1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Permission is hereby granted, free of charge, to any person 5 * obtaining a copy of this software and associated documentation 6 * files (the "Software"), to deal in the Software without 7 * restriction, including without limitation the rights to use, copy, 8 * modify, merge, publish, distribute, sublicense, and/or sell copies 9 * of the Software, and to permit persons to whom the Software is 10 * furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 25 #include <stdio.h> 26 #include <string.h> 27 28 #include <base/files/file_util.h> 29 #include <gtest/gtest.h> 30 #include <openssl/objects.h> 31 #include <openssl/pem.h> 32 #include <openssl/rsa.h> 33 #include <openssl/sha.h> 34 35 #include <libavb_atx/libavb_atx.h> 36 37 #include "avb_unittest_util.h" 38 #include "fake_avb_ops.h" 39 40 namespace { 41 42 const char kMetadataPath[] = "test/data/atx_metadata.bin"; 43 const char kPermanentAttributesPath[] = 44 "test/data/atx_permanent_attributes.bin"; 45 const char kPRKPrivateKeyPath[] = "test/data/testkey_atx_prk.pem"; 46 const char kPIKPrivateKeyPath[] = "test/data/testkey_atx_pik.pem"; 47 const char kPSKPrivateKeyPath[] = "test/data/testkey_atx_psk.pem"; 48 const char kPUKPrivateKeyPath[] = "test/data/testkey_atx_puk.pem"; 49 const char kUnlockChallengePath[] = "test/data/atx_unlock_challenge.bin"; 50 const char kUnlockCredentialPath[] = "test/data/atx_unlock_credential.bin"; 51 52 class ScopedRSA { 53 public: 54 ScopedRSA(const char* pem_key_path) { 55 FILE* file = fopen(pem_key_path, "r"); 56 rsa_ = PEM_read_RSAPrivateKey(file, nullptr, nullptr, nullptr); 57 fclose(file); 58 } 59 60 ~ScopedRSA() { 61 if (rsa_) { 62 RSA_free(rsa_); 63 } 64 } 65 66 // PKCS #1 v1.5 signature using SHA512. Returns true on success. 67 bool Sign(const void* data_to_sign, size_t length, uint8_t signature[]) { 68 uint8_t digest[AVB_SHA512_DIGEST_SIZE]; 69 const unsigned char* data_to_sign_buf = 70 reinterpret_cast<const unsigned char*>(data_to_sign); 71 SHA512(data_to_sign_buf, length, digest); 72 unsigned int signature_length = 0; 73 return (1 == RSA_sign(NID_sha512, 74 digest, 75 AVB_SHA512_DIGEST_SIZE, 76 signature, 77 &signature_length, 78 rsa_)); 79 } 80 81 private: 82 RSA* rsa_; 83 }; 84 85 } /* namespace */ 86 87 namespace avb { 88 89 class AvbAtxValidateTest : public ::testing::Test, 90 public FakeAvbOpsDelegateWithDefaults { 91 public: 92 ~AvbAtxValidateTest() override {} 93 94 void SetUp() override { 95 ReadDefaultData(); 96 ops_.set_delegate(this); 97 ops_.set_permanent_attributes(attributes_); 98 ops_.set_stored_rollback_indexes( 99 {{AVB_ATX_PIK_VERSION_LOCATION, 0}, {AVB_ATX_PSK_VERSION_LOCATION, 0}}); 100 } 101 102 // FakeAvbOpsDelegate methods. 103 AvbIOResult read_from_partition(const char* partition, 104 int64_t offset, 105 size_t num_bytes, 106 void* buffer, 107 size_t* out_num_read) override { 108 // Expect method not used. 109 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 110 } 111 112 AvbIOResult get_preloaded_partition( 113 const char* partition, 114 size_t num_bytes, 115 uint8_t** out_pointer, 116 size_t* out_num_bytes_preloaded) override { 117 // Expect method not used. 118 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 119 } 120 121 AvbIOResult write_to_partition(const char* partition, 122 int64_t offset, 123 size_t num_bytes, 124 const void* buffer) override { 125 // Expect method not used. 126 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 127 } 128 129 AvbIOResult validate_vbmeta_public_key(AvbOps* ops, 130 const uint8_t* public_key_data, 131 size_t public_key_length, 132 const uint8_t* public_key_metadata, 133 size_t public_key_metadata_length, 134 bool* out_key_is_trusted) override { 135 // Expect method not used. 136 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 137 } 138 139 AvbIOResult read_rollback_index(AvbOps* ops, 140 size_t rollback_index_slot, 141 uint64_t* out_rollback_index) override { 142 if ((fail_read_pik_rollback_index_ && 143 rollback_index_slot == AVB_ATX_PIK_VERSION_LOCATION) || 144 (fail_read_psk_rollback_index_ && 145 rollback_index_slot == AVB_ATX_PSK_VERSION_LOCATION)) { 146 return AVB_IO_RESULT_ERROR_IO; 147 } 148 return ops_.read_rollback_index( 149 ops, rollback_index_slot, out_rollback_index); 150 } 151 152 AvbIOResult write_rollback_index(AvbOps* ops, 153 size_t rollback_index_slot, 154 uint64_t rollback_index) override { 155 // Expect method not used. 156 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 