Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / avb / d56c54c97ca809ecd58e0087a31b99f41f298df2 / . / test / avb_atx_validate_unittest.cc
blob: 1436b0b0ecf7741173c0e9c909af3c2a3aadcc4b [file] [log] [blame]
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use, copy,
8 * modify, merge, publish, distribute, sublicense, and/or sell copies
9 * of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25#include <stdio.h>
26#include <string.h>
27
28#include <base/files/file_util.h>
29#include <gtest/gtest.h>
30#include <openssl/objects.h>
31#include <openssl/pem.h>
32#include <openssl/rsa.h>
33#include <openssl/sha.h>
34
35#include <libavb_atx/libavb_atx.h>
36
37#include "avb_unittest_util.h"
38#include "fake_avb_ops.h"
39
40namespace {
41
42const char kMetadataPath[] = "test/data/atx_metadata.bin";
43const char kPermanentAttributesPath[] =
44 "test/data/atx_permanent_attributes.bin";
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]45const char kPRKPrivateKeyPath[] = "test/data/testkey_atx_prk.pem";
46const char kPIKPrivateKeyPath[] = "test/data/testkey_atx_pik.pem";
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]47
48class ScopedRSA {
49 public:
50 ScopedRSA(const char* pem_key_path) {
51 FILE* file = fopen(pem_key_path, "r");
52 rsa_ = PEM_read_RSAPrivateKey(file, nullptr, nullptr, nullptr);
53 fclose(file);
54 }
55
56 ~ScopedRSA() {
57 if (rsa_) {
58 RSA_free(rsa_);
59 }
60 }
61
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]62 // PKCS #1 v1.5 signature using SHA512. Returns true on success.
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]63 bool Sign(const void* data_to_sign, size_t length, uint8_t signature[]) {
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]64 uint8_t digest[AVB_SHA512_DIGEST_SIZE];
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]65 const unsigned char* data_to_sign_buf =
66 reinterpret_cast<const unsigned char*>(data_to_sign);
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]67 SHA512(data_to_sign_buf, length, digest);
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]68 unsigned int signature_length = 0;
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]69 return (1 == RSA_sign(NID_sha512,
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]70 digest,
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]71 AVB_SHA512_DIGEST_SIZE,
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]72 signature,
73 &signature_length,
74 rsa_));
75 }
76
77 private:
78 RSA* rsa_;
79};
80
81} /* namespace */
82
83namespace avb {
84
85class AvbAtxValidateTest : public ::testing::Test, public FakeAvbOpsDelegate {
86 public:
87 ~AvbAtxValidateTest() override {}
88
89 void SetUp() override {
90 ReadDefaultData();
91 ops_.set_delegate(this);
92 ops_.set_permanent_attributes(attributes_);
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]93 ops_.set_stored_rollback_indexes(
94 {{AVB_ATX_PIK_VERSION_LOCATION, 0}, {AVB_ATX_PSK_VERSION_LOCATION, 0}});
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]95 }
96
97 // FakeAvbOpsDelegate methods.
98 AvbIOResult read_from_partition(const char* partition,
99 int64_t offset,
100 size_t num_bytes,
101 void* buffer,
102 size_t* out_num_read) override {
103 // Expect method not used.
104 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
105 }
106
107 AvbIOResult write_to_partition(const char* partition,
108 int64_t offset,
109 size_t num_bytes,
110 const void* buffer) override {
111 // Expect method not used.
112 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
113 }
114
115 AvbIOResult validate_vbmeta_public_key(AvbOps* ops,
116 const uint8_t* public_key_data,
117 size_t public_key_length,
118 const uint8_t* public_key_metadata,
119 size_t public_key_metadata_length,
120 bool* out_key_is_trusted) override {
121 // Expect method not used.
