mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-24 02:05:01 +00:00
0c3ba249ab
This reduces the number of exported header files to the minimum needed by
the existing userspace utilities and firmware implementations.
BUG=chromium:221544
BRANCH=none
TEST=manual, trybots
CQ-DEPEND=CL:47019,CL:47022,CL:47023
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-$BOARD \
vboot_reference \
chromeos-cryptohome \
chromeos-installer \
chromeos-u-boot \
peach-u-boot \
depthcharge
Change-Id: I2946cc2dbaf5459a6c5eca92ca57d546498e6d85
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47021
Reviewed-by: Randall Spangler <rspangler@chromium.org>
142 lines
4.8 KiB
C
142 lines
4.8 KiB
C
/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*
|
|
* Tests for kernel image library.
|
|
*/
|
|
|
|
#include <stdint.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
#include "cryptolib.h"
|
|
#include "file_keys.h"
|
|
#include "kernel_image.h"
|
|
#include "test_common.h"
|
|
#include "utility.h"
|
|
|
|
/* Normal Kernel Blob Verification Tests. */
|
|
void VerifyKernelTest(uint8_t* kernel_blob, uint8_t* firmware_key_blob) {
|
|
TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_ENABLED),
|
|
VERIFY_KERNEL_SUCCESS,
|
|
"Normal Kernel Blob Verification (Dev Mode)");
|
|
|
|
TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_DISABLED),
|
|
VERIFY_KERNEL_SUCCESS,
|
|
"Normal Kernel Blob Verification (Trusted)");
|
|
}
|
|
|
|
|
|
/* Normal KernelImage Verification Tests. */
|
|
void VerifyKernelImageTest(KernelImage* image,
|
|
RSAPublicKey* firmware_key) {
|
|
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
|
|
VERIFY_KERNEL_SUCCESS,
|
|
"Normal KernelImage Verification (Dev Mode)");
|
|
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
|
|
VERIFY_KERNEL_SUCCESS,
|
|
"Normal KernelImage Verification (Trusted)");
|
|
}
|
|
|
|
/* Tampered KernelImage Verification Tests. */
|
|
void VerifyKernelImageTamperTest(KernelImage* image,
|
|
RSAPublicKey* firmware_key) {
|
|
image->bootloader_offset ^= 0xFF;
|
|
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
|
|
VERIFY_KERNEL_PREAMBLE_SIGNATURE_FAILED,
|
|
"KernelImage Config Tamper Verification (Dev Mode)");
|
|
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
|
|
VERIFY_KERNEL_PREAMBLE_SIGNATURE_FAILED,
|
|
"KernelImage Config Tamper Verification (Trusted)");
|
|
image->bootloader_offset ^= 0xFF;
|
|
|
|
image->kernel_data[0] = 'T';
|
|
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
|
|
VERIFY_KERNEL_SIGNATURE_FAILED,
|
|
"KernelImage Tamper Verification (Dev Mode)");
|
|
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
|
|
VERIFY_KERNEL_SIGNATURE_FAILED,
|
|
"KernelImage Tamper Verification (Trusted)");
|
|
image->kernel_data[0] = 'K';
|
|
|
|
image->kernel_key_signature[0] = 0xFF;
|
|
image->kernel_key_signature[1] = 0x00;
|
|
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
|
|
VERIFY_KERNEL_SUCCESS,
|
|
"KernelImage Key Signature Tamper Verification (Dev Mode)");
|
|
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
|
|
VERIFY_KERNEL_KEY_SIGNATURE_FAILED,
|
|
"KernelImage Key Signature Tamper Verification (Trusted)");
|
|
}
|
|
|
|
int main(int argc, char* argv[]) {
|
|
uint64_t len;
|
|
const char* firmware_key_file = NULL;
|
|
const char* kernel_key_file = NULL;
|
|
uint8_t* kernel_sign_key_buf = NULL;
|
|
uint8_t* firmware_key_blob = NULL;
|
|
uint8_t* kernel_blob = NULL;
|
|
uint64_t kernel_blob_len = 0;
|
|
KernelImage* image = NULL;
|
|
RSAPublicKey* firmware_key = NULL;
|
|
int error_code = 0;
|
|
|
|
if(argc != 7) {
|
|
fprintf(stderr, "Usage: %s <firmware signing algorithm> " /* argv[1] */
|
|
"<kernel signing algorithm> " /* argv[2] */
|
|
"<firmware key> " /* argv[3] */
|
|
"<processed firmware pubkey> " /* argv[4] */
|
|
"<kernel signing key> " /* argv[5] */
|
|
"<processed kernel signing key>\n", /* argv[6] */
|
|
argv[0]);
|
|
return -1;
|
|
}
|
|
|
|
/* Read verification keys and create a test image. */
|
|
firmware_key = RSAPublicKeyFromFile(argv[4]);
|
|
firmware_key_blob = BufferFromFile(argv[4], &len);
|
|
kernel_sign_key_buf = BufferFromFile(argv[6], &len);
|
|
firmware_key_file = argv[3];
|
|
kernel_key_file = argv[5];
|
|
|
|
if (!firmware_key || !kernel_sign_key_buf || !kernel_sign_key_buf) {
|
|
error_code = 1;
|
|
goto failure;
|
|
}
|
|
|
|
image = GenerateTestKernelImage(atoi(argv[1]),
|
|
atoi(argv[2]),
|
|
kernel_sign_key_buf,
|
|
1, /* Kernel Key Version */
|
|
1, /* Kernel Version */
|
|
1000, /* Kernel Size */
|
|
firmware_key_file,
|
|
kernel_key_file,
|
|
'K');
|
|
if (!image) {
|
|
error_code = 1;
|
|
goto failure;
|
|
}
|
|
|
|
kernel_blob = GetKernelBlob(image, &kernel_blob_len);
|
|
|
|
/* Test Kernel blob verify operations. */
|
|
VerifyKernelTest(kernel_blob, firmware_key_blob);
|
|
|
|
/* Test KernelImage verify operations. */
|
|
VerifyKernelImageTest(image, firmware_key);
|
|
VerifyKernelImageTamperTest(image, firmware_key);
|
|
|
|
if (!gTestSuccess)
|
|
error_code = 255;
|
|
|
|
failure:
|
|
Free(kernel_blob);
|
|
KernelImageFree(image);
|
|
Free(kernel_sign_key_buf);
|
|
Free(firmware_key_blob);
|
|
RSAPublicKeyFree(firmware_key);
|
|
|
|
return error_code;
|
|
}
|