]> git.proxmox.com Git - efi-boot-shim.git/blame - test-sbat.c
projects / efi-boot-shim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
New upstream version 15.4
[efi-boot-shim.git] / test-sbat.c
CommitLineData
031e5cce
SM		 1// SPDX-License-Identifier: BSD-2-Clause-Patent
2/*
3 * test-sbat.c - test our sbat functions.
4 */
5
6#ifndef SHIM_UNIT_TEST
7#define SHIM_UNIT_TEST
8#endif
9#include "shim.h"
10
11#include <stdio.h>
12
13#define MAX_SIZE 512
14
15list_t sbat_var;
16
17#if 0
18/*
19 * Mock test helpers
20 */
21static struct sbat_entry *
22create_mock_sbat_entry(const char* comp_name, const char* comp_gen,
23 const char* vend_name, const char* vend_pkg_name,
24 const char* vend_ver, const char* vend_url)
25{
26 struct sbat_entry *new_entry = AllocatePool(sizeof(*new_entry));
27 if (!new_entry)
28 return NULL;
29 new_entry->component_name = comp_name;
30 new_entry->component_generation = comp_gen;
31 new_entry->vendor_name = vend_name;
32 new_entry->vendor_package_name = vend_pkg_name;
33 new_entry->vendor_version = vend_ver;
34 new_entry->vendor_url = vend_url;
35 return new_entry;
36}
37
38void
39free_mock_sbat_entry(struct sbat_entry *entry)
40{
41 if (entry)
42 FreePool(entry);
43}
44
45static struct sbat *
46create_mock_sbat_one_entry(char* comp_name, char* comp_gen, char* vend_name,
47 char* vend_pkg_name, char* vend_ver, char* vend_url)
48{
49 struct sbat *new_entry = AllocatePool(sizeof(*new_entry));
50 if (!new_entry)
51 return NULL;
52 struct sbat_entry *test_entry;
53 struct sbat_entry **entries = AllocatePool(sizeof(*entries));
54 if (!entries)
55 return NULL;
56 test_entry = create_mock_sbat_entry(comp_name, comp_gen, vend_name,
57 vend_pkg_name, vend_ver, vend_url);
58 if (!test_entry)
59 return NULL;
60 entries[0] = test_entry;
61 new_entry->size = 1;
62 new_entry->entries = entries;
63 return new_entry;
64}
65
66static struct sbat *
67create_mock_sbat_multiple_entries(struct sbat_entry *entry_array,
68 size_t num_elem)
69{
70 unsigned int i;
71 struct sbat *new_entry = AllocatePool(sizeof(*new_entry));
72 if (!new_entry)
73 return NULL;
74 struct sbat_entry *test_entry;
75 struct sbat_entry **entries = AllocatePool(num_elem * sizeof(*entries));
76 if (!entries)
77 return NULL;
78 for (i = 0; i < num_elem; i++) {
79 test_entry = create_mock_sbat_entry(entry_array[i].component_name,
80 entry_array[i].component_generation,
81 entry_array[i].vendor_name,
82 entry_array[i].vendor_package_name,
83 entry_array[i].vendor_version,
84 entry_array[i].vendor_url);
85 if (!test_entry)
86 return NULL;
87 entries[i] = test_entry;
88 }
89 new_entry->size = num_elem;
90 new_entry->entries = entries;
91
92 return new_entry;
93}
94
95void
96free_mock_sbat(struct sbat *sbat)
97{
98 unsigned int i;
99 if (sbat) {
100 for (i = 0; i < sbat->size; i++) {
101 if (sbat->entries[i]) {
102 FreePool(sbat->entries[i]);
103 }
104 }
105 FreePool(sbat);
106 }
107}
108
109static struct sbat_var *
110create_mock_sbat_var_entry(const char* comp_name, const char* comp_gen)
111{
112 struct sbat_var *new_entry = AllocatePool(sizeof(*new_entry));
113 if (!new_entry)
114 return NULL;
115 INIT_LIST_HEAD(&new_entry->list);
116 int comp_name_size = strlen(comp_name) + 1;
117 CHAR8 *alloc_comp_name = AllocatePool(comp_name_size * sizeof(*alloc_comp_name));
118 if (!alloc_comp_name)
119 return NULL;
120 int comp_gen_size = strlen(comp_gen) + 1;
121 CHAR8 *alloc_comp_gen = AllocatePool(comp_gen_size * sizeof(*alloc_comp_gen));
122 if (!alloc_comp_gen)
123 return NULL;
124 CopyMem(alloc_comp_name, comp_name, comp_name_size);
125 CopyMem(alloc_comp_gen, comp_gen, comp_gen_size);
126 new_entry->component_name = alloc_comp_name;
127 new_entry->component_generation = alloc_comp_gen;
128 return new_entry;
129}
130
131static list_t *
132create_mock_sbat_entries_one_entry(char* name, char* gen)
133{
134 list_t *test_sbat_entries = AllocatePool(sizeof(*test_sbat_entries));
135 if (!test_sbat_entries)
136 return NULL;
137 INIT_LIST_HEAD(test_sbat_entries);
