1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Permission is hereby granted, free of charge, to any person 5 * obtaining a copy of this software and associated documentation 6 * files (the "Software"), to deal in the Software without 7 * restriction, including without limitation the rights to use, copy, 8 * modify, merge, publish, distribute, sublicense, and/or sell copies 9 * of the Software, and to permit persons to whom the Software is 10 * furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 25 #include <stdio.h> 26 #include <string.h> 27 28 #include <base/files/file_util.h> 29 #include <gtest/gtest.h> 30 #include <openssl/objects.h> 31 #include <openssl/pem.h> 32 #include <openssl/rsa.h> 33 #include <openssl/sha.h> 34 35 #include <libavb_atx/libavb_atx.h> 36 37 #include "avb_unittest_util.h" 38 #include "fake_avb_ops.h" 39 40 namespace { 41 42 const char kMetadataPath[] = "test/data/atx_metadata.bin"; 43 const char kPermanentAttributesPath[] = 44 "test/data/atx_permanent_attributes.bin"; 45 const char kPRKPrivateKeyPath[] = "test/data/testkey_atx_prk.pem"; 46 const char kPIKPrivateKeyPath[] = "test/data/testkey_atx_pik.pem"; 47 48 class ScopedRSA { 49 public: 50 ScopedRSA(const char* pem_key_path) { 51 FILE* file = fopen(pem_key_path, "r"); 52 rsa_ = PEM_read_RSAPrivateKey(file, nullptr, nullptr, nullptr); 53 fclose(file); 54 } 55 56 ~ScopedRSA() { 57 if (rsa_) { 58 RSA_free(rsa_); 59 } 60 } 61 62 // PKCS #1 v1.5 signature using SHA512. Returns true on success. 63 bool Sign(const void* data_to_sign, size_t length, uint8_t signature[]) { 64 uint8_t digest[AVB_SHA512_DIGEST_SIZE]; 65 const unsigned char* data_to_sign_buf = 66 reinterpret_cast<const unsigned char*>(data_to_sign); 67 SHA512(data_to_sign_buf, length, digest); 68 unsigned int signature_length = 0; 69 return (1 == RSA_sign(NID_sha512, 70 digest, 71 AVB_SHA512_DIGEST_SIZE, 72 signature, 73 &signature_length, 74 rsa_)); 75 } 76 77 private: 78 RSA* rsa_; 79 }; 80 81 } /* namespace */ 82 83 namespace avb { 84 85 class AvbAtxValidateTest : public ::testing::Test, 86 public FakeAvbOpsDelegateWithDefaults { 87 public: 88 ~AvbAtxValidateTest() override {} 89 90 void SetUp() override { 91 ReadDefaultData(); 92 ops_.set_delegate(this); 93 ops_.set_permanent_attributes(attributes_); 94 ops_.set_stored_rollback_indexes( 95 {{AVB_ATX_PIK_VERSION_LOCATION, 0}, {AVB_ATX_PSK_VERSION_LOCATION, 0}}); 96 } 97 98 // FakeAvbOpsDelegate methods. 99 AvbIOResult read_from_partition(const char* partition, 100 int64_t offset, 101 size_t num_bytes, 102 void* buffer, 103 size_t* out_num_read) override { 104 // Expect method not used. 105 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 106 } 107 108 AvbIOResult get_preloaded_partition( 109 const char* partition, 110 size_t num_bytes, 111 uint8_t** out_pointer, 112 size_t* out_num_bytes_preloaded) override { 113 // Expect method not used. 114 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 115 } 116 117 AvbIOResult write_to_partition(const char* partition, 118 int64_t offset, 119 size_t num_bytes, 120 const void* buffer) override { 121 // Expect method not used. 122 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 123 } 124 125 AvbIOResult validate_vbmeta_public_key(AvbOps* ops, 126 const uint8_t* public_key_data, 127 size_t public_key_length, 128 const uint8_t* public_key_metadata, 129 size_t public_key_metadata_length, 130 bool* out_key_is_trusted) override { 131 // Expect