1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Permission is hereby granted, free of charge, to any person 5 * obtaining a copy of this software and associated documentation 6 * files (the "Software"), to deal in the Software without 7 * restriction, including without limitation the rights to use, copy, 8 * modify, merge, publish, distribute, sublicense, and/or sell copies 9 * of the Software, and to permit persons to whom the Software is 10 * furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 25 #include <stdio.h> 26 #include <string.h> 27 28 #include <base/files/file_util.h> 29 #include <gtest/gtest.h> 30 #include <openssl/objects.h> 31 #include <openssl/pem.h> 32 #include <openssl/rsa.h> 33 #include <openssl/sha.h> 34 35 #include <libavb_atx/libavb_atx.h> 36 37 #include "avb_unittest_util.h" 38 #include "fake_avb_ops.h" 39 40 namespace { 41 42 const char kMetadataPath[] = "test/data/atx_metadata.bin"; 43 const char kPermanentAttributesPath[] = 44 "test/data/atx_permanent_attributes.bin"; 45 const char kPRKPrivateKeyPath[] = "test/data/testkey_atx_prk.pem"; 46 const char kPIKPrivateKeyPath[] = "test/data/testkey_atx_pik.pem"; 47 48 class ScopedRSA { 49 public: 50 ScopedRSA(const char* pem_key_path) { 51 FILE* file = fopen(pem_key_path, "r"); 52 rsa_ = PEM_read_RSAPrivateKey(file, nullptr, nullptr, nullptr); 53 fclose(file); 54 } 55 56 ~ScopedRSA() { 57 if (rsa_) { 58 RSA_free(rsa_); 59 } 60 } 61 62 // PKCS #1 v1.5 signature using SHA512. Returns true on success. 63 bool Sign(const void* data_to_sign, size_t length, uint8_t signature[]) { 64 uint8_t digest[AVB_SHA512_DIGEST_SIZE]; 65 const unsigned char* data_to_sign_buf = 66 reinterpret_cast<const unsigned char*>(data_to_sign); 67 SHA512(data_to_sign_buf, length, digest); 68 unsigned int signature_length = 0; 69 return (1 == RSA_sign(NID_sha512, 70 digest, 71 AVB_SHA512_DIGEST_SIZE, 72 signature, 73 &signature_length, 74 rsa_)); 75 } 76 77 private: 78 RSA* rsa_; 79 }; 80 81 } /* namespace */ 82 83 namespace avb { 84 85 class AvbAtxValidateTest : public ::testing::Test, public FakeAvbOpsDelegate { 86 public: 87 ~AvbAtxValidateTest() override {} 88 89 void SetUp() override { 90 ReadDefaultData(); 91 ops_.set_delegate(this); 92 ops_.set_permanent_attributes(attributes_); 93 ops_.set_stored_rollback_indexes( 94 {{AVB_ATX_PIK_VERSION_LOCATION, 0}, {AVB_ATX_PSK_VERSION_LOCATION, 0}}); 95 } 96 97 // FakeAvbOpsDelegate methods. 98 AvbIOResult read_from_partition(const char* partition, 99 int64_t offset, 100 size_t num_bytes, 101 void* buffer, 102 size_t* out_num_read) override { 103 // Expect method not used. 104 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 105 } 106 107 AvbIOResult write_to_partition(const char* partition, 108 int64_t offset, 109 size_t num_bytes, 110 const void* buffer) override { 111 // Expect method not used. 112 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 113 } 114 115 AvbIOResult validate_vbmeta_public_key(AvbOps* ops, 116 const uint8_t* public_key_data, 117 size_t public_key_length, 118 const uint8_t* public_key_metadata, 119 size_t public_key_metadata_length, 120 bool* out_key_is_trusted) override { 121 // Expect method not used. 122 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 123 } 124 125 AvbIOResult read_rollback_index(AvbOps* ops, 126 size_t rollback_index_slot, 127 uint64_t* out_rollback_index) override { 128 if ((fail_read_pik_rollback_index_ && 129 rollback_index_slot == AVB_ATX_PIK_VERSION_LOCATION) || 130 (fail_read_psk_rollback_index_ && 131 rollback_index_slot == AVB_ATX_PSK_VERSION_LOCATION)) { 132 return AVB_IO_RESULT_ERROR_IO; 133 } 134 return ops_.read_rollback_index( 135 ops, rollback_index_slot, out_rollback_index); 136 } 137 138 AvbIOResult write_rollback_index(AvbOps* ops, 139 size_t rollback_index_slot, 140 uint64_t rollback_index) override { 141 // Expect method not used. 142 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 143 } 144 145 AvbIOResult read_is_device_unlocked(AvbOps* ops, 146 bool* out_is_device_unlocked) override { 147 // Expect method not used. 148 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 149 } 150 151 AvbIOResult get_unique_guid_for_partition(AvbOps* ops, 152 const char* partition, 153 char* guid_buf, 154 size_t guid_buf_size) override { 155 // Expect method not used. 156 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 157 } 158 159 AvbIOResult read_permanent_attributes( 160 AvbAtxPermanentAttributes* attributes) override { 161 if (fail_read_permanent_attributes_) { 162 return AVB_IO_RESULT_ERROR_IO; 163 } 164 return ops_.read_permanent_attributes(attributes); 165 } 166 167 AvbIOResult read_permanent_attributes_hash( 168 uint8_t hash[AVB_SHA256_DIGEST_SIZE]) override { 169 if (fail_read_permanent_attributes_hash_) { 170 return AVB_IO_RESULT_ERROR_IO; 171 } 172 return ops_.read_permanent_attributes_hash(hash); 173 } 174 175 protected: 176 virtual AvbIOResult Validate(bool* is_trusted) { 177 return avb_atx_validate_vbmeta_public_key( 178 ops_.avb_ops(), 179 metadata_.product_signing_key_certificate.signed_data.public_key, 180 AVB_ATX_PUBLIC_KEY_SIZE, 181 reinterpret_cast<const uint8_t*>(&metadata_), 182 sizeof(metadata_), 183 is_trusted); 184 } 185 186 void SignPIKCertificate() { 187 memset(metadata_.product_intermediate_key_certificate.signature, 188 0, 189 AVB_RSA4096_NUM_BYTES); 190 ScopedRSA key(kPRKPrivateKeyPath); 191 ASSERT_TRUE( 192 key.Sign(&metadata_.product_intermediate_key_certificate.signed_data, 193 sizeof(AvbAtxCertificateSignedData), 194 metadata_.product_intermediate_key_certificate.signature)); 195 } 196 197 void SignPSKCertificate() { 198 memset(metadata_.product_signing_key_certificate.signature, 199 0, 200 AVB_RSA4096_NUM_BYTES); 201 ScopedRSA key(kPIKPrivateKeyPath); 202 ASSERT_TRUE(key.Sign(&metadata_.product_signing_key_certificate.signed_data, 203 sizeof(AvbAtxCertificateSignedData), 204 metadata_.product_signing_key_certificate.signature)); 205 } 206 207 FakeAvbOps ops_; 208 AvbAtxPermanentAttributes attributes_; 209 AvbAtxPublicKeyMetadata metadata_; 210 bool fail_read_permanent_attributes_{false}; 211 bool fail_read_permanent_attributes_hash_{false}; 212 bool fail_read_pik_rollback_index_{false}; 213 bool fail_read_psk_rollback_index_{false}; 214 215 private: 216 void ReadDefaultData() { 217 std::string tmp; 218 ASSERT_TRUE(base::ReadFileToString(base::FilePath(kMetadataPath), &tmp)); 219 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPublicKeyMetadata)); 220 memcpy(&metadata_, tmp.data(), tmp.size()); 221 ASSERT_TRUE( 222 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp)); 223 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes)); 224 memcpy(&attributes_, tmp.data(), tmp.size()); 225 } 226 }; 227 228 TEST_F(AvbAtxValidateTest, Success) { 229 bool is_trusted = false; 230 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 231 EXPECT_TRUE(is_trusted); 232 } 233 234 TEST_F(AvbAtxValidateTest, SuccessAfterNewSign) { 235 std::string old_pik_sig( 236 