138 struct sbat_var *test_entry;
139 test_entry = create_mock_sbat_var_entry(name, gen);
140 if (!test_entry)
141 return NULL;
142 list_add(&test_entry->list, test_sbat_entries);
143 return test_sbat_entries;
144}
145
146static list_t *
147create_mock_sbat_entries_multiple_entries(struct sbat_var *var_array,
148 size_t num_elem)
149{
150 unsigned int i;
151 list_t *test_sbat_entries = AllocatePool(sizeof(*test_sbat_entries));
152 if (!test_sbat_entries)
153 return NULL;
154 INIT_LIST_HEAD(test_sbat_entries);
155 struct sbat_var *test_entry;
156 for (i = 0; i < num_elem; i++) {
157 test_entry = create_mock_sbat_var_entry(var_array[i].component_name,
158 var_array[i].component_generation);
159 if (!test_entry)
160 return NULL;
161 list_add(&test_entry->list, test_sbat_entries);
162 }
163 return test_sbat_entries;
164}
165
166void
167free_mock_sbat_entries(list_t *entries)
168{
169 list_t *pos = NULL;
170 list_t *n = NULL;
171 struct sbat_var *entry;
172
173 if (entries)
174 {
175 list_for_each_safe(pos, n, entries)
176 {
177 entry = list_entry(pos, struct sbat_var, list);
178 list_del(&entry->list);
179 if (entry->component_name)
180 FreePool((CHAR8 *)entry->component_name);
181 if (entry->component_generation)
182 FreePool((CHAR8 *)entry->component_generation);
183 FreePool(entry);
184 }
185 FreePool(entries);
186 }
187}
188#endif
189
190/*
191 * parse_sbat_section() tests
192 */
193int
194test_parse_sbat_section_null_sbat_base(void)
195{
196 char *section_base = NULL;
197 size_t section_size = 20;
198 struct sbat_section_entry **entries;
199 size_t n = 0;
200 EFI_STATUS status;
201
202 status = parse_sbat_section(section_base, section_size, &n, &entries);
203 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
204
205 return 0;
206}
207
208int
209test_parse_sbat_section_zero_sbat_size(void)
210{
211 char section_base[] = "test1,1,SBAT test1,acme,1,testURL\n";
212 size_t section_size = 0;
213 struct sbat_section_entry **entries;
214 size_t n = 0;
215 EFI_STATUS status;
216
217 status = parse_sbat_section(section_base, section_size, &n, &entries);
218 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
219
220 return 0;
221}
222
223int
224test_parse_sbat_section_null_entries(void)
225{
226 char section_base[] = "test1,1,SBAT test1,acme,1,testURL\n";
227 /* intentionally not NUL terminated */
228 size_t section_size = sizeof(section_base) - 1;
229 size_t n = 0;
230 EFI_STATUS status;
231
232 status = parse_sbat_section(section_base, section_size, &n, NULL);
233 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
234
235 return 0;
236}
237
238int
239test_parse_sbat_section_null_count(void)
240{
241 char section_base[] = "test1,1,SBAT test1,acme,1,testURL\n";
242 /* intentionally not NUL terminated */
243 size_t section_size = sizeof(section_base) - 1;
244 struct sbat_section_entry **entries;
245 EFI_STATUS status;
246
247 status = parse_sbat_section(section_base, section_size, NULL, &entries);
248 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
249
250 return 0;
251}
252
253int
254test_parse_sbat_section_no_newline(void)
255{
256 char section_base[] = "test1,1,SBAT test1,acme,1,testURL";
257 /* intentionally not NUL terminated */
258 size_t section_size = sizeof(section_base) - 1;
259 struct sbat_section_entry **entries;
260 size_t n = 0;
261 EFI_STATUS status;
262
263 status = parse_sbat_section(section_base, section_size, &n, &entries);
264 cleanup_sbat_section_entries(n, entries);
265 assert_equal_return(status, EFI_SUCCESS, -1, "got %#hhx expected %#hhx\n");
266
267 return 0;
268}
269
270int
271test_parse_sbat_section_no_commas(void)
272{
273 char section_base[] = "test1";
274 /* intentionally not NUL terminated */
275 size_t section_size = sizeof(section_base) - 1;
276 struct sbat_section_entry **entries;
277 size_t n = 0;
278 EFI_STATUS status;
279
280 status = parse_sbat_section(section_base, section_size, &n, &entries);
281 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
282
283 return 0;
284}
285
286int