122 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
123 }
124
125 AvbIOResult read_rollback_index(AvbOps* ops,
126 size_t rollback_index_slot,
127 uint64_t* out_rollback_index) override {
128 if ((fail_read_pik_rollback_index_ &&
129 rollback_index_slot == AVB_ATX_PIK_VERSION_LOCATION) ||
130 (fail_read_psk_rollback_index_ &&
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]131 rollback_index_slot == AVB_ATX_PSK_VERSION_LOCATION)) {
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]132 return AVB_IO_RESULT_ERROR_IO;
133 }
134 return ops_.read_rollback_index(
135 ops, rollback_index_slot, out_rollback_index);
136 }
137
138 AvbIOResult write_rollback_index(AvbOps* ops,
139 size_t rollback_index_slot,
140 uint64_t rollback_index) override {
141 // Expect method not used.
142 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
143 }
144
145 AvbIOResult read_is_device_unlocked(AvbOps* ops,
146 bool* out_is_device_unlocked) override {
147 // Expect method not used.
148 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
149 }
150
151 AvbIOResult get_unique_guid_for_partition(AvbOps* ops,
152 const char* partition,
153 char* guid_buf,
154 size_t guid_buf_size) override {
155 // Expect method not used.
156 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
157 }
158
159 AvbIOResult read_permanent_attributes(
160 AvbAtxPermanentAttributes* attributes) override {
161 if (fail_read_permanent_attributes_) {
162 return AVB_IO_RESULT_ERROR_IO;
163 }
164 return ops_.read_permanent_attributes(attributes);
165 }
166
167 AvbIOResult read_permanent_attributes_hash(
168 uint8_t hash[AVB_SHA256_DIGEST_SIZE]) override {
169 if (fail_read_permanent_attributes_hash_) {
170 return AVB_IO_RESULT_ERROR_IO;
171 }
172 return ops_.read_permanent_attributes_hash(hash);
173 }
174
175 protected:
176 virtual AvbIOResult Validate(bool* is_trusted) {
177 return avb_atx_validate_vbmeta_public_key(
178 ops_.avb_ops(),
179 metadata_.product_signing_key_certificate.signed_data.public_key,
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]180 AVB_ATX_PUBLIC_KEY_SIZE,
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]181 reinterpret_cast<const uint8_t*>(&metadata_),
182 sizeof(metadata_),
183 is_trusted);
184 }
185
186 void SignPIKCertificate() {
187 memset(metadata_.product_intermediate_key_certificate.signature,
188 0,
189 AVB_RSA4096_NUM_BYTES);
190 ScopedRSA key(kPRKPrivateKeyPath);
191 ASSERT_TRUE(
192 key.Sign(&metadata_.product_intermediate_key_certificate.signed_data,
193 sizeof(AvbAtxCertificateSignedData),
194 metadata_.product_intermediate_key_certificate.signature));
195 }
196
197 void SignPSKCertificate() {
198 memset(metadata_.product_signing_key_certificate.signature,
199 0,
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]200 AVB_RSA4096_NUM_BYTES);
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]201 ScopedRSA key(kPIKPrivateKeyPath);
202 ASSERT_TRUE(key.Sign(&metadata_.product_signing_key_certificate.signed_data,
203 sizeof(AvbAtxCertificateSignedData),
204 metadata_.product_signing_key_certificate.signature));
205 }
206
207 FakeAvbOps ops_;
208 AvbAtxPermanentAttributes attributes_;
209 AvbAtxPublicKeyMetadata metadata_;
210 bool fail_read_permanent_attributes_{false};
211 bool fail_read_permanent_attributes_hash_{false};
212 bool fail_read_pik_rollback_index_{false};
213 bool fail_read_psk_rollback_index_{false};
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]214
215 private:
216 void ReadDefaultData() {
217 std::string tmp;
