1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use, copy,
8 * modify, merge, publish, distribute, sublicense, and/or sell copies
9 * of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <string.h>
27
28 #include <base/files/file_util.h>
29 #include <gtest/gtest.h>
30 #include <openssl/objects.h>
31 #include <openssl/pem.h>
32 #include <openssl/rsa.h>
33 #include <openssl/sha.h>
34
35 #include <libavb_atx/libavb_atx.h>
36
37 #include "avb_unittest_util.h"
38 #include "fake_avb_ops.h"
39
40 namespace {
41
42 const char kMetadataPath[] = "test/data/atx_metadata.bin";
43 const char kPermanentAttributesPath[] =
44 "test/data/atx_permanent_attributes.bin";
45 const char kPRKPrivateKeyPath[] = "test/data/testkey_atx_prk.pem";
46 const char kPIKPrivateKeyPath[] = "test/data/testkey_atx_pik.pem";
47 const char kPSKPrivateKeyPath[] = "test/data/testkey_atx_psk.pem";
48 const char kPUKPrivateKeyPath[] = "test/data/testkey_atx_puk.pem";
49 const char kUnlockChallengePath[] = "test/data/atx_unlock_challenge.bin";
50 const char kUnlockCredentialPath[] = "test/data/atx_unlock_credential.bin";
51
52 class ScopedRSA {
53 public:
ScopedRSA(const char * pem_key_path)54 ScopedRSA(const char* pem_key_path) {
55 FILE* file = fopen(pem_key_path, "r");
56 rsa_ = PEM_read_RSAPrivateKey(file, nullptr, nullptr, nullptr);
57 fclose(file);
58 }
59
~ScopedRSA()60 ~ScopedRSA() {
61 if (rsa_) {
62 RSA_free(rsa_);
63 }
64 }
65
66 // PKCS #1 v1.5 signature using SHA512. Returns true on success.
Sign(const void * data_to_sign,size_t length,uint8_t signature[])67 bool Sign(const void* data_to_sign, size_t length, uint8_t signature[]) {
68 uint8_t digest[AVB_SHA512_DIGEST_SIZE];
69 const unsigned char* data_to_sign_buf =
70 reinterpret_cast<const unsigned char*>(data_to_sign);
71 SHA512(data_to_sign_buf, length, digest);
72 unsigned int signature_length = 0;
73 return (1 == RSA_sign(NID_sha512,
74 digest,
75 AVB_SHA512_DIGEST_SIZE,
76 signature,
77 &signature_length,
78 rsa_));
79 }
80
81 private:
82 RSA* rsa_;
83 };
84
85 } /* namespace */
86
87 namespace avb {
88
89 class AvbAtxValidateTest : public ::testing::Test,
90 public FakeAvbOpsDelegateWithDefaults {
91 public:
~AvbAtxValidateTest()92 ~AvbAtxValidateTest() override {}
93
SetUp()94 void SetUp() override {
95 ReadDefaultData();
96 ops_.set_delegate(this);
97 ops_.set_permanent_attributes(attributes_);
98 ops_.set_stored_rollback_indexes(
99 {{AVB_ATX_PIK_VERSION_LOCATION, 0}, {AVB_ATX_PSK_VERSION_LOCATION, 0}});
100 }
101
102 // FakeAvbOpsDelegate methods.
read_from_partition(const char * partition,int64_t offset,size_t num_bytes,void * buffer,size_t * out_num_read)103 AvbIOResult read_from_partition(const char* partition,
104 int64_t offset,
105 size_t num_bytes,
106 void* buffer,
107 size_t* out_num_read) override {
108 // Expect method not used.
109 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
110 }
111
get_preloaded_partition(const char * partition,size_t num_bytes,uint8_t ** out_pointer,size_t * out_num_bytes_preloaded)112 AvbIOResult get_preloaded_partition(
113 const char* partition,
114 size_t num_bytes,
115 uint8_t** out_pointer,
116 size_t* out_num_bytes_preloaded) override {
117 // Expect method not used.
118 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
119 }
120
write_to_partition(const char * partition,int64_t offset,size_t num_bytes,const void * buffer)121 AvbIOResult write_to_partition(const char* partition,
122 int64_t offset,
123 size_t num_bytes,
124 const void* buffer) override {
125 // Expect method not used.
126 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
127 }
128
validate_vbmeta_public_key(AvbOps * ops,const uint8_t * public_key_data,size_t public_key_length,const uint8_t * public_key_metadata,size_t public_key_metadata_length,bool * out_key_is_trusted)129 AvbIOResult validate_vbmeta_public_key(AvbOps* ops,
130 const uint8_t* public_key_data,
131 size_t public_key_length,
132 const uint8_t* public_key_metadata,
133 size_t public_key_metadata_length,
134 bool* out_key_is_trusted) override {
135 // Expect method not used.
136 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
137 }
138
read_rollback_index(AvbOps * ops,size_t rollback_index_slot,uint64_t * out_rollback_index)139 AvbIOResult read_rollback_index(AvbOps* ops,
140 size_t rollback_index_slot,
141 uint64_t* out_rollback_index) override {
142 if ((fail_read_pik_rollback_index_ &&
143 rollback_index_slot == AVB_ATX_PIK_VERSION_LOCATION) ||
144 (fail_read_psk_rollback_index_ &&
145 rollback_index_slot == AVB_ATX_PSK_VERSION_LOCATION)) {
146 return AVB_IO_RESULT_ERROR_IO;
147 }
148 return ops_.read_rollback_index(
149 ops, rollback_index_slot, out_rollback_index);
150 }
151
write_rollback_index(AvbOps * ops,size_t rollback_index_slot,uint64_t rollback_index)152 AvbIOResult write_rollback_index(AvbOps* ops,
153 size_t rollback_index_slot,
154 uint64_t rollback_index) override {
155 // Expect method not used.
