xref: /aosp_15_r20/external/avb/test/avb_cert_validate_unittest.cc (revision d289c2ba6de359471b23d594623b906876bc48a0)
1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Permission is hereby granted, free of charge, to any person
5  * obtaining a copy of this software and associated documentation
6  * files (the "Software"), to deal in the Software without
7  * restriction, including without limitation the rights to use, copy,
8  * modify, merge, publish, distribute, sublicense, and/or sell copies
9  * of the Software, and to permit persons to whom the Software is
10  * furnished to do so, subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #include <base/files/file_util.h>
26 #include <gtest/gtest.h>
27 #include <libavb_cert/libavb_cert.h>
28 #include <openssl/objects.h>
29 #include <openssl/pem.h>
30 #include <openssl/rsa.h>
31 #include <openssl/sha.h>
32 #include <stdio.h>
33 #include <string.h>
34 
35 #include "avb_unittest_util.h"
36 #include "fake_avb_ops.h"
37 
38 namespace {
39 
40 const char kMetadataPath[] = "test/data/cert_metadata.bin";
41 const char kPermanentAttributesPath[] =
42     "test/data/cert_permanent_attributes.bin";
43 const char kPRKPrivateKeyPath[] = "test/data/testkey_cert_prk.pem";
44 const char kPIKPrivateKeyPath[] = "test/data/testkey_cert_pik.pem";
45 const char kPSKPrivateKeyPath[] = "test/data/testkey_cert_psk.pem";
46 const char kPUKPrivateKeyPath[] = "test/data/testkey_cert_puk.pem";
47 const char kUnlockChallengePath[] = "test/data/cert_unlock_challenge.bin";
48 const char kUnlockCredentialPath[] = "test/data/cert_unlock_credential.bin";
49 
50 class ScopedRSA {
51  public:
ScopedRSA(const char * pem_key_path)52   ScopedRSA(const char* pem_key_path) {
53     FILE* file = fopen(pem_key_path, "r");
54     rsa_ = PEM_read_RSAPrivateKey(file, nullptr, nullptr, nullptr);
55     fclose(file);
56   }
57 
~ScopedRSA()58   ~ScopedRSA() {
59     if (rsa_) {
60       RSA_free(rsa_);
61     }
62   }
63 
64   // PKCS #1 v1.5 signature using SHA512. Returns true on success.
Sign(const void * data_to_sign,size_t length,uint8_t signature[])65   bool Sign(const void* data_to_sign, size_t length, uint8_t signature[]) {
66     uint8_t digest[AVB_SHA512_DIGEST_SIZE];
67     const unsigned char* data_to_sign_buf =
68         reinterpret_cast<const unsigned char*>(data_to_sign);
69     SHA512(data_to_sign_buf, length, digest);
70     unsigned int signature_length = 0;
71     return (1 == RSA_sign(NID_sha512,
72                           digest,
73                           AVB_SHA512_DIGEST_SIZE,
74                           signature,
75                           &signature_length,
76                           rsa_));
77   }
78 
79  private:
80   RSA* rsa_;
81 };
82 
83 } /* namespace */
84 
85 namespace avb {
86 
87 class AvbCertValidateTest : public ::testing::Test,
88                             public FakeAvbOpsDelegateWithDefaults {
89  public:
~AvbCertValidateTest()90   ~AvbCertValidateTest() override {}
91 
SetUp()92   void SetUp() override {
93     ReadDefaultData();
94     ops_.set_delegate(this);
95     ops_.set_permanent_attributes(attributes_);
96     ops_.set_stored_rollback_indexes({{AVB_CERT_PIK_VERSION_LOCATION, 0},
97                                       {AVB_CERT_PSK_VERSION_LOCATION, 0}});
98   }
99 
100   // FakeAvbOpsDelegate methods.
read_from_partition(const char * partition,int64_t offset,size_t num_bytes,void * buffer,size_t * out_num_read)101   AvbIOResult read_from_partition(const char* partition,
102                                   int64_t offset,
103                                   size_t num_bytes,
104                                   void* buffer,
105                                   size_t* out_num_read) override {
106     // Expect method not used.
