1
/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2
* Use of this source code is governed by a BSD-style license that can be
3
* found in the LICENSE file.
5
* Tests for kernel image library.
11
#include "cryptolib.h"
12
#include "file_keys.h"
13
#include "kernel_image.h"
14
#include "test_common.h"
17
/* Normal Kernel Blob Verification Tests. */
18
void VerifyKernelTest(uint8_t* kernel_blob, uint8_t* firmware_key_blob) {
19
TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_ENABLED),
20
VERIFY_KERNEL_SUCCESS,
21
"Normal Kernel Blob Verification (Dev Mode)");
23
TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, DEV_MODE_DISABLED),
24
VERIFY_KERNEL_SUCCESS,
25
"Normal Kernel Blob Verification (Trusted)");
29
/* Normal KernelImage Verification Tests. */
30
void VerifyKernelImageTest(KernelImage* image,
31
RSAPublicKey* firmware_key) {
32
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
33
VERIFY_KERNEL_SUCCESS,
34
"Normal KernelImage Verification (Dev Mode)");
35
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
36
VERIFY_KERNEL_SUCCESS,
37
"Normal KernelImage Verification (Trusted)");
40
/* Tampered KernelImage Verification Tests. */
41
void VerifyKernelImageTamperTest(KernelImage* image,
42
RSAPublicKey* firmware_key) {
43
image->bootloader_offset ^= 0xFF;
44
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
45
VERIFY_KERNEL_PREAMBLE_SIGNATURE_FAILED,
46
"KernelImage Config Tamper Verification (Dev Mode)");
47
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
48
VERIFY_KERNEL_PREAMBLE_SIGNATURE_FAILED,
49
"KernelImage Config Tamper Verification (Trusted)");
50
image->bootloader_offset ^= 0xFF;
52
image->kernel_data[0] = 'T';
53
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
54
VERIFY_KERNEL_SIGNATURE_FAILED,
55
"KernelImage Tamper Verification (Dev Mode)");
56
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
57
VERIFY_KERNEL_SIGNATURE_FAILED,
58
"KernelImage Tamper Verification (Trusted)");
59
image->kernel_data[0] = 'K';
61
image->kernel_key_signature[0] = 0xFF;
62
image->kernel_key_signature[1] = 0x00;
63
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_ENABLED),
64
VERIFY_KERNEL_SUCCESS,
65
"KernelImage Key Signature Tamper Verification (Dev Mode)");
66
TEST_EQ(VerifyKernelImage(firmware_key, image, DEV_MODE_DISABLED),
67
VERIFY_KERNEL_KEY_SIGNATURE_FAILED,
68
"KernelImage Key Signature Tamper Verification (Trusted)");
71
int main(int argc, char* argv[]) {
73
const char* firmware_key_file = NULL;
74
const char* kernel_key_file = NULL;
75
uint8_t* kernel_sign_key_buf = NULL;
76
uint8_t* firmware_key_blob = NULL;
77
uint8_t* kernel_blob = NULL;
78
uint64_t kernel_blob_len = 0;
79
KernelImage* image = NULL;
80
RSAPublicKey* firmware_key = NULL;
84
fprintf(stderr, "Usage: %s <firmware signing algorithm> " /* argv[1] */
85
"<kernel signing algorithm> " /* argv[2] */
86
"<firmware key> " /* argv[3] */
87
"<processed firmware pubkey> " /* argv[4] */
88
"<kernel signing key> " /* argv[5] */
89
"<processed kernel signing key>\n", /* argv[6] */
94
/* Read verification keys and create a test image. */
95
firmware_key = RSAPublicKeyFromFile(argv[4]);
96
firmware_key_blob = BufferFromFile(argv[4], &len);
97
kernel_sign_key_buf = BufferFromFile(argv[6], &len);
98
firmware_key_file = argv[3];
99
kernel_key_file = argv[5];
101
if (!firmware_key || !kernel_sign_key_buf || !kernel_sign_key_buf) {
106
image = GenerateTestKernelImage(atoi(argv[1]),
109
1, /* Kernel Key Version */
110
1, /* Kernel Version */
111
1000, /* Kernel Size */
120
kernel_blob = GetKernelBlob(image, &kernel_blob_len);
122
/* Test Kernel blob verify operations. */
123
VerifyKernelTest(kernel_blob, firmware_key_blob);
125
/* Test KernelImage verify operations. */
126
VerifyKernelImageTest(image, firmware_key);
127
VerifyKernelImageTamperTest(image, firmware_key);
134
KernelImageFree(image);
135
Free(kernel_sign_key_buf);
136
Free(firmware_key_blob);
137
RSAPublicKeyFree(firmware_key);