• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Permission is hereby granted, free of charge, to any person
5  * obtaining a copy of this software and associated documentation
6  * files (the "Software"), to deal in the Software without
7  * restriction, including without limitation the rights to use, copy,
8  * modify, merge, publish, distribute, sublicense, and/or sell copies
9  * of the Software, and to permit persons to whom the Software is
10  * furnished to do so, subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #include <iostream>
26 
27 #include <endian.h>
28 #include <inttypes.h>
29 #include <string.h>
30 
31 #include <base/files/file_util.h>
32 #include <base/strings/string_util.h>
33 #include <base/strings/stringprintf.h>
34 
35 #include <libavb/libavb.h>
36 
37 #include "avb_unittest_util.h"
38 
39 namespace avb {
40 
41 class VerifyTest : public BaseAvbToolTest {
42  public:
VerifyTest()43   VerifyTest() {}
44 
45  protected:
46   // Helper function for ModificationDetection test. Modifies
47   // boot_image_ in a number of places in the sub-array at |offset| of
48   // size |length| and checks that avb_vbmeta_image_verify() returns
49   // |expected_result|.
50   bool test_modification(AvbVBMetaVerifyResult expected_result,
51                          size_t offset,
52                          size_t length);
53 };
54 
TEST_F(VerifyTest,BootImageStructSize)55 TEST_F(VerifyTest, BootImageStructSize) {
56   EXPECT_EQ(256UL, sizeof(AvbVBMetaImageHeader));
57 }
58 
TEST_F(VerifyTest,CheckSHA256RSA2048)59 TEST_F(VerifyTest, CheckSHA256RSA2048) {
60   GenerateVBMetaImage("vbmeta.img",
61                       "SHA256_RSA2048",
62                       0,
63                       base::FilePath("test/data/testkey_rsa2048.pem"));
64   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
65             avb_vbmeta_image_verify(
66                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
67 }
68 
TEST_F(VerifyTest,CheckSHA256RSA4096)69 TEST_F(VerifyTest, CheckSHA256RSA4096) {
70   GenerateVBMetaImage("vbmeta.img",
71                       "SHA256_RSA4096",
72                       0,
73                       base::FilePath("test/data/testkey_rsa4096.pem"));
74   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
75             avb_vbmeta_image_verify(
76                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
77 }
78 
TEST_F(VerifyTest,CheckSHA256RSA8192)79 TEST_F(VerifyTest, CheckSHA256RSA8192) {
80   GenerateVBMetaImage("vbmeta.img",
81                       "SHA256_RSA8192",
82                       0,
83                       base::FilePath("test/data/testkey_rsa8192.pem"));
84   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
85             avb_vbmeta_image_verify(
86                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
87 }
88 
TEST_F(VerifyTest,CheckSHA512RSA2048)89 TEST_F(VerifyTest, CheckSHA512RSA2048) {
90   GenerateVBMetaImage("vbmeta.img",
91                       "SHA512_RSA2048",
92                       0,
93                       base::FilePath("test/data/testkey_rsa2048.pem"));
94   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
95             avb_vbmeta_image_verify(
96                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
97 }
98 
TEST_F(VerifyTest,CheckSHA512RSA4096)99 TEST_F(VerifyTest, CheckSHA512RSA4096) {
100   GenerateVBMetaImage("vbmeta.img",
101                       "SHA512_RSA4096",
102                       0,
103                       base::FilePath("test/data/testkey_rsa4096.pem"));
104   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
105             avb_vbmeta_image_verify(
106                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
107 }
108 
TEST_F(VerifyTest,CheckSHA512RSA8192)109 TEST_F(VerifyTest, CheckSHA512RSA8192) {
110   GenerateVBMetaImage("vbmeta.img",
111                       "SHA512_RSA8192",
112                       0,
113                       base::FilePath("test/data/testkey_rsa8192.pem"));
114   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
115             avb_vbmeta_image_verify(
116                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
117 }
118 
TEST_F(VerifyTest,CheckUnsigned)119 TEST_F(VerifyTest, CheckUnsigned) {
120   GenerateVBMetaImage("vbmeta.img", "", 0, base::FilePath(""));
121   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED,
122             avb_vbmeta_image_verify(
123                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
124 }
125 
TEST_F(VerifyTest,CheckBiggerLength)126 TEST_F(VerifyTest, CheckBiggerLength) {
127   GenerateVBMetaImage("vbmeta.img",
128                       "SHA256_RSA2048",
129                       0,
130                       base::FilePath("test/data/testkey_rsa2048.pem"));
131   // Check that it's OK if we pass a bigger length than what the
132   // header indicates.