157 } 158 159 AvbIOResult read_is_device_unlocked(AvbOps* ops, 160 bool* out_is_device_unlocked) override { 161 // Expect method not used. 162 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 163 } 164 165 AvbIOResult get_unique_guid_for_partition(AvbOps* ops, 166 const char* partition, 167 char* guid_buf, 168 size_t guid_buf_size) override { 169 // Expect method not used. 170 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 171 } 172 173 AvbIOResult get_size_of_partition(AvbOps* ops, 174 const char* partition, 175 uint64_t* out_size) override { 176 // Expect method not used. 177 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 178 } 179 180 AvbIOResult read_persistent_value(const char* name, 181 size_t buffer_size, 182 uint8_t* out_buffer, 183 size_t* out_num_bytes_read) override { 184 // Expect method not used. 185 return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE; 186 } 187 188 AvbIOResult write_persistent_value(const char* name, 189 size_t value_size, 190 const uint8_t* value) override { 191 // Expect method not used. 192 return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE; 193 } 194 195 AvbIOResult read_permanent_attributes( 196 AvbAtxPermanentAttributes* attributes) override { 197 if (fail_read_permanent_attributes_) { 198 return AVB_IO_RESULT_ERROR_IO; 199 } 200 return ops_.read_permanent_attributes(attributes); 201 } 202 203 AvbIOResult read_permanent_attributes_hash( 204 uint8_t hash[AVB_SHA256_DIGEST_SIZE]) override { 205 if (fail_read_permanent_attributes_hash_) { 206 return AVB_IO_RESULT_ERROR_IO; 207 } 208 return ops_.read_permanent_attributes_hash(hash); 209 } 210 211 void set_key_version(size_t rollback_index_location, 212 uint64_t key_version) override { 213 ops_.set_key_version(rollback_index_location, key_version); 214 } 215 216 AvbIOResult get_random(size_t num_bytes, uint8_t* output) override { 217 if (fail_get_random_) { 218 return AVB_IO_RESULT_ERROR_IO; 219 } 220 if (fake_random_.size() >= num_bytes) { 221 memcpy(output, fake_random_.data(), num_bytes); 222 return AVB_IO_RESULT_OK; 223 } 224 return ops_.get_random(num_bytes, output); 225 } 226 227 protected: 228 virtual AvbIOResult Validate(bool* is_trusted) { 229 return avb_atx_validate_vbmeta_public_key( 230 ops_.avb_ops(), 231 metadata_.product_signing_key_certificate.signed_data.public_key, 232 AVB_ATX_PUBLIC_KEY_SIZE, 233 reinterpret_cast<const uint8_t*>(&metadata_), 234 sizeof(metadata_), 235 is_trusted); 236 } 237 238 AvbIOResult ValidateUnlock(bool* is_trusted) { 239 return avb_atx_validate_unlock_credential( 240 ops_.avb_atx_ops(), &unlock_credential_, is_trusted); 241 } 242 243 void SignPIKCertificate() { 244 memset(metadata_.product_intermediate_key_certificate.signature, 245 0, 246 AVB_RSA4096_NUM_BYTES); 247 ScopedRSA key(kPRKPrivateKeyPath); 248 ASSERT_TRUE( 249 key.Sign(&metadata_.product_intermediate_key_certificate.signed_data, 250 sizeof(AvbAtxCertificateSignedData), 251 metadata_.product_intermediate_key_certificate.signature)); 252 } 253 254 void SignPSKCertificate() { 255 memset(metadata_.product_signing_key_certificate.signature, 256 0, 257 AVB_RSA4096_NUM_BYTES); 258 ScopedRSA key(kPIKPrivateKeyPath); 259 ASSERT_TRUE(key.Sign(&metadata_.product_signing_key_certificate.signed_data, 260 sizeof(AvbAtxCertificateSignedData), 261 metadata_.product_signing_key_certificate.signature)); 262 } 263 264 void SignUnlockCredentialPIKCertificate() { 265 memset(unlock_credential_.product_intermediate_key_certificate.signature, 266 0, 267 AVB_RSA4096_NUM_BYTES); 268 ScopedRSA key(kPRKPrivateKeyPath); 269 ASSERT_TRUE(key.Sign( 270 &unlock_credential_.product_intermediate_key_certificate.signed_data, 271 sizeof(AvbAtxCertificateSignedData), 272 unlock_credential_.product_intermediate_key_certificate.signature)); 273 } 274 275 void SignUnlockCredentialPUKCertificate() { 276 memset(unlock_credential_.product_unlock_key_certificate.signature, 277 0, 278 AVB_RSA4096_NUM_BYTES); 279 ScopedRSA key(kPIKPrivateKeyPath); 280 ASSERT_TRUE( 281 key.Sign(&unlock_credential_.product_unlock_key_certificate.signed_data, 282 sizeof(AvbAtxCertificateSignedData), 283 unlock_credential_.product_unlock_key_certificate.signature)); 284 } 285 286 void SignUnlockCredentialChallenge(const char* key_path) { 287 memset(unlock_credential_.challenge_signature, 0, AVB_RSA4096_NUM_BYTES); 288 ScopedRSA key(key_path); 289 ASSERT_TRUE(key.Sign(unlock_challenge_.data(), 290 unlock_challenge_.size(), 291 unlock_credential_.challenge_signature)); 292 } 293 294 bool PrepareUnlockCredential() { 295 // Stage a challenge to be remembered as the 'most recent challenge'. Then 296 // the next call to unlock with |unlock_credential_| is expected to succeed. 