1 /*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 //! Utility functions used by API tests.
18
19 use anyhow::{anyhow, Result};
20 use avb_bindgen::{
21 avb_footer_validate_and_byteswap, avb_vbmeta_image_header_to_host_byte_order, AvbFooter,
22 AvbVBMetaImageHeader,
23 };
24 use openssl::sha;
25 use pvmfw_avb::{
26 verify_payload, Capability, DebugLevel, Digest, PvmfwVerifyError, VerifiedBootData,
27 };
28 use std::{
29 fs,
30 mem::{size_of, transmute, MaybeUninit},
31 };
32
33 const MICRODROID_KERNEL_IMG_PATH: &str = "microdroid_kernel";
34 const INITRD_NORMAL_IMG_PATH: &str = "microdroid_initrd_normal.img";
35 const INITRD_DEBUG_IMG_PATH: &str = "microdroid_initrd_debuggable.img";
36 const TRUSTY_SECURITY_VM_KERNEL_IMG_PATH: &str = "trusty_security_vm_signed";
37 const PUBLIC_KEY_RSA4096_PATH: &str = "data/testkey_rsa4096_pub.bin";
38
39 pub const PUBLIC_KEY_RSA2048_PATH: &str = "data/testkey_rsa2048_pub.bin";
40
assert_payload_verification_with_initrd_fails( kernel: &[u8], initrd: &[u8], trusted_public_key: &[u8], expected_error: PvmfwVerifyError, ) -> Result<()>41 pub fn assert_payload_verification_with_initrd_fails(
42 kernel: &[u8],
43 initrd: &[u8],
44 trusted_public_key: &[u8],
45 expected_error: PvmfwVerifyError,
46 ) -> Result<()> {
47 assert_payload_verification_fails(kernel, Some(initrd), trusted_public_key, expected_error)
48 }
49
assert_payload_verification_fails( kernel: &[u8], initrd: Option<&[u8]>, trusted_public_key: &[u8], expected_error: PvmfwVerifyError, ) -> Result<()>50 pub fn assert_payload_verification_fails(
51 kernel: &[u8],
52 initrd: Option<&[u8]>,
53 trusted_public_key: &[u8],
54 expected_error: PvmfwVerifyError,
55 ) -> Result<()> {
56 assert_eq!(expected_error, verify_payload(kernel, initrd, trusted_public_key).unwrap_err());
57 Ok(())
58 }
59
load_latest_signed_kernel() -> Result<Vec<u8>>60 pub fn load_latest_signed_kernel() -> Result<Vec<u8>> {
61 Ok(fs::read(MICRODROID_KERNEL_IMG_PATH)?)
62 }
63
load_latest_trusty_security_vm_signed_kernel() -> Result<Vec<u8>>64 pub fn load_latest_trusty_security_vm_signed_kernel() -> Result<Vec<u8>> {
65 Ok(fs::read(TRUSTY_SECURITY_VM_KERNEL_IMG_PATH)?)
66 }
67
load_latest_initrd_normal() -> Result<Vec<u8>>68 pub fn load_latest_initrd_normal() -> Result<Vec<u8>> {
69 Ok(fs::read(INITRD_NORMAL_IMG_PATH)?)
70 }
71
load_latest_initrd_debug() -> Result<Vec<u8>>72 pub fn load_latest_initrd_debug() -> Result<Vec<u8>> {
73 Ok(fs::read(INITRD_DEBUG_IMG_PATH)?)
74 }
75
load_trusted_public_key() -> Result<Vec<u8>>76 pub fn load_trusted_public_key() -> Result<Vec<u8>> {
77 Ok(fs::read(PUBLIC_KEY_RSA4096_PATH)?)
78 }
79
get_avb_footer_offset(signed_kernel: &[u8]) -> Result<usize>80 pub fn get_avb_footer_offset(signed_kernel: &[u8]) -> Result<usize> {
81 let offset = signed_kernel.len().checked_sub(size_of::<AvbFooter>());
82
83 offset.ok_or_else(|| anyhow!("Kernel too small to be AVB-signed"))
84 }
85
extract_avb_footer(kernel: &[u8]) -> Result<AvbFooter>86 pub fn extract_avb_footer(kernel: &[u8]) -> Result<AvbFooter> {
87 let footer_start = get_avb_footer_offset(kernel)?;
88 // SAFETY: The slice is the same size as the struct which only contains simple data types.
