David Zeuthen | 21e9526 | 2016-07-27 17:58:40 -0400 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include <string.h> |
| 18 | |
| 19 | #include <gtest/gtest.h> |
| 20 | |
| 21 | #include "libavb.h" |
| 22 | |
| 23 | TEST(UtilTest, RSAPublicKeyHeaderByteswap) { |
| 24 | AvbRSAPublicKeyHeader h; |
| 25 | AvbRSAPublicKeyHeader s; |
| 26 | uint32_t n32; |
| 27 | uint64_t n64; |
| 28 | |
| 29 | n32 = 0x11223344; |
| 30 | n64 = 0x1122334455667788; |
| 31 | |
| 32 | h.key_num_bits = htobe32(n32); |
| 33 | n32++; |
| 34 | h.n0inv = htobe32(n32); |
| 35 | n32++; |
| 36 | |
| 37 | EXPECT_NE(0, avb_rsa_public_key_header_validate_and_byteswap(&h, &s)); |
| 38 | |
| 39 | n32 = 0x11223344; |
| 40 | n64 = 0x1122334455667788; |
| 41 | |
| 42 | EXPECT_EQ(n32, s.key_num_bits); |
| 43 | n32++; |
| 44 | EXPECT_EQ(n32, s.n0inv); |
| 45 | n32++; |
| 46 | } |
| 47 | |
| 48 | TEST(UtilTest, FooterByteswap) { |
| 49 | AvbFooter h; |
| 50 | AvbFooter s; |
| 51 | AvbFooter other; |
| 52 | AvbFooter bad; |
| 53 | uint64_t n64; |
| 54 | |
| 55 | n64 = 0x1122334455667788; |
| 56 | |
| 57 | memcpy(h.magic, AVB_FOOTER_MAGIC, AVB_FOOTER_MAGIC_LEN); |
| 58 | h.version_major = htobe32(AVB_FOOTER_MAJOR_VERSION); |
| 59 | h.version_minor = htobe32(AVB_FOOTER_MINOR_VERSION); |
| 60 | h.original_image_size = htobe64(n64); |
| 61 | n64++; |
| 62 | h.vbmeta_offset = htobe64(n64); |
| 63 | n64++; |
| 64 | h.vbmeta_size = htobe64(n64); |
| 65 | n64++; |
| 66 | |
| 67 | EXPECT_NE(0, avb_footer_validate_and_byteswap(&h, &s)); |
| 68 | |
| 69 | n64 = 0x1122334455667788; |
| 70 | |
| 71 | EXPECT_EQ((uint32_t)AVB_FOOTER_MAJOR_VERSION, s.version_major); |
| 72 | EXPECT_EQ((uint32_t)AVB_FOOTER_MINOR_VERSION, s.version_minor); |
| 73 | EXPECT_EQ(n64, s.original_image_size); |
| 74 | n64++; |
| 75 | EXPECT_EQ(n64, s.vbmeta_offset); |
| 76 | n64++; |
| 77 | EXPECT_EQ(n64, s.vbmeta_size); |
| 78 | n64++; |
| 79 | |
| 80 | // Check that the struct still validates if minor is bigger than |
| 81 | // what we expect. |
| 82 | other = h; |
| 83 | h.version_minor = htobe32(AVB_FOOTER_MINOR_VERSION + 1); |
| 84 | EXPECT_NE(0, avb_footer_validate_and_byteswap(&other, &s)); |
| 85 | |
| 86 | // Check for bad magic. |
| 87 | bad = h; |
| 88 | bad.magic[0] = 'x'; |
| 89 | EXPECT_EQ(0, avb_footer_validate_and_byteswap(&bad, &s)); |
| 90 | |
| 91 | // Check for bad major version. |
| 92 | bad = h; |
| 93 | bad.version_major = htobe32(AVB_FOOTER_MAJOR_VERSION + 1); |
| 94 | EXPECT_EQ(0, avb_footer_validate_and_byteswap(&bad, &s)); |
| 95 | } |
| 96 | |
| 97 | TEST(UtilTest, KernelCmdlineDescriptorByteswap) { |
| 98 | AvbKernelCmdlineDescriptor h; |
| 99 | AvbKernelCmdlineDescriptor s; |
| 100 | AvbKernelCmdlineDescriptor bad; |