156 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
157 }
158
read_is_device_unlocked(AvbOps * ops,bool * out_is_device_unlocked)159 AvbIOResult read_is_device_unlocked(AvbOps* ops,
160 bool* out_is_device_unlocked) override {
161 // Expect method not used.
162 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
163 }
164
get_unique_guid_for_partition(AvbOps * ops,const char * partition,char * guid_buf,size_t guid_buf_size)165 AvbIOResult get_unique_guid_for_partition(AvbOps* ops,
166 const char* partition,
167 char* guid_buf,
168 size_t guid_buf_size) override {
169 // Expect method not used.
170 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
171 }
172
get_size_of_partition(AvbOps * ops,const char * partition,uint64_t * out_size)173 AvbIOResult get_size_of_partition(AvbOps* ops,
174 const char* partition,
175 uint64_t* out_size) override {
176 // Expect method not used.
177 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
178 }
179
read_persistent_value(const char * name,size_t buffer_size,uint8_t * out_buffer,size_t * out_num_bytes_read)180 AvbIOResult read_persistent_value(const char* name,
181 size_t buffer_size,
182 uint8_t* out_buffer,
183 size_t* out_num_bytes_read) override {
184 // Expect method not used.
185 return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
186 }
187
write_persistent_value(const char * name,size_t value_size,const uint8_t * value)188 AvbIOResult write_persistent_value(const char* name,
189 size_t value_size,
190 const uint8_t* value) override {
191 // Expect method not used.
192 return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
193 }
194
read_permanent_attributes(AvbAtxPermanentAttributes * attributes)195 AvbIOResult read_permanent_attributes(
196 AvbAtxPermanentAttributes* attributes) override {
197 if (fail_read_permanent_attributes_) {
198 return AVB_IO_RESULT_ERROR_IO;
199 }
200 return ops_.read_permanent_attributes(attributes);
201 }
202
read_permanent_attributes_hash(uint8_t hash[AVB_SHA256_DIGEST_SIZE])203 AvbIOResult read_permanent_attributes_hash(
204 uint8_t hash[AVB_SHA256_DIGEST_SIZE]) override {
205 if (fail_read_permanent_attributes_hash_) {
206 return AVB_IO_RESULT_ERROR_IO;
207 }
208 return ops_.read_permanent_attributes_hash(hash);
209 }
210
set_key_version(size_t rollback_index_location,uint64_t key_version)211 void set_key_version(size_t rollback_index_location,
212 uint64_t key_version) override {
213 ops_.set_key_version(rollback_index_location, key_version);
214 }
215
get_random(size_t num_bytes,uint8_t * output)216 AvbIOResult get_random(size_t num_bytes, uint8_t* output) override {
217 if (fail_get_random_) {
218 return AVB_IO_RESULT_ERROR_IO;
219 }
220 if (fake_random_.size() >= num_bytes) {
221 memcpy(output, fake_random_.data(), num_bytes);
222 return AVB_IO_RESULT_OK;
223 }
224 return ops_.get_random(num_bytes, output);
225 }
226
227 protected:
Validate(bool * is_trusted)228 virtual AvbIOResult Validate(bool* is_trusted) {
229 return avb_atx_validate_vbmeta_public_key(
230 ops_.avb_ops(),
231 metadata_.product_signing_key_certificate.signed_data.public_key,
232 AVB_ATX_PUBLIC_KEY_SIZE,
233 reinterpret_cast<const uint8_t*>(&metadata_),
234 sizeof(metadata_),
235 is_trusted);
236 }
237
ValidateUnlock(bool * is_trusted)238 AvbIOResult ValidateUnlock(bool* is_trusted) {
239 return avb_atx_validate_unlock_credential(
240 ops_.avb_atx_ops(), &unlock_credential_, is_trusted);
241 }
242
SignPIKCertificate()243 void SignPIKCertificate() {
244 memset(metadata_.product_intermediate_key_certificate.signature,
245 0,
246 AVB_RSA4096_NUM_BYTES);
247 ScopedRSA key(kPRKPrivateKeyPath);
248 ASSERT_TRUE(
249 key.Sign(&metadata_.product_intermediate_key_certificate.signed_data,
250 sizeof(AvbAtxCertificateSignedData),
251 metadata_.product_intermediate_key_certificate.signature));
252 }
253
SignPSKCertificate()254 void SignPSKCertificate() {
255 memset(metadata_.product_signing_key_certificate.signature,
256 0,
257 AVB_RSA4096_NUM_BYTES);
258 ScopedRSA key(kPIKPrivateKeyPath);
259 ASSERT_TRUE(key.Sign(&metadata_.product_signing_key_certificate.signed_data,
260 sizeof(AvbAtxCertificateSignedData),
261 metadata_.product_signing_key_certificate.signature));
262 }
263
SignUnlockCredentialPIKCertificate()264 void SignUnlockCredentialPIKCertificate() {
265 memset(unlock_credential_.product_intermediate_key_certificate.signature,
266 0,
267 AVB_RSA4096_NUM_BYTES);
268 ScopedRSA key(kPRKPrivateKeyPath);
269 ASSERT_TRUE(key.Sign(
270 &unlock_credential_.product_intermediate_key_certificate.signed_data,
271 sizeof(AvbAtxCertificateSignedData),
272 unlock_credential_.product_intermediate_key_certificate.signature));
273 }
274
SignUnlockCredentialPUKCertificate()275 void SignUnlockCredentialPUKCertificate() {
276 memset(unlock_credential_.product_unlock_key_certificate.signature,
277 0,
278 AVB_RSA4096_NUM_BYTES);
279 ScopedRSA key(kPIKPrivateKeyPath);
280 ASSERT_TRUE(
281 key.Sign(&unlock_credential_.product_unlock_key_certificate.signed_data,
282 sizeof(AvbAtxCertificateSignedData),
283 unlock_credential_.product_unlock_key_certificate.signature));
284 }
285
SignUnlockCredentialChallenge(const char * key_path)286 void SignUnlockCredentialChallenge(const char* key_path) {
287 memset(unlock_credential_.challenge_signature, 0, AVB_RSA4096_NUM_BYTES);
288 ScopedRSA key(key_path);
289 ASSERT_TRUE(key.Sign(unlock_challenge_.data(),
290 unlock_challenge_.size(),
291 unlock_credential_.challenge_signature));
292 }
293
PrepareUnlockCredential()294 bool PrepareUnlockCredential() {
295 // Stage a challenge to be remembered as the 'most recent challenge'. Then
296 // the next call to unlock with |unlock_credential_| is expected to succeed.