287test_parse_sbat_section_too_few_elem(void)
288{
289 char section_base[] = "test1,1,acme";
290 /* intentionally not NUL terminated */
291 size_t section_size = sizeof(section_base) - 1;
292 struct sbat_section_entry **entries;
293 size_t n = 0;
294 EFI_STATUS status;
295
296 status = parse_sbat_section(section_base, section_size, &n, &entries);
297 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
298
299 return 0;
300}
301
302int
303test_parse_sbat_section_too_many_elem(void)
304{
305 char section_base[] = "test1,1,SBAT test1,acme1,1,testURL1,other1,stuff,is,here\n"
306 "test2,2,SBAT test2,acme2,2,testURL2,other2";
307 /* intentionally not NUL terminated */
308 size_t section_size = sizeof(section_base) - 1;
309 struct sbat_section_entry **entries;
310 size_t n = 0, i;
311 list_t *pos = NULL;
312 EFI_STATUS status;
313 struct sbat_section_entry test_section_entry1 = {
314 "test1", "1", "SBAT test1", "acme1", "1", "testURL1"
315 };
316 struct sbat_section_entry test_section_entry2 = {
317 "test2", "2", "SBAT test2", "acme2", "2", "testURL2"
318 };
319 struct sbat_section_entry *test_entries[] = {
320 &test_section_entry1, &test_section_entry2,
321 };
8119f718 322 int rc = -1;
031e5cce
SM		 323
324 status = parse_sbat_section(section_base, section_size, &n, &entries);
325 assert_equal_return(status, EFI_SUCCESS, -1, "got %#hhx expected %#hhx\n");
326
327 for (i = 0; i < n; i++) {
328 struct sbat_section_entry *entry = entries[i];
329 struct sbat_section_entry *test_entry = test_entries[i];
330
331#define mkassert(a) \
332 assert_equal_goto(strcmp(entry-> a, test_entry-> a), 0, fail, \
333 "got %zu expected %d\n")
334
335 mkassert(component_name);
336 mkassert(component_generation);
337 mkassert(vendor_name);
338 mkassert(vendor_package_name);
339 mkassert(vendor_version);
340 mkassert(vendor_url);
341
342#undef mkassert
343 }
344 assert_equal_goto(n, 2, fail, "got %zu expected %d\n");
8119f718 345 rc = 0;
031e5cce
SM		 346fail:
347 cleanup_sbat_section_entries(n, entries);
8119f718 348 return rc;
031e5cce
SM		 349}
350
351/*
352 * parse_sbat_var() tests
353 */
354int
355test_parse_sbat_var_null_list(void)
356{
357 EFI_STATUS status;
358
359 INIT_LIST_HEAD(&sbat_var);
360 status = parse_sbat_var(NULL);
361 cleanup_sbat_var(&sbat_var);
362 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
363
364 return 0;
365}
366
367int
368test_parse_sbat_var_data_null_list(void)
369{
370 char sbat_var_data[] = "test1,1,2021022400";
371 /*
372 * intentionally including the NUL termination, because
373 * get_variable() will always include it.
374 */
375 size_t sbat_var_data_size = sizeof(sbat_var_data);
376 EFI_STATUS status;
377
378 INIT_LIST_HEAD(&sbat_var);
379 status = parse_sbat_var_data(NULL, sbat_var_data, sbat_var_data_size);
380 cleanup_sbat_var(&sbat_var);
381
382 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
383
384 return 0;
385}
386
387int
388test_parse_sbat_var_data_null_data(void)
389{
390 size_t sbat_var_data_size = 4;
391 EFI_STATUS status;
392
393 INIT_LIST_HEAD(&sbat_var);
394 status = parse_sbat_var_data(&sbat_var, NULL, sbat_var_data_size);
395 cleanup_sbat_var(&sbat_var);
396
397 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
398
399 return 0;
400}
401
402int
403test_parse_sbat_var_data_zero_size(void)
404{
405 char sbat_var_data[] = "test1,1,2021022400";
406 EFI_STATUS status;
407
408 INIT_LIST_HEAD(&sbat_var);
409 status = parse_sbat_var_data(&sbat_var, sbat_var_data, 0);
410 cleanup_sbat_var(&sbat_var);
411
412 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
413
414 return 0;
415}
416
417int
418test_parse_sbat_var_data(void)
419{
420 char sbat_var_data[] = "test1,1,2021022400";
421 EFI_STATUS status;
422
423 INIT_LIST_HEAD(&sbat_var);
424 status = parse_sbat_var_data(&sbat_var, sbat_var_data, 0);
425
426 assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "got %#hhx expected %#hhx\n");
427
428 return 0;
429}
430
431/*
432 * verify_sbat() tests
433 * Note: verify_sbat also frees the underlying "sbat_entries" memory.