| 101 | uint64_t nbf; |
| 102 | |
| 103 | // Specify 44 bytes of data past the end of the descriptor struct. |
| 104 | nbf = 44 + sizeof(AvbKernelCmdlineDescriptor) - sizeof(AvbDescriptor); |
| 105 | h.parent_descriptor.num_bytes_following = htobe64(nbf); |
| 106 | h.parent_descriptor.tag = htobe64(AVB_DESCRIPTOR_TAG_KERNEL_CMDLINE); |
| 107 | h.kernel_cmdline_length = htobe32(44); |
| 108 | |
| 109 | EXPECT_NE(0, avb_kernel_cmdline_descriptor_validate_and_byteswap(&h, &s)); |
| 110 | |
| 111 | EXPECT_EQ(AVB_DESCRIPTOR_TAG_KERNEL_CMDLINE, s.parent_descriptor.tag); |
| 112 | EXPECT_EQ(nbf, s.parent_descriptor.num_bytes_following); |
| 113 | EXPECT_EQ(44UL, s.kernel_cmdline_length); |
| 114 | |
| 115 | // Check for bad tag. |
| 116 | bad = h; |
| 117 | bad.parent_descriptor.tag = htobe64(0xf00dd00d); |
| 118 | EXPECT_EQ(0, avb_kernel_cmdline_descriptor_validate_and_byteswap(&bad, &s)); |
| 119 | |
| 120 | // Doesn't fit in 45 bytes. |
| 121 | bad = h; |
| 122 | bad.kernel_cmdline_length = htobe32(45); |
| 123 | EXPECT_EQ(0, avb_kernel_cmdline_descriptor_validate_and_byteswap(&bad, &s)); |
| 124 | } |
| 125 | |
| 126 | TEST(UtilTest, HashtreeDescriptorByteswap) { |
| 127 | AvbHashtreeDescriptor h; |
| 128 | AvbHashtreeDescriptor s; |
| 129 | AvbHashtreeDescriptor bad; |
| 130 | uint64_t nbf; |
| 131 | uint32_t n32; |
| 132 | uint64_t n64; |
| 133 | |
| 134 | // Specify 40 bytes of data past the end of the descriptor struct. |
| 135 | nbf = 40 + sizeof(AvbHashtreeDescriptor) - sizeof(AvbDescriptor); |
| 136 | h.parent_descriptor.num_bytes_following = htobe64(nbf); |
| 137 | h.parent_descriptor.tag = htobe64(AVB_DESCRIPTOR_TAG_HASHTREE); |
| 138 | h.partition_name_len = htobe32(10); |
| 139 | h.salt_len = htobe32(10); |
| 140 | h.root_digest_len = htobe32(10); |
| 141 | |
| 142 | n32 = 0x11223344; |
| 143 | n64 = 0x1122334455667788; |
| 144 | |
| 145 | h.dm_verity_version = htobe32(n32); |
| 146 | n32++; |
| 147 | h.image_size = htobe64(n64); |
| 148 | n64++; |
| 149 | h.tree_offset = htobe64(n64); |
| 150 | n64++; |
| 151 | h.tree_size = htobe64(n64); |
| 152 | n64++; |
| 153 | h.data_block_size = htobe32(n32); |
| 154 | n32++; |
| 155 | h.hash_block_size = htobe32(n32); |
| 156 | n32++; |
| 157 | |
| 158 | EXPECT_NE(0, avb_hashtree_descriptor_validate_and_byteswap(&h, &s)); |
| 159 | |
| 160 | n32 = 0x11223344; |
| 161 | n64 = 0x1122334455667788; |
| 162 | |
| 163 | EXPECT_EQ(n32, s.dm_verity_version); |
| 164 | n32++; |
| 165 | EXPECT_EQ(n64, s.image_size); |
| 166 | n64++; |
| 167 | EXPECT_EQ(n64, s.tree_offset); |
| 168 | n64++; |
| 169 | EXPECT_EQ(n64, s.tree_size); |
| 170 | n64++; |
| 171 | EXPECT_EQ(n32, s.data_block_size); |