133   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
134             avb_vbmeta_image_verify(
135                 vbmeta_image_.data(), vbmeta_image_.size() + 8192, NULL, NULL));
136 }
137 
TEST_F(VerifyTest,BadMagic)138 TEST_F(VerifyTest, BadMagic) {
139   GenerateVBMetaImage("vbmeta.img",
140                       "SHA256_RSA2048",
141                       0,
142                       base::FilePath("test/data/testkey_rsa2048.pem"));
143   vbmeta_image_[0] = 'Z';
144   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
145             avb_vbmeta_image_verify(
146                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
147 }
148 
TEST_F(VerifyTest,MajorVersionCheck)149 TEST_F(VerifyTest, MajorVersionCheck) {
150   GenerateVBMetaImage("vbmeta.img",
151                       "SHA256_RSA2048",
152                       0,
153                       base::FilePath("test/data/testkey_rsa2048.pem"));
154 
155   // Bail if it's a different major version.
156   AvbVBMetaImageHeader* h =
157       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
158   h->required_libavb_version_major = htobe32(1 + AVB_VERSION_MAJOR);
159   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION,
160             avb_vbmeta_image_verify(
161                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
162 }
163 
TEST_F(VerifyTest,MinorVersionCheck)164 TEST_F(VerifyTest, MinorVersionCheck) {
165   GenerateVBMetaImage("vbmeta.img", "", 0, base::FilePath(""));
166 
167   // Bail if required_libavb_version_minor exceeds our libavb version.
168   AvbVBMetaImageHeader* h =
169       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
170   h->required_libavb_version_minor = htobe32(1 + AVB_VERSION_MINOR);
171   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION,
172             avb_vbmeta_image_verify(
173                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
174 }
175 
TEST_F(VerifyTest,NulTerminatedReleaseString)176 TEST_F(VerifyTest, NulTerminatedReleaseString) {
177   GenerateVBMetaImage("vbmeta.img", "", 0, base::FilePath(""));
178 
179   // Bail if |release_string| isn't NUL-terminated.
180   AvbVBMetaImageHeader* h =
181       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
182   for (size_t n = 0; n < AVB_RELEASE_STRING_SIZE; n++) {
183     h->release_string[n] = 'a';
184   }
185   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
186             avb_vbmeta_image_verify(
187                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
188 }
189 
TEST_F(VerifyTest,BlockSizesAddUpToLessThanLength)190 TEST_F(VerifyTest, BlockSizesAddUpToLessThanLength) {
191   GenerateVBMetaImage("vbmeta.img",
192                       "SHA256_RSA2048",
193                       0,
194                       base::FilePath("test/data/testkey_rsa2048.pem"));
195 
196   AvbVBMetaImageHeader* h =
197       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
198   AvbVBMetaImageHeader backup = *h;
199 
200   // Check that the sum of the two block lengths is less than passed
201   // in size. Use a size that's a multiple of 64 to avoid failure on
202   // earlier check.
203   uint64_t size = vbmeta_image_.size() & (~0x3f);
204 
205   h->authentication_data_block_size = htobe64(size);
206   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
207             avb_vbmeta_image_verify(
208                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
209   *h = backup;
210 
211   h->auxiliary_data_block_size = htobe64(size);
212   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
213             avb_vbmeta_image_verify(
214                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
215   *h = backup;
216 
217   // Overflow checks - choose overflow candidate so it's a multiple of
218   // 64 otherwise we'll fail on an earlier check.
