1aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// 2aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// Copyright (C) 2010 The Android Open Source Project 3aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// 4aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// Licensed under the Apache License, Version 2.0 (the "License"); 5aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// you may not use this file except in compliance with the License. 6aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// You may obtain a copy of the License at 7aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// 8aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// http://www.apache.org/licenses/LICENSE-2.0 9aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// 10aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// Unless required by applicable law or agreed to in writing, software 11aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// distributed under the License is distributed on an "AS IS" BASIS, 12aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// See the License for the specific language governing permissions and 14aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// limitations under the License. 15aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// 160c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes 17923d8faa6b341ce5e16a760749e98cc6703ca2fdAlex Deymo#include "update_engine/payload_generator/payload_signer.h" 18923d8faa6b341ce5e16a760749e98cc6703ca2fdAlex Deymo 190c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes#include <string> 200c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes#include <vector> 21923d8faa6b341ce5e16a760749e98cc6703ca2fdAlex Deymo 22923d8faa6b341ce5e16a760749e98cc6703ca2fdAlex Deymo#include <base/logging.h> 230c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes#include <gtest/gtest.h> 24923d8faa6b341ce5e16a760749e98cc6703ca2fdAlex Deymo 2539910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo#include "update_engine/common/hash_calculator.h" 26260f03bc4d3a3de436e056c686c814444358823aSen Jiang#include "update_engine/common/test_utils.h" 2739910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo#include "update_engine/common/utils.h" 2839910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo#include "update_engine/payload_consumer/payload_constants.h" 2939910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo#include "update_engine/payload_consumer/payload_verifier.h" 30aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang#include "update_engine/payload_generator/payload_file.h" 310c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes#include "update_engine/update_metadata.pb.h" 320c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes 33260f03bc4d3a3de436e056c686c814444358823aSen Jiangusing chromeos_update_engine::test_utils::GetBuildArtifactsPath; 340c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyesusing std::string; 350c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyesusing std::vector; 360c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes 370c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes// Note: the test key was generated with the following command: 38bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes// openssl genrsa -out unittest_key.pem 2048 39c24e3f313b2bbd1f3d782a3eec9a7d5fea67dbd9Andrew de los Reyes// The public-key version is created by the build system. 400c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes 410c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyesnamespace chromeos_update_engine { 420c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes 43932bc4c1c271bc1b03da9a1bfe7c37017c58bffaAndrew de los Reyesconst char* kUnittestPrivateKeyPath = "unittest_key.pem"; 44d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkovconst char* kUnittestPublicKeyPath = "unittest_key.pub.pem"; 45c24e3f313b2bbd1f3d782a3eec9a7d5fea67dbd9Andrew de los Reyesconst char* kUnittestPrivateKey2Path = "unittest_key2.pem"; 46c24e3f313b2bbd1f3d782a3eec9a7d5fea67dbd9Andrew de los Reyesconst char* kUnittestPublicKey2Path = "unittest_key2.pub.pem"; 47932bc4c1c271bc1b03da9a1bfe7c37017c58bffaAndrew de los Reyes 48d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov// Some data and its corresponding hash and signature: 49d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkovconst char kDataToSign[] = "This is some data to sign."; 50bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 51bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes// Generated by: 52bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes// echo -n 'This is some data to sign.' | openssl dgst -sha256 -binary | 53bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes// hexdump -v -e '" " 8/1 "0x%02x, " "\n"' 54f68bbbc952aa9a71898e4939b5f36187fa564a50Alex Vakulenkoconst uint8_t