297 fake_random_ = unlock_challenge_;
298 AvbAtxUnlockChallenge challenge;
299 return (AVB_IO_RESULT_OK ==
300 avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge));
301 }
302
303 AvbAtxPermanentAttributes attributes_;
304 AvbAtxPublicKeyMetadata metadata_;
305 bool fail_read_permanent_attributes_{false};
306 bool fail_read_permanent_attributes_hash_{false};
307 bool fail_read_pik_rollback_index_{false};
308 bool fail_read_psk_rollback_index_{false};
309 bool fail_get_random_{false};
310 std::string fake_random_;
311 AvbAtxUnlockCredential unlock_credential_;
312 std::string unlock_challenge_;
313
314 private:
ReadDefaultData()315 void ReadDefaultData() {
316 std::string tmp;
317 ASSERT_TRUE(base::ReadFileToString(base::FilePath(kMetadataPath), &tmp));
318 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPublicKeyMetadata));
319 memcpy(&metadata_, tmp.data(), tmp.size());
320 ASSERT_TRUE(
321 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp));
322 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes));
323 memcpy(&attributes_, tmp.data(), tmp.size());
324 ASSERT_TRUE(base::ReadFileToString(base::FilePath(kUnlockChallengePath),
325 &unlock_challenge_));
326 ASSERT_EQ(size_t(AVB_ATX_UNLOCK_CHALLENGE_SIZE), unlock_challenge_.size());
327 ASSERT_TRUE(
328 base::ReadFileToString(base::FilePath(kUnlockCredentialPath), &tmp));
329 ASSERT_EQ(tmp.size(), sizeof(AvbAtxUnlockCredential));
330 memcpy(&unlock_credential_, tmp.data(), tmp.size());
331 }
332 };
333
TEST_F(AvbAtxValidateTest,Success)334 TEST_F(AvbAtxValidateTest, Success) {
335 bool is_trusted = false;
336 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
337 EXPECT_TRUE(is_trusted);
338
339 // Check that the key versions were reported correctly.
340 EXPECT_EQ(
341 ops_.get_verified_rollback_indexes()[AVB_ATX_PIK_VERSION_LOCATION],
342 metadata_.product_intermediate_key_certificate.signed_data.key_version);
343 EXPECT_EQ(ops_.get_verified_rollback_indexes()[AVB_ATX_PSK_VERSION_LOCATION],
344 metadata_.product_signing_key_certificate.signed_data.key_version);
345 EXPECT_EQ(2UL, ops_.get_verified_rollback_indexes().size());
346 }
347
TEST_F(AvbAtxValidateTest,SuccessAfterNewSign)348 TEST_F(AvbAtxValidateTest, SuccessAfterNewSign) {
349 std::string old_pik_sig(
350 reinterpret_cast<char*>(
351 metadata_.product_intermediate_key_certificate.signature),
352 AVB_RSA4096_NUM_BYTES);
353 std::string old_psk_sig(
354 reinterpret_cast<char*>(
355 metadata_.product_signing_key_certificate.signature),
356 AVB_RSA4096_NUM_BYTES);
357 SignPIKCertificate();
358 SignPSKCertificate();
359 std::string new_pik_sig(
360 reinterpret_cast<char*>(
361 metadata_.product_intermediate_key_certificate.signature),
362 AVB_RSA4096_NUM_BYTES);
363 std::string new_psk_sig(
364 reinterpret_cast<char*>(
365 metadata_.product_signing_key_certificate.signature),
366 AVB_RSA4096_NUM_BYTES);
367 EXPECT_EQ(old_pik_sig, new_pik_sig);
368 EXPECT_EQ(old_psk_sig, new_psk_sig);
369 bool is_trusted = false;
370 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
371 EXPECT_TRUE(is_trusted);
372 }
373
TEST_F(AvbAtxValidateTest,FailReadPermamentAttributes)374 TEST_F(AvbAtxValidateTest, FailReadPermamentAttributes) {
375 fail_read_permanent_attributes_ = true;
376 bool is_trusted = true;
377 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
378 EXPECT_FALSE(is_trusted);
379 }
380
TEST_F(AvbAtxValidateTest,FailReadPermamentAttributesHash)381 TEST_F(AvbAtxValidateTest, FailReadPermamentAttributesHash) {
382 fail_read_permanent_attributes_hash_ = true;
383 bool is_trusted = true;
384 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
385 EXPECT_FALSE(is_trusted);
386 }
387
TEST_F(AvbAtxValidateTest,UnsupportedPermanentAttributesVersion)388 TEST_F(AvbAtxValidateTest, UnsupportedPermanentAttributesVersion) {
389 attributes_.version = 25;
390 ops_.set_permanent_attributes(attributes_);
391 bool is_trusted = true;
392 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
393 EXPECT_FALSE(is_trusted);
394 }
395
TEST_F(AvbAtxValidateTest,PermanentAttributesHashMismatch)396 TEST_F(AvbAtxValidateTest, PermanentAttributesHashMismatch) {
397 ops_.set_permanent_attributes_hash("bad_hash");
398 bool is_trusted = true;
399 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
400 EXPECT_FALSE(is_trusted);
401 }
402
403 // A fixture with parameterized metadata length.