| 172 | n32++; |
| 173 | EXPECT_EQ(n32, s.hash_block_size); |
| 174 | n32++; |
| 175 | |
| 176 | EXPECT_EQ(AVB_DESCRIPTOR_TAG_HASHTREE, s.parent_descriptor.tag); |
| 177 | EXPECT_EQ(nbf, s.parent_descriptor.num_bytes_following); |
| 178 | EXPECT_EQ(10UL, s.partition_name_len); |
| 179 | EXPECT_EQ(10UL, s.salt_len); |
| 180 | EXPECT_EQ(10UL, s.root_digest_len); |
| 181 | |
| 182 | // Check for bad tag. |
| 183 | bad = h; |
| 184 | bad.parent_descriptor.tag = htobe64(0xf00dd00d); |
| 185 | EXPECT_EQ(0, avb_hashtree_descriptor_validate_and_byteswap(&bad, &s)); |
| 186 | |
| 187 | // Doesn't fit in 40 bytes (30 + 10 + 10 = 50). |
| 188 | bad = h; |
| 189 | bad.partition_name_len = htobe32(30); |
| 190 | EXPECT_EQ(0, avb_hashtree_descriptor_validate_and_byteswap(&bad, &s)); |
| 191 | |
| 192 | // Doesn't fit in 40 bytes (10 + 30 + 10 = 50). |
| 193 | bad = h; |
| 194 | bad.salt_len = htobe32(30); |
| 195 | EXPECT_EQ(0, avb_hashtree_descriptor_validate_and_byteswap(&bad, &s)); |
| 196 | |
| 197 | // Doesn't fit in 40 bytes (10 + 10 + 30 = 50). |
| 198 | bad = h; |
| 199 | bad.root_digest_len = htobe32(30); |
| 200 | EXPECT_EQ(0, avb_hashtree_descriptor_validate_and_byteswap(&bad, &s)); |
| 201 | } |
| 202 | |
| 203 | TEST(UtilTest, HashDescriptorByteswap) { |
| 204 | AvbHashDescriptor h; |
| 205 | AvbHashDescriptor s; |
| 206 | AvbHashDescriptor bad; |
| 207 | uint64_t nbf; |
| 208 | |
| 209 | // Specify 44 bytes of data past the end of the descriptor struct. |
| 210 | nbf = 44 + sizeof(AvbHashDescriptor) - sizeof(AvbDescriptor); |
| 211 | h.parent_descriptor.num_bytes_following = htobe64(nbf); |
| 212 | h.parent_descriptor.tag = htobe64(AVB_DESCRIPTOR_TAG_HASH); |
| 213 | h.partition_name_len = htobe32(10); |
| 214 | h.salt_len = htobe32(10); |
| 215 | h.digest_len = htobe32(10); |
| 216 | |
| 217 | EXPECT_NE(0, avb_hash_descriptor_validate_and_byteswap(&h, &s)); |
| 218 | |
| 219 | EXPECT_EQ(AVB_DESCRIPTOR_TAG_HASH, s.parent_descriptor.tag); |
| 220 | EXPECT_EQ(nbf, s.parent_descriptor.num_bytes_following); |
| 221 | EXPECT_EQ(10UL, s.partition_name_len); |
| 222 | EXPECT_EQ(10UL, s.salt_len); |
| 223 | EXPECT_EQ(10UL, s.digest_len); |
| 224 | |
| 225 | // Check for bad tag. |
| 226 | bad = h; |
| 227 | bad.parent_descriptor.tag = htobe64(0xf00dd00d); |
| 228 | EXPECT_EQ(0, avb_hash_descriptor_validate_and_byteswap(&bad, &s)); |
| 229 | |
| 230 | // Doesn't fit in 44 bytes (30 + 10 + 10 = 50). |
| 231 | bad = h; |
| 232 | bad.partition_name_len = htobe32(30); |
| 233 | EXPECT_EQ(0, avb_hash_descriptor_validate_and_byteswap(&bad, &s)); |
| 234 | |
| 235 | // Doesn't fit in 44 bytes (10 + 30 + 10 = 50). |
| 236 | bad = h; |
| 237 | bad.salt_len = htobe32(30); |