kDataHash[] = { 55d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov 0x7a, 0x07, 0xa6, 0x44, 0x08, 0x86, 0x20, 0xa6, 56d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov 0xc1, 0xf8, 0xd9, 0x02, 0x05, 0x63, 0x0d, 0xb7, 57d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov 0xfc, 0x2b, 0xa0, 0xa9, 0x7c, 0x9d, 0x1d, 0x8c, 58d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov 0x01, 0xf5, 0x78, 0x6d, 0xc5, 0x11, 0xb4, 0x06 59d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov}; 60bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 61bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes// Generated with openssl 1.0, which at the time of this writing, you need 62bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes// to download and install yourself. Here's my command: 63bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes// echo -n 'This is some data to sign.' | openssl dgst -sha256 -binary | 64bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes// ~/local/bin/openssl pkeyutl -sign -inkey unittest_key.pem -pkeyopt 65bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes// digest:sha256 | hexdump -v -e '" " 8/1 "0x%02x, " "\n"' 66f68bbbc952aa9a71898e4939b5f36187fa564a50Alex Vakulenkoconst uint8_t kDataSignature[] = { 67bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x9f, 0x86, 0x25, 0x8b, 0xf3, 0xcc, 0xe3, 0x95, 68bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x5f, 0x45, 0x83, 0xb2, 0x66, 0xf0, 0x2a, 0xcf, 69bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xb7, 0xaa, 0x52, 0x25, 0x7a, 0xdd, 0x9d, 0x65, 70bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xe5, 0xd6, 0x02, 0x4b, 0x37, 0x99, 0x53, 0x06, 71bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xc2, 0xc9, 0x37, 0x36, 0x25, 0x62, 0x09, 0x4f, 72bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x6b, 0x22, 0xf8, 0xb3, 0x89, 0x14, 0x98, 0x1a, 73bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xbc, 0x30, 0x90, 0x4a, 0x43, 0xf5, 0xea, 0x2e, 74bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xf0, 0xa4, 0xba, 0xc3, 0xa7, 0xa3, 0x44, 0x70, 75bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xd6, 0xc4, 0x89, 0xd8, 0x45, 0x71, 0xbb, 0xee, 76bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x59, 0x87, 0x3d, 0xd5, 0xe5, 0x40, 0x22, 0x3d, 77bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x73, 0x7e, 0x2a, 0x58, 0x93, 0x8e, 0xcb, 0x9c, 78bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xf2, 0xbb, 0x4a, 0xc9, 0xd2, 0x2c, 0x52, 0x42, 79bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xb0, 0xd1, 0x13, 0x22, 0xa4, 0x78, 0xc7, 0xc6, 80bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x3e, 0xf1, 0xdc, 0x4c, 0x7b, 0x2d, 0x40, 0xda, 81bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x58, 0xac, 0x4a, 0x11, 0x96, 0x3d, 0xa0, 0x01, 82bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xf6, 0x96, 0x74, 0xf6, 0x6c, 0x0c, 0x49, 0x69, 83bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x4e, 0xc1, 0x7e, 0x9f, 0x2a, 0x42, 0xdd, 0x15, 84bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x6b, 0x37, 0x2e, 0x3a, 0xa7, 0xa7, 0x6d, 0x91, 85bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x13, 0xe8, 0x59, 0xde, 0xfe, 0x99, 0x07, 0xd9, 86bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x34, 0x0f, 0x17, 0xb3, 0x05, 0x4c, 0xd2, 0xc6, 87bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x82, 0xb7, 0x38, 0x36, 0x63, 0x1d, 0x9e, 0x21, 88bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xa6, 0x32, 0xef, 0xf1, 0x65, 0xe6, 0xed, 0x95, 89bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x25, 0x9b, 0x61, 0xe0, 0xba, 0x86, 0xa1, 0x7f, 90bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xf8, 0xa5, 0x4a, 0x32, 0x1f, 0x15, 0x20, 0x8a, 91bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x41, 0xc5, 0xb0, 0xd9, 0x4a, 0xda, 0x85, 0xf3, 92bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0xdc, 0xa0, 0x98, 0x5d, 0x1d, 0x18, 0x9d, 0x2e, 93bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x42, 0xea, 0x69, 0x13, 0x74, 0x3c, 0x74, 0xf7, 94bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x6d, 0x43, 0xb0, 0x63, 0x90, 0xdb, 0x04, 0xd5, 95bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x05, 0xc9, 0x73, 0x1f, 0x6c, 0xd6, 0xfa, 0x46, 96bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x4e, 0x0f, 0x33, 0x58, 0x5b, 0x0d, 0x1b, 0x55, 97bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x39, 0xb9, 0x0f, 0x43, 0x37, 0xc0, 0x06, 0x0c, 98bdfaaf0304bb1b49a1fc1252a6d2181830b404e1Andrew de los Reyes 0x29, 0x93, 0x43, 0xc7, 0x43, 0xb9, 0xab, 0x7d 99d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov}; 1000c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes 101d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkovnamespace { 1023f39d5cc753905874d8d93bef94f857b8808f19eAlex Vakulenkovoid SignSampleData(brillo::Blob* out_signature_blob, 