404 class AvbAtxValidateTestWithMetadataLength
405 : public AvbAtxValidateTest,
406 public ::testing::WithParamInterface<size_t> {
407 protected:
Validate(bool * is_trusted)408 AvbIOResult Validate(bool* is_trusted) override {
409 return avb_atx_validate_vbmeta_public_key(
410 ops_.avb_ops(),
411 metadata_.product_signing_key_certificate.signed_data.public_key,
412 AVB_ATX_PUBLIC_KEY_SIZE,
413 reinterpret_cast<const uint8_t*>(&metadata_),
414 GetParam(),
415 is_trusted);
416 }
417 };
418
TEST_P(AvbAtxValidateTestWithMetadataLength,InvalidMetadataLength)419 TEST_P(AvbAtxValidateTestWithMetadataLength, InvalidMetadataLength) {
420 bool is_trusted = true;
421 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
422 EXPECT_FALSE(is_trusted);
423 }
424
425 // Test a bunch of invalid metadata length values.
426 INSTANTIATE_TEST_CASE_P(P,
427 AvbAtxValidateTestWithMetadataLength,
428 ::testing::Values(0,
429 1,
430 sizeof(AvbAtxPublicKeyMetadata) - 1,
431 sizeof(AvbAtxPublicKeyMetadata) + 1,
432 -1));
433
TEST_F(AvbAtxValidateTest,UnsupportedMetadataVersion)434 TEST_F(AvbAtxValidateTest, UnsupportedMetadataVersion) {
435 metadata_.version = 25;
436 bool is_trusted = true;
437 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
438 EXPECT_FALSE(is_trusted);
439 }
440
TEST_F(AvbAtxValidateTest,FailReadPIKRollbackIndex)441 TEST_F(AvbAtxValidateTest, FailReadPIKRollbackIndex) {
442 fail_read_pik_rollback_index_ = true;
443 bool is_trusted = true;
444 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
445 EXPECT_FALSE(is_trusted);
446 }
447
TEST_F(AvbAtxValidateTest,UnsupportedPIKCertificateVersion)448 TEST_F(AvbAtxValidateTest, UnsupportedPIKCertificateVersion) {
449 metadata_.product_intermediate_key_certificate.signed_data.version = 25;
450 SignPIKCertificate();
451 bool is_trusted = true;
452 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
453 EXPECT_FALSE(is_trusted);
454 }
455
TEST_F(AvbAtxValidateTest,BadPIKCert_ModifiedSubjectPublicKey)456 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubjectPublicKey) {
457 metadata_.product_intermediate_key_certificate.signed_data.public_key[0] ^= 1;
458 bool is_trusted = true;
459 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
460 EXPECT_FALSE(is_trusted);
461 }
462
TEST_F(AvbAtxValidateTest,BadPIKCert_ModifiedSubject)463 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubject) {
464 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1;
465 bool is_trusted = true;
466 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
467 EXPECT_FALSE(is_trusted);
468 }
469
TEST_F(AvbAtxValidateTest,BadPIKCert_ModifiedUsage)470 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedUsage) {
471 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1;
472 bool is_trusted = true;
473 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
474 EXPECT_FALSE(is_trusted);
475 }
476
TEST_F(AvbAtxValidateTest,BadPIKCert_ModifiedKeyVersion)477 TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedKeyVersion) {
478 metadata_.product_intermediate_key_certificate.signed_data.key_version ^= 1;
479 bool is_trusted = true;
480 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
481 EXPECT_FALSE(is_trusted);
482 }
483
TEST_F(AvbAtxValidateTest,BadPIKCert_BadSignature)484 TEST_F(AvbAtxValidateTest, BadPIKCert_BadSignature) {
485 metadata_.product_intermediate_key_certificate.signature[0] ^= 1;
486 bool is_trusted = true;
487 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
488 EXPECT_FALSE(is_trusted);
489 }
490
TEST_F(AvbAtxValidateTest,PIKCertSubjectIgnored)491 TEST_F(AvbAtxValidateTest, PIKCertSubjectIgnored) {
492 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1;
493 SignPIKCertificate();
494 bool is_trusted = false;
495 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
496 EXPECT_TRUE(is_trusted);
497 }
498
TEST_F(AvbAtxValidateTest,PIKCertUnexpectedUsage)499 TEST_F(AvbAtxValidateTest, PIKCertUnexpectedUsage) {
500 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1;
501 SignPIKCertificate();
502 bool is_trusted = true;
503 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
504 EXPECT_FALSE(is_trusted);
505 }
506
TEST_F(AvbAtxValidateTest,PIKRollback)507 TEST_F(AvbAtxValidateTest, PIKRollback) {
508 ops_.set_stored_rollback_indexes(
509 {{AVB_ATX_PIK_VERSION_LOCATION,