434 */
435int
436test_verify_sbat_null_sbat_section(void)
437{
438 char sbat_var_data[] = "test1,1";
439 EFI_STATUS status;
440 list_t test_sbat_var;
441 size_t n = 0;
442 struct sbat_section_entry **entries = NULL;
8119f718 443 int rc = -1;
031e5cce
SM		 444
445 INIT_LIST_HEAD(&test_sbat_var);
446 status = parse_sbat_var_data(&test_sbat_var, sbat_var_data, sizeof(sbat_var_data));
8119f718 447 assert_equal_goto(status, EFI_SUCCESS, err, "got %#x expected %#x\n");
031e5cce 448
8119f718
SM		 449 status = verify_sbat_helper(&test_sbat_var, n, entries);
450 assert_equal_goto(status, EFI_SUCCESS, err, "got %#x expected %#x\n");
451 rc = 0;
452err:
453 cleanup_sbat_var(&test_sbat_var);
454
455 return rc;
031e5cce
SM		 456}
457
458#if 0
459int
460test_verify_sbat_null_sbat_entries(void)
461{
462 struct sbat *test_sbat;
463 test_sbat = create_mock_sbat_one_entry("test1","1","SBAT test1",
464 "acme","1","testURL");
465 if (!test_sbat)
466 return -1;
467
468 list_t sbat_entries;
469 INIT_LIST_HEAD(&sbat_entries);
470 EFI_STATUS status;
471
472 status = verify_sbat(test_sbat, &sbat_entries);
473
474 assert(status == EFI_INVALID_PARAMETER);
475 free_mock_sbat(test_sbat);
476 return 0;
477}
478
479int
480test_verify_sbat_match_one_exact(void)
481{
482 struct sbat *test_sbat;
483 struct sbat_entry sbat_entry_array[2];
484 sbat_entry_array[0].component_name = "test1";
485 sbat_entry_array[0].component_generation = "1";
486 sbat_entry_array[0].vendor_name = "SBAT test1";
487 sbat_entry_array[0].vendor_package_name = "acme";
488 sbat_entry_array[0].vendor_version = "1";
489 sbat_entry_array[0].vendor_url = "testURL";
490 sbat_entry_array[1].component_name = "test2";
491 sbat_entry_array[1].component_generation = "2";
492 sbat_entry_array[1].vendor_name = "SBAT test2";
493 sbat_entry_array[1].vendor_package_name = "acme2";
494 sbat_entry_array[1].vendor_version = "2";
495 sbat_entry_array[1].vendor_url = "testURL2";
496 test_sbat = create_mock_sbat_multiple_entries(sbat_entry_array, 2);
497 if (!test_sbat)
498 return -1;
499
500 list_t *test_sbat_entries;
501 test_sbat_entries = create_mock_sbat_entries_one_entry("test1", "1");
502 if (!test_sbat_entries)
503 return -1;
504 EFI_STATUS status;
505
506 status = verify_sbat(test_sbat, test_sbat_entries);
507
508 assert(status == EFI_SUCCESS);
509 free_mock_sbat(test_sbat);
510 free_mock_sbat_entries(test_sbat_entries);
511 return 0;
512}
513
514int
515test_verify_sbat_match_one_higher(void)
516{
517 struct sbat *test_sbat;
518 struct sbat_entry sbat_entry_array[2];
519 sbat_entry_array[0].component_name = "test1";
520 sbat_entry_array[0].component_generation = "1";
521 sbat_entry_array[0].vendor_name = "SBAT test1";
522 sbat_entry_array[0].vendor_package_name = "acme";
523 sbat_entry_array[0].vendor_version = "1";
524 sbat_entry_array[0].vendor_url = "testURL";
525 sbat_entry_array[1].component_name = "test2";
526 sbat_entry_array[1].component_generation = "2";
527 sbat_entry_array[1].vendor_name = "SBAT test2";
528 sbat_entry_array[1].vendor_package_name = "acme2";
529 sbat_entry_array[1].vendor_version = "2";
530 sbat_entry_array[1].vendor_url = "testURL2";
531 test_sbat = create_mock_sbat_multiple_entries(sbat_entry_array, 2);
532 if (!test_sbat)
533 return -1;
534
535 list_t *test_sbat_entries;
536 test_sbat_entries = create_mock_sbat_entries_one_entry("test2", "1");
537 if (!test_sbat_entries)
538 return -1;
539 EFI_STATUS status;
540
541 status = verify_sbat(test_sbat, test_sbat_entries);
542
543 assert(status == EFI_SUCCESS);
544 free_mock_sbat(test_sbat);
545 free_mock_sbat_entries(test_sbat_entries);
546 return 0;
547}
548
549int
550test_verify_sbat_reject_one(void)
551{
552 struct sbat *test_sbat;
553 struct sbat_entry sbat_entry_array[2];
554 sbat_entry_array[0].component_name = "test1";
555 sbat_entry_array[0].component_generation = "1";
556 sbat_entry_array[0].vendor_name = "SBAT test1";
557 sbat_entry_array[0].vendor_package_name = "acme";
558 sbat_entry_array[0].vendor_version = "1";
559 sbat_entry_array[0].vendor_url = "testURL";
560 sbat_entry_array[1].component_name = "test2";
561 sbat_entry_array[1].component_generation = "2";
562 sbat_entry_array[1].vendor_name = "SBAT test2";
563 sbat_entry_array[1].vendor_package_name = "acme2";
564 sbat_entry_array[1].vendor_version = "2";
565 sbat_entry_array[1].vendor_url = "testURL2";