| 238 | EXPECT_EQ(0, avb_hash_descriptor_validate_and_byteswap(&bad, &s)); |
| 239 | |
| 240 | // Doesn't fit in 44 bytes (10 + 10 + 30 = 50). |
| 241 | bad = h; |
| 242 | bad.digest_len = htobe32(30); |
| 243 | EXPECT_EQ(0, avb_hash_descriptor_validate_and_byteswap(&bad, &s)); |
| 244 | } |
| 245 | |
| 246 | TEST(UtilTest, ChainPartitionDescriptorByteswap) { |
| 247 | AvbChainPartitionDescriptor h; |
| 248 | AvbChainPartitionDescriptor s; |
| 249 | AvbChainPartitionDescriptor bad; |
| 250 | uint64_t nbf; |
| 251 | |
| 252 | // Specify 36 bytes of data past the end of the descriptor struct. |
| 253 | nbf = 36 + sizeof(AvbChainPartitionDescriptor) - sizeof(AvbDescriptor); |
| 254 | h.parent_descriptor.num_bytes_following = htobe64(nbf); |
| 255 | h.parent_descriptor.tag = htobe64(AVB_DESCRIPTOR_TAG_CHAIN_PARTITION); |
| 256 | h.rollback_index_slot = htobe32(42); |
| 257 | h.partition_name_len = htobe32(16); |
| 258 | h.public_key_len = htobe32(17); |
| 259 | |
| 260 | EXPECT_NE(0, avb_chain_partition_descriptor_validate_and_byteswap(&h, &s)); |
| 261 | |
| 262 | EXPECT_EQ(AVB_DESCRIPTOR_TAG_CHAIN_PARTITION, s.parent_descriptor.tag); |
| 263 | EXPECT_EQ(nbf, s.parent_descriptor.num_bytes_following); |
| 264 | EXPECT_EQ(42UL, s.rollback_index_slot); |
| 265 | EXPECT_EQ(16UL, s.partition_name_len); |
| 266 | EXPECT_EQ(17UL, s.public_key_len); |
| 267 | |
| 268 | // Check for bad tag. |
| 269 | bad = h; |
| 270 | bad.parent_descriptor.tag = htobe64(0xf00dd00d); |
| 271 | EXPECT_EQ(0, avb_chain_partition_descriptor_validate_and_byteswap(&bad, &s)); |
| 272 | |
| 273 | // Check for bad rollback index slot (must be at least 1). |
| 274 | bad = h; |
| 275 | bad.rollback_index_slot = htobe32(0); |
| 276 | EXPECT_EQ(0, avb_chain_partition_descriptor_validate_and_byteswap(&bad, &s)); |
| 277 | |
| 278 | // Doesn't fit in 40 bytes (24 + 17 = 41). |
| 279 | bad = h; |
| 280 | bad.partition_name_len = htobe32(24); |
| 281 | EXPECT_EQ(0, avb_chain_partition_descriptor_validate_and_byteswap(&bad, &s)); |
| 282 | |
| 283 | // Doesn't fit in 40 bytes (16 + 25 = 41). |
| 284 | bad = h; |
| 285 | bad.public_key_len = htobe32(25); |
| 286 | EXPECT_EQ(0, avb_chain_partition_descriptor_validate_and_byteswap(&bad, &s)); |
| 287 | } |
| 288 | |
| 289 | TEST(UtilTest, PropertyDescriptorByteswap) { |
| 290 | AvbPropertyDescriptor h; |
| 291 | AvbPropertyDescriptor s; |
| 292 | AvbPropertyDescriptor bad; |
| 293 | uint64_t nbf; |
| 294 | |
| 295 | // Specify 40 bytes of data past the end of the descriptor struct. |
| 296 | nbf = 40 + sizeof(AvbPropertyDescriptor) - sizeof(AvbDescriptor); |
| 297 | h.parent_descriptor.num_bytes_following = htobe64(nbf); |