510 metadata_.product_intermediate_key_certificate.signed_data.key_version +
511 1},
512 {AVB_ATX_PSK_VERSION_LOCATION, 0}});
513 bool is_trusted = true;
514 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
515 EXPECT_FALSE(is_trusted);
516 }
517
TEST_F(AvbAtxValidateTest,FailReadPSKRollbackIndex)518 TEST_F(AvbAtxValidateTest, FailReadPSKRollbackIndex) {
519 fail_read_psk_rollback_index_ = true;
520 bool is_trusted = true;
521 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
522 EXPECT_FALSE(is_trusted);
523 }
524
TEST_F(AvbAtxValidateTest,UnsupportedPSKCertificateVersion)525 TEST_F(AvbAtxValidateTest, UnsupportedPSKCertificateVersion) {
526 metadata_.product_signing_key_certificate.signed_data.version = 25;
527 SignPSKCertificate();
528 bool is_trusted = true;
529 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
530 EXPECT_FALSE(is_trusted);
531 }
532
TEST_F(AvbAtxValidateTest,BadPSKCert_ModifiedSubjectPublicKey)533 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubjectPublicKey) {
534 metadata_.product_signing_key_certificate.signed_data.public_key[0] ^= 1;
535 bool is_trusted = true;
536 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
537 EXPECT_FALSE(is_trusted);
538 }
539
TEST_F(AvbAtxValidateTest,BadPSKCert_ModifiedSubject)540 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubject) {
541 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1;
542 bool is_trusted = true;
543 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
544 EXPECT_FALSE(is_trusted);
545 }
546
TEST_F(AvbAtxValidateTest,BadPSKCert_ModifiedUsage)547 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedUsage) {
548 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1;
549 bool is_trusted = true;
550 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
551 EXPECT_FALSE(is_trusted);
552 }
553
TEST_F(AvbAtxValidateTest,BadPSKCert_ModifiedKeyVersion)554 TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedKeyVersion) {
555 metadata_.product_signing_key_certificate.signed_data.key_version ^= 1;
556 bool is_trusted = true;
557 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
558 EXPECT_FALSE(is_trusted);
559 }
560
TEST_F(AvbAtxValidateTest,BadPSKCert_BadSignature)561 TEST_F(AvbAtxValidateTest, BadPSKCert_BadSignature) {
562 metadata_.product_signing_key_certificate.signature[0] ^= 1;
563 bool is_trusted = true;
564 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
565 EXPECT_FALSE(is_trusted);
566 }
567
TEST_F(AvbAtxValidateTest,PSKCertUnexpectedSubject)568 TEST_F(AvbAtxValidateTest, PSKCertUnexpectedSubject) {
569 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1;
570 SignPSKCertificate();
571 bool is_trusted = true;
572 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
573 EXPECT_FALSE(is_trusted);
574 }
575
TEST_F(AvbAtxValidateTest,PSKCertUnexpectedUsage)576 TEST_F(AvbAtxValidateTest, PSKCertUnexpectedUsage) {
577 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1;
578 SignPSKCertificate();
579 bool is_trusted = true;
580 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
581 EXPECT_FALSE(is_trusted);
582 }
583
TEST_F(AvbAtxValidateTest,PSKRollback)584 TEST_F(AvbAtxValidateTest, PSKRollback) {
585 ops_.set_stored_rollback_indexes(
586 {{AVB_ATX_PIK_VERSION_LOCATION, 0},
587 {AVB_ATX_PSK_VERSION_LOCATION,
588 metadata_.product_signing_key_certificate.signed_data.key_version +
589 1}});
590 bool is_trusted = true;
591 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
592 EXPECT_FALSE(is_trusted);
593 }
594
595 // A fixture with parameterized public key length.
596 class AvbAtxValidateTestWithPublicKeyLength
597 : public AvbAtxValidateTest,
598 public ::testing::WithParamInterface<size_t> {
599 protected:
Validate(bool * is_trusted)600 AvbIOResult Validate(bool* is_trusted) override {
601 return avb_atx_validate_vbmeta_public_key(
602 ops_.avb_ops(),
603 metadata_.product_signing_key_certificate.signed_data.public_key,
604 GetParam(),
605 reinterpret_cast<const uint8_t*>(&metadata_),
606 sizeof(metadata_),
607 is_trusted);
608 }
609 };
610
TEST_P(AvbAtxValidateTestWithPublicKeyLength,InvalidPublicKeyLength)611 TEST_P(AvbAtxValidateTestWithPublicKeyLength, InvalidPublicKeyLength) {
612 bool is_trusted = true;
613 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
614 EXPECT_FALSE(is_trusted);
615 }
616
617 // Test a bunch of invalid public key length values.