297 fake_random_ = unlock_challenge_; 298 AvbAtxUnlockChallenge challenge; 299 return (AVB_IO_RESULT_OK == 300 avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge)); 301 } 302 303 AvbAtxPermanentAttributes attributes_; 304 AvbAtxPublicKeyMetadata metadata_; 305 bool fail_read_permanent_attributes_{false}; 306 bool fail_read_permanent_attributes_hash_{false}; 307 bool fail_read_pik_rollback_index_{false}; 308 bool fail_read_psk_rollback_index_{false}; 309 bool fail_get_random_{false}; 310 std::string fake_random_; 311 AvbAtxUnlockCredential unlock_credential_; 312 std::string unlock_challenge_; 313 314 private: 315 void ReadDefaultData() { 316 std::string tmp; 317 ASSERT_TRUE(base::ReadFileToString(base::FilePath(kMetadataPath), &tmp)); 318 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPublicKeyMetadata)); 319 memcpy(&metadata_, tmp.data(), tmp.size()); 320 ASSERT_TRUE( 321 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp)); 322 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes)); 323 memcpy(&attributes_, tmp.data(), tmp.size()); 324 ASSERT_TRUE(base::ReadFileToString(base::FilePath(kUnlockChallengePath), 325 &unlock_challenge_)); 326 ASSERT_EQ(size_t(AVB_ATX_UNLOCK_CHALLENGE_SIZE), unlock_challenge_.size()); 327 ASSERT_TRUE( 328 base::ReadFileToString(base::FilePath(kUnlockCredentialPath), &tmp)); 329 ASSERT_EQ(tmp.size(), sizeof(AvbAtxUnlockCredential)); 330 memcpy(&unlock_credential_, tmp.data(), tmp.size()); 331 } 332 }; 333 334 TEST_F(AvbAtxValidateTest, Success) { 335 bool is_trusted = false; 336 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 337 EXPECT_TRUE(is_trusted); 338 339 // Check that the key versions were reported correctly. 340 EXPECT_EQ( 341 ops_.get_verified_rollback_indexes()[AVB_ATX_PIK_VERSION_LOCATION], 342 metadata_.product_intermediate_key_certificate.signed_data.key_version); 343 EXPECT_EQ(ops_.get_verified_rollback_indexes()[AVB_ATX_PSK_VERSION_LOCATION], 344 metadata_.product_signing_key_certificate.signed_data.key_version); 345 EXPECT_EQ(2UL, ops_.get_verified_rollback_indexes().size()); 346 } 347 348 TEST_F(AvbAtxValidateTest, SuccessAfterNewSign) { 349 std::string old_pik_sig( 350 reinterpret_cast<char*>( 351 metadata_.product_intermediate_key_certificate.signature), 352 AVB_RSA4096_NUM_BYTES); 353 std::string old_psk_sig( 354 reinterpret_cast<char*>( 355 metadata_.product_signing_key_certificate.signature), 356 AVB_RSA4096_NUM_BYTES); 357 SignPIKCertificate(); 358 SignPSKCertificate(); 359 std::string new_pik_sig( 360 reinterpret_cast<char*>( 361 metadata_.product_intermediate_key_certificate.signature), 362 AVB_RSA4096_NUM_BYTES); 363 std::string new_psk_sig( 364 reinterpret_cast<char*>( 365 metadata_.product_signing_key_certificate.signature), 366 AVB_RSA4096_NUM_BYTES); 367 EXPECT_EQ(old_pik_sig, new_pik_sig); 368 EXPECT_EQ(old_psk_sig, new_psk_sig); 369 bool is_trusted = false; 370 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 371 EXPECT_TRUE(is_trusted); 372 } 373 374 TEST_F(AvbAtxValidateTest, FailReadPermamentAttributes) { 375 fail_read_permanent_attributes_ = true; 376 bool is_trusted = true; 377 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 378 EXPECT_FALSE(is_trusted); 379 } 380 381 TEST_F(AvbAtxValidateTest, FailReadPermamentAttributesHash) { 382 fail_read_permanent_attributes_hash_ = true; 383 bool is_trusted = true; 384 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 385 EXPECT_FALSE(is_trusted); 386 } 387 388 TEST_F(AvbAtxValidateTest, UnsupportedPermanentAttributesVersion) { 389 attributes_.version = 25; 390 ops_.set_permanent_attributes(attributes_); 391 bool is_trusted = true; 392 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 393 EXPECT_FALSE(is_trusted); 394 } 395 396 TEST_F(AvbAtxValidateTest, PermanentAttributesHashMismatch) { 397 ops_.set_permanent_attributes_hash("bad_hash"); 398 bool is_trusted = true; 399 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 400 EXPECT_FALSE(is_trusted); 401 } 402 403 // A fixture with parameterized metadata length. 