scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 02:05:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

host,test: Remove unneeded vb1 rsa functions

Browse Source 
Another in a continued stream of refactoring.  This change removes more
of the vb1 rsa library code and associated tests, in favor of their vb2
equivalents.  This change touches only host-side code and its tests, not
firmware.

BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge

Change-Id: I1973bc2f03c60da62232e30bab0fa5fe791b6b34
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400901
This commit is contained in:
Randall Spangler
2016-10-14 15:37:25 -07:00
committed by chrome-bot
parent 13b109762a
commit 5a9f498182
18 changed files with 131 additions and 1082 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
tests/rsa_padding_test.c
View File

@@ -1,91 +0,0 @@
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include <stdint.h>
#include <stdio.h>
#include "cryptolib.h"
#include "file_keys.h"
#include "rsa_padding_test.h"
#include "test_common.h"
#include "utility.h"
/* Test valid and invalid signatures */
static void TestSignatures(RSAPublicKey* key) {
int unexpected_success;
int i;
/* The first test signature is valid. */
TEST_EQ(RSAVerify(key, signatures[0], RSA1024NUMBYTES, 0,
test_message_sha1_hash), 1, "RSA Padding Test valid sig");
/* All other signatures should fail verification. */
unexpected_success = 0;
for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
if (RSAVerify(key, signatures[i], RSA1024NUMBYTES, 0,
test_message_sha1_hash)) {
fprintf(stderr, "RSA Padding Test vector %d FAILED!\n", i);
unexpected_success++;
}
}
TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs");
}
/* Test other error conditions in RSAVerify() */
static void TestRSAVerify(RSAPublicKey* key) {
uint8_t sig[RSA1024NUMBYTES];
TEST_EQ(RSAVerify(key, signatures[0], RSA1024NUMBYTES, 0,
test_message_sha1_hash), 1, "RSAVerify() good");
TEST_EQ(RSAVerify(key, signatures[0], RSA1024NUMBYTES - 1, 0,
test_message_sha1_hash), 0, "RSAVerify() sig len");
TEST_EQ(RSAVerify(key, signatures[0], RSA1024NUMBYTES, kNumAlgorithms,
test_message_sha1_hash), 0, "RSAVerify() invalid alg");
TEST_EQ(RSAVerify(key, signatures[0], RSA1024NUMBYTES, 3,
test_message_sha1_hash), 0, "RSAVerify() wrong alg");
/* Corrupt the signature near start and end */
memcpy(sig, signatures[0], RSA1024NUMBYTES);
sig[3] ^= 0x42;
TEST_EQ(RSAVerify(key, sig, RSA1024NUMBYTES, 0, test_message_sha1_hash), 0,
"RSAVerify() bad sig");
memcpy(sig, signatures[0], RSA1024NUMBYTES);
sig[RSA1024NUMBYTES - 3] ^= 0x56;
TEST_EQ(RSAVerify(key, sig, RSA1024NUMBYTES, 0, test_message_sha1_hash), 0,
"RSAVerify() bad sig end");
}
int main(int argc, char* argv[]) {
int error = 0;
RSAPublicKey* key;
/* Read test key */
if (argc != 2) {
fprintf(stderr, "Usage: %s <test public key>\n", argv[0]);
return 1;
}
key = RSAPublicKeyFromFile(argv[1]);
if (!key) {
fprintf(stderr, "Couldn't read RSA public key for the test.\n");
return 1;
}
/* Run tests */
TestSignatures(key);
TestRSAVerify(key);
/* Clean up and exit */
RSAPublicKeyFree(key);
if (!gTestSuccess)
error = 255;
return error;
}