566 test_sbat = create_mock_sbat_multiple_entries(sbat_entry_array, 2);
567 if (!test_sbat)
568 return -1;
569
570 list_t *test_sbat_entries;
571 test_sbat_entries = create_mock_sbat_entries_one_entry("test2", "3");
572 if (!test_sbat_entries)
573 return -1;
574 EFI_STATUS status;
575
576 status = verify_sbat(test_sbat, test_sbat_entries);
577
578 assert(status == EFI_SECURITY_VIOLATION);
579 free_mock_sbat(test_sbat);
580 free_mock_sbat_entries(test_sbat_entries);
581 return 0;
582}
583
584int
585test_verify_sbat_reject_many(void)
586{
587 struct sbat *test_sbat;
588 unsigned int sbat_entry_array_size = 2;
589 struct sbat_entry sbat_entry_array[sbat_entry_array_size];
590 sbat_entry_array[0].component_name = "test1";
591 sbat_entry_array[0].component_generation = "1";
592 sbat_entry_array[0].vendor_name = "SBAT test1";
593 sbat_entry_array[0].vendor_package_name = "acme";
594 sbat_entry_array[0].vendor_version = "1";
595 sbat_entry_array[0].vendor_url = "testURL";
596 sbat_entry_array[1].component_name = "test2";
597 sbat_entry_array[1].component_generation = "2";
598 sbat_entry_array[1].vendor_name = "SBAT test2";
599 sbat_entry_array[1].vendor_package_name = "acme2";
600 sbat_entry_array[1].vendor_version = "2";
601 sbat_entry_array[1].vendor_url = "testURL2";
602 test_sbat = create_mock_sbat_multiple_entries(sbat_entry_array,
603 sbat_entry_array_size);
604 if (!test_sbat)
605 return -1;
606
607 list_t *test_sbat_entries;
608 unsigned int sbat_var_array_size = 2;
609 struct sbat_var sbat_var_array[sbat_var_array_size];
610 sbat_var_array[0].component_name = "test1";
611 sbat_var_array[0].component_generation = "1";
612 sbat_var_array[1].component_name = "test2";
613 sbat_var_array[1].component_generation = "3";
614 test_sbat_entries = create_mock_sbat_entries_multiple_entries(sbat_var_array,
615 sbat_var_array_size);
616 if (!test_sbat_entries)
617 return -1;
618 EFI_STATUS status;
619
620 status = verify_sbat(test_sbat, test_sbat_entries);
621
622 assert(status == EFI_SECURITY_VIOLATION);
623 free_mock_sbat(test_sbat);
624 free_mock_sbat_entries(test_sbat_entries);
625 return 0;
626}
627
628int
629test_verify_sbat_match_many_higher(void)
630{
631 struct sbat *test_sbat;
632 unsigned int sbat_entry_array_size = 2;
633 struct sbat_entry sbat_entry_array[sbat_entry_array_size];
634 sbat_entry_array[0].component_name = "test1";
635 sbat_entry_array[0].component_generation = "3";
636 sbat_entry_array[0].vendor_name = "SBAT test1";
637 sbat_entry_array[0].vendor_package_name = "acme";
638 sbat_entry_array[0].vendor_version = "1";
639 sbat_entry_array[0].vendor_url = "testURL";
640 sbat_entry_array[1].component_name = "test2";
641 sbat_entry_array[1].component_generation = "5";
642 sbat_entry_array[1].vendor_name = "SBAT test2";
643 sbat_entry_array[1].vendor_package_name = "acme2";
644 sbat_entry_array[1].vendor_version = "2";
645 sbat_entry_array[1].vendor_url = "testURL2";
646 test_sbat = create_mock_sbat_multiple_entries(sbat_entry_array,
647 sbat_entry_array_size);
648 if (!test_sbat)
649 return -1;
650
651 list_t *test_sbat_entries;
652 unsigned int sbat_var_array_size = 2;
653 struct sbat_var sbat_var_array[sbat_var_array_size];
654 sbat_var_array[0].component_name = "test1";
655 sbat_var_array[0].component_generation = "1";
656 sbat_var_array[1].component_name = "test2";
657 sbat_var_array[1].component_generation = "2";
658 test_sbat_entries = create_mock_sbat_entries_multiple_entries(sbat_var_array,
659 sbat_var_array_size);
660 if (!test_sbat_entries)
661 return -1;
662 EFI_STATUS status;
663
664 status = verify_sbat(test_sbat, test_sbat_entries);
665
666 assert(status == EFI_SUCCESS);
667 free_mock_sbat(test_sbat);
668 free_mock_sbat_entries(test_sbat_entries);
669 return 0;
670}
671
672int
673test_verify_sbat_match_many_exact(void)
674{
675 struct sbat *test_sbat;
676 unsigned int sbat_entry_array_size = 2;
677 struct sbat_entry sbat_entry_array[sbat_entry_array_size];
678 sbat_entry_array[0].component_name = "test1";
679 sbat_entry_array[0].component_generation = "1";
680 sbat_entry_array[0].vendor_name = "SBAT test1";
681 sbat_entry_array[0].vendor_package_name = "acme";
682 sbat_entry_array[0].vendor_version = "1";
683 sbat_entry_array[0].vendor_url = "testURL";
684 sbat_entry_array[1].component_name = "test2";
