1 /*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 //! Utility functions used by API tests.
18
19 use anyhow::{anyhow, Result};
20 use avb_bindgen::{
21 avb_footer_validate_and_byteswap, avb_vbmeta_image_header_to_host_byte_order, AvbFooter,
22 AvbVBMetaImageHeader,
23 };
24 use openssl::sha;
25 use pvmfw_avb::{
26 verify_payload, Capability, DebugLevel, Digest, PvmfwVerifyError, VerifiedBootData,
27 };
28 use std::{
29 fs,
30 mem::{size_of, transmute, MaybeUninit},
31 string::String,
32 };
33
34 const MICRODROID_KERNEL_IMG_PATH: &str = "microdroid_kernel";
35 const INITRD_NORMAL_IMG_PATH: &str = "microdroid_initrd_normal.img";
36 const INITRD_DEBUG_IMG_PATH: &str = "microdroid_initrd_debuggable.img";
37 const TRUSTY_TEST_VM_KERNEL_IMG_PATH: &str = "trusty_test_vm_signed.bin";
38 const PUBLIC_KEY_RSA4096_PATH: &str = "data/testkey_rsa4096_pub.bin";
39
40 pub const PUBLIC_KEY_RSA2048_PATH: &str = "data/testkey_rsa2048_pub.bin";
41
assert_payload_verification_with_initrd_fails( kernel: &[u8], initrd: &[u8], trusted_public_key: &[u8], expected_error: PvmfwVerifyError, ) -> Result<()>42 pub fn assert_payload_verification_with_initrd_fails(
43 kernel: &[u8],
44 initrd: &[u8],
45 trusted_public_key: &[u8],
46 expected_error: PvmfwVerifyError,
47 ) -> Result<()> {
48 assert_payload_verification_fails(kernel, Some(initrd), trusted_public_key, expected_error)
49 }
50
assert_payload_verification_fails( kernel: &[u8], initrd: Option<&[u8]>, trusted_public_key: &[u8], expected_error: PvmfwVerifyError, ) -> Result<()>51 pub fn assert_payload_verification_fails(
52 kernel: &[u8],
53 initrd: Option<&[u8]>,
54 trusted_public_key: &[u8],
55 expected_error: PvmfwVerifyError,
56 ) -> Result<()> {
57 assert_eq!(expected_error, verify_payload(kernel, initrd, trusted_public_key).unwrap_err());
58 Ok(())
59 }
60
load_latest_signed_kernel() -> Result<Vec<u8>>61 pub fn load_latest_signed_kernel() -> Result<Vec<u8>> {
62 Ok(fs::read(MICRODROID_KERNEL_IMG_PATH)?)
63 }
64
load_latest_trusty_test_vm_signed_kernel() -> Result<Vec<u8>>65 pub fn load_latest_trusty_test_vm_signed_kernel() -> Result<Vec<u8>> {
66 Ok(fs::read(TRUSTY_TEST_VM_KERNEL_IMG_PATH)?)
67 }
68
load_latest_initrd_normal() -> Result<Vec<u8>>69 pub fn load_latest_initrd_normal() -> Result<Vec<u8>> {
70 Ok(fs::read(INITRD_NORMAL_IMG_PATH)?)
71 }
72
load_latest_initrd_debug() -> Result<Vec<u8>>73 pub fn load_latest_initrd_debug() -> Result<Vec<u8>> {
74 Ok(fs::read(INITRD_DEBUG_IMG_PATH)?)
75 }
76
load_trusted_public_key() -> Result<Vec<u8>>77 pub fn load_trusted_public_key() -> Result<Vec<u8>> {
78 Ok(fs::read(PUBLIC_KEY_RSA4096_PATH)?)
79 }
80
get_avb_footer_offset(signed_kernel: &[u8]) -> Result<usize>81 pub fn get_avb_footer_offset(signed_kernel: &[u8]) -> Result<usize> {
82 let offset = signed_kernel.len().checked_sub(size_of::<AvbFooter>());
83
84 offset.ok_or_else(|| anyhow!("Kernel too small to be AVB-signed"))
85 }
86
extract_avb_footer(kernel: &[u8]) -> Result<AvbFooter>87 pub fn extract_avb_footer(kernel: &[u8]) -> Result<AvbFooter> {
88 let footer_start = get_avb_footer_offset(kernel)?;
89 // SAFETY: The slice is the same size as the struct which only contains simple data types.
90 let mut footer = unsafe {
91 transmute::<[u8; size_of::<AvbFooter>()], AvbFooter>(kernel[footer_start..].try_into()?)
92 };
93 // SAFETY: The function updates the struct in-place.