107     return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
108   }
109 
get_preloaded_partition(const char * partition,size_t num_bytes,uint8_t ** out_pointer,size_t * out_num_bytes_preloaded)110   AvbIOResult get_preloaded_partition(
111       const char* partition,
112       size_t num_bytes,
113       uint8_t** out_pointer,
114       size_t* out_num_bytes_preloaded) override {
115     // Expect method not used.
116     return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
117   }
118 
write_to_partition(const char * partition,int64_t offset,size_t num_bytes,const void * buffer)119   AvbIOResult write_to_partition(const char* partition,
120                                  int64_t offset,
121                                  size_t num_bytes,
122                                  const void* buffer) override {
123     // Expect method not used.
124     return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
125   }
126 
validate_vbmeta_public_key(AvbOps * ops,const uint8_t * public_key_data,size_t public_key_length,const uint8_t * public_key_metadata,size_t public_key_metadata_length,bool * out_key_is_trusted)127   AvbIOResult validate_vbmeta_public_key(AvbOps* ops,
128                                          const uint8_t* public_key_data,
129                                          size_t public_key_length,
130                                          const uint8_t* public_key_metadata,
131                                          size_t public_key_metadata_length,
132                                          bool* out_key_is_trusted) override {
133     // Expect method not used.
134     return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
135   }
136 
read_rollback_index(AvbOps * ops,size_t rollback_index_slot,uint64_t * out_rollback_index)137   AvbIOResult read_rollback_index(AvbOps* ops,
138                                   size_t rollback_index_slot,
139                                   uint64_t* out_rollback_index) override {
140     if ((fail_read_pik_rollback_index_ &&
141          rollback_index_slot == AVB_CERT_PIK_VERSION_LOCATION) ||
142         (fail_read_psk_rollback_index_ &&
143          rollback_index_slot == AVB_CERT_PSK_VERSION_LOCATION)) {
144       return AVB_IO_RESULT_ERROR_IO;
145     }
146     return ops_.read_rollback_index(
147         ops, rollback_index_slot, out_rollback_index);
148   }
149 
write_rollback_index(AvbOps * ops,size_t rollback_index_slot,uint64_t rollback_index)150   AvbIOResult write_rollback_index(AvbOps* ops,
151                                    size_t rollback_index_slot,
152                                    uint64_t rollback_index) override {
153     // Expect method not used.
154     return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
155   }
156 
read_is_device_unlocked(AvbOps * ops,bool * out_is_device_unlocked)157   AvbIOResult read_is_device_unlocked(AvbOps* ops,
158                                       bool* out_is_device_unlocked) override {
159     // Expect method not used.
160     return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
161   }
162 
get_unique_guid_for_partition(AvbOps * ops,const char * partition,char * guid_buf,size_t guid_buf_size)163   AvbIOResult get_unique_guid_for_partition(AvbOps* ops,
164                                             const char* partition,
165                                             char* guid_buf,
166                                             size_t guid_buf_size) override {
167     // Expect method not used.
168     return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
169   }
170 
get_size_of_partition(AvbOps * ops,const char * partition,uint64_t * out_size)171   AvbIOResult get_size_of_partition(AvbOps* ops,
172                                     const char* partition,
173                                     uint64_t* out_size) override {
174     // Expect method not used.
175     return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
176   }
177 
read_persistent_value(const char * name,size_t buffer_size,uint8_t * out_buffer,size_t * out_num_bytes_read)178   AvbIOResult read_persistent_value(const char* name,
179                                     size_t buffer_size,
180                                     uint8_t* out_buffer,
181                                     size_t* out_num_bytes_read) override {
182     // Expect method not used.