219   size = 0xffffffffffffffc0UL;
220 
221   h->authentication_data_block_size = htobe64(size);
222   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
223             avb_vbmeta_image_verify(
224                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
225   *h = backup;
226 
227   h->auxiliary_data_block_size = htobe64(size);
228   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
229             avb_vbmeta_image_verify(
230                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
231   *h = backup;
232 
233   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
234             avb_vbmeta_image_verify(
235                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
236 }
237 
TEST_F(VerifyTest,BlockSizesMultipleOf64)238 TEST_F(VerifyTest, BlockSizesMultipleOf64) {
239   GenerateVBMetaImage("vbmeta.img",
240                       "SHA256_RSA2048",
241                       0,
242                       base::FilePath("test/data/testkey_rsa2048.pem"));
243 
244   AvbVBMetaImageHeader* h =
245       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
246   AvbVBMetaImageHeader backup = *h;
247 
248   h->authentication_data_block_size =
249       htobe32(be32toh(h->authentication_data_block_size) - 32);
250   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
251             avb_vbmeta_image_verify(
252                 vbmeta_image_.data(), vbmeta_image_.size() - 32, NULL, NULL));
253   *h = backup;
254 
255   h->auxiliary_data_block_size =
256       htobe32(be32toh(h->auxiliary_data_block_size) - 32);
257   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
258             avb_vbmeta_image_verify(
259                 vbmeta_image_.data(), vbmeta_image_.size() - 32, NULL, NULL));
260   *h = backup;
261 
262   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
263             avb_vbmeta_image_verify(
264                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
265 }
266 
TEST_F(VerifyTest,HashOutOfBounds)267 TEST_F(VerifyTest, HashOutOfBounds) {
268   GenerateVBMetaImage("vbmeta.img",
269                       "SHA256_RSA2048",
270                       0,
271                       base::FilePath("test/data/testkey_rsa2048.pem"));
272 
273   AvbVBMetaImageHeader* h =
274       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
275 
276   // Check we catch when hash data goes out of bounds.
277   h->hash_offset = htobe64(4);
278   h->hash_size = htobe64(be64toh(h->authentication_data_block_size));
279   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
280             avb_vbmeta_image_verify(
281                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
282 
283   // Overflow checks.
284   h->hash_offset = htobe64(4);
285   h->hash_size = htobe64(0xfffffffffffffffeUL);
286   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
287             avb_vbmeta_image_verify(
288                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
289 }
290 
TEST_F(VerifyTest,SignatureOutOfBounds)291 TEST_F(VerifyTest, SignatureOutOfBounds) {
292   GenerateVBMetaImage("vbmeta.img",
293                       "SHA256_RSA2048",
294                       0,
295                       base::FilePath("test/data/testkey_rsa2048.pem"));
296 
297   AvbVBMetaImageHeader* h =
298       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
299 
300   // Check we catch when signature data goes out of bounds.
301   h->signature_offset = htobe64(4);
302   h->signature_size = htobe64(be64toh(h->authentication_data_block_size));
303   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
304             avb_vbmeta_image_verify(
305                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
306 
307   // Overflow checks.
308   h->signature_offset = htobe64(4);
309   h->signature_size = htobe64(0xfffffffffffffffeUL);
310   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
311             avb_vbmeta_image_verify(
312                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
313 }
314 
TEST_F(VerifyTest,PublicKeyOutOfBounds)315 TEST_F(VerifyTest, PublicKeyOutOfBounds) {
316   GenerateVBMetaImage("vbmeta.img",
317                       "SHA256_RSA2048",
318                       0,
319                       base::FilePath("test/data/testkey_rsa2048.pem"));
320 
321   AvbVBMetaImageHeader* h =
322       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
323 
324   // Check we catch when public key data goes out of bounds.
325   h->public_key_offset = htobe64(4);
326   h->public_key_size = htobe64(be64toh(h->auxiliary_data_block_size));
327   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
328             avb_vbmeta_image_verify(
329                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
330 
331   // Overflow checks.
332   h->public_key_offset = htobe64(4);
333   h->public_key_size = htobe64(0xfffffffffffffffeUL);
334   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
335             avb_vbmeta_image_verify(
336                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
337 }
338 
TEST_F(VerifyTest,PublicKeyMetadataOutOfBounds)339 TEST_F(VerifyTest, PublicKeyMetadataOutOfBounds) {
340   GenerateVBMetaImage("vbmeta.img",
341                       "SHA256_RSA2048",
342                       0,
343                       base::FilePath("test/data/testkey_rsa2048.pem"));
344 
345   AvbVBMetaImageHeader* h =
346       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
347 
348   // Check we catch when public key metadata data goes out of bounds.
349   h->public_key_metadata_offset = htobe64(4);
350   h->public_key_metadata_size = htobe64(be64toh(h->auxiliary_data_block_size));
351   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
352             avb_vbmeta_image_verify(
353                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
354 
355   // Overflow checks.