103b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo const vector<string>& private_keys) { 104720df3eeaecfc9ad229440c59e08c8d52f13dc1eSen Jiang brillo::Blob data_blob(std::begin(kDataToSign), 105720df3eeaecfc9ad229440c59e08c8d52f13dc1eSen Jiang std::begin(kDataToSign) + strlen(kDataToSign)); 1060c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes uint64_t length = 0; 107b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo EXPECT_TRUE(PayloadSigner::SignatureBlobLength(private_keys, &length)); 10880f70ff45f8ea9a679c0c3ed0dc143dd2fe2b63eAlex Deymo EXPECT_GT(length, 0U); 109720df3eeaecfc9ad229440c59e08c8d52f13dc1eSen Jiang brillo::Blob hash_blob; 11039910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo EXPECT_TRUE(HashCalculator::RawHashOfBytes(data_blob.data(), 11139910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo data_blob.size(), 11239910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo &hash_blob)); 113720df3eeaecfc9ad229440c59e08c8d52f13dc1eSen Jiang EXPECT_TRUE(PayloadSigner::SignHashWithKeys( 114720df3eeaecfc9ad229440c59e08c8d52f13dc1eSen Jiang hash_blob, 115b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo private_keys, 116c24e3f313b2bbd1f3d782a3eec9a7d5fea67dbd9Andrew de los Reyes out_signature_blob)); 117d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov EXPECT_EQ(length, out_signature_blob->size()); 118d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov} 119d2779df63aaad8b65fc5d4badee7dbc9bed7f2b6Alex Vakulenko} // namespace 1200c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes 121b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymoclass PayloadSignerTest : public ::testing::Test { 122b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo protected: 123b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo void SetUp() override { 124b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo PayloadVerifier::PadRSA2048SHA256Hash(&padded_hash_data_); 125b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo } 126b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo 127aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang void DoWriteAndLoadPayloadTest(const PayloadGenerationConfig& config) { 128aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang PayloadFile payload; 129aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang payload.Init(config); 130aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang string payload_path; 131aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang EXPECT_TRUE(utils::MakeTempFile("payload.XXXXXX", &payload_path, nullptr)); 132aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang ScopedPathUnlinker payload_path_unlinker(payload_path); 133aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang uint64_t metadata_size; 134aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang EXPECT_TRUE( 135aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang payload.WritePayload(payload_path, "/dev/null", "", &metadata_size)); 13698e691cc6debda3ef671acba001bebd45da36377Alex Deymo brillo::Blob payload_metadata_blob; 137aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang DeltaArchiveManifest manifest; 138aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang uint64_t load_metadata_size, load_major_version; 13998e691cc6debda3ef671acba001bebd45da36377Alex Deymo EXPECT_TRUE(PayloadSigner::LoadPayloadMetadata(payload_path, 14098e691cc6debda3ef671acba001bebd45da36377Alex Deymo &payload_metadata_blob, 14198e691cc6debda3ef671acba001bebd45da36377Alex Deymo &manifest, 14298e691cc6debda3ef671acba001bebd45da36377Alex Deymo &load_major_version, 14398e691cc6debda3ef671acba001bebd45da36377Alex Deymo &load_metadata_size, 14498e691cc6debda3ef671acba001bebd45da36377Alex Deymo nullptr)); 14598e691cc6debda3ef671acba001bebd45da36377Alex Deymo EXPECT_EQ(metadata_size, payload_metadata_blob.size()); 146a4073ef63482fd08c3678982f7d153360b088094Alex Deymo EXPECT_EQ(config.version.major, load_major_version); 147aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang EXPECT_EQ(metadata_size, load_metadata_size); 148aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang } 149aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang 1503f39d5cc753905874d8d93bef94f857b8808f19eAlex Vakulenko brillo::Blob padded_hash_data_{std::begin(kDataHash), std::end(kDataHash)}; 151b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo}; 152b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo 153aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen JiangTEST_F(PayloadSignerTest, LoadPayloadV1Test) { 154aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang PayloadGenerationConfig config; 155a4073ef63482fd08c3678982f7d153360b088094Alex Deymo config.version.major = kChromeOSMajorPayloadVersion; 156aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang DoWriteAndLoadPayloadTest(config); 157aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang} 158aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang 159aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen JiangTEST_F(PayloadSignerTest, LoadPayloadV2Test) { 160aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang PayloadGenerationConfig config; 161a4073ef63482fd08c3678982f7d153360b088094Alex Deymo config.version.major = kBrilloMajorPayloadVersion; 162aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang DoWriteAndLoadPayloadTest(config); 163aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang} 164aef1c6f0b5a0059a103251a9a93bd0be43bd50a2Sen Jiang 165b552a68af39efa42d462a9272d3dc47eb39c6db8Alex DeymoTEST_F(PayloadSignerTest, SignSimpleTextTest) { 1663f39d5cc753905874d8d93bef94f857b8808f19eAlex Vakulenko brillo::Blob signature_blob; 167260f03bc4d3a3de436e056c686c814444358823aSen Jiang SignSampleData(&signature_blob, 168260f03bc4d3a3de436e056c686c814444358823aSen Jiang {GetBuildArtifactsPath(kUnittestPrivateKeyPath)}); 1690c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes 170d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov // Check the signature itself 1710c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes Signatures signatures; 172f68bbbc952aa9a71898e4939b5f36187fa564a50Alex Vakulenko EXPECT_TRUE(signatures.ParseFromArray(signature_blob.data(), 1730c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes signature_blob.size())); 1740c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes EXPECT_EQ(1, signatures.signatures_size()); 1750c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes const Signatures_Signature& signature = signatures.signatures(0); 17680f70ff45f8ea9a679c0c3ed0dc143dd2fe2b63eAlex Deymo EXPECT_EQ(1U, signature.version()); 1775c6bb1d8f89b87e782e26fe74789b6f510704394Chih-Hung Hsieh const string& sig_data = signature.data(); 178d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov ASSERT_EQ(arraysize(kDataSignature), sig_data.size()); 179d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov for (size_t i = 0; i < arraysize(kDataSignature); i++) { 180f68bbbc952aa9a71898e4939b5f36187fa564a50Alex Vakulenko EXPECT_EQ(kDataSignature[i], static_cast<uint8_t>(sig_data[i])); 181d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov } 182d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov} 183d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov 184b552a68af39efa42d462a9272d3dc47eb39c6db8Alex DeymoTEST_F(PayloadSignerTest, VerifyAllSignatureTest) { 1853f39d5cc753905874d8d93bef94f857b8808f19eAlex Vakulenko brillo::Blob signature_blob; 186b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo SignSampleData(&signature_blob, 187260f03bc4d3a3de436e056c686c814444358823aSen Jiang {GetBuildArtifactsPath(kUnittestPrivateKeyPath), 188260f03bc4d3a3de436e056c686c814444358823aSen Jiang GetBuildArtifactsPath(kUnittestPrivateKey2Path)}); 189d7061ab058db55cb715617e8fa5f8e70ff4a5d67Darin Petkov 190b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo // Either public key should pass the verification. 191260f03bc4d3a3de436e056c686c814444358823aSen Jiang EXPECT_TRUE(PayloadVerifier::VerifySignature( 192260f03bc4d3a3de436e056c686c814444358823aSen Jiang signature_blob, 193260f03bc4d3a3de436e056c686c814444358823aSen Jiang GetBuildArtifactsPath(kUnittestPublicKeyPath), 194260f03bc4d3a3de436e056c686c814444358823aSen Jiang padded_hash_data_)); 195260f03bc4d3a3de436e056c686c814444358823aSen Jiang EXPECT_TRUE(PayloadVerifier::VerifySignature( 196260f03bc4d3a3de436e056c686c814444358823aSen Jiang signature_blob, 197260f03bc4d3a3de436e056c686c814444358823aSen Jiang GetBuildArtifactsPath(kUnittestPublicKey2Path), 198260f03bc4d3a3de436e056c686c814444358823aSen Jiang padded_hash_data_)); 199b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo} 200b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo 201b552a68af39efa42d462a9272d3dc47eb39c6db8Alex DeymoTEST_F(PayloadSignerTest, VerifySignatureTest) { 2023f39d5cc753905874d8d93bef94f857b8808f19eAlex Vakulenko brillo::Blob signature_blob; 203260f03bc4d3a3de436e056c686c814444358823aSen Jiang SignSampleData(&signature_blob, 204260f03bc4d3a3de436e056c686c814444358823aSen Jiang {GetBuildArtifactsPath(kUnittestPrivateKeyPath)}); 205b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo 206260f03bc4d3a3de436e056c686c814444358823aSen Jiang EXPECT_TRUE(PayloadVerifier::VerifySignature( 207260f03bc4d3a3de436e056c686c814444358823aSen Jiang signature_blob, 208260f03bc4d3a3de436e056c686c814444358823aSen Jiang GetBuildArtifactsPath(kUnittestPublicKeyPath), 209260f03bc4d3a3de436e056c686c814444358823aSen Jiang padded_hash_data_)); 210b552a68af39efa42d462a9272d3dc47eb39c6db8Alex Deymo // Passing the invalid key should fail the verification. 