reinterpret_cast<char*>( 237 metadata_.product_intermediate_key_certificate.signature), 238 AVB_RSA4096_NUM_BYTES); 239 std::string old_psk_sig( 240 reinterpret_cast<char*>( 241 metadata_.product_signing_key_certificate.signature), 242 AVB_RSA4096_NUM_BYTES); 243 SignPIKCertificate(); 244 SignPSKCertificate(); 245 std::string new_pik_sig( 246 reinterpret_cast<char*>( 247 metadata_.product_intermediate_key_certificate.signature), 248 AVB_RSA4096_NUM_BYTES); 249 std::string new_psk_sig( 250 reinterpret_cast<char*>( 251 metadata_.product_signing_key_certificate.signature), 252 AVB_RSA4096_NUM_BYTES); 253 EXPECT_EQ(old_pik_sig, new_pik_sig); 254 EXPECT_EQ(old_psk_sig, new_psk_sig); 255 bool is_trusted = false; 256 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 257 EXPECT_TRUE(is_trusted); 258 } 259 260 TEST_F(AvbAtxValidateTest, FailReadPermamentAttributes) { 261 fail_read_permanent_attributes_ = true; 262 bool is_trusted = true; 263 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 264 EXPECT_FALSE(is_trusted); 265 } 266 267 TEST_F(AvbAtxValidateTest, FailReadPermamentAttributesHash) { 268 fail_read_permanent_attributes_hash_ = true; 269 bool is_trusted = true; 270 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 271 EXPECT_FALSE(is_trusted); 272 } 273 274 TEST_F(AvbAtxValidateTest, UnsupportedPermanentAttributesVersion) { 275 attributes_.version = 25; 276 ops_.set_permanent_attributes(attributes_); 277 bool is_trusted = true; 278 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 279 EXPECT_FALSE(is_trusted); 280 } 281 282 TEST_F(AvbAtxValidateTest, PermanentAttributesHashMismatch) { 283 ops_.set_permanent_attributes_hash("bad_hash"); 284 bool is_trusted = true; 285 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 286 EXPECT_FALSE(is_trusted); 287 } 288 289 // A fixture with parameterized metadata length. 290 class AvbAtxValidateTestWithMetadataLength 291 : public AvbAtxValidateTest, 292 public ::testing::WithParamInterface<size_t> { 293 protected: 294 AvbIOResult Validate(bool* is_trusted) override { 295 return avb_atx_validate_vbmeta_public_key( 296 ops_.avb_ops(), 297 metadata_.product_signing_key_certificate.signed_data.public_key, 298 AVB_ATX_PUBLIC_KEY_SIZE, 299 reinterpret_cast<const uint8_t*>(&metadata_), 300 GetParam(), 301 is_trusted); 302 } 303 }; 304 305 TEST_P(AvbAtxValidateTestWithMetadataLength, InvalidMetadataLength) { 306 bool is_trusted = true; 307 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 308 EXPECT_FALSE(is_trusted); 309 } 310 311 // Test a bunch of invalid metadata length values. 312 INSTANTIATE_TEST_CASE_P(P, 313 AvbAtxValidateTestWithMetadataLength, 314 ::testing::Values(0, 315 1, 316 sizeof(AvbAtxPublicKeyMetadata) - 1, 317 sizeof(AvbAtxPublicKeyMetadata) + 1, 318 -1)); 319 320 TEST_F(AvbAtxValidateTest, UnsupportedMetadataVersion) { 321 metadata_.version = 25; 322 bool is_trusted = true; 323 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 324 EXPECT_FALSE(is_trusted); 325 } 326 327 TEST_F(AvbAtxValidateTest, FailReadPIKRollbackIndex) { 328 fail_read_pik_rollback_index_ = true; 329 bool is_trusted = true; 330 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 331 EXPECT_FALSE(is_trusted); 332 } 333 334 TEST_F(AvbAtxValidateTest, UnsupportedPIKCertificateVersion) { 335 metadata_.product_intermediate_key_certificate.signed_data.version = 25; 336 SignPIKCertificate(); 337 bool is_trusted = true; 338 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 339 EXPECT_FALSE(is_trusted); 