tests/vb20_rsa_padding_tests.c - chromiumos/platform/vboot_reference - Git at Google

 /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */


 #include <stdint.h>
 #include <stdio.h>

 #include "cryptolib.h"
 #include "file_keys.h"
 #include "rsa_padding_test.h"
 #include "test_common.h"
 #include "utility.h"

 #include "2sysincludes.h"
 #include "2rsa.h"
 #include "vb2_common.h"

 /**
  * Convert an old-style RSA public key struct to a new one.
  *
  * The new one does not allocate memory, so you must keep the old one around
  * until you're done with the new one.
  *
  * @param k2		Destination new key
  * @param key		Source old key
  */
 void vb2_public_key_to_vb2(struct vb2_public_key *k2,
 			   const struct RSAPublicKey *key)
 {
 	k2->arrsize = key->len;
 	k2->n0inv = key->n0inv;
 	k2->n = key->n;
 	k2->rr = key->rr;
 	k2->sig_alg = vb2_crypto_to_signature(key->algorithm);
 	k2->hash_alg = vb2_crypto_to_hash(key->algorithm);
 }

 /**
  * Test valid and invalid signatures.
  */
 static void test_signatures(const struct vb2_public_key *key)
 {
 	uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
 		 __attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
 	uint8_t sig[RSA1024NUMBYTES];
 	struct vb2_workbuf wb;
 	int unexpected_success;
 	int i;

 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));

 	/* The first test signature is valid. */
 	Memcpy(sig, signatures[0], sizeof(sig));
 	TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		  "RSA Padding Test valid sig");

 	/* All other signatures should fail verification. */
 	unexpected_success = 0;
 	for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
 		Memcpy(sig, signatures[i], sizeof(sig));
 		if (!vb2_rsa_verify_digest(key, sig,
 					   test_message_sha1_hash, &wb)) {
 			fprintf(stderr,
 				"RSA Padding Test vector %d FAILED!\n", i);
 			unexpected_success++;
 		}
 	}
 	TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs");
 }


 /**
  * Test other error conditions in vb2_rsa_verify_digest().
  */
 static void test_verify_digest(struct vb2_public_key *key) {
 	uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
 		 __attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
 	uint8_t sig[RSA1024NUMBYTES];
 	struct vb2_workbuf wb;
 	enum vb2_signature_algorithm orig_key_alg = key->sig_alg;

 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));

 	Memcpy(sig, signatures[0], sizeof(sig));
 	TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		  "vb2_rsa_verify_digest() good");

 	Memcpy(sig, signatures[0], sizeof(sig));
 	vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
 	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		VB2_ERROR_RSA_VERIFY_WORKBUF,
 		"vb2_rsa_verify_digest() small workbuf");
 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));

 	key->sig_alg = VB2_SIG_INVALID;
 	Memcpy(sig, signatures[0], sizeof(sig));
 	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		VB2_ERROR_RSA_VERIFY_ALGORITHM,
 		"vb2_rsa_verify_digest() bad key alg");
 	key->sig_alg = orig_key_alg;

 	key->arrsize *= 2;
 	Memcpy(sig, signatures[0], sizeof(sig));
 	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		VB2_ERROR_RSA_VERIFY_SIG_LEN,
 		"vb2_rsa_verify_digest() bad sig len");
 	key->arrsize /= 2;

 	/* Corrupt the signature near start and end */
 	Memcpy(sig, signatures[0], sizeof(sig));
 	sig[3] ^= 0x42;
 	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig");

 	Memcpy(sig, signatures[0], sizeof(sig));
 	sig[RSA1024NUMBYTES - 3] ^= 0x56;
 	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end");
 }

 int main(int argc, char *argv[])
 {
 	int error = 0;
 	RSAPublicKey *key;
 	struct vb2_public_key k2;

 	/* Read test key */
 	if (argc != 2) {
 		fprintf(stderr, "Usage: %s <test public key>\n", argv[0]);
 		return 1;
 	}
 	key = RSAPublicKeyFromFile(argv[1]);

 	if (!key) {
 		fprintf(stderr, "Couldn't read RSA public key for the test.\n");
 		return 1;
 	}

 	// TODO: why is test key algorithm wrong?
 	key->algorithm = 0;

 	/* Convert test key to Vb2 format */
 	vb2_public_key_to_vb2(&k2, key);

 	/* Run tests */
 	test_signatures(&k2);
 	test_verify_digest(&k2);