618 INSTANTIATE_TEST_CASE_P(P,
619 AvbAtxValidateTestWithPublicKeyLength,
620 ::testing::Values(0,
621 1,
622 AVB_ATX_PUBLIC_KEY_SIZE - 1,
623 AVB_ATX_PUBLIC_KEY_SIZE + 1,
624 AVB_ATX_PUBLIC_KEY_SIZE - 512,
625 -1));
626
TEST_F(AvbAtxValidateTest,PSKMismatch)627 TEST_F(AvbAtxValidateTest, PSKMismatch) {
628 uint8_t bad_key[AVB_ATX_PUBLIC_KEY_SIZE] = {};
629 bool is_trusted = true;
630 EXPECT_EQ(AVB_IO_RESULT_OK,
631 avb_atx_validate_vbmeta_public_key(
632 ops_.avb_ops(),
633 bad_key,
634 AVB_ATX_PUBLIC_KEY_SIZE,
635 reinterpret_cast<const uint8_t*>(&metadata_),
636 sizeof(metadata_),
637 &is_trusted));
638 EXPECT_FALSE(is_trusted);
639 }
640
TEST_F(AvbAtxValidateTest,GenerateUnlockChallenge)641 TEST_F(AvbAtxValidateTest, GenerateUnlockChallenge) {
642 fake_random_ = std::string(AVB_ATX_UNLOCK_CHALLENGE_SIZE, 'C');
643 AvbAtxUnlockChallenge challenge;
644 EXPECT_EQ(AVB_IO_RESULT_OK,
645 avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge));
646 EXPECT_EQ(1UL, challenge.version);
647 EXPECT_EQ(0,
648 memcmp(fake_random_.data(),
649 challenge.challenge,
650 AVB_ATX_UNLOCK_CHALLENGE_SIZE));
651 uint8_t expected_pid_hash[AVB_SHA256_DIGEST_SIZE];
652 SHA256(attributes_.product_id, AVB_ATX_PRODUCT_ID_SIZE, expected_pid_hash);
653 EXPECT_EQ(0,
654 memcmp(expected_pid_hash,
655 challenge.product_id_hash,
656 AVB_SHA256_DIGEST_SIZE));
657 }
658
TEST_F(AvbAtxValidateTest,GenerateUnlockChallenge_NoAttributes)659 TEST_F(AvbAtxValidateTest, GenerateUnlockChallenge_NoAttributes) {
660 fail_read_permanent_attributes_ = true;
661 AvbAtxUnlockChallenge challenge;
662 EXPECT_NE(AVB_IO_RESULT_OK,
663 avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge));
664 }
665
TEST_F(AvbAtxValidateTest,GenerateUnlockChallenge_NoRNG)666 TEST_F(AvbAtxValidateTest, GenerateUnlockChallenge_NoRNG) {
667 fail_get_random_ = true;
668 AvbAtxUnlockChallenge challenge;
669 EXPECT_NE(AVB_IO_RESULT_OK,
670 avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge));
671 }
672
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential)673 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential) {
674 ASSERT_TRUE(PrepareUnlockCredential());
675 bool is_trusted = true;
676 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
677 EXPECT_TRUE(is_trusted);
678 }
679
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_UnsupportedVersion)680 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_UnsupportedVersion) {
681 ASSERT_TRUE(PrepareUnlockCredential());
682 unlock_credential_.version++;
683 bool is_trusted = true;
684 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
685 EXPECT_FALSE(is_trusted);
686 }
687
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_NoAttributes)688 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_NoAttributes) {
689 PrepareUnlockCredential();
690 fail_read_permanent_attributes_ = true;
691 bool is_trusted = true;
692 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
693 EXPECT_FALSE(is_trusted);
694 }
695
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_NoAttributesHash)696 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_NoAttributesHash) {
697 PrepareUnlockCredential();
698 fail_read_permanent_attributes_hash_ = true;
699 bool is_trusted = true;
700 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
701 EXPECT_FALSE(is_trusted);
702 }
703
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_UnsupportedAttributesVersion)704 TEST_F(AvbAtxValidateTest,
705 ValidateUnlockCredential_UnsupportedAttributesVersion) {
706 ASSERT_TRUE(PrepareUnlockCredential());
707 attributes_.version = 25;
708 ops_.set_permanent_attributes(attributes_);
709 bool is_trusted = true;
710 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
711 EXPECT_FALSE(is_trusted);
712 }
713
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_AttributesHashMismatch)714 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_AttributesHashMismatch) {
715 ASSERT_TRUE(PrepareUnlockCredential());
716 ops_.set_permanent_attributes_hash("bad_hash");
717 bool is_trusted = true;
718 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
719 EXPECT_FALSE(is_trusted);
720 }
721
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_FailReadPIKRollbackIndex)722 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_FailReadPIKRollbackIndex) {
723 ASSERT_TRUE(PrepareUnlockCredential());
724 fail_read_pik_rollback_index_ = true;
725 bool is_trusted = true;
726 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
727 EXPECT_FALSE(is_trusted);
728 }
729
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_UnsupportedPIKCertificateVersion)730 TEST_F(AvbAtxValidateTest,
731 ValidateUnlockCredential_UnsupportedPIKCertificateVersion) {
732 ASSERT_TRUE(PrepareUnlockCredential());
733 unlock_credential_.product_intermediate_key_certificate.signed_data.version =
734 25;
735 SignUnlockCredentialPIKCertificate();
736 bool is_trusted = true;
737 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
738 EXPECT_FALSE(is_trusted);
739 }
740
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedSubjectPublicKey)741 TEST_F(AvbAtxValidateTest,
742 ValidateUnlockCredential_BadPIKCert_ModifiedSubjectPublicKey) {
743 ASSERT_TRUE(PrepareUnlockCredential());
744 unlock_credential_.product_intermediate_key_certificate.signed_data
745 .public_key[0] ^= 1;
746 bool is_trusted = true;
747 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
748 EXPECT_FALSE(is_trusted);
749 }
750
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedSubject)751 TEST_F(AvbAtxValidateTest,
752 ValidateUnlockCredential_BadPIKCert_ModifiedSubject) {
753 ASSERT_TRUE(PrepareUnlockCredential());
754 unlock_credential_.product_intermediate_key_certificate.signed_data
755 .subject[0] ^= 1;
756 bool is_trusted = true;
757 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
758 EXPECT_FALSE(is_trusted);
759 }
760
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedUsage)761 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPIKCert_ModifiedUsage) {
762 ASSERT_TRUE(PrepareUnlockCredential());
763 unlock_credential_.product_intermediate_key_certificate.signed_data
764 .usage[0] ^= 1;
765 bool is_trusted = true;
766 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
767 EXPECT_FALSE(is_trusted);
768 }
769
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedKeyVersion)770 TEST_F(AvbAtxValidateTest,
771 ValidateUnlockCredential_BadPIKCert_ModifiedKeyVersion) {
772 ASSERT_TRUE(PrepareUnlockCredential());
773 unlock_credential_.product_intermediate_key_certificate.signed_data
774 .key_version ^= 1;
775 bool is_trusted = true;
776 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
777 EXPECT_FALSE(is_trusted);
778 }
779
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadPIKCert_BadSignature)780 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPIKCert_BadSignature) {
781 ASSERT_TRUE(PrepareUnlockCredential());
782 unlock_credential_.product_intermediate_key_certificate.signature[0] ^= 1;