404 class AvbAtxValidateTestWithMetadataLength 405 : public AvbAtxValidateTest, 406 public ::testing::WithParamInterface<size_t> { 407 protected: 408 AvbIOResult Validate(bool* is_trusted) override { 409 return avb_atx_validate_vbmeta_public_key( 410 ops_.avb_ops(), 411 metadata_.product_signing_key_certificate.signed_data.public_key, 412 AVB_ATX_PUBLIC_KEY_SIZE, 413 reinterpret_cast<const uint8_t*>(&metadata_), 414 GetParam(), 415 is_trusted); 416 } 417 }; 418 419 TEST_P(AvbAtxValidateTestWithMetadataLength, InvalidMetadataLength) { 420 bool is_trusted = true; 421 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 422 EXPECT_FALSE(is_trusted); 423 } 424 425 // Test a bunch of invalid metadata length values. 426 INSTANTIATE_TEST_CASE_P(P, 427 AvbAtxValidateTestWithMetadataLength, 428 ::testing::Values(0, 429 1, 430 sizeof(AvbAtxPublicKeyMetadata) - 1, 431 sizeof(AvbAtxPublicKeyMetadata) + 1, 432 -1)); 433 434 TEST_F(AvbAtxValidateTest, UnsupportedMetadataVersion) { 435 metadata_.version = 25; 436 bool is_trusted = true; 437 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 438 EXPECT_FALSE(is_trusted); 439 } 440 441 TEST_F(AvbAtxValidateTest, FailReadPIKRollbackIndex) { 442 fail_read_pik_rollback_index_ = true; 443 bool is_trusted = true; 444 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 445 EXPECT_FALSE(is_trusted); 446 } 447 448 TEST_F(AvbAtxValidateTest, UnsupportedPIKCertificateVersion) { 449 metadata_.product_intermediate_key_certificate.signed_data.version = 25; 450 SignPIKCertificate(); 451 bool is_trusted = true; 452 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 453 EXPECT_FALSE(is_trusted); 454 } 455 456 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubjectPublicKey) { 457 metadata_.product_intermediate_key_certificate.signed_data.public_key[0] ^= 1; 458 bool is_trusted = true; 459 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 460 EXPECT_FALSE(is_trusted); 461 } 462 463 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubject) { 464 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1; 465 bool is_trusted = true; 466 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 467 EXPECT_FALSE(is_trusted); 468 } 469 470 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedUsage) { 471 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1; 472 bool is_trusted = true; 473 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 474 EXPECT_FALSE(is_trusted); 475 } 476 477 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedKeyVersion) { 478 metadata_.product_intermediate_key_certificate.signed_data.key_version ^= 1; 479 bool is_trusted = true; 480 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 481 EXPECT_FALSE(is_trusted); 482 } 483 484 TEST_F(AvbAtxValidateTest, BadPIKCert_BadSignature) { 485 metadata_.product_intermediate_key_certificate.signature[0] ^= 1; 486 bool is_trusted = true; 487 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 488 EXPECT_FALSE(is_trusted); 489 } 490 491 TEST_F(AvbAtxValidateTest, PIKCertSubjectIgnored) { 492 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1; 493 SignPIKCertificate(); 494 bool is_trusted = false; 495 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 496 EXPECT_TRUE(is_trusted); 497 } 498 499 TEST_F(AvbAtxValidateTest, PIKCertUnexpectedUsage) { 500 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1; 501 SignPIKCertificate(); 502 bool is_trusted = true; 503 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 504 EXPECT_FALSE(is_trusted); 505 } 506 507 TEST_F(AvbAtxValidateTest, PIKRollback) { 508 ops_.set_stored_rollback_indexes( 509 {{AVB_ATX_PIK_VERSION_LOCATION, 510 metadata_.product_intermediate_key_certificate.signed_data.key_version + 511 1}, 512 {AVB_ATX_PSK_VERSION_LOCATION, 0}}); 513 bool is_trusted = true; 514 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 515 EXPECT_FALSE(is_trusted); 516 } 517 518 TEST_F(AvbAtxValidateTest, FailReadPSKRollbackIndex) { 519 fail_read_psk_rollback_index_ = true; 520 bool is_trusted = true; 521 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 522 EXPECT_FALSE(is_trusted); 523 } 524 525 TEST_F(AvbAtxValidateTest, UnsupportedPSKCertificateVersion) { 526 metadata_.product_signing_key_certificate.signed_data.version = 25; 527 SignPSKCertificate(); 528 bool is_trusted = true; 529 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 530 EXPECT_FALSE(is_trusted); 531 } 532 533 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubjectPublicKey) { 534 metadata_.product_signing_key_certificate.signed_data.public_key[0] ^= 1; 535 bool is_trusted = true; 536 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 537 EXPECT_FALSE(is_trusted); 538 } 539 540 