356   h->public_key_metadata_offset = htobe64(4);
357   h->public_key_metadata_size = htobe64(0xfffffffffffffffeUL);
358   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
359             avb_vbmeta_image_verify(
360                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
361 }
362 
TEST_F(VerifyTest,InvalidAlgorithmField)363 TEST_F(VerifyTest, InvalidAlgorithmField) {
364   GenerateVBMetaImage("vbmeta.img",
365                       "SHA256_RSA2048",
366                       0,
367                       base::FilePath("test/data/testkey_rsa2048.pem"));
368 
369   AvbVBMetaImageHeader* h =
370       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
371   AvbVBMetaImageHeader backup = *h;
372 
373   // Check we bail on unknown algorithm.
374   h->algorithm_type = htobe32(_AVB_ALGORITHM_NUM_TYPES);
375   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
376             avb_vbmeta_image_verify(
377                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
378   *h = backup;
379   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
380             avb_vbmeta_image_verify(
381                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
382 }
383 
TEST_F(VerifyTest,PublicKeyBlockTooSmall)384 TEST_F(VerifyTest, PublicKeyBlockTooSmall) {
385   GenerateVBMetaImage("vbmeta.img",
386                       "SHA256_RSA2048",
387                       0,
388                       base::FilePath("test/data/testkey_rsa2048.pem"));
389 
390   AvbVBMetaImageHeader* h =
391       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
392   AvbVBMetaImageHeader backup = *h;
393 
394   // Check we bail if the auxiliary data block is too small.
395   uint64_t change = be64toh(h->auxiliary_data_block_size) - 64;
396   h->auxiliary_data_block_size = htobe64(change);
397   EXPECT_EQ(
398       AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
399       avb_vbmeta_image_verify(
400           vbmeta_image_.data(), vbmeta_image_.size() - change, NULL, NULL));
401   *h = backup;
402   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
403             avb_vbmeta_image_verify(
404                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
405 }
406 
test_modification(AvbVBMetaVerifyResult expected_result,size_t offset,size_t length)407 bool VerifyTest::test_modification(AvbVBMetaVerifyResult expected_result,
408                                    size_t offset,
409                                    size_t length) {
410   uint8_t* d = reinterpret_cast<uint8_t*>(vbmeta_image_.data());
411   const int kNumCheckpoints = 16;
412 
413   // Test |kNumCheckpoints| modifications in the start, middle, and
414   // end of given sub-array.
415   for (int n = 0; n <= kNumCheckpoints; n++) {
416     size_t o = std::min(length * n / kNumCheckpoints, length - 1) + offset;
417     d[o] ^= 0x80;
418     AvbVBMetaVerifyResult result = avb_vbmeta_image_verify(
419         vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL);
420     d[o] ^= 0x80;
421     if (result != expected_result) {
422       return false;
423     }
424   }
425 
426   return true;
427 }
428 
TEST_F(VerifyTest,ModificationDetection)429 TEST_F(VerifyTest, ModificationDetection) {
430   GenerateVBMetaImage("vbmeta.img",
431                       "SHA256_RSA2048",
432                       0,
433                       base::FilePath("test/data/testkey_rsa2048.pem"));
434 
435   EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
436             avb_vbmeta_image_verify(
437                 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
438 
439   AvbVBMetaImageHeader h;
440   avb_vbmeta_image_header_to_host_byte_order(
441       reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data()), &h);
442 
443   size_t header_block_offset = 0;
444   size_t authentication_block_offset =
445       header_block_offset + sizeof(AvbVBMetaImageHeader);
446   size_t auxiliary_block_offset =
447       authentication_block_offset + h.authentication_data_block_size;
448 
449   // Ensure we detect modification of the header data block. Do this
450   // in a field that's not validated so INVALID_VBMETA_HEADER
451   // isn't returned.
452   EXPECT_TRUE(test_modification(
453       AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
454       offsetof(AvbVBMetaImageHeader, reserved),
455       sizeof(AvbVBMetaImageHeader) - offsetof(AvbVBMetaImageHeader, reserved)));
456   // Also check the |reserved| field.
457   EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
458                                 offsetof(AvbVBMetaImageHeader, reserved),
459                                 sizeof(AvbVBMetaImageHeader().reserved)));
460 
461   // Ensure we detect modifications in the auxiliary data block.
462   EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
463                                 auxiliary_block_offset,
464                                 h.auxiliary_data_block_size));
465 
466   // Modifications in the hash part of the Authentication data block
467   // should also yield HASH_MISMATCH. This is because the hash check
468   // compares the calculated hash against the stored hash.