183     return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
184   }
185 
write_persistent_value(const char * name,size_t value_size,const uint8_t * value)186   AvbIOResult write_persistent_value(const char* name,
187                                      size_t value_size,
188                                      const uint8_t* value) override {
189     // Expect method not used.
190     return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
191   }
192 
read_permanent_attributes(AvbCertPermanentAttributes * attributes)193   AvbIOResult read_permanent_attributes(
194       AvbCertPermanentAttributes* attributes) override {
195     if (fail_read_permanent_attributes_) {
196       return AVB_IO_RESULT_ERROR_IO;
197     }
198     return ops_.read_permanent_attributes(attributes);
199   }
200 
read_permanent_attributes_hash(uint8_t hash[AVB_SHA256_DIGEST_SIZE])201   AvbIOResult read_permanent_attributes_hash(
202       uint8_t hash[AVB_SHA256_DIGEST_SIZE]) override {
203     if (fail_read_permanent_attributes_hash_) {
204       return AVB_IO_RESULT_ERROR_IO;
205     }
206     return ops_.read_permanent_attributes_hash(hash);
207   }
208 
set_key_version(size_t rollback_index_location,uint64_t key_version)209   void set_key_version(size_t rollback_index_location,
210                        uint64_t key_version) override {
211     ops_.set_key_version(rollback_index_location, key_version);
212   }
213 
get_random(size_t num_bytes,uint8_t * output)214   AvbIOResult get_random(size_t num_bytes, uint8_t* output) override {
215     if (fail_get_random_) {
216       return AVB_IO_RESULT_ERROR_IO;
217     }
218     if (fake_random_.size() >= num_bytes) {
219       memcpy(output, fake_random_.data(), num_bytes);
220       return AVB_IO_RESULT_OK;
221     }
222     return ops_.get_random(num_bytes, output);
223   }
224 
225  protected:
Validate(bool * is_trusted)226   virtual AvbIOResult Validate(bool* is_trusted) {
227     return avb_cert_validate_vbmeta_public_key(
228         ops_.avb_ops(),
229         metadata_.product_signing_key_certificate.signed_data.public_key,
230         AVB_CERT_PUBLIC_KEY_SIZE,
231         reinterpret_cast<const uint8_t*>(&metadata_),
232         sizeof(metadata_),
233         is_trusted);
234   }
235 
ValidateUnlock(bool * is_trusted)236   AvbIOResult ValidateUnlock(bool* is_trusted) {
237     return avb_cert_validate_unlock_credential(
238         ops_.avb_cert_ops(), &unlock_credential_, is_trusted);
239   }
240 
SignPIKCertificate()241   void SignPIKCertificate() {
242     memset(metadata_.product_intermediate_key_certificate.signature,
243            0,
244            AVB_RSA4096_NUM_BYTES);
245     ScopedRSA key(kPRKPrivateKeyPath);
246     ASSERT_TRUE(
247         key.Sign(&metadata_.product_intermediate_key_certificate.signed_data,
248                  sizeof(AvbCertCertificateSignedData),
249                  metadata_.product_intermediate_key_certificate.signature));
250   }
251 
SignPSKCertificate()252   void SignPSKCertificate() {
253     memset(metadata_.product_signing_key_certificate.signature,
254            0,
255            AVB_RSA4096_NUM_BYTES);
256     ScopedRSA key(kPIKPrivateKeyPath);
257     ASSERT_TRUE(key.Sign(&metadata_.product_signing_key_certificate.signed_data,
258                          sizeof(AvbCertCertificateSignedData),
259                          metadata_.product_signing_key_certificate.signature));
260   }
261 
SignUnlockCredentialPIKCertificate()262   void SignUnlockCredentialPIKCertificate() {