method not used. 132 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 133 } 134 135 AvbIOResult read_rollback_index(AvbOps* ops, 136 size_t rollback_index_slot, 137 uint64_t* out_rollback_index) override { 138 if ((fail_read_pik_rollback_index_ && 139 rollback_index_slot == AVB_ATX_PIK_VERSION_LOCATION) || 140 (fail_read_psk_rollback_index_ && 141 rollback_index_slot == AVB_ATX_PSK_VERSION_LOCATION)) { 142 return AVB_IO_RESULT_ERROR_IO; 143 } 144 return ops_.read_rollback_index( 145 ops, rollback_index_slot, out_rollback_index); 146 } 147 148 AvbIOResult write_rollback_index(AvbOps* ops, 149 size_t rollback_index_slot, 150 uint64_t rollback_index) override { 151 // Expect method not used. 152 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 153 } 154 155 AvbIOResult read_is_device_unlocked(AvbOps* ops, 156 bool* out_is_device_unlocked) override { 157 // Expect method not used. 158 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 159 } 160 161 AvbIOResult get_unique_guid_for_partition(AvbOps* ops, 162 const char* partition, 163 char* guid_buf, 164 size_t guid_buf_size) override { 165 // Expect method not used. 166 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 167 } 168 169 AvbIOResult get_size_of_partition(AvbOps* ops, 170 const char* partition, 171 uint64_t* out_size) override { 172 // Expect method not used. 173 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 174 } 175 176 AvbIOResult read_persistent_value(const char* name, 177 size_t buffer_size, 178 uint8_t* out_buffer, 179 size_t* out_num_bytes_read) override { 180 // Expect method not used. 181 return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE; 182 } 183 184 AvbIOResult write_persistent_value(const char* name, 185 size_t value_size, 186 const uint8_t* value) override { 187 // Expect method not used. 188 return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE; 189 } 190 191 AvbIOResult read_permanent_attributes( 192 AvbAtxPermanentAttributes* attributes) override { 193 if (fail_read_permanent_attributes_) { 194 return AVB_IO_RESULT_ERROR_IO; 195 } 196 return ops_.read_permanent_attributes(attributes); 197 } 198 199 AvbIOResult read_permanent_attributes_hash( 200 uint8_t hash[AVB_SHA256_DIGEST_SIZE]) override { 201 if (fail_read_permanent_attributes_hash_) { 202 return AVB_IO_RESULT_ERROR_IO; 203 } 204 return ops_.read_permanent_attributes_hash(hash); 205 } 206 207 protected: 208 virtual AvbIOResult Validate(bool* is_trusted) { 209 return avb_atx_validate_vbmeta_public_key( 210 ops_.avb_ops(), 211 metadata_.product_signing_key_certificate.signed_data.public_key, 212 AVB_ATX_PUBLIC_KEY_SIZE, 213 reinterpret_cast<const uint8_t*>(&metadata_), 214 sizeof(metadata_), 215 is_trusted); 216 } 217 218 void SignPIKCertificate() { 219 memset(metadata_.product_intermediate_key_certificate.signature, 220 0, 221 AVB_RSA4096_NUM_BYTES); 222 ScopedRSA key(kPRKPrivateKeyPath); 223 ASSERT_TRUE( 224 key.Sign(&metadata_.product_intermediate_key_certificate.signed_data, 225 sizeof(AvbAtxCertificateSignedData), 226 metadata_.product_intermediate_key_certificate.signature)); 227 } 228 229 void SignPSKCertificate() { 230 memset(metadata_.product_signing_key_certificate.signature, 231 0, 232 AVB_RSA4096_NUM_BYTES); 233 ScopedRSA key(kPIKPrivateKeyPath); 234 ASSERT_TRUE(key.Sign(&metadata_.product_signing_key_certificate.signed_data, 235 sizeof(AvbAtxCertificateSignedData), 236 metadata_.product_signing_key_certificate.signature)); 