 	/* Clean up and exit */
 	RSAPublicKeyFree(key);

 	if (!gTestSuccess)
 		error = 255;

 	return error;
 }
	/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
	* Use of this source code is governed by a BSD-style license that can be
	* found in the LICENSE file.
	*/


	#include <stdint.h>
	#include <stdio.h>

	#include "cryptolib.h"
	#include "file_keys.h"
	#include "rsa_padding_test.h"
	#include "test_common.h"
	#include "utility.h"

	#include "2sysincludes.h"
	#include "2rsa.h"
	#include "vb2_common.h"

	/**
	* Convert an old-style RSA public key struct to a new one.
	*
	* The new one does not allocate memory, so you must keep the old one around
	* until you're done with the new one.
	*
	* @param k2 Destination new key
	* @param key Source old key
	*/
	void vb2_public_key_to_vb2(struct vb2_public_key *k2,
	const struct RSAPublicKey *key)
	{
	k2->arrsize = key->len;
	k2->n0inv = key->n0inv;
	k2->n = key->n;
	k2->rr = key->rr;
	k2->sig_alg = vb2_crypto_to_signature(key->algorithm);
	k2->hash_alg = vb2_crypto_to_hash(key->algorithm);
	}

	/**
	* Test valid and invalid signatures.
	*/
	static void test_signatures(const struct vb2_public_key *key)
	{
	uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
	__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
	uint8_t sig[RSA1024NUMBYTES];
	struct vb2_workbuf wb;
	int unexpected_success;
	int i;

	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));

	/* The first test signature is valid. */
	Memcpy(sig, signatures[0], sizeof(sig));
	TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
	"RSA Padding Test valid sig");

	/* All other signatures should fail verification. */
	unexpected_success = 0;
	for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
	Memcpy(sig, signatures[i], sizeof(sig));
	if (!vb2_rsa_verify_digest(key, sig,
	test_message_sha1_hash, &wb)) {
	fprintf(stderr,
	"RSA Padding Test vector %d FAILED!\n", i);
	unexpected_success++;
	}
	}
	TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs");
	}


	/**
	* Test other error conditions in vb2_rsa_verify_digest().
	*/
	static void test_verify_digest(struct vb2_public_key *key) {
	uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
	__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
	uint8_t sig[RSA1024NUMBYTES];
	struct vb2_workbuf wb;
	enum vb2_signature_algorithm orig_key_alg = key->sig_alg;

	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));

	Memcpy(sig, signatures[0], sizeof(sig));
	TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
	"vb2_rsa_verify_digest() good");

	Memcpy(sig, signatures[0], sizeof(sig));
	vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
	VB2_ERROR_RSA_VERIFY_WORKBUF,
	"vb2_rsa_verify_digest() small workbuf");
	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));

	key->sig_alg = VB2_SIG_INVALID;
	Memcpy(sig, signatures[0], sizeof(sig));
	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
	VB2_ERROR_RSA_VERIFY_ALGORITHM,
	"vb2_rsa_verify_digest() bad key alg");
	key->sig_alg = orig_key_alg;

	key->arrsize *= 2;
	Memcpy(sig, signatures[0], sizeof(sig));
	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
	VB2_ERROR_RSA_VERIFY_SIG_LEN,
	"vb2_rsa_verify_digest() bad sig len");
	key->arrsize /= 2;

	/* Corrupt the signature near start and end */
	Memcpy(sig, signatures[0], sizeof(sig));
	sig[3] ^= 0x42;
	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
	VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig");

	Memcpy(sig, signatures[0], sizeof(sig));
	sig[RSA1024NUMBYTES - 3] ^= 0x56;
	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
	VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end");
	}

	int main(int argc, char *argv[])
	{
	int error = 0;
	RSAPublicKey *key;
	struct vb2_public_key k2;

	/* Read test key */
	if (argc != 2) {
	fprintf(stderr, "Usage: %s <test public key>\n", argv[0]);
	return 1;
	}
	key = RSAPublicKeyFromFile(argv[1]);

	if (!key) {
	fprintf(stderr, "Couldn't read RSA public key for the test.\n");
	return 1;
	}

	// TODO: why is test key algorithm wrong?
	key->algorithm = 0;

	/* Convert test key to Vb2 format */
	vb2_public_key_to_vb2(&k2, key);

	/* Run tests */
	test_signatures(&k2);
	test_verify_digest(&k2);

	/* Clean up and exit */
	RSAPublicKeyFree(key);

	if (!gTestSuccess)
	error = 255;

	return error;
	}