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubject) { 541 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1; 542 bool is_trusted = true; 543 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 544 EXPECT_FALSE(is_trusted); 545 } 546 547 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedUsage) { 548 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1; 549 bool is_trusted = true; 550 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 551 EXPECT_FALSE(is_trusted); 552 } 553 554 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedKeyVersion) { 555 metadata_.product_signing_key_certificate.signed_data.key_version ^= 1; 556 bool is_trusted = true; 557 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 558 EXPECT_FALSE(is_trusted); 559 } 560 561 TEST_F(AvbAtxValidateTest, BadPSKCert_BadSignature) { 562 metadata_.product_signing_key_certificate.signature[0] ^= 1; 563 bool is_trusted = true; 564 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 565 EXPECT_FALSE(is_trusted); 566 } 567 568 TEST_F(AvbAtxValidateTest, PSKCertUnexpectedSubject) { 569 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1; 570 SignPSKCertificate(); 571 bool is_trusted = true; 572 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 573 EXPECT_FALSE(is_trusted); 574 } 575 576 TEST_F(AvbAtxValidateTest, PSKCertUnexpectedUsage) { 577 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1; 578 SignPSKCertificate(); 579 bool is_trusted = true; 580 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 581 EXPECT_FALSE(is_trusted); 582 } 583 584 TEST_F(AvbAtxValidateTest, PSKRollback) { 585 ops_.set_stored_rollback_indexes( 586 {{AVB_ATX_PIK_VERSION_LOCATION, 0}, 587 {AVB_ATX_PSK_VERSION_LOCATION, 588 metadata_.product_signing_key_certificate.signed_data.key_version + 589 1}}); 590 bool is_trusted = true; 591 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 592 EXPECT_FALSE(is_trusted); 593 } 594 595 // A fixture with parameterized public key length. 596 class AvbAtxValidateTestWithPublicKeyLength 597 : public AvbAtxValidateTest, 598 public ::testing::WithParamInterface<size_t> { 599 protected: 600 AvbIOResult Validate(bool* is_trusted) override { 601 return avb_atx_validate_vbmeta_public_key( 602 ops_.avb_ops(), 603 metadata_.product_signing_key_certificate.signed_data.public_key, 604 GetParam(), 605 reinterpret_cast<const uint8_t*>(&metadata_), 606 sizeof(metadata_), 607 is_trusted); 608 } 609 }; 610 611 TEST_P(AvbAtxValidateTestWithPublicKeyLength, InvalidPublicKeyLength) { 612 bool is_trusted = true; 613 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 614 EXPECT_FALSE(is_trusted); 615 } 616 617 // Test a bunch of invalid public key length values. 618 INSTANTIATE_TEST_CASE_P(P, 619 AvbAtxValidateTestWithPublicKeyLength, 620 ::testing::Values(0, 621 1, 622 AVB_ATX_PUBLIC_KEY_SIZE - 1, 623 AVB_ATX_PUBLIC_KEY_SIZE + 1, 624 AVB_ATX_PUBLIC_KEY_SIZE - 512, 625 -1)); 626 627 TEST_F(AvbAtxValidateTest, PSKMismatch) { 628 uint8_t bad_key[AVB_ATX_PUBLIC_KEY_SIZE] = {}; 629 bool is_trusted = true; 630 EXPECT_EQ(AVB_IO_RESULT_OK, 631 avb_atx_validate_vbmeta_public_key( 632 ops_.avb_ops(), 633 bad_key, 634 AVB_ATX_PUBLIC_KEY_SIZE, 635 reinterpret_cast<const uint8_t*>(&metadata_), 636 sizeof(metadata_), 637 &is_trusted)); 638 EXPECT_FALSE(is_trusted); 639 } 640 641 TEST_F(AvbAtxValidateTest, GenerateUnlockChallenge) { 642 fake_random_ = std::string(AVB_ATX_UNLOCK_CHALLENGE_SIZE, 'C'); 643 AvbAtxUnlockChallenge challenge; 644 EXPECT_EQ(AVB_IO_RESULT_OK, 645 avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge)); 646 EXPECT_EQ(1UL, challenge.version); 647 EXPECT_EQ(0, 648 memcmp(fake_random_.data(), 649 challenge.challenge, 650 AVB_ATX_UNLOCK_CHALLENGE_SIZE)); 651 uint8_t expected_pid_hash[AVB_SHA256_DIGEST_SIZE]; 652 SHA256(attributes_.product_id, AVB_ATX_PRODUCT_ID_SIZE, expected_pid_hash); 653 EXPECT_EQ(0, 654 memcmp(expected_pid_hash, 655 challenge.product_id_hash, 656 AVB_SHA256_DIGEST_SIZE)); 657 } 658 659 TEST_F(AvbAtxValidateTest, GenerateUnlockChallenge_NoAttributes) { 660 fail_read_permanent_attributes_ = true; 661 AvbAtxUnlockChallenge challenge; 662 EXPECT_NE(AVB_IO_RESULT_OK, 663 avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge)); 664 } 665 666 TEST_F(AvbAtxValidateTest, GenerateUnlockChallenge_NoRNG) { 667 fail_get_random_ = true; 668 AvbAtxUnlockChallenge challenge; 669 EXPECT_NE(AVB_IO_RESULT_OK, 670 avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge)); 671 } 672 673 