213
tests/rsa_utility_tests.c
View File

@@ -1,213 +0,0 @@
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include <stdint.h>
#include <stdio.h>
#define _STUB_IMPLEMENTATION_
#include "cryptolib.h"
#include "file_keys.h"
#include "rsa_padding_test.h"
#include "test_common.h"
#include "utility.h"
#include "vboot_api.h"
/* Data for mock functions */
static int mock_rsaverify_retval;
int RSAVerify(const RSAPublicKey *key,
const uint8_t* sig,
const uint32_t sig_len,
const uint8_t sig_type,
const uint8_t* hash) {
return mock_rsaverify_retval;
}
static void ResetMocks(void) {
mock_rsaverify_retval = 1;
}
/* Test RSA utility funcs */
static void TestUtils(void) {
RSAPublicKey* key;
uint64_t u;
/* Processed key size */
TEST_EQ(RSAProcessedKeySize(0, &u), 1, "Processed key size 0");
TEST_EQ(u, RSA1024NUMBYTES * 2 + sizeof(uint32_t) * 2,
"Processed key size 0 size");
TEST_EQ(RSAProcessedKeySize(3, &u), 1, "Processed key size 3");
TEST_EQ(u, RSA2048NUMBYTES * 2 + sizeof(uint32_t) * 2,
"Processed key size 3 size");
TEST_EQ(RSAProcessedKeySize(7, &u), 1, "Processed key size 7");
TEST_EQ(u, RSA4096NUMBYTES * 2 + sizeof(uint32_t) * 2,
"Processed key size 7 size");
TEST_EQ(RSAProcessedKeySize(11, &u), 1, "Processed key size 11");
TEST_EQ(u, RSA8192NUMBYTES * 2 + sizeof(uint32_t) * 2,
"Processed key size 11 size");
TEST_EQ(RSAProcessedKeySize(kNumAlgorithms, &u), 0,
"Processed key size invalid algorithm");
/* Alloc key */
key = RSAPublicKeyNew();
TEST_EQ(key == NULL, 0, "New key not null");
/* New key fields */
TEST_PTR_EQ(key->n, NULL, "New key no n");
TEST_PTR_EQ(key->rr, NULL, "New key no rr");
TEST_EQ(key->len, 0, "New key len");
TEST_EQ(key->algorithm, kNumAlgorithms, "New key no algorithm");
/* Free key */
RSAPublicKeyFree(key);
/* Freeing null key shouldn't implode */
RSAPublicKeyFree(NULL);
}
/* Test creating key from buffer */
static void TestKeyFromBuffer(void) {
RSAPublicKey* key;
uint8_t* buf;
uint32_t* buf_key_len;
int i;
buf = malloc(8 + 2 * RSA8192NUMBYTES);
buf_key_len = (uint32_t*)buf;
for (i = 0; i < 4; i++) {
uint32_t key_len = RSA1024NUMBYTES << i;
memset(buf, 0xAB, 8 + 2 * RSA8192NUMBYTES);
*buf_key_len = key_len / sizeof(uint32_t);
*(buf_key_len + 1) = 0xF00D2345; /* n0inv */
buf[8] = 100;
buf[8 + key_len - 1] = 101;
buf[8 + key_len] = 120;
buf[8 + key_len * 2 - 1] = 121;
/* Correct length */
key = RSAPublicKeyFromBuf(buf, 8 + key_len * 2);
TEST_PTR_NEQ(key, NULL, "RSAPublicKeyFromBuf() ptr");
TEST_EQ(key->len, *buf_key_len, "RSAPublicKeyFromBuf() len");
TEST_EQ(key->n0inv, 0xF00D2345, "RSAPublicKeyFromBuf() n0inv");
TEST_PTR_NEQ(key->n, NULL, "RSAPublicKeyFromBuf() n ptr");
TEST_EQ(((uint8_t*)key->n)[0], 100, "RSAPublicKeyFromBuf() n start");
TEST_EQ(((uint8_t*)key->n)[key_len - 1], 101,
"RSAPublicKeyFromBuf() n end");
TEST_PTR_NEQ(key->rr, NULL, "RSAPublicKeyFromBuf() rr ptr");
TEST_EQ(((uint8_t*)key->rr)[0], 120, "RSAPublicKeyFromBuf() rr start");
TEST_EQ(((uint8_t*)key->rr)[key_len - 1], 121,
"RSAPublicKeyFromBuf() rr end");
RSAPublicKeyFree(key);
/* Underflow and overflow */
TEST_PTR_EQ(RSAPublicKeyFromBuf(buf, 8 + key_len * 2 - 1), NULL,
"RSAPublicKeyFromBuf() underflow");
TEST_PTR_EQ(RSAPublicKeyFromBuf(buf, 8 + key_len * 2 + 1), NULL,
"RSAPublicKeyFromBuf() overflow");
/* Invalid key length in buffer */