237 } 238 239 AvbAtxPermanentAttributes attributes_; 240 AvbAtxPublicKeyMetadata metadata_; 241 bool fail_read_permanent_attributes_{false}; 242 bool fail_read_permanent_attributes_hash_{false}; 243 bool fail_read_pik_rollback_index_{false}; 244 bool fail_read_psk_rollback_index_{false}; 245 246 private: 247 void ReadDefaultData() { 248 std::string tmp; 249 ASSERT_TRUE(base::ReadFileToString(base::FilePath(kMetadataPath), &tmp)); 250 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPublicKeyMetadata)); 251 memcpy(&metadata_, tmp.data(), tmp.size()); 252 ASSERT_TRUE( 253 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp)); 254 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes)); 255 memcpy(&attributes_, tmp.data(), tmp.size()); 256 } 257 }; 258 259 TEST_F(AvbAtxValidateTest, Success) { 260 bool is_trusted = false; 261 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 262 EXPECT_TRUE(is_trusted); 263 264 // Check that the key versions were reported correctly. 265 EXPECT_EQ( 266 ops_.get_verified_rollback_indexes()[AVB_ATX_PIK_VERSION_LOCATION], 267 metadata_.product_intermediate_key_certificate.signed_data.key_version); 268 EXPECT_EQ(ops_.get_verified_rollback_indexes()[AVB_ATX_PSK_VERSION_LOCATION], 269 metadata_.product_signing_key_certificate.signed_data.key_version); 270 EXPECT_EQ(2UL, ops_.get_verified_rollback_indexes().size()); 271 } 272 273 TEST_F(AvbAtxValidateTest, SuccessAfterNewSign) { 274 std::string old_pik_sig( 275 reinterpret_cast<char*>( 276 metadata_.product_intermediate_key_certificate.signature), 277 AVB_RSA4096_NUM_BYTES); 278 std::string old_psk_sig( 279 reinterpret_cast<char*>( 280 metadata_.product_signing_key_certificate.signature), 281 AVB_RSA4096_NUM_BYTES); 282 SignPIKCertificate(); 283 SignPSKCertificate(); 284 std::string new_pik_sig( 285 reinterpret_cast<char*>( 286 metadata_.product_intermediate_key_certificate.signature), 287 AVB_RSA4096_NUM_BYTES); 288 std::string new_psk_sig( 289 reinterpret_cast<char*>( 290 metadata_.product_signing_key_certificate.signature), 291 AVB_RSA4096_NUM_BYTES); 292 EXPECT_EQ(old_pik_sig, new_pik_sig); 293 EXPECT_EQ(old_psk_sig, new_psk_sig); 294 bool is_trusted = false; 295 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 296 EXPECT_TRUE(is_trusted); 297 } 298 299 TEST_F(AvbAtxValidateTest, FailReadPermamentAttributes) { 300 fail_read_permanent_attributes_ = true; 301 bool is_trusted = true; 302 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 303 EXPECT_FALSE(is_trusted); 304 } 305 306 TEST_F(AvbAtxValidateTest, FailReadPermamentAttributesHash) { 307 fail_read_permanent_attributes_hash_ = true; 308 bool is_trusted = true; 309 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 310 EXPECT_FALSE(is_trusted); 311 } 312 313 TEST_F(AvbAtxValidateTest, UnsupportedPermanentAttributesVersion) { 314 attributes_.version = 25; 315 ops_.set_permanent_attributes(attributes_); 316 bool is_trusted = true; 317 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 318 EXPECT_FALSE(is_trusted); 319 } 320 321 TEST_F(AvbAtxValidateTest, PermanentAttributesHashMismatch) { 322 ops_.set_permanent_attributes_hash("bad_hash"); 323 bool is_trusted = true; 324 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 325 EXPECT_FALSE(is_trusted); 326 } 327 328 // A fixture with parameterized metadata length. 