783 bool is_trusted = true;
784 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
785 EXPECT_FALSE(is_trusted);
786 }
787
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_PIKCertSubjectIgnored)788 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKCertSubjectIgnored) {
789 ASSERT_TRUE(PrepareUnlockCredential());
790 unlock_credential_.product_intermediate_key_certificate.signed_data
791 .subject[0] ^= 1;
792 SignUnlockCredentialPIKCertificate();
793 bool is_trusted = false;
794 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
795 EXPECT_TRUE(is_trusted);
796 }
797
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_PIKCertUnexpectedUsage)798 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKCertUnexpectedUsage) {
799 ASSERT_TRUE(PrepareUnlockCredential());
800 unlock_credential_.product_intermediate_key_certificate.signed_data
801 .usage[0] ^= 1;
802 SignUnlockCredentialPIKCertificate();
803 bool is_trusted = true;
804 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
805 EXPECT_FALSE(is_trusted);
806 }
807
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_PIKRollback)808 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKRollback) {
809 ASSERT_TRUE(PrepareUnlockCredential());
810 ops_.set_stored_rollback_indexes(
811 {{AVB_ATX_PIK_VERSION_LOCATION,
812 unlock_credential_.product_intermediate_key_certificate.signed_data
813 .key_version +
814 1},
815 {AVB_ATX_PSK_VERSION_LOCATION, 0}});
816 bool is_trusted = true;
817 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
818 EXPECT_FALSE(is_trusted);
819 }
820
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_FailReadPSKRollbackIndex)821 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_FailReadPSKRollbackIndex) {
822 ASSERT_TRUE(PrepareUnlockCredential());
823 fail_read_psk_rollback_index_ = true;
824 bool is_trusted = true;
825 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
826 EXPECT_FALSE(is_trusted);
827 }
828
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_UnsupportedPUKCertificateVersion)829 TEST_F(AvbAtxValidateTest,
830 ValidateUnlockCredential_UnsupportedPUKCertificateVersion) {
831 ASSERT_TRUE(PrepareUnlockCredential());
832 unlock_credential_.product_unlock_key_certificate.signed_data.version = 25;
833 SignUnlockCredentialPUKCertificate();
834 bool is_trusted = true;
835 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
836 EXPECT_FALSE(is_trusted);
837 }
838
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedSubjectPublicKey)839 TEST_F(AvbAtxValidateTest,
840 ValidateUnlockCredential_BadPUKCert_ModifiedSubjectPublicKey) {
841 ASSERT_TRUE(PrepareUnlockCredential());
842 unlock_credential_.product_unlock_key_certificate.signed_data.public_key[0] ^=
843 1;
844 bool is_trusted = true;
845 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
846 EXPECT_FALSE(is_trusted);
847 }
848
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedSubject)849 TEST_F(AvbAtxValidateTest,
850 ValidateUnlockCredential_BadPUKCert_ModifiedSubject) {
851 ASSERT_TRUE(PrepareUnlockCredential());
852 unlock_credential_.product_unlock_key_certificate.signed_data.subject[0] ^= 1;
853 bool is_trusted = true;
854 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
855 EXPECT_FALSE(is_trusted);
856 }
857
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedUsage)858 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPUKCert_ModifiedUsage) {
859 ASSERT_TRUE(PrepareUnlockCredential());
860 unlock_credential_.product_unlock_key_certificate.signed_data.usage[0] ^= 1;
861 bool is_trusted = true;
862 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
863 EXPECT_FALSE(is_trusted);
864 }
865
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedKeyVersion)866 TEST_F(AvbAtxValidateTest,
867 ValidateUnlockCredential_BadPUKCert_ModifiedKeyVersion) {
868 ASSERT_TRUE(PrepareUnlockCredential());
869 unlock_credential_.product_unlock_key_certificate.signed_data.key_version ^=
870 1;
871 bool is_trusted = true;
872 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
873 EXPECT_FALSE(is_trusted);
874 }
875
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadPUKCert_BadSignature)876 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPUKCert_BadSignature) {
877 ASSERT_TRUE(PrepareUnlockCredential());
878 unlock_credential_.product_unlock_key_certificate.signature[0] ^= 1;
879 bool is_trusted = true;
880 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
881 EXPECT_FALSE(is_trusted);
882 }
883
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_PUKCertUnexpectedSubject)884 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKCertUnexpectedSubject) {
885 ASSERT_TRUE(PrepareUnlockCredential());
886 unlock_credential_.product_unlock_key_certificate.signed_data.subject[0] ^= 1;
887 SignUnlockCredentialPUKCertificate();
888 bool is_trusted = true;
889 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
890 EXPECT_FALSE(is_trusted);
891 }
892
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_PUKCertUnexpectedUsage)893 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKCertUnexpectedUsage) {
894 ASSERT_TRUE(PrepareUnlockCredential());
895 unlock_credential_.product_unlock_key_certificate.signed_data.usage[0] ^= 1;
896 SignUnlockCredentialPUKCertificate();
897 bool is_trusted = true;
898 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
899 EXPECT_FALSE(is_trusted);
900 }
901
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_PUKRollback)902 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKRollback) {
903 ASSERT_TRUE(PrepareUnlockCredential());
904 ops_.set_stored_rollback_indexes(
905 {{AVB_ATX_PIK_VERSION_LOCATION, 0},
906 {AVB_ATX_PSK_VERSION_LOCATION,
907 unlock_credential_.product_unlock_key_certificate.signed_data
908 .key_version +
909 1}});
910 bool is_trusted = true;
911 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
912 EXPECT_FALSE(is_trusted);
913 }
914
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_BadChallengeSignature)915 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadChallengeSignature) {
916 ASSERT_TRUE(PrepareUnlockCredential());
917 unlock_credential_.challenge_signature[10] ^= 1;
918 bool is_trusted = true;
919 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
920 EXPECT_FALSE(is_trusted);
921 }
922
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_ChallengeMismatch)923 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_ChallengeMismatch) {
924 ASSERT_TRUE(PrepareUnlockCredential());
925 unlock_challenge_ = "bad";
926 SignUnlockCredentialChallenge(kPUKPrivateKeyPath);
927 bool is_trusted = true;
928 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
929 EXPECT_FALSE(is_trusted);
930 }
931
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_UnlockWithPSK)932 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_UnlockWithPSK) {
933 ASSERT_TRUE(PrepareUnlockCredential());
934 // Copy the PSK cert as the PUK cert.