89 let mut footer = unsafe {
90 transmute::<[u8; size_of::<AvbFooter>()], AvbFooter>(kernel[footer_start..].try_into()?)
91 };
92 // SAFETY: The function updates the struct in-place.
93 unsafe {
94 avb_footer_validate_and_byteswap(&footer, &mut footer);
95 }
96 Ok(footer)
97 }
98
extract_vbmeta_header(kernel: &[u8], footer: &AvbFooter) -> Result<AvbVBMetaImageHeader>99 pub fn extract_vbmeta_header(kernel: &[u8], footer: &AvbFooter) -> Result<AvbVBMetaImageHeader> {
100 let vbmeta_offset: usize = footer.vbmeta_offset.try_into()?;
101 let vbmeta_size: usize = footer.vbmeta_size.try_into()?;
102 let vbmeta_src = &kernel[vbmeta_offset..(vbmeta_offset + vbmeta_size)];
103 // SAFETY: The latest kernel has a valid VBMeta header at the position specified in footer.
104 let vbmeta_header = unsafe {
105 let mut header = MaybeUninit::uninit();
106 let src = vbmeta_src.as_ptr() as *const _ as *const AvbVBMetaImageHeader;
107 avb_vbmeta_image_header_to_host_byte_order(src, header.as_mut_ptr());
108 header.assume_init()
109 };
110 Ok(vbmeta_header)
111 }
112
assert_latest_payload_verification_passes( initrd: &[u8], initrd_salt: &[u8], expected_debug_level: DebugLevel, page_size: Option<usize>, ) -> Result<()>113 pub fn assert_latest_payload_verification_passes(
114 initrd: &[u8],
115 initrd_salt: &[u8],
116 expected_debug_level: DebugLevel,
117 page_size: Option<usize>,
118 ) -> Result<()> {
119 let public_key = load_trusted_public_key()?;
120 let kernel = load_latest_signed_kernel()?;
121 let verified_boot_data = verify_payload(&kernel, Some(initrd), &public_key)
122 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
123
124 let footer = extract_avb_footer(&kernel)?;
125 let kernel_digest =
126 hash(&[&hash(&[b"bootloader"]), &kernel[..usize::try_from(footer.original_image_size)?]]);
127 let capabilities =
128 if cfg!(llpvm_changes) { vec![Capability::SecretkeeperProtection] } else { vec![] };
129 let initrd_digest = Some(hash(&[&hash(&[initrd_salt]), initrd]));
130 let expected_boot_data = VerifiedBootData {
131 debug_level: expected_debug_level,
132 kernel_digest,
133 initrd_digest,
134 public_key: &public_key,
135 capabilities,
136 rollback_index: if cfg!(llpvm_changes) { 1 } else { 0 },
137 page_size,
138 };
139 assert_eq!(expected_boot_data, verified_boot_data);
140
141 Ok(())
142 }
143
assert_payload_without_initrd_passes_verification( kernel: &[u8], salt: &[u8], expected_rollback_index: u64, capabilities: Vec<Capability>, page_size: Option<usize>, ) -> Result<()>144 pub fn assert_payload_without_initrd_passes_verification(
145 kernel: &[u8],
146 salt: &[u8],
147 expected_rollback_index: u64,
148 capabilities: Vec<Capability>,
149 page_size: Option<usize>,
150 ) -> Result<()> {
151 let public_key = load_trusted_public_key()?;
152 let verified_boot_data = verify_payload(
153 kernel,
154 None, // initrd
155 &public_key,
156 )
157 .map_err(|e| anyhow!("Verification failed. Error: {}", e))?;
158
159 let footer = extract_avb_footer(kernel)?;
160 let kernel_digest =
161 hash(&[&hash(&[salt]), &kernel[..usize::try_from(footer.original_image_size)?]]);
162 let expected_boot_data = VerifiedBootData {
163 debug_level: DebugLevel::None,
164 kernel_digest,
165 initrd_digest: None,
166 public_key: &public_key,
167 capabilities,
168 rollback_index: expected_rollback_index,
169 page_size,
170 };
171 assert_eq!(expected_boot_data, verified_boot_data);
172
173 Ok(())
174 }
175
hash(inputs: &[&[u8]]) -> Digest176 pub fn hash(inputs: &[&[u8]]) -> Digest {
177 let mut digester = sha::Sha256::new();
178 inputs.iter().for_each(|input| digester.update(input));
179 digester.finish()
180 }
181