329 class AvbAtxValidateTestWithMetadataLength 330 : public AvbAtxValidateTest, 331 public ::testing::WithParamInterface<size_t> { 332 protected: 333 AvbIOResult Validate(bool* is_trusted) override { 334 return avb_atx_validate_vbmeta_public_key( 335 ops_.avb_ops(), 336 metadata_.product_signing_key_certificate.signed_data.public_key, 337 AVB_ATX_PUBLIC_KEY_SIZE, 338 reinterpret_cast<const uint8_t*>(&metadata_), 339 GetParam(), 340 is_trusted); 341 } 342 }; 343 344 TEST_P(AvbAtxValidateTestWithMetadataLength, InvalidMetadataLength) { 345 bool is_trusted = true; 346 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 347 EXPECT_FALSE(is_trusted); 348 } 349 350 // Test a bunch of invalid metadata length values. 351 INSTANTIATE_TEST_CASE_P(P, 352 AvbAtxValidateTestWithMetadataLength, 353 ::testing::Values(0, 354 1, 355 sizeof(AvbAtxPublicKeyMetadata) - 1, 356 sizeof(AvbAtxPublicKeyMetadata) + 1, 357 -1)); 358 359 TEST_F(AvbAtxValidateTest, UnsupportedMetadataVersion) { 360 metadata_.version = 25; 361 bool is_trusted = true; 362 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 363 EXPECT_FALSE(is_trusted); 364 } 365 366 TEST_F(AvbAtxValidateTest, FailReadPIKRollbackIndex) { 367 fail_read_pik_rollback_index_ = true; 368 bool is_trusted = true; 369 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 370 EXPECT_FALSE(is_trusted); 371 } 372 373 TEST_F(AvbAtxValidateTest, UnsupportedPIKCertificateVersion) { 374 metadata_.product_intermediate_key_certificate.signed_data.version = 25; 375 SignPIKCertificate(); 376 bool is_trusted = true; 377 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 378 EXPECT_FALSE(is_trusted); 379 } 380 381 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubjectPublicKey) { 382 metadata_.product_intermediate_key_certificate.signed_data.public_key[0] ^= 1; 383 bool is_trusted = true; 384 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 385 EXPECT_FALSE(is_trusted); 386 } 387 388 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubject) { 389 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1; 390 bool is_trusted = true; 391 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 392 EXPECT_FALSE(is_trusted); 393 } 394 395 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedUsage) { 396 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1; 397 bool is_trusted = true; 398 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 399 EXPECT_FALSE(is_trusted); 400 } 401 402 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedKeyVersion) { 403 metadata_.product_intermediate_key_certificate.signed_data.key_version ^= 1; 404 bool is_trusted = true; 405 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 406 EXPECT_FALSE(is_trusted); 407 } 408 409 TEST_F(AvbAtxValidateTest, BadPIKCert_BadSignature) { 410 metadata_.product_intermediate_key_certificate.signature[0] ^= 1; 411 bool is_trusted = true; 412 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 413 EXPECT_FALSE(is_trusted); 414 } 415 416 TEST_F(AvbAtxValidateTest, PIKCertSubjectIgnored) { 417 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1; 418 SignPIKCertificate(); 419 bool is_trusted = false; 420 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 421 EXPECT_TRUE(is_trusted); 422 } 423 424 TEST_F(AvbAtxValidateTest, PIKCertUnexpectedUsage) { 425 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1; 426 SignPIKCertificate(); 427 bool is_trusted = true; 428 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 429 EXPECT_FALSE(is_trusted); 430 } 431 432 