218 ASSERT_TRUE(base::ReadFileToString(base::FilePath(kMetadataPath), &tmp));
219 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPublicKeyMetadata));
220 memcpy(&metadata_, tmp.data(), tmp.size());
221 ASSERT_TRUE(
222 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp));
223 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes));
224 memcpy(&attributes_, tmp.data(), tmp.size());
225 }
226};
227
228TEST_F(AvbAtxValidateTest, Success) {
229 bool is_trusted = false;
230 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
231 EXPECT_TRUE(is_trusted);
232}
233
234TEST_F(AvbAtxValidateTest, SuccessAfterNewSign) {
235 std::string old_pik_sig(
236 reinterpret_cast<char*>(
237 metadata_.product_intermediate_key_certificate.signature),
238 AVB_RSA4096_NUM_BYTES);
239 std::string old_psk_sig(
240 reinterpret_cast<char*>(
241 metadata_.product_signing_key_certificate.signature),
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]242 AVB_RSA4096_NUM_BYTES);
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]243 SignPIKCertificate();
244 SignPSKCertificate();
245 std::string new_pik_sig(
246 reinterpret_cast<char*>(
247 metadata_.product_intermediate_key_certificate.signature),
248 AVB_RSA4096_NUM_BYTES);
249 std::string new_psk_sig(
250 reinterpret_cast<char*>(
251 metadata_.product_signing_key_certificate.signature),
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]252 AVB_RSA4096_NUM_BYTES);
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]253 EXPECT_EQ(old_pik_sig, new_pik_sig);
254 EXPECT_EQ(old_psk_sig, new_psk_sig);
255 bool is_trusted = false;
256 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
257 EXPECT_TRUE(is_trusted);
258}
259
260TEST_F(AvbAtxValidateTest, FailReadPermamentAttributes) {
261 fail_read_permanent_attributes_ = true;
262 bool is_trusted = true;
263 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
264 EXPECT_FALSE(is_trusted);
265}
266
267TEST_F(AvbAtxValidateTest, FailReadPermamentAttributesHash) {
268 fail_read_permanent_attributes_hash_ = true;
269 bool is_trusted = true;
270 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
271 EXPECT_FALSE(is_trusted);
272}
273
274TEST_F(AvbAtxValidateTest, UnsupportedPermanentAttributesVersion) {
275 attributes_.version = 25;
276 ops_.set_permanent_attributes(attributes_);
277 bool is_trusted = true;
278 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
279 EXPECT_FALSE(is_trusted);
280}
281
282TEST_F(AvbAtxValidateTest, PermanentAttributesHashMismatch) {
283 ops_.set_permanent_attributes_hash("bad_hash");
284 bool is_trusted = true;
285 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
286 EXPECT_FALSE(is_trusted);
287}
288
289// A fixture with parameterized metadata length.
290class AvbAtxValidateTestWithMetadataLength
291 : public AvbAtxValidateTest,
292 public ::testing::WithParamInterface<size_t> {
293 protected:
294 AvbIOResult Validate(bool* is_trusted) override {
295 return avb_atx_validate_vbmeta_public_key(
296 ops_.avb_ops(),
297 metadata_.product_signing_key_certificate.signed_data.public_key,
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]298 AVB_ATX_PUBLIC_KEY_SIZE,
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]299 reinterpret_cast<const uint8_t*>(&metadata_),
300 GetParam(),
301 is_trusted);
302 }
303};
304
305TEST_P(AvbAtxValidateTestWithMetadataLength, InvalidMetadataLength) {
306 bool is_trusted = true;
307 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
308 EXPECT_FALSE(is_trusted);
309}
310
311// Test a bunch of invalid metadata length values.
