1 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 */ 5 6 7 #include <stdint.h> 8 #include <stdio.h> 9 10 #define _STUB_IMPLEMENTATION_ 11 12 #include "cryptolib.h" 13 #include "file_keys.h" 14 #include "rsa_padding_test.h" 15 #include "test_common.h" 16 #include "utility.h" 17 #include "vboot_api.h" 18 19 #include "2common.h" 20 #include "2rsa.h" 21 22 /* 23 * Internal functions from 2rsa.c that have error conditions we can't trigger 24 * from the public APIs. These include checks for bad algorithms where the 25 * next call level up already checks for bad algorithms, etc. 26 * 27 * These functions aren't in 2rsa.h because they're not part of the public 28 * APIs. 29 */ 30 int vb2_mont_ge(const struct vb2_public_key *key, uint32_t *a); 31 int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key); 32 33 /** 34 * Test RSA utility funcs 35 */ 36 static void test_utils(void) 37 { 38 uint8_t sig[RSA1024NUMBYTES]; 39 struct vb2_public_key kbad = {.sig_alg = VB2_SIG_INVALID, 40 .hash_alg = VB2_HASH_INVALID}; 41 42 /* Verify old and new algorithm count constants match */ 43 TEST_EQ(kNumAlgorithms, VB2_ALG_COUNT, "Algorithm counts"); 44 45 /* Crypto algorithm to sig algorithm mapping */ 46 TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA1024_SHA1), 47 VB2_SIG_RSA1024, "Crypto map to RSA1024"); 48 TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA2048_SHA256), 49 VB2_SIG_RSA2048, "Crypto map to RSA2048"); 50 TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA4096_SHA256), 51 VB2_SIG_RSA4096, "Crypto map to RSA4096"); 52 TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA8192_SHA512), 53 VB2_SIG_RSA8192, "Crypto map to RSA8192"); 54 TEST_EQ(vb2_crypto_to_signature(VB2_ALG_COUNT), 55 VB2_SIG_INVALID, "Crypto map to invalid"); 56 57 /* Sig size */ 58 TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA1024), RSA1024NUMBYTES, 59 "Sig size RSA1024"); 60 TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA2048), RSA2048NUMBYTES, 61 "Sig size RSA2048"); 62 TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA4096), RSA4096NUMBYTES, 63 "Sig size RSA4096"); 64 TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA8192), RSA8192NUMBYTES, 65 "Sig size RSA8192"); 66 TEST_EQ(vb2_rsa_sig_size(VB2_SIG_INVALID), 0, 67 "Sig size invalid algorithm"); 68 TEST_EQ(vb2_rsa_sig_size(VB2_SIG_NONE), 0, 69 "Sig size no signing algorithm"); 70 71 /* Packed key size */ 72 TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA1024), 73 RSA1024NUMBYTES * 2 + sizeof(uint32_t) * 2, 74 "Packed key size VB2_SIG_RSA1024"); 75 TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA2048), 76 RSA2048NUMBYTES * 2 + sizeof(uint32_t) * 2, 77 "Packed key size VB2_SIG_RSA2048"); 78 TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA4096), 79 RSA4096NUMBYTES * 2 + sizeof(uint32_t) * 2, 80 "Packed key size VB2_SIG_RSA4096"); 81 TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA8192), 82 RSA8192NUMBYTES * 2 + sizeof(uint32_t) * 2, 83 "Packed key size VB2_SIG_RSA8192"); 84 TEST_EQ(vb2_packed_key_size(VB2_SIG_INVALID), 0, 85 "Packed key size invalid algorithm"); 86 TEST_EQ(vb2_packed_key_size(VB2_SIG_NONE), 0, 87 "Packed key size no signing algorithm"); 88 89 /* Test padding check with bad algorithm */ 90 Memcpy(sig, signatures[0], sizeof(sig)); 91 TEST_EQ(vb2_check_padding(sig, &kbad), 92 VB2_ERROR_RSA_PADDING_SIZE, 93 "vb2_check_padding() bad padding algorithm/size"); 94 95 /* Test safe memcmp */ 96 TEST_EQ(vb2_safe_memcmp("foo", "foo", 3), 0, "vb2_safe_memcmp() good"); 97 TEST_NEQ(vb2_safe_memcmp("foo", "bar", 3), 0, "vb2_safe_memcmp() bad"); 98 TEST_EQ(vb2_safe_memcmp("foo", "bar", 0), 0, "vb2_safe_memcmp() zero"); 99 100 /* Test Montgomery >= */ 101 { 102 uint32_t n[4] = {4, 4, 4, 4}; 103 uint32_t a[4] = {4, 4, 4, 4}; 104 struct vb2_public_key k = { 105 .arrsize = 4, 106 .n = n, 107 }; 108 TEST_EQ(vb2_mont_ge(&k, a), 1, "mont_ge equal"); 109 110 a[2] = 3; 111 TEST_EQ(vb2_mont_ge(&k, a), 0, "mont_ge less"); 112 113 a[1] = 5; 114 TEST_EQ(vb2_mont_ge(&k, a), 0, "mont_ge greater"); 115 } 116 } 117 118 int main(int argc, char* argv[]) 119 { 120 /* Run tests */ 121 test_utils(); 122 123 return gTestSuccess ? 0 : 255; 124 } 125