685 sbat_entry_array[1].component_generation = "2";
686 sbat_entry_array[1].vendor_name = "SBAT test2";
687 sbat_entry_array[1].vendor_package_name = "acme2";
688 sbat_entry_array[1].vendor_version = "2";
689 sbat_entry_array[1].vendor_url = "testURL2";
690 test_sbat = create_mock_sbat_multiple_entries(sbat_entry_array,
691 sbat_entry_array_size);
692 if (!test_sbat)
693 return -1;
694
695 list_t *test_sbat_entries;
696 unsigned int sbat_var_array_size = 2;
697 struct sbat_var sbat_var_array[sbat_var_array_size];
698 sbat_var_array[0].component_name = "test1";
699 sbat_var_array[0].component_generation = "1";
700 sbat_var_array[1].component_name = "test2";
701 sbat_var_array[1].component_generation = "2";
702 test_sbat_entries = create_mock_sbat_entries_multiple_entries(sbat_var_array,
703 sbat_var_array_size);
704 if (!test_sbat_entries)
705 return -1;
706 EFI_STATUS status;
707
708 status = verify_sbat(test_sbat, test_sbat_entries);
709
710 assert(status == EFI_SUCCESS);
711 free_mock_sbat(test_sbat);
712 free_mock_sbat_entries(test_sbat_entries);
713 return 0;
714}
715
716int
717test_verify_sbat_reject_many_all(void)
718{
719 struct sbat *test_sbat;
720 unsigned int sbat_entry_array_size = 2;
721 struct sbat_entry sbat_entry_array[sbat_entry_array_size];
722 sbat_entry_array[0].component_name = "test1";
723 sbat_entry_array[0].component_generation = "1";
724 sbat_entry_array[0].vendor_name = "SBAT test1";
725 sbat_entry_array[0].vendor_package_name = "acme";
726 sbat_entry_array[0].vendor_version = "1";
727 sbat_entry_array[0].vendor_url = "testURL";
728 sbat_entry_array[1].component_name = "test2";
729 sbat_entry_array[1].component_generation = "2";
730 sbat_entry_array[1].vendor_name = "SBAT test2";
731 sbat_entry_array[1].vendor_package_name = "acme2";
732 sbat_entry_array[1].vendor_version = "2";
733 sbat_entry_array[1].vendor_url = "testURL2";
734 test_sbat = create_mock_sbat_multiple_entries(sbat_entry_array,
735 sbat_entry_array_size);
736 if (!test_sbat)
737 return -1;
738
739 list_t *test_sbat_entries;
740 unsigned int sbat_var_array_size = 2;
741 struct sbat_var sbat_var_array[sbat_var_array_size];
742 sbat_var_array[0].component_name = "test1";
743 sbat_var_array[0].component_generation = "3";
744 sbat_var_array[1].component_name = "test2";
745 sbat_var_array[1].component_generation = "5";
746 test_sbat_entries = create_mock_sbat_entries_multiple_entries(sbat_var_array,
747 sbat_var_array_size);
748 if (!test_sbat_entries)
749 return -1;
750 EFI_STATUS status;
751
752 status = verify_sbat(test_sbat, test_sbat_entries);
753
754 assert(status == EFI_SECURITY_VIOLATION);
755 free_mock_sbat(test_sbat);
756 free_mock_sbat_entries(test_sbat_entries);
757 return 0;
758}
759
760int
761test_verify_sbat_match_diff_name(void)
762{
763 struct sbat *test_sbat;
764 unsigned int sbat_entry_array_size = 2;
765 struct sbat_entry sbat_entry_array[sbat_entry_array_size];
766 sbat_entry_array[0].component_name = "test1";
767 sbat_entry_array[0].component_generation = "1";
768 sbat_entry_array[0].vendor_name = "SBAT test1";
769 sbat_entry_array[0].vendor_package_name = "acme";
770 sbat_entry_array[0].vendor_version = "1";
771 sbat_entry_array[0].vendor_url = "testURL";
772 sbat_entry_array[1].component_name = "test2";
773 sbat_entry_array[1].component_generation = "2";
774 sbat_entry_array[1].vendor_name = "SBAT test2";
775 sbat_entry_array[1].vendor_package_name = "acme2";
776 sbat_entry_array[1].vendor_version = "2";
777 sbat_entry_array[1].vendor_url = "testURL2";
778 test_sbat = create_mock_sbat_multiple_entries(sbat_entry_array,
779 sbat_entry_array_size);
780 if (!test_sbat)
781 return -1;
782
783 list_t *test_sbat_entries;
784 unsigned int sbat_var_array_size = 2;
785 struct sbat_var sbat_var_array[sbat_var_array_size];
786 sbat_var_array[0].component_name = "foo";
787 sbat_var_array[0].component_generation = "5";
788 sbat_var_array[1].component_name = "bar";
789 sbat_var_array[1].component_generation = "2";
790 test_sbat_entries = create_mock_sbat_entries_multiple_entries(sbat_var_array,
791 sbat_var_array_size);
792 if (!test_sbat_entries)
793 return -1;
794 EFI_STATUS status;
795
796 status = verify_sbat(test_sbat, test_sbat_entries);
797
798 assert(status == EFI_SUCCESS);
799 free_mock_sbat(test_sbat);
800 free_mock_sbat_entries(test_sbat_entries);