312INSTANTIATE_TEST_CASE_P(P,
313 AvbAtxValidateTestWithMetadataLength,
314 ::testing::Values(0,
315 1,
316 sizeof(AvbAtxPublicKeyMetadata) - 1,
317 sizeof(AvbAtxPublicKeyMetadata) + 1,
318 -1));
319
320TEST_F(AvbAtxValidateTest, UnsupportedMetadataVersion) {
321 metadata_.version = 25;
322 bool is_trusted = true;
323 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
324 EXPECT_FALSE(is_trusted);
325}
326
327TEST_F(AvbAtxValidateTest, FailReadPIKRollbackIndex) {
328 fail_read_pik_rollback_index_ = true;
329 bool is_trusted = true;
330 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
331 EXPECT_FALSE(is_trusted);
332}
333
334TEST_F(AvbAtxValidateTest, UnsupportedPIKCertificateVersion) {
335 metadata_.product_intermediate_key_certificate.signed_data.version = 25;
336 SignPIKCertificate();
337 bool is_trusted = true;
338 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
339 EXPECT_FALSE(is_trusted);
340}
341
342TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubjectPublicKey) {
343 metadata_.product_intermediate_key_certificate.signed_data.public_key[0] ^= 1;
344 bool is_trusted = true;
345 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
346 EXPECT_FALSE(is_trusted);
347}
348
349TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubject) {
350 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1;
351 bool is_trusted = true;
352 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
353 EXPECT_FALSE(is_trusted);
354}
355
356TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedUsage) {
357 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1;
358 bool is_trusted = true;
359 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
360 EXPECT_FALSE(is_trusted);
361}
362
363TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedKeyVersion) {
364 metadata_.product_intermediate_key_certificate.signed_data.key_version ^= 1;
365 bool is_trusted = true;
366 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
367 EXPECT_FALSE(is_trusted);
368}
369
370TEST_F(AvbAtxValidateTest, BadPIKCert_BadSignature) {
371 metadata_.product_intermediate_key_certificate.signature[0] ^= 1;
372 bool is_trusted = true;
373 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
374 EXPECT_FALSE(is_trusted);
375}
376
377TEST_F(AvbAtxValidateTest, PIKCertSubjectIgnored) {
378 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1;
379 SignPIKCertificate();
380 bool is_trusted = false;
381 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
382 EXPECT_TRUE(is_trusted);
383}
384
385TEST_F(AvbAtxValidateTest, PIKCertUnexpectedUsage) {
386 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1;
387 SignPIKCertificate();
388 bool is_trusted = true;
389 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
390 EXPECT_FALSE(is_trusted);
391}
392
393TEST_F(AvbAtxValidateTest, PIKRollback) {
394 ops_.set_stored_rollback_indexes(
395 {{AVB_ATX_PIK_VERSION_LOCATION,
396 metadata_.product_intermediate_key_certificate.signed_data.key_version +
397 1},
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]398 {AVB_ATX_PSK_VERSION_LOCATION, 0}});
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]399 bool is_trusted = true;
400 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
401 EXPECT_FALSE(is_trusted);
402}
403
404TEST_F(AvbAtxValidateTest, FailReadPSKRollbackIndex) {
405 fail_read_psk_rollback_index_ = true;
406 bool is_trusted = true;
407 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
408 EXPECT_FALSE(is_trusted);
409}
410
411TEST_F(AvbAtxValidateTest, UnsupportedPSKCertificateVersion) {
412 metadata_.product_signing_key_certificate.signed_data.version = 25;
413 SignPSKCertificate();
414 bool is_trusted = true;
415 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
416 EXPECT_FALSE(is_trusted);
417}
418
419TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubjectPublicKey) {
420 metadata_.product_signing_key_certificate.signed_data.public_key[0] ^= 1;
421 bool is_trusted = true;
422 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
423 EXPECT_FALSE(is_trusted);
424}
425
426TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubject) {
427 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1;
428 bool is_trusted = true;
429 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
430 EXPECT_FALSE(is_trusted);
431}
432
433TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedUsage) {
434 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1;
435 bool is_trusted = true;
436 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
437 EXPECT_FALSE(is_trusted);
438}
439
440TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedKeyVersion) {
441 metadata_.product_signing_key_certificate.signed_data.key_version ^= 1;
442 bool is_trusted = true;
443 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
444 EXPECT_FALSE(is_trusted);
445}
446
447TEST_F(AvbAtxValidateTest, BadPSKCert_BadSignature) {
448 metadata_.product_signing_key_certificate.signature[0] ^= 1;
449 bool is_trusted = true;
450 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
451 EXPECT_FALSE(is_trusted);
452}
453
454TEST_F(AvbAtxValidateTest, PSKCertUnexpectedSubject) {
455 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1;
456 SignPSKCertificate();
457 bool is_trusted = true;
458 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
459 EXPECT_FALSE(is_trusted);
460}
461
462TEST_F(AvbAtxValidateTest, PSKCertUnexpectedUsage) {
463 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1;
464 SignPSKCertificate();
465 bool is_trusted = true;
466 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
467 EXPECT_FALSE(is_trusted);
468}
469
470TEST_F(AvbAtxValidateTest, PSKRollback) {
471 ops_.set_stored_rollback_indexes(
472 {{AVB_ATX_PIK_VERSION_LOCATION, 0},
473 {AVB_ATX_PSK_VERSION_LOCATION,
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]474 metadata_.product_signing_key_certificate.signed_data.key_version +
475 1}});
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]476 bool is_trusted = true;
477 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
478 EXPECT_FALSE(is_trusted);
479}
480
481// A fixture with parameterized public key length.