| 298 | h.parent_descriptor.tag = htobe64(AVB_DESCRIPTOR_TAG_PROPERTY); |
| 299 | h.key_num_bytes = htobe64(16); |
| 300 | h.value_num_bytes = htobe64(17); |
| 301 | |
| 302 | EXPECT_NE(0, avb_property_descriptor_validate_and_byteswap(&h, &s)); |
| 303 | |
| 304 | EXPECT_EQ(AVB_DESCRIPTOR_TAG_PROPERTY, s.parent_descriptor.tag); |
| 305 | EXPECT_EQ(nbf, s.parent_descriptor.num_bytes_following); |
| 306 | EXPECT_EQ(16UL, s.key_num_bytes); |
| 307 | EXPECT_EQ(17UL, s.value_num_bytes); |
| 308 | |
| 309 | // Check for bad tag. |
| 310 | bad = h; |
| 311 | bad.parent_descriptor.tag = htobe64(0xf00dd00d); |
| 312 | EXPECT_EQ(0, avb_property_descriptor_validate_and_byteswap(&bad, &s)); |
| 313 | |
| 314 | // Doesn't fit in 40 bytes (22 + 17 + 2 = 41). |
| 315 | bad = h; |
| 316 | bad.key_num_bytes = htobe64(22); |
| 317 | EXPECT_EQ(0, avb_property_descriptor_validate_and_byteswap(&bad, &s)); |
| 318 | |
| 319 | // Doesn't fit in 40 bytes (16 + 23 + 2 = 41). |
| 320 | bad = h; |
| 321 | bad.value_num_bytes = htobe64(23); |
| 322 | EXPECT_EQ(0, avb_property_descriptor_validate_and_byteswap(&bad, &s)); |
| 323 | } |
| 324 | |
| 325 | TEST(UtilTest, DescriptorByteswap) { |
| 326 | AvbDescriptor h; |
| 327 | AvbDescriptor s; |
| 328 | uint64_t n64; |
| 329 | |
| 330 | n64 = 0x1122334455667788; |
| 331 | |
| 332 | h.num_bytes_following = htobe64(n64); |
| 333 | n64++; |
| 334 | h.tag = htobe64(n64); |
| 335 | n64++; |
| 336 | |
| 337 | EXPECT_NE(0, avb_descriptor_validate_and_byteswap(&h, &s)); |
| 338 | |
| 339 | n64 = 0x1122334455667788; |
| 340 | |
| 341 | EXPECT_EQ(n64, s.num_bytes_following); |
| 342 | n64++; |
| 343 | EXPECT_EQ(n64, s.tag); |
| 344 | n64++; |
| 345 | |
| 346 | // Check that we catch if |num_bytes_following| isn't divisble by 8. |
| 347 | h.num_bytes_following = htobe64(7); |
| 348 | EXPECT_EQ(0, avb_descriptor_validate_and_byteswap(&h, &s)); |
| 349 | } |
| 350 | |
| 351 | TEST(UtilTest, SafeAddition) { |
| 352 | uint64_t value; |
| 353 | uint64_t pow2_60 = 1ULL << 60; |
| 354 | |
| 355 | value = 2; |
| 356 | EXPECT_NE(0, avb_safe_add_to(&value, 5)); |
| 357 | EXPECT_EQ(7UL, value); |
| 358 | |
| 359 | /* These should not overflow */ |
| 360 | value = 1 * pow2_60; |
| 361 | EXPECT_NE(0, avb_safe_add_to(&value, 2 * pow2_60)); |
| 362 | EXPECT_EQ(3 * pow2_60, value); |
| 363 | value = 7 * pow2_60; |
| 364 | EXPECT_NE(0, avb_safe_add_to(&value, 8 * pow2_60)); |
| 365 | EXPECT_EQ(15 * pow2_60, value); |
| 366 | value = 9 * pow2_60; |
| 367 | EXPECT_NE(0, avb_safe_add_to(&value, 3 * pow2_60)); |
| 368 | EXPECT_EQ(12 * pow2_60, value); |
| 369 | value = 0xfffffffffffffffcUL; |
| 370 | EXPECT_NE(0, avb_safe_add_to(&value, 2)); |
| 371 | EXPECT_EQ(0xfffffffffffffffeUL, value); |