263     memset(unlock_credential_.product_intermediate_key_certificate.signature,
264            0,
265            AVB_RSA4096_NUM_BYTES);
266     ScopedRSA key(kPRKPrivateKeyPath);
267     ASSERT_TRUE(key.Sign(
268         &unlock_credential_.product_intermediate_key_certificate.signed_data,
269         sizeof(AvbCertCertificateSignedData),
270         unlock_credential_.product_intermediate_key_certificate.signature));
271   }
272 
SignUnlockCredentialPUKCertificate()273   void SignUnlockCredentialPUKCertificate() {
274     memset(unlock_credential_.product_unlock_key_certificate.signature,
275            0,
276            AVB_RSA4096_NUM_BYTES);
277     ScopedRSA key(kPIKPrivateKeyPath);
278     ASSERT_TRUE(
279         key.Sign(&unlock_credential_.product_unlock_key_certificate.signed_data,
280                  sizeof(AvbCertCertificateSignedData),
281                  unlock_credential_.product_unlock_key_certificate.signature));
282   }
283 
SignUnlockCredentialChallenge(const char * key_path)284   void SignUnlockCredentialChallenge(const char* key_path) {
285     memset(unlock_credential_.challenge_signature, 0, AVB_RSA4096_NUM_BYTES);
286     ScopedRSA key(key_path);
287     ASSERT_TRUE(key.Sign(unlock_challenge_.data(),
288                          unlock_challenge_.size(),
289                          unlock_credential_.challenge_signature));
290   }
291 
PrepareUnlockCredential()292   bool PrepareUnlockCredential() {
293     // Stage a challenge to be remembered as the 'most recent challenge'. Then
294     // the next call to unlock with |unlock_credential_| is expected to succeed.
295     fake_random_ = unlock_challenge_;
296     AvbCertUnlockChallenge challenge;
297     return (AVB_IO_RESULT_OK == avb_cert_generate_unlock_challenge(
298                                     ops_.avb_cert_ops(), &challenge));
299   }
300 
301   AvbCertPermanentAttributes attributes_;
302   AvbCertPublicKeyMetadata metadata_;
303   bool fail_read_permanent_attributes_{false};
304   bool fail_read_permanent_attributes_hash_{false};
305   bool fail_read_pik_rollback_index_{false};
306   bool fail_read_psk_rollback_index_{false};
307   bool fail_get_random_{false};
308   std::string fake_random_;
309   AvbCertUnlockCredential unlock_credential_;
310   std::string unlock_challenge_;
311 
312  private:
ReadDefaultData()313   void ReadDefaultData() {
314     std::string tmp;
315     ASSERT_TRUE(base::ReadFileToString(base::FilePath(kMetadataPath), &tmp));
316     ASSERT_EQ(tmp.size(), sizeof(AvbCertPublicKeyMetadata));
317     memcpy(&metadata_, tmp.data(), tmp.size());
318     ASSERT_TRUE(
319         base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp));
320     ASSERT_EQ(tmp.size(), sizeof(AvbCertPermanentAttributes));
321     memcpy(&attributes_, tmp.data(), tmp.size());
322     ASSERT_TRUE(base::ReadFileToString(base::FilePath(kUnlockChallengePath),
323                                        &unlock_challenge_));
324     ASSERT_EQ(size_t(AVB_CERT_UNLOCK_CHALLENGE_SIZE), unlock_challenge_.size());
325     ASSERT_TRUE(
326         base::ReadFileToString(base::FilePath(kUnlockCredentialPath), &tmp));
327     ASSERT_EQ(tmp.size(), sizeof(AvbCertUnlockCredential));
328     memcpy(&unlock_credential_, tmp.data(), tmp.size());
329   }
330 };
331 
TEST_F(AvbCertValidateTest,Success)332 TEST_F(AvbCertValidateTest, Success) {
333   bool is_trusted = false;
334   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
335   EXPECT_TRUE(is_trusted);
336 
337   // Check that the key versions were reported correctly.
