+ "Get versions 2");
TEST_EQ(v, 0x123456ff, "Versions changed");
/* Invalid field fails */
- TEST_NEQ(vb2_secdata_get(&c, -1, &v), 0, "Get invalid");
- TEST_NEQ(vb2_secdata_set(&c, -1, 456), 0, "Set invalid");
+ TEST_EQ(vb2_secdata_get(&c, -1, &v),
+ VB2_ERROR_SECDATA_GET_PARAM, "Get invalid");
+ TEST_EQ(vb2_secdata_set(&c, -1, 456),
+ VB2_ERROR_SECDATA_SET_PARAM, "Set invalid");
test_changed(&c, 0, "Set invalid field doesn't change data");
}
diff --git a/tests/vb2_sha_tests.c b/tests/vb2_sha_tests.c
index cbcd728..c60bbd1 100644
--- a/tests/vb2_sha_tests.c
+++ b/tests/vb2_sha_tests.c
@@ -5,18 +5,13 @@
/* FIPS 180-2 Tests for message digest functions. */
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "test_common.h"
-
+#include "2sysincludes.h"
#include "2rsa.h"
#include "2sha.h"
+#include "2return_codes.h"
-#include "cryptolib.h"
#include "sha_test_vectors.h"
+#include "test_common.h"
static int vb2_digest(const uint8_t *buf,
uint32_t size,
@@ -49,17 +44,18 @@
test_inputs[2] = (uint8_t *) long_msg;
for (i = 0; i < 3; i++) {
- TEST_EQ(vb2_digest(test_inputs[i],
- strlen((char *)test_inputs[i]),
- VB2_ALG_RSA1024_SHA1, digest,
- sizeof(digest)), 0, "vb2_digest() SHA1");
+ TEST_SUCC(vb2_digest(test_inputs[i],
+ strlen((char *)test_inputs[i]),
+ VB2_ALG_RSA1024_SHA1, digest,
+ sizeof(digest)),
+ "vb2_digest() SHA1");
TEST_EQ(memcmp(digest, sha1_results[i], sizeof(digest)),
0, "SHA1 digest");
}
- TEST_NEQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]),
+ TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]),
VB2_ALG_RSA1024_SHA1, digest, sizeof(digest) - 1),
- 0, "vb2_digest() too small");
+ VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small");
}
void sha256_tests(void)
@@ -73,17 +69,18 @@
test_inputs[2] = (uint8_t *) long_msg;
for (i = 0; i < 3; i++) {
- TEST_EQ(vb2_digest(test_inputs[i],
- strlen((char *)test_inputs[i]),
- VB2_ALG_RSA1024_SHA256, digest,
- sizeof(digest)), 0, "vb2_digest() SHA256");
+ TEST_SUCC(vb2_digest(test_inputs[i],
+ strlen((char *)test_inputs[i]),
+ VB2_ALG_RSA1024_SHA256, digest,
+ sizeof(digest)),
+ "vb2_digest() SHA256");
TEST_EQ(memcmp(digest, sha256_results[i], sizeof(digest)),
0, "SHA-256 digest");
}
- TEST_NEQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]),
- VB2_ALG_RSA1024_SHA256, digest, sizeof(digest) - 1),
- 0, "vb2_digest() too small");
+ TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]),
+ VB2_ALG_RSA1024_SHA256, digest, sizeof(digest) - 1),
+ VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small");
}
void sha512_tests(void)
@@ -97,17 +94,18 @@
test_inputs[2] = (uint8_t *) long_msg;
for (i = 0; i < 3; i++) {
- TEST_EQ(vb2_digest(test_inputs[i],
- strlen((char *)test_inputs[i]),
- VB2_ALG_RSA1024_SHA512, digest,
- sizeof(digest)), 0, "vb2_digest() SHA512");
+ TEST_SUCC(vb2_digest(test_inputs[i],
+ strlen((char *)test_inputs[i]),
+ VB2_ALG_RSA1024_SHA512, digest,
+ sizeof(digest)),
+ "vb2_digest() SHA512");
TEST_EQ(memcmp(digest, sha512_results[i], sizeof(digest)),
0, "SHA-512 digest");
}
- TEST_NEQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]),
- VB2_ALG_RSA1024_SHA512, digest, sizeof(digest) - 1),
- 0, "vb2_digest() too small");
+ TEST_EQ(vb2_digest(test_inputs[0], strlen((char *)test_inputs[0]),
+ VB2_ALG_RSA1024_SHA512, digest, sizeof(digest) - 1),
+ VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, "vb2_digest() too small");
}
void misc_tests(void)
@@ -117,17 +115,20 @@
TEST_EQ(vb2_digest_size(VB2_ALG_COUNT), 0, "digest size invalid alg");
- TEST_NEQ(vb2_digest((uint8_t *)oneblock_msg, strlen(oneblock_msg),
- VB2_ALG_COUNT, digest, sizeof(digest)),
- 0, "vb2_digest() invalid alg");
+ TEST_EQ(vb2_digest((uint8_t *)oneblock_msg, strlen(oneblock_msg),
+ VB2_ALG_COUNT, digest, sizeof(digest)),
+ VB2_ERROR_SHA_INIT_ALGORITHM,
+ "vb2_digest() invalid alg");
/* Test bad algorithm inside extend and finalize */
vb2_digest_init(&dc, VB2_ALG_RSA1024_SHA1);
dc.algorithm = VB2_ALG_COUNT;
- TEST_NEQ(vb2_digest_extend(&dc, digest, sizeof(digest)),
- 0, "vb2_digest_extend() invalid alg");
- TEST_NEQ(vb2_digest_finalize(&dc, digest, sizeof(digest)),
- 0, "vb2_digest_finalize() invalid alg");
+ TEST_EQ(vb2_digest_extend(&dc, digest, sizeof(digest)),
+ VB2_ERROR_SHA_EXTEND_ALGORITHM,
+ "vb2_digest_extend() invalid alg");
+ TEST_EQ(vb2_digest_finalize(&dc, digest, sizeof(digest)),
+ VB2_ERROR_SHA_FINALIZE_ALGORITHM,
+ "vb2_digest_finalize() invalid alg");
}
int main(int argc, char *argv[])