340 } 341 342 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubjectPublicKey) { 343 metadata_.product_intermediate_key_certificate.signed_data.public_key[0] ^= 1; 344 bool is_trusted = true; 345 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 346 EXPECT_FALSE(is_trusted); 347 } 348 349 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubject) { 350 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1; 351 bool is_trusted = true; 352 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 353 EXPECT_FALSE(is_trusted); 354 } 355 356 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedUsage) { 357 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1; 358 bool is_trusted = true; 359 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 360 EXPECT_FALSE(is_trusted); 361 } 362 363 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedKeyVersion) { 364 metadata_.product_intermediate_key_certificate.signed_data.key_version ^= 1; 365 bool is_trusted = true; 366 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 367 EXPECT_FALSE(is_trusted); 368 } 369 370 TEST_F(AvbAtxValidateTest, BadPIKCert_BadSignature) { 371 metadata_.product_intermediate_key_certificate.signature[0] ^= 1; 372 bool is_trusted = true; 373 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 374 EXPECT_FALSE(is_trusted); 375 } 376 377 TEST_F(AvbAtxValidateTest, PIKCertSubjectIgnored) { 378 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1; 379 SignPIKCertificate(); 380 bool is_trusted = false; 381 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 382 EXPECT_TRUE(is_trusted); 383 } 384 385 TEST_F(AvbAtxValidateTest, PIKCertUnexpectedUsage) { 386 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1; 387 SignPIKCertificate(); 388 bool is_trusted = true; 389 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 390 EXPECT_FALSE(is_trusted); 391 } 392 393 TEST_F(AvbAtxValidateTest, PIKRollback) { 394 ops_.set_stored_rollback_indexes( 395 {{AVB_ATX_PIK_VERSION_LOCATION, 396 metadata_.product_intermediate_key_certificate.signed_data.key_version + 397 1}, 398 {AVB_ATX_PSK_VERSION_LOCATION, 0}}); 399 bool is_trusted = true; 400 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 401 EXPECT_FALSE(is_trusted); 402 } 403 404 TEST_F(AvbAtxValidateTest, FailReadPSKRollbackIndex) { 405 fail_read_psk_rollback_index_ = true; 406 bool is_trusted = true; 407 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 408 EXPECT_FALSE(is_trusted); 409 } 410 411 TEST_F(AvbAtxValidateTest, UnsupportedPSKCertificateVersion) { 412 metadata_.product_signing_key_certificate.signed_data.version = 25; 413 SignPSKCertificate(); 414 bool is_trusted = true; 415 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 416 EXPECT_FALSE(is_trusted); 417 } 418 419 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubjectPublicKey) { 420 metadata_.product_signing_key_certificate.signed_data.public_key[0] ^= 1; 421 bool is_trusted = true; 422 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 423 EXPECT_FALSE(is_trusted); 424 } 425 426 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubject) { 427 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1; 428 bool is_trusted = true; 429 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 430 EXPECT_FALSE(is_trusted); 431 } 432 433 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedUsage) { 434 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1; 435 bool is_trusted = true; 436 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 