338   EXPECT_EQ(
339       ops_.get_verified_rollback_indexes()[AVB_CERT_PIK_VERSION_LOCATION],
340       metadata_.product_intermediate_key_certificate.signed_data.key_version);
341   EXPECT_EQ(ops_.get_verified_rollback_indexes()[AVB_CERT_PSK_VERSION_LOCATION],
342             metadata_.product_signing_key_certificate.signed_data.key_version);
343   EXPECT_EQ(2UL, ops_.get_verified_rollback_indexes().size());
344 }
345 
TEST_F(AvbCertValidateTest,SuccessAfterNewSign)346 TEST_F(AvbCertValidateTest, SuccessAfterNewSign) {
347   std::string old_pik_sig(
348       reinterpret_cast<char*>(
349           metadata_.product_intermediate_key_certificate.signature),
350       AVB_RSA4096_NUM_BYTES);
351   std::string old_psk_sig(
352       reinterpret_cast<char*>(
353           metadata_.product_signing_key_certificate.signature),
354       AVB_RSA4096_NUM_BYTES);
355   SignPIKCertificate();
356   SignPSKCertificate();
357   std::string new_pik_sig(
358       reinterpret_cast<char*>(
359           metadata_.product_intermediate_key_certificate.signature),
360       AVB_RSA4096_NUM_BYTES);
361   std::string new_psk_sig(
362       reinterpret_cast<char*>(
363           metadata_.product_signing_key_certificate.signature),
364       AVB_RSA4096_NUM_BYTES);
365   EXPECT_EQ(old_pik_sig, new_pik_sig);
366   EXPECT_EQ(old_psk_sig, new_psk_sig);
367   bool is_trusted = false;
368   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
369   EXPECT_TRUE(is_trusted);
370 }
371 
TEST_F(AvbCertValidateTest,FailReadPermamentAttributes)372 TEST_F(AvbCertValidateTest, FailReadPermamentAttributes) {
373   fail_read_permanent_attributes_ = true;
374   bool is_trusted = true;
375   EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
376   EXPECT_FALSE(is_trusted);
377 }
378 
TEST_F(AvbCertValidateTest,FailReadPermamentAttributesHash)379 TEST_F(AvbCertValidateTest, FailReadPermamentAttributesHash) {
380   fail_read_permanent_attributes_hash_ = true;
381   bool is_trusted = true;
382   EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
383   EXPECT_FALSE(is_trusted);
384 }
385 
TEST_F(AvbCertValidateTest,UnsupportedPermanentAttributesVersion)386 TEST_F(AvbCertValidateTest, UnsupportedPermanentAttributesVersion) {
387   attributes_.version = 25;
388   ops_.set_permanent_attributes(attributes_);
389   bool is_trusted = true;
390   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
391   EXPECT_FALSE(is_trusted);
392 }
393 
TEST_F(AvbCertValidateTest,PermanentAttributesHashMismatch)394 TEST_F(AvbCertValidateTest, PermanentAttributesHashMismatch) {
395   ops_.set_permanent_attributes_hash("bad_hash");
396   bool is_trusted = true;
397   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
398   EXPECT_FALSE(is_trusted);
399 }
400 
401 // A fixture with parameterized metadata length.
402 class AvbCertValidateTestWithMetadataLength
403     : public AvbCertValidateTest,
404       public ::testing::WithParamInterface<size_t> {
405  protected:
Validate(bool * is_trusted)406   AvbIOResult Validate(bool* is_trusted) override {
407     return avb_cert_validate_vbmeta_public_key(
408         ops_.avb_ops(),
409         metadata_.product_signing_key_certificate.signed_data.public_key,
410         AVB_CERT_PUBLIC_KEY_SIZE,
411         reinterpret_cast<const uint8_t*>(&metadata_),
412         GetParam(),
413         is_trusted);
414   }
415 };
416 
TEST_P(AvbCertValidateTestWithMetadataLength,InvalidMetadataLength)417 TEST_P(AvbCertValidateTestWithMetadataLength, InvalidMetadataLength) {
418   bool is_trusted = true;
419   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
420   EXPECT_FALSE(is_trusted);
421 }
422 
423 // Test a bunch of invalid metadata length values.