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential) { 674 ASSERT_TRUE(PrepareUnlockCredential()); 675 bool is_trusted = true; 676 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 677 EXPECT_TRUE(is_trusted); 678 } 679 680 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_UnsupportedVersion) { 681 ASSERT_TRUE(PrepareUnlockCredential()); 682 unlock_credential_.version++; 683 bool is_trusted = true; 684 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 685 EXPECT_FALSE(is_trusted); 686 } 687 688 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_NoAttributes) { 689 PrepareUnlockCredential(); 690 fail_read_permanent_attributes_ = true; 691 bool is_trusted = true; 692 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted)); 693 EXPECT_FALSE(is_trusted); 694 } 695 696 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_NoAttributesHash) { 697 PrepareUnlockCredential(); 698 fail_read_permanent_attributes_hash_ = true; 699 bool is_trusted = true; 700 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted)); 701 EXPECT_FALSE(is_trusted); 702 } 703 704 TEST_F(AvbAtxValidateTest, 705 ValidateUnlockCredential_UnsupportedAttributesVersion) { 706 ASSERT_TRUE(PrepareUnlockCredential()); 707 attributes_.version = 25; 708 ops_.set_permanent_attributes(attributes_); 709 bool is_trusted = true; 710 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 711 EXPECT_FALSE(is_trusted); 712 } 713 714 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_AttributesHashMismatch) { 715 ASSERT_TRUE(PrepareUnlockCredential()); 716 ops_.set_permanent_attributes_hash("bad_hash"); 717 bool is_trusted = true; 718 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 719 EXPECT_FALSE(is_trusted); 720 } 721 722 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_FailReadPIKRollbackIndex) { 723 ASSERT_TRUE(PrepareUnlockCredential()); 724 fail_read_pik_rollback_index_ = true; 725 bool is_trusted = true; 726 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted)); 727 EXPECT_FALSE(is_trusted); 728 } 729 730 TEST_F(AvbAtxValidateTest, 731 ValidateUnlockCredential_UnsupportedPIKCertificateVersion) { 732 ASSERT_TRUE(PrepareUnlockCredential()); 733 unlock_credential_.product_intermediate_key_certificate.signed_data.version = 734 25; 735 SignUnlockCredentialPIKCertificate(); 736 bool is_trusted = true; 737 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 738 EXPECT_FALSE(is_trusted); 739 } 740 741 TEST_F(AvbAtxValidateTest, 742 ValidateUnlockCredential_BadPIKCert_ModifiedSubjectPublicKey) { 743 ASSERT_TRUE(PrepareUnlockCredential()); 744 unlock_credential_.product_intermediate_key_certificate.signed_data 745 .public_key[0] ^= 1; 746 bool is_trusted = true; 747 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 748 EXPECT_FALSE(is_trusted); 749 } 750 751 TEST_F(AvbAtxValidateTest, 752 ValidateUnlockCredential_BadPIKCert_ModifiedSubject) { 753 ASSERT_TRUE(PrepareUnlockCredential()); 754 unlock_credential_.product_intermediate_key_certificate.signed_data 755 .subject[0] ^= 1; 756 bool is_trusted = true; 757 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 758 EXPECT_FALSE(is_trusted); 759 } 760 761 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPIKCert_ModifiedUsage) { 762 ASSERT_TRUE(PrepareUnlockCredential()); 763 unlock_credential_.product_intermediate_key_certificate.signed_data 764 .usage[0] ^= 1; 765 bool is_trusted = true; 766 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 767 EXPECT_FALSE(is_trusted); 768 } 769 770 TEST_F(AvbAtxValidateTest, 771 ValidateUnlockCredential_BadPIKCert_ModifiedKeyVersion) { 772 ASSERT_TRUE(PrepareUnlockCredential()); 773 unlock_credential_.product_intermediate_key_certificate.signed_data 774 .key_version ^= 1; 775 bool is_trusted = true; 776 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 777 EXPECT_FALSE(is_trusted); 778 } 779 780 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPIKCert_BadSignature) { 781 ASSERT_TRUE(PrepareUnlockCredential()); 782 unlock_credential_.product_intermediate_key_certificate.signature[0] ^= 1; 783 bool is_trusted = true; 784 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 785 EXPECT_FALSE(is_trusted); 786 } 787 788 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKCertSubjectIgnored) { 789 ASSERT_TRUE(PrepareUnlockCredential()); 790 unlock_credential_.product_intermediate_key_certificate.signed_data 791 .subject[0] ^= 1; 792 SignUnlockCredentialPIKCertificate(); 793 bool is_trusted = false; 794 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 