437 EXPECT_FALSE(is_trusted); 438 } 439 440 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedKeyVersion) { 441 metadata_.product_signing_key_certificate.signed_data.key_version ^= 1; 442 bool is_trusted = true; 443 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 444 EXPECT_FALSE(is_trusted); 445 } 446 447 TEST_F(AvbAtxValidateTest, BadPSKCert_BadSignature) { 448 metadata_.product_signing_key_certificate.signature[0] ^= 1; 449 bool is_trusted = true; 450 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 451 EXPECT_FALSE(is_trusted); 452 } 453 454 TEST_F(AvbAtxValidateTest, PSKCertUnexpectedSubject) { 455 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1; 456 SignPSKCertificate(); 457 bool is_trusted = true; 458 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 459 EXPECT_FALSE(is_trusted); 460 } 461 462 TEST_F(AvbAtxValidateTest, PSKCertUnexpectedUsage) { 463 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1; 464 SignPSKCertificate(); 465 bool is_trusted = true; 466 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 467 EXPECT_FALSE(is_trusted); 468 } 469 470 TEST_F(AvbAtxValidateTest, PSKRollback) { 471 ops_.set_stored_rollback_indexes( 472 {{AVB_ATX_PIK_VERSION_LOCATION, 0}, 473 {AVB_ATX_PSK_VERSION_LOCATION, 474 metadata_.product_signing_key_certificate.signed_data.key_version + 475 1}}); 476 bool is_trusted = true; 477 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 478 EXPECT_FALSE(is_trusted); 479 } 480 481 // A fixture with parameterized public key length. 482 class AvbAtxValidateTestWithPublicKeyLength 483 : public AvbAtxValidateTest, 484 public ::testing::WithParamInterface<size_t> { 485 protected: 486 AvbIOResult Validate(bool* is_trusted) override { 487 return avb_atx_validate_vbmeta_public_key( 488 ops_.avb_ops(), 489 metadata_.product_signing_key_certificate.signed_data.public_key, 490 GetParam(), 491 reinterpret_cast<const uint8_t*>(&metadata_), 492 sizeof(metadata_), 493 is_trusted); 494 } 495 }; 496 497 TEST_P(AvbAtxValidateTestWithPublicKeyLength, InvalidPublicKeyLength) { 498 bool is_trusted = true; 499 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 500 EXPECT_FALSE(is_trusted); 501 } 502 503 // Test a bunch of invalid public key length values. 504 INSTANTIATE_TEST_CASE_P(P, 505 AvbAtxValidateTestWithPublicKeyLength, 506 ::testing::Values(0, 507 1, 508 AVB_ATX_PUBLIC_KEY_SIZE - 1, 509 AVB_ATX_PUBLIC_KEY_SIZE + 1, 510 AVB_ATX_PUBLIC_KEY_SIZE - 512, 511 -1)); 512 513 TEST_F(AvbAtxValidateTest, PSKMismatch) { 514 uint8_t bad_key[AVB_ATX_PUBLIC_KEY_SIZE] = {}; 515 bool is_trusted = true; 516 EXPECT_EQ(AVB_IO_RESULT_OK, 517 avb_atx_validate_vbmeta_public_key( 518 ops_.avb_ops(), 519 bad_key, 520 AVB_ATX_PUBLIC_KEY_SIZE, 521 reinterpret_cast<const uint8_t*>(&metadata_), 522 sizeof(metadata_), 523 &is_trusted)); 524 EXPECT_FALSE(is_trusted); 525 } 526 527 // A fixture for testing avb_slot_verify() with ATX. 528 class AvbAtxSlotVerifyTest : public BaseAvbToolTest, public FakeAvbOpsDelegate { 529 public: 530 ~AvbAtxSlotVerifyTest() override = default; 531 532 void SetUp() override { 533 BaseAvbToolTest::SetUp(); 534 ReadAtxDefaultData(); 535 ops_.set_partition_dir(testdir_); 536 ops_.set_delegate(this); 537 ops_.set_permanent_attributes(attributes_); 538 ops_.set_stored_rollback_indexes({{0, 0}, 539 {1, 0}, 540 {2, 0}, 541 {3, 0}, 542 {AVB_ATX_PIK_VERSION_LOCATION, 0}, 543 {AVB_ATX_PSK_VERSION_LOCATION, 0}}); 544 ops_.set_stored_is_device_unlocked(false); 545 } 546 547 // FakeAvbOpsDelegate methods. All forward to FakeAvbOps default except for 548 // validate_vbmeta_public_key(). 