424 INSTANTIATE_TEST_CASE_P(P,
425                         AvbCertValidateTestWithMetadataLength,
426                         ::testing::Values(0,
427                                           1,
428                                           sizeof(AvbCertPublicKeyMetadata) - 1,
429                                           sizeof(AvbCertPublicKeyMetadata) + 1,
430                                           -1));
431 
TEST_F(AvbCertValidateTest,UnsupportedMetadataVersion)432 TEST_F(AvbCertValidateTest, UnsupportedMetadataVersion) {
433   metadata_.version = 25;
434   bool is_trusted = true;
435   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
436   EXPECT_FALSE(is_trusted);
437 }
438 
TEST_F(AvbCertValidateTest,FailReadPIKRollbackIndex)439 TEST_F(AvbCertValidateTest, FailReadPIKRollbackIndex) {
440   fail_read_pik_rollback_index_ = true;
441   bool is_trusted = true;
442   EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
443   EXPECT_FALSE(is_trusted);
444 }
445 
TEST_F(AvbCertValidateTest,UnsupportedPIKCertificateVersion)446 TEST_F(AvbCertValidateTest, UnsupportedPIKCertificateVersion) {
447   metadata_.product_intermediate_key_certificate.signed_data.version = 25;
448   SignPIKCertificate();
449   bool is_trusted = true;
450   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
451   EXPECT_FALSE(is_trusted);
452 }
453 
TEST_F(AvbCertValidateTest,BadPIKCert_ModifiedSubjectPublicKey)454 TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedSubjectPublicKey) {
455   metadata_.product_intermediate_key_certificate.signed_data.public_key[0] ^= 1;
456   bool is_trusted = true;
457   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
458   EXPECT_FALSE(is_trusted);
459 }
460 
TEST_F(AvbCertValidateTest,BadPIKCert_ModifiedSubject)461 TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedSubject) {
462   metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1;
463   bool is_trusted = true;
464   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
465   EXPECT_FALSE(is_trusted);
466 }
467 
TEST_F(AvbCertValidateTest,BadPIKCert_ModifiedUsage)468 TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedUsage) {
469   metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1;
470   bool is_trusted = true;
471   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
472   EXPECT_FALSE(is_trusted);
473 }
474 
TEST_F(AvbCertValidateTest,BadPIKCert_ModifiedKeyVersion)475 TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedKeyVersion) {
476   metadata_.product_intermediate_key_certificate.signed_data.key_version ^= 1;
477   bool is_trusted = true;
478   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
479   EXPECT_FALSE(is_trusted);
480 }
481 
TEST_F(AvbCertValidateTest,BadPIKCert_BadSignature)482 TEST_F(AvbCertValidateTest, BadPIKCert_BadSignature) {
483   metadata_.product_intermediate_key_certificate.signature[0] ^= 1;
484   bool is_trusted = true;
485   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
486   EXPECT_FALSE(is_trusted);
487 }
488 
TEST_F(AvbCertValidateTest,PIKCertSubjectIgnored)489 TEST_F(AvbCertValidateTest, PIKCertSubjectIgnored) {
490   metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1;
491   SignPIKCertificate();
492   bool is_trusted = false;
493   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
494   EXPECT_TRUE(is_trusted);
495 }
496 
TEST_F(AvbCertValidateTest,PIKCertUnexpectedUsage)497 TEST_F(AvbCertValidateTest, PIKCertUnexpectedUsage) {
498   metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1;
499   SignPIKCertificate();
500   bool is_trusted = true;
501   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
502   EXPECT_FALSE(is_trusted);
503 }
504 
TEST_F(AvbCertValidateTest,PIKRollback)505 TEST_F(AvbCertValidateTest, PIKRollback) {