482class AvbAtxValidateTestWithPublicKeyLength
483 : public AvbAtxValidateTest,
484 public ::testing::WithParamInterface<size_t> {
485 protected:
486 AvbIOResult Validate(bool* is_trusted) override {
487 return avb_atx_validate_vbmeta_public_key(
488 ops_.avb_ops(),
489 metadata_.product_signing_key_certificate.signed_data.public_key,
490 GetParam(),
491 reinterpret_cast<const uint8_t*>(&metadata_),
492 sizeof(metadata_),
493 is_trusted);
494 }
495};
496
497TEST_P(AvbAtxValidateTestWithPublicKeyLength, InvalidPublicKeyLength) {
498 bool is_trusted = true;
499 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
500 EXPECT_FALSE(is_trusted);
501}
502
503// Test a bunch of invalid public key length values.
504INSTANTIATE_TEST_CASE_P(P,
505 AvbAtxValidateTestWithPublicKeyLength,
506 ::testing::Values(0,
507 1,
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]508 AVB_ATX_PUBLIC_KEY_SIZE - 1,
509 AVB_ATX_PUBLIC_KEY_SIZE + 1,
510 AVB_ATX_PUBLIC_KEY_SIZE - 512,
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]511 -1));
512
513TEST_F(AvbAtxValidateTest, PSKMismatch) {
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]514 uint8_t bad_key[AVB_ATX_PUBLIC_KEY_SIZE] = {};
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]515 bool is_trusted = true;
516 EXPECT_EQ(AVB_IO_RESULT_OK,
517 avb_atx_validate_vbmeta_public_key(
518 ops_.avb_ops(),
519 bad_key,
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]520 AVB_ATX_PUBLIC_KEY_SIZE,
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]521 reinterpret_cast<const uint8_t*>(&metadata_),
522 sizeof(metadata_),
523 &is_trusted));
524 EXPECT_FALSE(is_trusted);
525}
526
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]527// A fixture for testing avb_slot_verify() with ATX.
528class AvbAtxSlotVerifyTest : public BaseAvbToolTest, public FakeAvbOpsDelegate {
529 public:
530 ~AvbAtxSlotVerifyTest() override = default;
531
532 void SetUp() override {
533 BaseAvbToolTest::SetUp();
534 ReadAtxDefaultData();
535 ops_.set_partition_dir(testdir_);
536 ops_.set_delegate(this);
537 ops_.set_permanent_attributes(attributes_);
538 ops_.set_stored_rollback_indexes({{0, 0},
539 {1, 0},
540 {2, 0},
541 {3, 0},
542 {AVB_ATX_PIK_VERSION_LOCATION, 0},
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]543 {AVB_ATX_PSK_VERSION_LOCATION, 0}});
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]544 ops_.set_stored_is_device_unlocked(false);
545 }
546
547 // FakeAvbOpsDelegate methods. All forward to FakeAvbOps default except for
548 // validate_vbmeta_public_key().