94 unsafe {
95 avb_footer_validate_and_byteswap(&footer, &mut footer);
96 }
97 Ok(footer)
98 }
99
extract_vbmeta_header(kernel: &[u8], footer: &AvbFooter) -> Result<AvbVBMetaImageHeader>100 pub fn extract_vbmeta_header(kernel: &[u8], footer: &AvbFooter) -> Result<AvbVBMetaImageHeader> {
101 let vbmeta_offset: usize = footer.vbmeta_offset.try_into()?;
102 let vbmeta_size: usize = footer.vbmeta_size.try_into()?;
103 let vbmeta_src = &kernel[vbmeta_offset..(vbmeta_offset + vbmeta_size)];
104 // SAFETY: The latest kernel has a valid VBMeta header at the position specified in footer.
105 let vbmeta_header = unsafe {
106 let mut header = MaybeUninit::uninit();
107 let src = vbmeta_src.as_ptr() as *const _ as *const AvbVBMetaImageHeader;
108 avb_vbmeta_image_header_to_host_byte_order(src, header.as_mut_ptr());
109 header.assume_init()
110 };
111 Ok(vbmeta_header)
112 }
113
assert_latest_payload_verification_passes( initrd: &[u8], initrd_salt: &[u8], expected_debug_level: DebugLevel, page_size: Option<usize>, ) -> Result<()>114 pub fn assert_latest_payload_verification_passes(
115 initrd: &[u8],
116 initrd_salt: &[u8],
117 expected_debug_level: DebugLevel,
118 page_size: Option<usize>,
119 ) -> Result<()> {
120 let public_key = load_trusted_public_key()?;
121 let kernel = load_latest_signed_kernel()?;
122 let verified_boot_data = verify_payload(&kernel, Some(initrd), &public_key)
123 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
124
125 let footer = extract_avb_footer(&kernel)?;
126 let kernel_digest =
127 hash(&[&hash(&[b"bootloader"]), &kernel[..usize::try_from(footer.original_image_size)?]]);
128 let capabilities = vec![Capability::SecretkeeperProtection];
129 let initrd_digest = Some(hash(&[&hash(&[initrd_salt]), initrd]));
130 let expected_boot_data = VerifiedBootData {
131 debug_level: expected_debug_level,
132 kernel_digest,
133 initrd_digest,
134 public_key: &public_key,
135 capabilities,
136 // TODO(b/392081737): Capture expected rollback_index from build variables as we
137 // intend on auto-syncing rollback_index with security patch timestamps
138 rollback_index: 2,
139 page_size,
140 name: None,
141 };
142 assert_eq!(expected_boot_data, verified_boot_data);
143
144 Ok(())
145 }
146
assert_payload_without_initrd_passes_verification( kernel: &[u8], salt: &[u8], expected_rollback_index: u64, capabilities: Vec<Capability>, page_size: Option<usize>, expected_name: Option<String>, ) -> Result<()>147 pub fn assert_payload_without_initrd_passes_verification(
148 kernel: &[u8],
149 salt: &[u8],
150 expected_rollback_index: u64,
151 capabilities: Vec<Capability>,
152 page_size: Option<usize>,
153 expected_name: Option<String>,
154 ) -> Result<()> {
155 let public_key = load_trusted_public_key()?;
156 let verified_boot_data = verify_payload(
157 kernel,
158 None, // initrd
159 &public_key,
160 )
161 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
162
163 let footer = extract_avb_footer(kernel)?;
164 let kernel_digest =
165 hash(&[&hash(&[salt]), &kernel[..usize::try_from(footer.original_image_size)?]]);
166 let expected_boot_data = VerifiedBootData {
167 debug_level: DebugLevel::None,
168 kernel_digest,
169 initrd_digest: None,
170 public_key: &public_key,
171 capabilities,
172 rollback_index: expected_rollback_index,
173 page_size,
174 name: expected_name,
175 };
176 assert_eq!(expected_boot_data, verified_boot_data);
177
178 Ok(())
179 }
180
read_name(kernel: &[u8]) -> Result<Option<String>, PvmfwVerifyError>181 pub fn read_name(kernel: &[u8]) -> Result<Option<String>, PvmfwVerifyError> {
182 let public_key = load_trusted_public_key().unwrap();
183 let verified_boot_data = verify_payload(
184 kernel,
185 None, // initrd
186 &public_key,
187 )?;
188 Ok(verified_boot_data.name)
189 }
190
read_page_size(kernel: &[u8]) -> Result<Option<usize>, PvmfwVerifyError>191 pub fn read_page_size(kernel: &[u8]) -> Result<Option<usize>, PvmfwVerifyError> {
192 let public_key = load_trusted_public_key().unwrap();
193 let verified_boot_data = verify_payload(
194 kernel,
195 None, // initrd
196 &public_key,
197 )?;
198 Ok(verified_boot_data.page_size)
199 }
200
hash(inputs: &[&[u8]]) -> Digest201 pub fn hash(inputs: &[&[u8]]) -> Digest {
202 let mut digester = sha::Sha256::new();
203 inputs.iter().for_each(|input| digester.update(input));
204 digester.finish()
205 }
206