795 EXPECT_TRUE(is_trusted); 796 } 797 798 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKCertUnexpectedUsage) { 799 ASSERT_TRUE(PrepareUnlockCredential()); 800 unlock_credential_.product_intermediate_key_certificate.signed_data 801 .usage[0] ^= 1; 802 SignUnlockCredentialPIKCertificate(); 803 bool is_trusted = true; 804 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 805 EXPECT_FALSE(is_trusted); 806 } 807 808 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKRollback) { 809 ASSERT_TRUE(PrepareUnlockCredential()); 810 ops_.set_stored_rollback_indexes( 811 {{AVB_ATX_PIK_VERSION_LOCATION, 812 unlock_credential_.product_intermediate_key_certificate.signed_data 813 .key_version + 814 1}, 815 {AVB_ATX_PSK_VERSION_LOCATION, 0}}); 816 bool is_trusted = true; 817 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 818 EXPECT_FALSE(is_trusted); 819 } 820 821 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_FailReadPSKRollbackIndex) { 822 ASSERT_TRUE(PrepareUnlockCredential()); 823 fail_read_psk_rollback_index_ = true; 824 bool is_trusted = true; 825 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted)); 826 EXPECT_FALSE(is_trusted); 827 } 828 829 TEST_F(AvbAtxValidateTest, 830 ValidateUnlockCredential_UnsupportedPUKCertificateVersion) { 831 ASSERT_TRUE(PrepareUnlockCredential()); 832 unlock_credential_.product_unlock_key_certificate.signed_data.version = 25; 833 SignUnlockCredentialPUKCertificate(); 834 bool is_trusted = true; 835 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 836 EXPECT_FALSE(is_trusted); 837 } 838 839 TEST_F(AvbAtxValidateTest, 840 ValidateUnlockCredential_BadPUKCert_ModifiedSubjectPublicKey) { 841 ASSERT_TRUE(PrepareUnlockCredential()); 842 unlock_credential_.product_unlock_key_certificate.signed_data.public_key[0] ^= 843 1; 844 bool is_trusted = true; 845 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 846 EXPECT_FALSE(is_trusted); 847 } 848 849 TEST_F(AvbAtxValidateTest, 850 ValidateUnlockCredential_BadPUKCert_ModifiedSubject) { 851 ASSERT_TRUE(PrepareUnlockCredential()); 852 unlock_credential_.product_unlock_key_certificate.signed_data.subject[0] ^= 1; 853 bool is_trusted = true; 854 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 855 EXPECT_FALSE(is_trusted); 856 } 857 858 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPUKCert_ModifiedUsage) { 859 ASSERT_TRUE(PrepareUnlockCredential()); 860 unlock_credential_.product_unlock_key_certificate.signed_data.usage[0] ^= 1; 861 bool is_trusted = true; 862 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 863 EXPECT_FALSE(is_trusted); 864 } 865 866 TEST_F(AvbAtxValidateTest, 867 ValidateUnlockCredential_BadPUKCert_ModifiedKeyVersion) { 868 ASSERT_TRUE(PrepareUnlockCredential()); 869 unlock_credential_.product_unlock_key_certificate.signed_data.key_version ^= 870 1; 871 bool is_trusted = true; 872 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 873 EXPECT_FALSE(is_trusted); 874 } 875 876 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPUKCert_BadSignature) { 877 ASSERT_TRUE(PrepareUnlockCredential()); 878 unlock_credential_.product_unlock_key_certificate.signature[0] ^= 1; 879 bool is_trusted = true; 880 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 881 EXPECT_FALSE(is_trusted); 882 } 883 884 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKCertUnexpectedSubject) { 885 ASSERT_TRUE(PrepareUnlockCredential()); 886 unlock_credential_.product_unlock_key_certificate.signed_data.subject[0] ^= 1; 887 SignUnlockCredentialPUKCertificate(); 888 bool is_trusted = true; 889 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 890 EXPECT_FALSE(is_trusted); 891 } 892 893 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKCertUnexpectedUsage) { 894 ASSERT_TRUE(PrepareUnlockCredential()); 895 unlock_credential_.product_unlock_key_certificate.signed_data.usage[0] ^= 1; 896 SignUnlockCredentialPUKCertificate(); 897 bool is_trusted = true; 898 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 899 EXPECT_FALSE(is_trusted); 900 } 901 902 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKRollback) { 903 ASSERT_TRUE(PrepareUnlockCredential()); 904 ops_.set_stored_rollback_indexes( 905 {{AVB_ATX_PIK_VERSION_LOCATION, 0}, 906 {AVB_ATX_PSK_VERSION_LOCATION, 907 unlock_credential_.product_unlock_key_certificate.signed_data 908 .key_version + 909 1}}); 910 bool is_trusted = true; 911 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 912 EXPECT_FALSE(is_trusted); 