*buf_key_len = key_len / sizeof(uint32_t) + 1;
TEST_PTR_EQ(RSAPublicKeyFromBuf(buf, 8 + key_len * 2 + 1), NULL,
"RSAPublicKeyFromBuf() invalid key length");
/* Valid key length in buffer, but for some other length key */
*buf_key_len = (RSA1024NUMBYTES << ((i + 1) & 3)) / sizeof(uint32_t);
TEST_PTR_EQ(RSAPublicKeyFromBuf(buf, 8 + key_len * 2 + 1), NULL,
"RSAPublicKeyFromBuf() key length for wrong key");
}
free(buf);
}
/* Test verifying binary */
static void TestVerifyBinary(void) {
RSAPublicKey key;
uint8_t keybuf[8 + 2 * RSA1024NUMBYTES];
uint32_t* keybuf_len = (uint32_t*)keybuf;
uint8_t buf[120];
uint8_t sig[4];
*keybuf_len = RSA1024NUMBYTES / sizeof(uint32_t);
/* Successful verification */
ResetMocks();
TEST_EQ(RSAVerifyBinary_f(NULL, &key, buf, sizeof(buf), sig, 0),
1, "RSAVerifyBinary_f() success");
/* Successful verification using key blob */
TEST_EQ(RSAVerifyBinary_f(keybuf, NULL, buf, sizeof(buf), sig, 0),
1, "RSAVerifyBinary_f() success with keyblob");
/* Invalid algorithm */
ResetMocks();
TEST_EQ(RSAVerifyBinary_f(NULL, &key, buf, sizeof(buf), sig, kNumAlgorithms),
0, "RSAVerifyBinary_f() invalid algorithm");
/* Must have either a key or a key blob */
ResetMocks();
TEST_EQ(RSAVerifyBinary_f(NULL, NULL, buf, sizeof(buf), sig, kNumAlgorithms),
0, "RSAVerifyBinary_f() no key or key_blob");
/* Wrong algorithm for key buffer (so key buffer is wrong size) */
ResetMocks();
TEST_EQ(RSAVerifyBinary_f(keybuf, NULL, buf, sizeof(buf), sig, 3),
0, "RSAVerifyBinary_f() wrong alg for key blob");
/* Simulate failed verification */
ResetMocks();
mock_rsaverify_retval = 0;
TEST_EQ(RSAVerifyBinary_f(NULL, &key, buf, sizeof(buf), sig, 0),
0, "RSAVerifyBinary_f() bad verify");
}
/* Test verifying binary with digest */
static void TestVerifyBinaryWithDigest(void) {
RSAPublicKey key;
uint8_t keybuf[8 + 2 * RSA1024NUMBYTES];
uint32_t* keybuf_len = (uint32_t*)keybuf;
uint8_t digest[120];
uint8_t sig[4];
*keybuf_len = RSA1024NUMBYTES / sizeof(uint32_t);
/* Successful verification */
ResetMocks();
TEST_EQ(RSAVerifyBinaryWithDigest_f(NULL, &key, digest, sig, 0),
1, "RSAVerifyBinaryWithDigest_f() success");
/* Successful verification using key blob */
TEST_EQ(RSAVerifyBinaryWithDigest_f(keybuf, NULL, digest, sig, 0),
1, "RSAVerifyBinaryWithDigest_f() success with keyblob");
/* Invalid algorithm */
ResetMocks();
TEST_EQ(RSAVerifyBinaryWithDigest_f(NULL, &key, digest, sig, kNumAlgorithms),
0, "RSAVerifyBinaryWithDigest_f() invalid algorithm");
/* Must have either a key or a key blob */
ResetMocks();
TEST_EQ(RSAVerifyBinaryWithDigest_f(NULL, NULL, digest, sig, kNumAlgorithms),
0, "RSAVerifyBinaryWithDigest_f() no key or key_blob");
/* Wrong algorithm for key buffer (so key buffer is wrong size) */
ResetMocks();
TEST_EQ(RSAVerifyBinaryWithDigest_f(keybuf, NULL, digest, sig, 3),
0, "RSAVerifyBinaryWithDigest_f() wrong alg for key blob");
/* Simulate failed verification */
ResetMocks();
mock_rsaverify_retval = 0;
TEST_EQ(RSAVerifyBinaryWithDigest_f(NULL, &key, digest, sig, 0),
0, "RSAVerifyBinaryWithDigest_f() bad verify");
}
int main(int argc, char* argv[]) {
int error_code = 0;
/* Run tests */
TestUtils();
TestKeyFromBuffer();
TestVerifyBinary();
TestVerifyBinaryWithDigest();
if (!gTestSuccess)
error_code = 255;
return error_code;
}