801 return 0;
802}
803
804int
805test_verify_sbat_match_diff_name_mixed(void)
806{
807 struct sbat *test_sbat;
808 unsigned int sbat_entry_array_size = 2;
809 struct sbat_entry sbat_entry_array[sbat_entry_array_size];
810 sbat_entry_array[0].component_name = "test1";
811 sbat_entry_array[0].component_generation = "1";
812 sbat_entry_array[0].vendor_name = "SBAT test1";
813 sbat_entry_array[0].vendor_package_name = "acme";
814 sbat_entry_array[0].vendor_version = "1";
815 sbat_entry_array[0].vendor_url = "testURL";
816 sbat_entry_array[1].component_name = "test2";
817 sbat_entry_array[1].component_generation = "2";
818 sbat_entry_array[1].vendor_name = "SBAT test2";
819 sbat_entry_array[1].vendor_package_name = "acme2";
820 sbat_entry_array[1].vendor_version = "2";
821 sbat_entry_array[1].vendor_url = "testURL2";
822 test_sbat = create_mock_sbat_multiple_entries(sbat_entry_array,
823 sbat_entry_array_size);
824 if (!test_sbat)
825 return -1;
826
827 list_t *test_sbat_entries;
828 unsigned int sbat_var_array_size = 2;
829 struct sbat_var sbat_var_array[sbat_var_array_size];
830 sbat_var_array[0].component_name = "test1";
831 sbat_var_array[0].component_generation = "1";
832 sbat_var_array[1].component_name = "bar";
833 sbat_var_array[1].component_generation = "2";
834 test_sbat_entries = create_mock_sbat_entries_multiple_entries(sbat_var_array,
835 sbat_var_array_size);
836 if (!test_sbat_entries)
837 return -1;
838 EFI_STATUS status;
839
840 status = verify_sbat(test_sbat, test_sbat_entries);
841
842 assert(status == EFI_SUCCESS);
843 free_mock_sbat(test_sbat);
844 free_mock_sbat_entries(test_sbat_entries);
845 return 0;
846}
847
848int
849test_verify_sbat_reject_diff_name_mixed(void)
850{
851 struct sbat *test_sbat;
852 unsigned int sbat_entry_array_size = 2;
853 struct sbat_entry sbat_entry_array[sbat_entry_array_size];
854 sbat_entry_array[0].component_name = "test1";
855 sbat_entry_array[0].component_generation = "1";
856 sbat_entry_array[0].vendor_name = "SBAT test1";
857 sbat_entry_array[0].vendor_package_name = "acme";
858 sbat_entry_array[0].vendor_version = "1";
859 sbat_entry_array[0].vendor_url = "testURL";
860 sbat_entry_array[1].component_name = "test2";
861 sbat_entry_array[1].component_generation = "2";
862 sbat_entry_array[1].vendor_name = "SBAT test2";
863 sbat_entry_array[1].vendor_package_name = "acme2";
864 sbat_entry_array[1].vendor_version = "2";
865 sbat_entry_array[1].vendor_url = "testURL2";
866 test_sbat = create_mock_sbat_multiple_entries(sbat_entry_array,
867 sbat_entry_array_size);
868 if (!test_sbat)
869 return -1;
870
871 list_t *test_sbat_entries;
872 unsigned int sbat_var_array_size = 2;
873 struct sbat_var sbat_var_array[sbat_var_array_size];
874 sbat_var_array[0].component_name = "test1";
875 sbat_var_array[0].component_generation = "5";
876 sbat_var_array[1].component_name = "bar";
877 sbat_var_array[1].component_generation = "2";
878 test_sbat_entries = create_mock_sbat_entries_multiple_entries(sbat_var_array,
879 sbat_var_array_size);
880 if (!test_sbat_entries)
881 return -1;
882 EFI_STATUS status;
883
884 status = verify_sbat(test_sbat, test_sbat_entries);
885
886 assert(status == EFI_SECURITY_VIOLATION);
887 free_mock_sbat(test_sbat);
888 free_mock_sbat_entries(test_sbat_entries);
889 return 0;
890}
891#endif
892
893int
894test_parse_and_verify(void)
895{
896 EFI_STATUS status;
897 char sbat_section[] =
898 "test1,1,SBAT test1,acme1,1,testURL1\n"
899 "test2,2,SBAT test2,acme2,2,testURL2\n";
900 struct sbat_section_entry **section_entries = NULL;
901 size_t n_section_entries = 0, i;
902 struct sbat_section_entry test_section_entry1 = {
903 "test1", "1", "SBAT test1", "acme1", "1", "testURL1"
904 };
905 struct sbat_section_entry test_section_entry2 = {
906 "test2", "2", "SBAT test2", "acme2", "2", "testURL2"
907 };
908 struct sbat_section_entry *test_entries[] = {
909 &test_section_entry1, &test_section_entry2,
910 };
8119f718 911 int rc = -1;
031e5cce
SM		 912
913 status = parse_sbat_section(sbat_section, sizeof(sbat_section)-1,
914 &n_section_entries, &section_entries);
915 eassert(status == EFI_SUCCESS, "expected %d got %d\n",
916 EFI_SUCCESS, status);
917 eassert(section_entries != NULL, "expected non-NULL got NULL\n");
918
919 for (i = 0; i < n_section_entries; i++) {
920 struct sbat_section_entry *entry = section_entries[i];