549 AvbIOResult read_from_partition(const char* partition, 550 int64_t offset, 551 size_t num_bytes, 552 void* buffer, 553 size_t* out_num_read) override { 554 return ops_.read_from_partition( 555 partition, offset, num_bytes, buffer, out_num_read); 556 } 557 558 AvbIOResult write_to_partition(const char* partition, 559 int64_t offset, 560 size_t num_bytes, 561 const void* buffer) override { 562 return ops_.write_to_partition(partition, offset, num_bytes, buffer); 563 } 564 565 AvbIOResult validate_vbmeta_public_key(AvbOps* ops, 566 const uint8_t* public_key_data, 567 size_t public_key_length, 568 const uint8_t* public_key_metadata, 569 size_t public_key_metadata_length, 570 bool* out_key_is_trusted) override { 571 // Send to ATX implementation. 572 ++num_atx_calls_; 573 return avb_atx_validate_vbmeta_public_key(ops_.avb_ops(), 574 public_key_data, 575 public_key_length, 576 public_key_metadata, 577 public_key_metadata_length, 578 out_key_is_trusted); 579 } 580 581 AvbIOResult read_rollback_index(AvbOps* ops, 582 size_t rollback_index_slot, 583 uint64_t* out_rollback_index) override { 584 return ops_.read_rollback_index( 585 ops, rollback_index_slot, out_rollback_index); 586 } 587 588 AvbIOResult write_rollback_index(AvbOps* ops, 589 size_t rollback_index_slot, 590 uint64_t rollback_index) override { 591 return ops_.write_rollback_index(ops, rollback_index_slot, rollback_index); 592 } 593 594 AvbIOResult read_is_device_unlocked(AvbOps* ops, 595 bool* out_is_device_unlocked) override { 596 return ops_.read_is_device_unlocked(ops, out_is_device_unlocked); 597 } 598 599 AvbIOResult get_unique_guid_for_partition(AvbOps* ops, 600 const char* partition, 601 char* guid_buf, 602 size_t guid_buf_size) override { 603 return ops_.get_unique_guid_for_partition( 604 ops, partition, guid_buf, guid_buf_size); 605 } 606 607 AvbIOResult read_permanent_attributes( 608 AvbAtxPermanentAttributes* attributes) override { 609 return ops_.read_permanent_attributes(attributes); 610 } 611 612 AvbIOResult read_permanent_attributes_hash( 613 uint8_t hash[AVB_SHA256_DIGEST_SIZE]) override { 614 return ops_.read_permanent_attributes_hash(hash); 615 } 616 617 protected: 618 FakeAvbOps ops_; 619 AvbAtxPermanentAttributes attributes_; 620 int num_atx_calls_ = 0; 621 622 private: 623 void ReadAtxDefaultData() { 624 std::string tmp; 625 ASSERT_TRUE( 626 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp)); 627 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes)); 628 memcpy(&attributes_, tmp.data(), tmp.size()); 629 } 630 }; 631 632 TEST_F(AvbAtxSlotVerifyTest, SlotVerifyWithAtx) { 633 std::string metadata_option = "--public_key_metadata="; 634 metadata_option += kMetadataPath; 635 GenerateVBMetaImage("vbmeta_a.img", 636 "SHA512_RSA4096", 637 0, 638 base::FilePath("test/data/testkey_atx_psk.pem"), 639 metadata_option); 640 641 ops_.set_expected_public_key( 642 PublicKeyAVB(base::FilePath("test/data/testkey_atx_psk.pem"))); 643 644 AvbSlotVerifyData* slot_data = NULL; 645 const char* requested_partitions[] = {"boot", NULL}; 646 EXPECT_EQ(AVB_SLOT_VERIFY_RESULT_OK, 647 avb_slot_verify(ops_.avb_ops(), 648 requested_partitions, 649 "_a", 650 false /* allow_verification_error */, 651 &slot_data)); 652 EXPECT_NE(nullptr, slot_data); 653 avb_slot_verify_data_free(slot_data); 654 EXPECT_EQ(1, num_atx_calls_); 655 } 656 657 } // namespace avb 658