95
tests/rsa_verify_benchmark.c
View File

@@ -1,95 +0,0 @@
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include "cryptolib.h"
#include "file_keys.h"
#include "host_common.h"
#include "timer_utils.h"
#define FILE_NAME_SIZE 128
#define NUM_OPERATIONS 100 /* Number of signature operations to time. */
int SpeedTestAlgorithm(int algorithm) {
int i, key_size;
int error_code = 0;
double speed, msecs;
char file_name[FILE_NAME_SIZE];
uint8_t* digest = NULL;
uint8_t* signature = NULL;
uint64_t digest_len, sig_len;
RSAPublicKey* key = NULL;
ClockTimerState ct;
char* sha_strings[] = { /* Maps algorithm->SHA algorithm. */
"sha1", "sha256", "sha512", /* RSA-1024 */
"sha1", "sha256", "sha512", /* RSA-2048 */
"sha1", "sha256", "sha512", /* RSA-4096 */
"sha1", "sha256", "sha512", /* RSA-8192 */
};
key_size = siglen_map[algorithm] * 8; /* in bits. */
/* Get key. */
snprintf(file_name, FILE_NAME_SIZE, "testkeys/key_rsa%d.keyb", key_size);
key = RSAPublicKeyFromFile(file_name);
if (!key) {
VBDEBUG(("Couldn't read RSA Public key from file: %s\n", file_name));
error_code = 1;
goto failure;
}
/* Get expected digest. */
snprintf(file_name, FILE_NAME_SIZE, "testcases/test_file.%s.digest",
sha_strings[algorithm]);
digest = BufferFromFile(file_name, &digest_len);
if (!digest) {
VBDEBUG(("Couldn't read digest file.\n"));
error_code = 1;
goto failure;
}
/* Get signature to verify against. */
snprintf(file_name, FILE_NAME_SIZE, "testcases/test_file.rsa%d_%s.sig",
key_size, sha_strings[algorithm]);
signature = BufferFromFile(file_name, &sig_len);
if (!signature) {
VBDEBUG(("Couldn't read signature file.\n"));
error_code = 1;
goto failure;
}
StartTimer(&ct);
for (i = 0; i < NUM_OPERATIONS; i++) {
if (!RSAVerify(key, signature, sig_len, algorithm, digest))
VBDEBUG(("Warning: Signature Check Failed.\n"));
}
StopTimer(&ct);
msecs = (float) GetDurationMsecs(&ct) / NUM_OPERATIONS;
speed = 1000.0 / msecs ;
fprintf(stderr, "# rsa%d/%s:\tTime taken per verification = %.02f ms,"
" Speed = %.02f verifications/s\n", key_size, sha_strings[algorithm],
msecs, speed);
fprintf(stdout, "ms_rsa%d_%s:%.02f\n", key_size, sha_strings[algorithm],
msecs);
failure:
free(signature);
free(digest);
RSAPublicKeyFree(key);
return error_code;
}
int main(int argc, char* argv[]) {
int i;
int error_code = 0;
for (i = 0; i < kNumAlgorithms; ++i) {
if(SpeedTestAlgorithm(i))
error_code = 1;
}
return error_code;
}