921 struct sbat_section_entry *test_entry = test_entries[i];
922
923#define mkassert(a) \
924 eassert(strcmp(entry-> a, test_entry-> a) == 0, \
925 "expected \"%s\" got \"%s\"\n", \
926 test_entry-> a, entry-> a )
927
928 mkassert(component_name);
929 mkassert(component_generation);
930 mkassert(vendor_name);
931 mkassert(vendor_package_name);
932 mkassert(vendor_version);
933 mkassert(vendor_url);
934
935#undef mkassert
936 }
937
938 eassert(n_section_entries == 2, "expected %d got %d\n",
939 2, n_section_entries);
940
941 char sbat_var_data[] = "test1,5\nbar,2\n";
942 size_t sbat_var_data_size = sizeof(sbat_var_data);
943 char *sbat_var_alloced = calloc(1, sbat_var_data_size);
944 if (!sbat_var_alloced)
945 return -1;
946 memcpy(sbat_var_alloced, sbat_var_data, sbat_var_data_size);
947
948 INIT_LIST_HEAD(&sbat_var);
949 status = parse_sbat_var_data(&sbat_var, sbat_var_alloced, sbat_var_data_size);
8119f718 950 free(sbat_var_alloced);
031e5cce
SM		 951 if (status != EFI_SUCCESS || list_empty(&sbat_var))
952 return -1;
953
954 status = verify_sbat(n_section_entries, section_entries);
8119f718 955 assert_equal_goto(status, EFI_SECURITY_VIOLATION, err, "expected %#x got %#x\n");
031e5cce 956
8119f718
SM		 957 rc = 0;
958err:
031e5cce 959 cleanup_sbat_section_entries(n_section_entries, section_entries);
8119f718 960 cleanup_sbat_var(&sbat_var);
031e5cce 961
8119f718
SM		 962 return rc;
963}
964
965int
966test_preserve_sbat_uefi_variable_good(void)
967{
968 char sbat[] = "sbat,1,\ncomponent,2,\n";
969 size_t sbat_size = sizeof(sbat);
970 UINT32 attributes = SBAT_VAR_ATTRS;
971
972 if (preserve_sbat_uefi_variable(sbat, sbat_size, attributes))
973 return 0;
974 else
975 return -1;
976}
977
978int
979test_preserve_sbat_uefi_variable_bad_sig(void)
980{
981 char sbat[] = "bad_sig,1,\ncomponent,2,\n";
982 size_t sbat_size = sizeof(sbat);
983 UINT32 attributes = SBAT_VAR_ATTRS;
984
985 if (preserve_sbat_uefi_variable(sbat, sbat_size, attributes))
986 return -1;
987 else
988 return 0;
989}
990
991int
992test_preserve_sbat_uefi_variable_bad_attr(void)
993{
994 char sbat[] = "sbat,1,\ncomponent,2,\n";
995 size_t sbat_size = sizeof(sbat);
996 UINT32 attributes = 0;
997
998 if (preserve_sbat_uefi_variable(sbat, sbat_size, attributes))
999 return -1;
1000 else
1001 return 0;
1002}
1003
1004int
1005test_preserve_sbat_uefi_variable_bad_short(void)
1006{
1007 char sbat[] = "sba";
1008 size_t sbat_size = sizeof(sbat);
1009 UINT32 attributes = SBAT_VAR_ATTRS;
1010
1011 if (preserve_sbat_uefi_variable(sbat, sbat_size, attributes))
1012 return -1;
1013 else
1014 return 0;
031e5cce
SM		 1015}
1016
1017int
1018main(void)
1019{
1020 int status = 0;
1021 // parse_sbat section tests
1022 test(test_parse_sbat_section_null_sbat_base);
1023 test(test_parse_sbat_section_zero_sbat_size);
1024 test(test_parse_sbat_section_null_entries);
1025 test(test_parse_sbat_section_null_count);
1026 test(test_parse_sbat_section_no_newline);
1027 test(test_parse_sbat_section_no_commas);
1028 test(test_parse_sbat_section_too_few_elem);
1029 test(test_parse_sbat_section_too_many_elem);
1030
1031 // parse_sbat_var tests
1032 test(test_parse_sbat_var_null_list);
1033 test(test_parse_sbat_var_data_null_list);
1034 test(test_parse_sbat_var_data_null_data);
1035 test(test_parse_sbat_var_data_zero_size);
1036
1037 // verify_sbat tests
1038 test(test_verify_sbat_null_sbat_section);
1039#if 0
1040 test(test_verify_sbat_null_sbat_entries);
1041 test(test_verify_sbat_match_one_exact);
1042 test(test_verify_sbat_match_one_higher);
1043 test(test_verify_sbat_reject_one);
1044 test(test_verify_sbat_reject_many);
1045 test(test_verify_sbat_match_many_higher);
1046 test(test_verify_sbat_match_many_exact);
1047 test(test_verify_sbat_reject_many_all);
1048 test(test_verify_sbat_match_diff_name);
1049 test(test_verify_sbat_match_diff_name_mixed);
1050 test(test_verify_sbat_reject_diff_name_mixed);
1051#endif
1052 test(test_parse_and_verify);
1053
8119f718
SM		 1054 test(test_preserve_sbat_uefi_variable_good);
1055 test(test_preserve_sbat_uefi_variable_bad_sig);
1056 test(test_preserve_sbat_uefi_variable_bad_attr);
1057 test(test_preserve_sbat_uefi_variable_bad_short);
1058
031e5cce
SM		 1059 return 0;
1060}
1061
1062// vim:fenc=utf-8:tw=75:noet
shim, a first-stage UEFI bootloader adapted for Proxmox projects