469   EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
470                                 authentication_block_offset + h.hash_offset,
471                                 h.hash_size));
472 
473   // Modifications in the signature part of the Authentication data
474   // block, should not cause a hash mismatch ... but will cause a
475   // signature mismatch.
476   EXPECT_TRUE(
477       test_modification(AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH,
478                         authentication_block_offset + h.signature_offset,
479                         h.signature_size));
480 
481   // Mofications outside the hash and signature parts of the
482   // Authentication data block are not detected. This is because it's
483   // not part of the hash calculation.
484   uint64_t offset = h.signature_offset + h.signature_size;
485   ASSERT_LT(h.hash_offset, h.signature_offset);
486   ASSERT_LT(offset + 1, h.authentication_data_block_size);
487   EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_OK,
488                                 authentication_block_offset + offset,
489                                 h.authentication_data_block_size - offset));
490 }
491 
TEST_F(VerifyTest,VBMetaHeaderByteswap)492 TEST_F(VerifyTest, VBMetaHeaderByteswap) {
493   AvbVBMetaImageHeader h;
494   AvbVBMetaImageHeader s;
495   uint32_t n32;
496   uint64_t n64;
497 
498   n32 = 0x11223344;
499   n64 = 0x1122334455667788;
500 
501   h.required_libavb_version_major = htobe32(n32);
502   n32++;
503   h.required_libavb_version_minor = htobe32(n32);
504   n32++;
505   h.authentication_data_block_size = htobe64(n64);
506   n64++;
507   h.auxiliary_data_block_size = htobe64(n64);
508   n64++;
509   h.algorithm_type = htobe32(n32);
510   n32++;
511   h.hash_offset = htobe64(n64);
512   n64++;
513   h.hash_size = htobe64(n64);
514   n64++;
515   h.signature_offset = htobe64(n64);
516   n64++;
517   h.signature_size = htobe64(n64);
518   n64++;
519   h.public_key_offset = htobe64(n64);
520   n64++;
521   h.public_key_size = htobe64(n64);
522   n64++;
523   h.public_key_metadata_offset = htobe64(n64);
524   n64++;
525   h.public_key_metadata_size = htobe64(n64);
526   n64++;
527   h.descriptors_offset = htobe64(n64);
528   n64++;
529   h.descriptors_size = htobe64(n64);
530   n64++;
531   h.rollback_index = htobe64(n64);
532   n64++;
533   h.flags = htobe32(n32);
534   n32++;
535 
536   avb_vbmeta_image_header_to_host_byte_order(&h, &s);
537 
538   n32 = 0x11223344;
539   n64 = 0x1122334455667788;
540 
541   EXPECT_EQ(n32, s.required_libavb_version_major);
542   n32++;
543   EXPECT_EQ(n32, s.required_libavb_version_minor);
544   n32++;
545   EXPECT_EQ(n64, s.authentication_data_block_size);
546   n64++;
547   EXPECT_EQ(n64, s.auxiliary_data_block_size);
548   n64++;
549   EXPECT_EQ(n32, s.algorithm_type);
550   n32++;
551   EXPECT_EQ(n64, s.hash_offset);
552   n64++;
553   EXPECT_EQ(n64, s.hash_size);
554   n64++;
555   EXPECT_EQ(n64, s.signature_offset);
556   n64++;
557   EXPECT_EQ(n64, s.signature_size);
558   n64++;
559   EXPECT_EQ(n64, s.public_key_offset);
560   n64++;
561   EXPECT_EQ(n64, s.public_key_size);
562   n64++;
563   EXPECT_EQ(n64, s.public_key_metadata_offset);
564   n64++;
565   EXPECT_EQ(n64, s.public_key_metadata_size);
566   n64++;
567   EXPECT_EQ(n64, s.descriptors_offset);
568   n64++;
569   EXPECT_EQ(n64, s.descriptors_size);
570   n64++;
571   EXPECT_EQ(n64, s.rollback_index);
572   n64++;
573   EXPECT_EQ(n32, s.flags);
574   n32++;
575 
576   // If new fields are added, the following will fail. This is to
577   // remind that byteswapping code (in avb_util.c) and unittests for
578   // this should be updated.
579   static_assert(offsetof(AvbVBMetaImageHeader, reserved) == 176,
580                 "Remember to unittest byteswapping of newly added fields");
581 }
582 
583 }  // namespace avb
584