/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include <stdint.h>
#include <stdio.h>
#include "cryptolib.h"
#include "file_keys.h"
#include "rsa_padding_test.h"
#include "test_common.h"
#include "utility.h"
#include "2sysincludes.h"
#include "2rsa.h"
#include "vb2_common.h"
/**
* Convert an old-style RSA public key struct to a new one.
*
* The new one does not allocate memory, so you must keep the old one around
* until you're done with the new one.
*
* @param k2 Destination new key
* @param key Source old key
*/
void vb2_public_key_to_vb2(struct vb2_public_key *k2,
const struct RSAPublicKey *key)
{
k2->arrsize = key->len;
k2->n0inv = key->n0inv;
k2->n = key->n;
k2->rr = key->rr;
k2->sig_alg = vb2_crypto_to_signature(key->algorithm);
k2->hash_alg = vb2_crypto_to_hash(key->algorithm);
}
/**
* Test valid and invalid signatures.
*/
static void test_signatures(const struct vb2_public_key *key)
{
uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
uint8_t sig[RSA1024NUMBYTES];
struct vb2_workbuf wb;
int unexpected_success;
int i;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
/* The first test signature is valid. */
Memcpy(sig, signatures[0], sizeof(sig));
TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
"RSA Padding Test valid sig");
/* All other signatures should fail verification. */
unexpected_success = 0;
for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
Memcpy(sig, signatures[i], sizeof(sig));
if (!vb2_rsa_verify_digest(key, sig,
test_message_sha1_hash, &wb)) {
fprintf(stderr,
"RSA Padding Test vector %d FAILED!\n", i);
unexpected_success++;
}
}
TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs");
}
/**
* Test other error conditions in vb2_rsa_verify_digest().
*/
static void test_verify_digest(struct vb2_public_key *key) {
uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
uint8_t sig[RSA1024NUMBYTES];
struct vb2_workbuf wb;
enum vb2_signature_algorithm orig_key_alg = key->sig_alg;
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
Memcpy(sig, signatures[0], sizeof(sig));
TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
"vb2_rsa_verify_digest() good");
Memcpy(sig, signatures[0], sizeof(sig));
vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_WORKBUF,
"vb2_rsa_verify_digest() small workbuf");
vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
key->sig_alg = VB2_SIG_INVALID;
Memcpy(sig, signatures[0], sizeof(sig));
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_ALGORITHM,
"vb2_rsa_verify_digest() bad key alg");
key->sig_alg = orig_key_alg;
key->arrsize *= 2;
Memcpy(sig, signatures[0], sizeof(sig));
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_VERIFY_SIG_LEN,
"vb2_rsa_verify_digest() bad sig len");
key->arrsize /= 2;
/* Corrupt the signature near start and end */
Memcpy(sig, signatures[0], sizeof(sig));
sig[3] ^= 0x42;
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig");
Memcpy(sig, signatures[0], sizeof(sig));
sig[RSA1024NUMBYTES - 3] ^= 0x56;
TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end");
}
int main(int argc, char *argv[])
{
int error = 0;
RSAPublicKey *key;
struct vb2_public_key k2;
/* Read test key */
if (argc != 2) {
fprintf(stderr, "Usage: %s <test public key>\n", argv[0]);
return 1;
}
key = RSAPublicKeyFromFile(argv[1]);
if (!key) {
fprintf(stderr, "Couldn't read RSA public key for the test.\n");
return 1;
}
// TODO: why is test key algorithm wrong?
key->algorithm = 0;
/* Convert test key to Vb2 format */
vb2_public_key_to_vb2(&k2, key);
/* Run tests */
test_signatures(&k2);
test_verify_digest(&k2);
/* Clean up and exit */
RSAPublicKeyFree(key);
if (!gTestSuccess)
error = 255;
return error;
}