913 } 914 915 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadChallengeSignature) { 916 ASSERT_TRUE(PrepareUnlockCredential()); 917 unlock_credential_.challenge_signature[10] ^= 1; 918 bool is_trusted = true; 919 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 920 EXPECT_FALSE(is_trusted); 921 } 922 923 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_ChallengeMismatch) { 924 ASSERT_TRUE(PrepareUnlockCredential()); 925 unlock_challenge_ = "bad"; 926 SignUnlockCredentialChallenge(kPUKPrivateKeyPath); 927 bool is_trusted = true; 928 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 929 EXPECT_FALSE(is_trusted); 930 } 931 932 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_UnlockWithPSK) { 933 ASSERT_TRUE(PrepareUnlockCredential()); 934 // Copy the PSK cert as the PUK cert. 935 memcpy(&unlock_credential_.product_unlock_key_certificate, 936 &metadata_.product_signing_key_certificate, 937 sizeof(AvbAtxCertificate)); 938 // Sign the challenge with the PSK instead of the PUK. 939 SignUnlockCredentialChallenge(kPSKPrivateKeyPath); 940 bool is_trusted = true; 941 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 942 EXPECT_FALSE(is_trusted); 943 } 944 945 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_ReplayChallenge) { 946 ASSERT_TRUE(PrepareUnlockCredential()); 947 bool is_trusted = true; 948 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 949 EXPECT_TRUE(is_trusted); 950 // A second attempt with the same challenge should fail. 951 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 952 EXPECT_FALSE(is_trusted); 953 } 954 955 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_MultipleUnlock) { 956 ASSERT_TRUE(PrepareUnlockCredential()); 957 bool is_trusted = true; 958 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 959 EXPECT_TRUE(is_trusted); 960 // A second attempt with a newly staged challenge should succeed. 961 ASSERT_TRUE(PrepareUnlockCredential()); 962 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); 963 EXPECT_TRUE(is_trusted); 964 } 965 966 // A fixture for testing avb_slot_verify() with ATX. 967 class AvbAtxSlotVerifyTest : public BaseAvbToolTest, 968 public FakeAvbOpsDelegateWithDefaults { 969 public: 970 ~AvbAtxSlotVerifyTest() override = default; 971 972 void SetUp() override { 973 BaseAvbToolTest::SetUp(); 974 ReadAtxDefaultData(); 975 ops_.set_partition_dir(testdir_); 976 ops_.set_delegate(this); 977 ops_.set_permanent_attributes(attributes_); 978 ops_.set_stored_rollback_indexes({{0, 0}, 979 {1, 0}, 980 {2, 0}, 981 {3, 0}, 982 {AVB_ATX_PIK_VERSION_LOCATION, 0}, 983 {AVB_ATX_PSK_VERSION_LOCATION, 0}}); 984 ops_.set_stored_is_device_unlocked(false); 985 } 986 987 // FakeAvbOpsDelegate override. 988 AvbIOResult validate_vbmeta_public_key(AvbOps* ops, 989 const uint8_t* public_key_data, 990 size_t public_key_length, 991 const uint8_t* public_key_metadata, 992 size_t public_key_metadata_length, 993 bool* out_key_is_trusted) override { 994 // Send to ATX implementation. 995 ++num_atx_calls_; 996 return avb_atx_validate_vbmeta_public_key(ops_.avb_ops(), 997 public_key_data, 998 public_key_length, 999 public_key_metadata, 1000 public_key_metadata_length, 1001 out_key_is_trusted); 1002 } 1003 1004 protected: 1005 AvbAtxPermanentAttributes attributes_; 1006 int num_atx_calls_ = 0; 1007 1008 private: 1009 void ReadAtxDefaultData() { 1010 std::string tmp; 1011 ASSERT_TRUE( 1012 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp)); 1013 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes)); 1014 memcpy(&attributes_, tmp.data(), tmp.size()); 1015 } 1016 }; 1017 1018 TEST_F(AvbAtxSlotVerifyTest, SlotVerifyWithAtx) { 1019 std::string metadata_option = "--public_key_metadata="; 1020 metadata_option += kMetadataPath; 1021 GenerateVBMetaImage("vbmeta_a.img", 1022 "SHA512_RSA4096", 1023 0, 1024 base::FilePath("test/data/testkey_atx_psk.pem"), 1025 metadata_option); 1026 1027 ops_.set_expected_public_key( 1028 PublicKeyAVB(base::FilePath("test/data/testkey_atx_psk.pem"))); 1029 1030 AvbSlotVerifyData* slot_data = NULL; 1031 const char* requested_partitions[] = {"boot", NULL}; 1032 EXPECT_EQ(AVB_SLOT_VERIFY_RESULT_OK, 1033 avb_slot_verify(ops_.avb_ops(), 1034 requested_partitions, 1035 "_a", 1036 AVB_SLOT_VERIFY_FLAGS_NONE, 1037 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, 1038 &slot_data)); 1039 EXPECT_NE(nullptr, slot_data); 1040 avb_slot_verify_data_free(slot_data); 1041 EXPECT_EQ(1, num_atx_calls_); 1042 } 1043 1044 } // namespace avb 1045