| 372 | |
| 373 | /* These should overflow. */ |
| 374 | value = 8 * pow2_60; |
| 375 | EXPECT_EQ(0, avb_safe_add_to(&value, 8 * pow2_60)); |
| 376 | value = 0xfffffffffffffffcUL; |
| 377 | EXPECT_EQ(0, avb_safe_add_to(&value, 4)); |
| 378 | } |
| 379 | |
| 380 | static int avb_validate_utf8z(const char* data) { |
| 381 | return avb_validate_utf8(reinterpret_cast<const uint8_t*>(data), |
| 382 | strlen(data)); |
| 383 | } |
| 384 | |
| 385 | TEST(UtilTest, UTF8Validation) { |
| 386 | // These should succeed. |
| 387 | EXPECT_NE(0, avb_validate_utf8z("foo bar")); |
| 388 | // Encoding of U+00E6 LATIN SMALL LETTER AE: æ |
| 389 | EXPECT_NE(0, avb_validate_utf8z("foo \xC3\xA6 bar")); |
| 390 | // Encoding of U+20AC EURO SIGN: € |
| 391 | EXPECT_NE(0, avb_validate_utf8z("foo \xE2\x82\xAC bar")); |
| 392 | // Encoding of U+1F466 BOY: 👦 |
| 393 | EXPECT_NE(0, avb_validate_utf8z("foo \xF0\x9F\x91\xA6 bar")); |
| 394 | // All three runes following each other. |
| 395 | EXPECT_NE(0, avb_validate_utf8z("\xC3\xA6\xE2\x82\xAC\xF0\x9F\x91\xA6")); |
| 396 | |
| 397 | // These should fail. |
| 398 | EXPECT_EQ(0, avb_validate_utf8z("foo \xF8 bar")); |
| 399 | EXPECT_EQ(0, avb_validate_utf8z("\xF8")); |
| 400 | // Stops in the middle of Unicode rune. |
| 401 | EXPECT_EQ(0, avb_validate_utf8z("foo \xC3")); |
| 402 | } |
| 403 | |
| 404 | TEST(UtilTest, StrConcat) { |
| 405 | char buf[8]; |
| 406 | |
| 407 | // These should succeed. |
| 408 | EXPECT_NE(0, avb_str_concat(buf, sizeof buf, "foo", 3, "bar1", 4)); |
| 409 | |
| 410 | // This should fail: Insufficient space. |
| 411 | EXPECT_EQ(0, avb_str_concat(buf, sizeof buf, "foo0", 4, "bar1", 4)); |
| 412 | } |
| 413 | |
| 414 | TEST(UtilTest, StrStr) { |
| 415 | const char* haystack = "abc def abcabc"; |
| 416 | |
| 417 | EXPECT_EQ(nullptr, avb_strstr(haystack, "needle")); |
| 418 | EXPECT_EQ(haystack, avb_strstr(haystack, "abc")); |
| 419 | EXPECT_EQ(haystack + 4, avb_strstr(haystack, "def")); |
| 420 | EXPECT_EQ(haystack, avb_strstr(haystack, haystack)); |
| 421 | } |
| 422 | |
| 423 | TEST(UtilTest, StrReplace) { |
| 424 | // We don't care about leaking strings from avb_replace(). |
| 425 | EXPECT_EQ("OK blah bah $(FOO OK blah", |
| 426 | std::string(avb_replace("$(FOO) blah bah $(FOO $(FOO) blah", |
| 427 | "$(FOO)", "OK"))); |
| 428 | EXPECT_EQ("OK", std::string(avb_replace("$(FOO)", "$(FOO)", "OK"))); |
| 429 | EXPECT_EQ(" OK", std::string(avb_replace(" $(FOO)", "$(FOO)", "OK"))); |
| 430 | EXPECT_EQ("OK ", std::string(avb_replace("$(FOO) ", "$(FOO)", "OK"))); |
| 431 | EXPECT_EQ("LONGSTRINGLONGSTRING", |
| 432 | std::string(avb_replace("$(FOO)$(FOO)", "$(FOO)", "LONGSTRING"))); |
| 433 | } |