549 AvbIOResult read_from_partition(const char* partition,
550 int64_t offset,
551 size_t num_bytes,
552 void* buffer,
553 size_t* out_num_read) override {
554 return ops_.read_from_partition(
555 partition, offset, num_bytes, buffer, out_num_read);
556 }
557
558 AvbIOResult write_to_partition(const char* partition,
559 int64_t offset,
560 size_t num_bytes,
561 const void* buffer) override {
562 return ops_.write_to_partition(partition, offset, num_bytes, buffer);
563 }
564
565 AvbIOResult validate_vbmeta_public_key(AvbOps* ops,
566 const uint8_t* public_key_data,
567 size_t public_key_length,
568 const uint8_t* public_key_metadata,
569 size_t public_key_metadata_length,
570 bool* out_key_is_trusted) override {
571 // Send to ATX implementation.
572 ++num_atx_calls_;
573 return avb_atx_validate_vbmeta_public_key(ops_.avb_ops(),
574 public_key_data,
575 public_key_length,
576 public_key_metadata,
577 public_key_metadata_length,
578 out_key_is_trusted);
579 }
580
581 AvbIOResult read_rollback_index(AvbOps* ops,
582 size_t rollback_index_slot,
583 uint64_t* out_rollback_index) override {
584 return ops_.read_rollback_index(
585 ops, rollback_index_slot, out_rollback_index);
586 }
587
588 AvbIOResult write_rollback_index(AvbOps* ops,
589 size_t rollback_index_slot,
590 uint64_t rollback_index) override {
591 return ops_.write_rollback_index(ops, rollback_index_slot, rollback_index);
592 }
593
594 AvbIOResult read_is_device_unlocked(AvbOps* ops,
595 bool* out_is_device_unlocked) override {
596 return ops_.read_is_device_unlocked(ops, out_is_device_unlocked);
597 }
598
599 AvbIOResult get_unique_guid_for_partition(AvbOps* ops,
600 const char* partition,
601 char* guid_buf,
602 size_t guid_buf_size) override {
603 return ops_.get_unique_guid_for_partition(
604 ops, partition, guid_buf, guid_buf_size);
605 }
606
607 AvbIOResult read_permanent_attributes(
608 AvbAtxPermanentAttributes* attributes) override {
609 return ops_.read_permanent_attributes(attributes);
610 }
611
612 AvbIOResult read_permanent_attributes_hash(
613 uint8_t hash[AVB_SHA256_DIGEST_SIZE]) override {
614 return ops_.read_permanent_attributes_hash(hash);
615 }
616
617 protected:
618 FakeAvbOps ops_;
619 AvbAtxPermanentAttributes attributes_;
620 int num_atx_calls_ = 0;
621
622 private:
623 void ReadAtxDefaultData() {
624 std::string tmp;
625 ASSERT_TRUE(
626 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp));
627 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes));
628 memcpy(&attributes_, tmp.data(), tmp.size());
629 }
630};
631
632TEST_F(AvbAtxSlotVerifyTest, SlotVerifyWithAtx) {
633 std::string metadata_option = "--public_key_metadata=";
634 metadata_option += kMetadataPath;
635 GenerateVBMetaImage("vbmeta_a.img",
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]636 "SHA512_RSA4096",
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]637 0,
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]638 base::FilePath("test/data/testkey_atx_psk.pem"),
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]639 metadata_option);
640
641 ops_.set_expected_public_key(
Darren Krahn43e12d82017-02-24 16:26:31 -0800[diff] [blame]642 PublicKeyAVB(base::FilePath("test/data/testkey_atx_psk.pem")));
Darren Krahn147b08d2016-12-20 16:38:29 -0800[diff] [blame]643
644 AvbSlotVerifyData* slot_data = NULL;
645 const char* requested_partitions[] = {"boot", NULL};
646 EXPECT_EQ(AVB_SLOT_VERIFY_RESULT_OK,
647 avb_slot_verify(ops_.avb_ops(),
648 requested_partitions,
649 "_a",
650 false /* allow_verification_error */,
651 &slot_data));
652 EXPECT_NE(nullptr, slot_data);
653 avb_slot_verify_data_free(slot_data);
654 EXPECT_EQ(1, num_atx_calls_);
655}
656
657} // namespace avb