TEST_F(AvbAtxValidateTest, PIKRollback) { 433 ops_.set_stored_rollback_indexes( 434 {{AVB_ATX_PIK_VERSION_LOCATION, 435 metadata_.product_intermediate_key_certificate.signed_data.key_version + 436 1}, 437 {AVB_ATX_PSK_VERSION_LOCATION, 0}}); 438 bool is_trusted = true; 439 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 440 EXPECT_FALSE(is_trusted); 441 } 442 443 TEST_F(AvbAtxValidateTest, FailReadPSKRollbackIndex) { 444 fail_read_psk_rollback_index_ = true; 445 bool is_trusted = true; 446 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); 447 EXPECT_FALSE(is_trusted); 448 } 449 450 TEST_F(AvbAtxValidateTest, UnsupportedPSKCertificateVersion) { 451 metadata_.product_signing_key_certificate.signed_data.version = 25; 452 SignPSKCertificate(); 453 bool is_trusted = true; 454 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 455 EXPECT_FALSE(is_trusted); 456 } 457 458 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubjectPublicKey) { 459 metadata_.product_signing_key_certificate.signed_data.public_key[0] ^= 1; 460 bool is_trusted = true; 461 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 462 EXPECT_FALSE(is_trusted); 463 } 464 465 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubject) { 466 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1; 467 bool is_trusted = true; 468 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 469 EXPECT_FALSE(is_trusted); 470 } 471 472 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedUsage) { 473 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1; 474 bool is_trusted = true; 475 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 476 EXPECT_FALSE(is_trusted); 477 } 478 479 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedKeyVersion) { 480 metadata_.product_signing_key_certificate.signed_data.key_version ^= 1; 481 bool is_trusted = true; 482 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 483 EXPECT_FALSE(is_trusted); 484 } 485 486 TEST_F(AvbAtxValidateTest, BadPSKCert_BadSignature) { 487 metadata_.product_signing_key_certificate.signature[0] ^= 1; 488 bool is_trusted = true; 489 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 490 EXPECT_FALSE(is_trusted); 491 } 492 493 TEST_F(AvbAtxValidateTest, PSKCertUnexpectedSubject) { 494 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1; 495 SignPSKCertificate(); 496 bool is_trusted = true; 497 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 498 EXPECT_FALSE(is_trusted); 499 } 500 501 TEST_F(AvbAtxValidateTest, PSKCertUnexpectedUsage) { 502 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1; 503 SignPSKCertificate(); 504 bool is_trusted = true; 505 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 506 EXPECT_FALSE(is_trusted); 507 } 508 509 TEST_F(AvbAtxValidateTest, PSKRollback) { 510 ops_.set_stored_rollback_indexes( 511 {{AVB_ATX_PIK_VERSION_LOCATION, 0}, 512 {AVB_ATX_PSK_VERSION_LOCATION, 513 metadata_.product_signing_key_certificate.signed_data.key_version + 514 1}}); 515 bool is_trusted = true; 516 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 517 EXPECT_FALSE(is_trusted); 518 } 519 520 // A fixture with parameterized public key length. 