935 memcpy(&unlock_credential_.product_unlock_key_certificate,
936 &metadata_.product_signing_key_certificate,
937 sizeof(AvbAtxCertificate));
938 // Sign the challenge with the PSK instead of the PUK.
939 SignUnlockCredentialChallenge(kPSKPrivateKeyPath);
940 bool is_trusted = true;
941 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
942 EXPECT_FALSE(is_trusted);
943 }
944
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_ReplayChallenge)945 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_ReplayChallenge) {
946 ASSERT_TRUE(PrepareUnlockCredential());
947 bool is_trusted = true;
948 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
949 EXPECT_TRUE(is_trusted);
950 // A second attempt with the same challenge should fail.
951 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
952 EXPECT_FALSE(is_trusted);
953 }
954
TEST_F(AvbAtxValidateTest,ValidateUnlockCredential_MultipleUnlock)955 TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_MultipleUnlock) {
956 ASSERT_TRUE(PrepareUnlockCredential());
957 bool is_trusted = true;
958 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
959 EXPECT_TRUE(is_trusted);
960 // A second attempt with a newly staged challenge should succeed.
961 ASSERT_TRUE(PrepareUnlockCredential());
962 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
963 EXPECT_TRUE(is_trusted);
964 }
965
966 // A fixture for testing avb_slot_verify() with ATX.
967 class AvbAtxSlotVerifyTest : public BaseAvbToolTest,
968 public FakeAvbOpsDelegateWithDefaults {
969 public:
970 ~AvbAtxSlotVerifyTest() override = default;
971
SetUp()972 void SetUp() override {
973 BaseAvbToolTest::SetUp();
974 ReadAtxDefaultData();
975 ops_.set_partition_dir(testdir_);
976 ops_.set_delegate(this);
977 ops_.set_permanent_attributes(attributes_);
978 ops_.set_stored_rollback_indexes({{0, 0},
979 {1, 0},
980 {2, 0},
981 {3, 0},
982 {AVB_ATX_PIK_VERSION_LOCATION, 0},
983 {AVB_ATX_PSK_VERSION_LOCATION, 0}});
984 ops_.set_stored_is_device_unlocked(false);
985 }
986
987 // FakeAvbOpsDelegate override.
validate_vbmeta_public_key(AvbOps * ops,const uint8_t * public_key_data,size_t public_key_length,const uint8_t * public_key_metadata,size_t public_key_metadata_length,bool * out_key_is_trusted)988 AvbIOResult validate_vbmeta_public_key(AvbOps* ops,
989 const uint8_t* public_key_data,
990 size_t public_key_length,
991 const uint8_t* public_key_metadata,
992 size_t public_key_metadata_length,
993 bool* out_key_is_trusted) override {
994 // Send to ATX implementation.
995 ++num_atx_calls_;
996 return avb_atx_validate_vbmeta_public_key(ops_.avb_ops(),
997 public_key_data,
998 public_key_length,
999 public_key_metadata,
1000 public_key_metadata_length,
1001 out_key_is_trusted);
1002 }
1003
1004 protected:
1005 AvbAtxPermanentAttributes attributes_;
1006 int num_atx_calls_ = 0;
1007
1008 private:
ReadAtxDefaultData()1009 void ReadAtxDefaultData() {
1010 std::string tmp;
1011 ASSERT_TRUE(
1012 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp));
1013 ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes));
1014 memcpy(&attributes_, tmp.data(), tmp.size());
1015 }
1016 };
1017
TEST_F(AvbAtxSlotVerifyTest,SlotVerifyWithAtx)1018 TEST_F(AvbAtxSlotVerifyTest, SlotVerifyWithAtx) {
1019 std::string metadata_option = "--public_key_metadata=";
1020 metadata_option += kMetadataPath;
1021 GenerateVBMetaImage("vbmeta_a.img",
1022 "SHA512_RSA4096",
1023 0,
1024 base::FilePath("test/data/testkey_atx_psk.pem"),
1025 metadata_option);
1026
1027 ops_.set_expected_public_key(
1028 PublicKeyAVB(base::FilePath("test/data/testkey_atx_psk.pem")));
1029
1030 AvbSlotVerifyData* slot_data = NULL;
1031 const char* requested_partitions[] = {"boot", NULL};
1032 EXPECT_EQ(AVB_SLOT_VERIFY_RESULT_OK,
1033 avb_slot_verify(ops_.avb_ops(),
1034 requested_partitions,
1035 "_a",
1036 AVB_SLOT_VERIFY_FLAGS_NONE,
1037 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE,
1038 &slot_data));
1039 EXPECT_NE(nullptr, slot_data);
1040 avb_slot_verify_data_free(slot_data);
1041 EXPECT_EQ(1, num_atx_calls_);
1042 }
1043
1044 } // namespace avb
1045