211260f03bc4d3a3de436e056c686c814444358823aSen Jiang EXPECT_FALSE(PayloadVerifier::VerifySignature( 212260f03bc4d3a3de436e056c686c814444358823aSen Jiang signature_blob, 213260f03bc4d3a3de436e056c686c814444358823aSen Jiang GetBuildArtifactsPath(kUnittestPublicKey2Path), 214260f03bc4d3a3de436e056c686c814444358823aSen Jiang padded_hash_data_)); 2150c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes} 2160c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes 217644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen JiangTEST_F(PayloadSignerTest, SkipMetadataSignatureTest) { 218644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang string payload_path; 219644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang EXPECT_TRUE(utils::MakeTempFile("payload.XXXXXX", &payload_path, nullptr)); 220644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang ScopedPathUnlinker payload_path_unlinker(payload_path); 221644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang 222644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang PayloadGenerationConfig config; 223a4073ef63482fd08c3678982f7d153360b088094Alex Deymo config.version.major = kBrilloMajorPayloadVersion; 224644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang PayloadFile payload; 225644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang EXPECT_TRUE(payload.Init(config)); 226644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang uint64_t metadata_size; 227644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang EXPECT_TRUE( 228644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang payload.WritePayload(payload_path, "/dev/null", "", &metadata_size)); 229644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang const vector<int> sizes = {256}; 230644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang brillo::Blob unsigned_payload_hash, unsigned_metadata_hash; 231644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang EXPECT_TRUE(PayloadSigner::HashPayloadForSigning( 232644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang payload_path, sizes, &unsigned_payload_hash, &unsigned_metadata_hash)); 233260f03bc4d3a3de436e056c686c814444358823aSen Jiang EXPECT_TRUE( 234260f03bc4d3a3de436e056c686c814444358823aSen Jiang payload.WritePayload(payload_path, 235260f03bc4d3a3de436e056c686c814444358823aSen Jiang "/dev/null", 236260f03bc4d3a3de436e056c686c814444358823aSen Jiang GetBuildArtifactsPath(kUnittestPrivateKeyPath), 237260f03bc4d3a3de436e056c686c814444358823aSen Jiang &metadata_size)); 238644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang brillo::Blob signed_payload_hash, signed_metadata_hash; 239644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang EXPECT_TRUE(PayloadSigner::HashPayloadForSigning( 240644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang payload_path, sizes, &signed_payload_hash, &signed_metadata_hash)); 241644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang EXPECT_EQ(unsigned_payload_hash, signed_payload_hash); 242644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang EXPECT_EQ(unsigned_metadata_hash, signed_metadata_hash); 243644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang} 244644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang 245644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen JiangTEST_F(PayloadSignerTest, VerifySignedPayloadTest) { 246644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang string payload_path; 247644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang EXPECT_TRUE(utils::MakeTempFile("payload.XXXXXX", &payload_path, nullptr)); 248644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang ScopedPathUnlinker payload_path_unlinker(payload_path); 249644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang 250644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang PayloadGenerationConfig config; 251a4073ef63482fd08c3678982f7d153360b088094Alex Deymo config.version.major = kBrilloMajorPayloadVersion; 252644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang PayloadFile payload; 253644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang EXPECT_TRUE(payload.Init(config)); 254644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang uint64_t metadata_size; 255260f03bc4d3a3de436e056c686c814444358823aSen Jiang EXPECT_TRUE( 256260f03bc4d3a3de436e056c686c814444358823aSen Jiang payload.WritePayload(payload_path, 257260f03bc4d3a3de436e056c686c814444358823aSen Jiang "/dev/null", 258260f03bc4d3a3de436e056c686c814444358823aSen Jiang GetBuildArtifactsPath(kUnittestPrivateKeyPath), 259260f03bc4d3a3de436e056c686c814444358823aSen Jiang &metadata_size)); 260260f03bc4d3a3de436e056c686c814444358823aSen Jiang EXPECT_TRUE(PayloadSigner::VerifySignedPayload( 261260f03bc4d3a3de436e056c686c814444358823aSen Jiang payload_path, GetBuildArtifactsPath(kUnittestPublicKeyPath))); 262644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang} 263644f618b8bbaa096c1fcdcf7d6ed06e2538ea83cSen Jiang 2640c440058157a138af05aed77682c25f1c02dcac8Andrew de los Reyes} // namespace chromeos_update_engine 265