521 class AvbAtxValidateTestWithPublicKeyLength 522 : public AvbAtxValidateTest, 523 public ::testing::WithParamInterface<size_t> { 524 protected: 525 AvbIOResult Validate(bool* is_trusted) override { 526 return avb_atx_validate_vbmeta_public_key( 527 ops_.avb_ops(), 528 metadata_.product_signing_key_certificate.signed_data.public_key, 529 GetParam(), 530 reinterpret_cast<const uint8_t*>(&metadata_), 531 sizeof(metadata_), 532 is_trusted); 533 } 534 }; 535 536 TEST_P(AvbAtxValidateTestWithPublicKeyLength, InvalidPublicKeyLength) { 537 bool is_trusted = true; 538 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); 539 EXPECT_FALSE(is_trusted); 540 } 541 542 // Test a bunch of invalid public key length values. 543 INSTANTIATE_TEST_CASE_P(P, 544 AvbAtxValidateTestWithPublicKeyLength, 545 ::testing::Values(0, 546 1, 547 AVB_ATX_PUBLIC_KEY_SIZE - 1, 548 AVB_ATX_PUBLIC_KEY_SIZE + 1, 549 AVB_ATX_PUBLIC_KEY_SIZE - 512, 550 -1)); 551 552 TEST_F(AvbAtxValidateTest, PSKMismatch) { 553 uint8_t bad_key[AVB_ATX_PUBLIC_KEY_SIZE] = {}; 554 bool is_trusted = true; 555 EXPECT_EQ(AVB_IO_RESULT_OK, 556 avb_atx_validate_vbmeta_public_key( 557 ops_.avb_ops(), 558 bad_key, 559 AVB_ATX_PUBLIC_KEY_SIZE, 560 reinterpret_cast<const uint8_t*>(&metadata_), 561 sizeof(metadata_), 562 &is_trusted)); 563 EXPECT_FALSE(is_trusted); 564 } 565 566 // A fixture for testing avb_slot_verify() with ATX. 567 class AvbAtxSlotVerifyTest : public BaseAvbToolTest, 568 public FakeAvbOpsDelegateWithDefaults { 569 public: 570 ~AvbAtxSlotVerifyTest() override = default; 571 572 void SetUp() override { 573 BaseAvbToolTest::SetUp(); 574 ReadAtxDefaultData(); 575 ops_.set_partition_dir(testdir_); 576 ops_.set_delegate(this); 577 ops_.set_permanent_attributes(attributes_); 578 ops_.set_stored_rollback_indexes({{0, 0}, 579 {1, 0}, 580 {2, 0}, 581 {3, 0}, 582 {AVB_ATX_PIK_VERSION_LOCATION, 0}, 583 {AVB_ATX_PSK_VERSION_LOCATION, 0}}); 584 ops_.set_stored_is_device_unlocked(false); 585 } 586 587 // FakeAvbOpsDelegate override. 588 AvbIOResult validate_vbmeta_public_key(AvbOps* ops, 589 const uint8_t* public_key_data, 590 size_t public_key_length, 591 const uint8_t* public_key_metadata, 592 size_t public_key_metadata_length, 593 bool* out_key_is_trusted) override { 594 // Send to ATX implementation. 595 ++num_atx_calls_; 596 return avb_atx_validate_vbmeta_public_key(ops_.avb_ops(), 597 public_key_data, 598 public_key_length, 599 public_key_metadata, 600 public_key_metadata_length, 601 out_key_is_trusted); 602 } 603 604 protected: 605 AvbAtxPermanentAttributes attributes_; 606 int num_atx_calls_ = 0; 607 608 private: 609 void ReadAtxDefaultData() { 610 std::string tmp; 611 ASSERT_TRUE( 612 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp)); 613 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes)); 614 memcpy(&attributes_, tmp.data(), tmp.size()); 615 } 616 }; 617 618 TEST_F(AvbAtxSlotVerifyTest, SlotVerifyWithAtx) { 619 std::string metadata_option = "--public_key_metadata="; 620 metadata_option += kMetadataPath; 621 GenerateVBMetaImage("vbmeta_a.img", 622 "SHA512_RSA4096", 623 0, 624 base::FilePath("test/data/testkey_atx_psk.pem"), 625 metadata_option); 626 627 ops_.set_expected_public_key( 628 PublicKeyAVB(base::FilePath("test/data/testkey_atx_psk.pem"))); 629 630 AvbSlotVerifyData* slot_data = NULL; 631 const char* requested_partitions[] = {"boot", NULL}; 632 EXPECT_EQ(AVB_SLOT_VERIFY_RESULT_OK, 633 avb_slot_verify(ops_.avb_ops(), 634 requested_partitions, 635 "_a", 636 AVB_SLOT_VERIFY_FLAGS_NONE, 637 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, 638 &slot_data)); 639 EXPECT_NE(nullptr, slot_data); 640 avb_slot_verify_data_free(slot_data); 641 EXPECT_EQ(1, num_atx_calls_); 642 } 643 644 } // namespace avb 645