44
tests/run_rsa_tests.sh
View File

@@ -1,44 +0,0 @@
#!/bin/bash
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# Run tests for RSA Signature verification.
# Load common constants and variables.
. "$(dirname "$0")/common.sh"
set -e
return_code=0
TEST_FILE=${TESTCASE_DIR}/test_file
function test_signatures {
algorithmcounter=0
for keylen in ${key_lengths[@]}
do
for hashalgo in ${hash_algos[@]}
do
echo -e "For ${COL_YELLOW}RSA-$keylen and $hashalgo${COL_STOP}:"
${BIN_DIR}/verify_data $algorithmcounter \
${TESTKEY_DIR}/key_rsa${keylen}.keyb \
${TEST_FILE}.rsa${keylen}_${hashalgo}.sig \
${TEST_FILE}
if [ $? -ne 0 ]
then
return_code=255
fi
let algorithmcounter=algorithmcounter+1
done
done
echo -e "Peforming ${COL_YELLOW}PKCS #1 v1.5 Padding Tests${COL_STOP}..."
${TEST_DIR}/rsa_padding_test ${TESTKEY_DIR}/rsa_padding_test_pubkey.keyb
}
check_test_keys
echo "Testing signature verification..."
test_signatures
exit $return_code

50
tests/vb20_rsa_padding_tests.c
View File

@@ -7,6 +7,8 @@
#include <stdint.h>
#include <stdio.h>
#define _STUB_IMPLEMENTATION_
#include "cryptolib.h"
#include "file_keys.h"
#include "rsa_padding_test.h"
@@ -15,28 +17,9 @@
#include "2sysincludes.h"
#include "2rsa.h"
#include "host_key.h"
#include "vb2_common.h"
/**
* Convert an old-style RSA public key struct to a new one.
*
* The new one does not allocate memory, so you must keep the old one around
* until you're done with the new one.
*
* @param k2 Destination new key
* @param key Source old key
*/
void vb2_public_key_to_vb2(struct vb2_public_key *k2,
const struct RSAPublicKey *key)
{
k2->arrsize = key->len;
k2->n0inv = key->n0inv;
k2->n = key->n;
k2->rr = key->rr;
k2->sig_alg = vb2_crypto_to_signature(key->algorithm);
k2->hash_alg = vb2_crypto_to_hash(key->algorithm);
}
/**
* Test valid and invalid signatures.
*/
@@ -122,37 +105,32 @@ static void test_verify_digest(struct vb2_public_key *key) {
int main(int argc, char *argv[])
{
int error = 0;
RSAPublicKey *key;
struct vb2_public_key k2;
struct vb2_packed_key *pk;
/* Read test key */
if (argc != 2) {
fprintf(stderr, "Usage: %s <test public key>\n", argv[0]);
return 1;
}
key = RSAPublicKeyFromFile(argv[1]);
if (!key) {
pk = vb2_read_packed_keyb(argv[1], VB2_ALG_RSA1024_SHA1, 0);
if (!pk) {
fprintf(stderr, "Couldn't read RSA public key for the test.\n");
return 1;
}
// TODO: why is test key algorithm wrong?
key->algorithm = 0;
/* Convert test key to Vb2 format */
vb2_public_key_to_vb2(&k2, key);
if (VB2_SUCCESS != vb2_unpack_key(&k2, (const uint8_t *)pk,
pk->key_offset + pk->key_size)) {
fprintf(stderr, "Couldn't unpack RSA public key.\n");
free(pk);
return 1;
}
/* Run tests */
test_signatures(&k2);
test_verify_digest(&k2);
/* Clean up and exit */
RSAPublicKeyFree(key);
if (!gTestSuccess)
error = 255;
return error;
free(pk);
return gTestSuccess ? 0 : 255;
}