506   ops_.set_stored_rollback_indexes(
507       {{AVB_CERT_PIK_VERSION_LOCATION,
508         metadata_.product_intermediate_key_certificate.signed_data.key_version +
509             1},
510        {AVB_CERT_PSK_VERSION_LOCATION, 0}});
511   bool is_trusted = true;
512   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
513   EXPECT_FALSE(is_trusted);
514 }
515 
TEST_F(AvbCertValidateTest,FailReadPSKRollbackIndex)516 TEST_F(AvbCertValidateTest, FailReadPSKRollbackIndex) {
517   fail_read_psk_rollback_index_ = true;
518   bool is_trusted = true;
519   EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
520   EXPECT_FALSE(is_trusted);
521 }
522 
TEST_F(AvbCertValidateTest,UnsupportedPSKCertificateVersion)523 TEST_F(AvbCertValidateTest, UnsupportedPSKCertificateVersion) {
524   metadata_.product_signing_key_certificate.signed_data.version = 25;
525   SignPSKCertificate();
526   bool is_trusted = true;
527   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
528   EXPECT_FALSE(is_trusted);
529 }
530 
TEST_F(AvbCertValidateTest,BadPSKCert_ModifiedSubjectPublicKey)531 TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedSubjectPublicKey) {
532   metadata_.product_signing_key_certificate.signed_data.public_key[0] ^= 1;
533   bool is_trusted = true;
534   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
535   EXPECT_FALSE(is_trusted);
536 }
537 
TEST_F(AvbCertValidateTest,BadPSKCert_ModifiedSubject)538 TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedSubject) {
539   metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1;
540   bool is_trusted = true;
541   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
542   EXPECT_FALSE(is_trusted);
543 }
544 
TEST_F(AvbCertValidateTest,BadPSKCert_ModifiedUsage)545 TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedUsage) {
546   metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1;
547   bool is_trusted = true;
548   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
549   EXPECT_FALSE(is_trusted);
550 }
551 
TEST_F(AvbCertValidateTest,BadPSKCert_ModifiedKeyVersion)552 TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedKeyVersion) {
553   metadata_.product_signing_key_certificate.signed_data.key_version ^= 1;
554   bool is_trusted = true;
555   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
556   EXPECT_FALSE(is_trusted);
557 }
558 
TEST_F(AvbCertValidateTest,BadPSKCert_BadSignature)559 TEST_F(AvbCertValidateTest, BadPSKCert_BadSignature) {
560   metadata_.product_signing_key_certificate.signature[0] ^= 1;
561   bool is_trusted = true;
562   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
563   EXPECT_FALSE(is_trusted);
564 }
565 
TEST_F(AvbCertValidateTest,PSKCertUnexpectedSubject)566 TEST_F(AvbCertValidateTest, PSKCertUnexpectedSubject) {
567   metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1;
568   SignPSKCertificate();
569   bool is_trusted = true;
570   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
571   EXPECT_FALSE(is_trusted);
572 }
573 
TEST_F(AvbCertValidateTest,PSKCertUnexpectedUsage)574 TEST_F(AvbCertValidateTest, PSKCertUnexpectedUsage) {
575   metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1;
576   SignPSKCertificate();
577   bool is_trusted = true;
578   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
579   EXPECT_FALSE(is_trusted);
580 }
581 
TEST_F(AvbCertValidateTest,PSKRollback)582 TEST_F(AvbCertValidateTest, PSKRollback) {
583   ops_.set_stored_rollback_indexes(
584       {{AVB_CERT_PIK_VERSION_LOCATION, 0},
585        {AVB_CERT_PSK_VERSION_LOCATION,
586         metadata_.product_signing_key_certificate.signed_data.key_version +
587             1}});
588   bool is_trusted = true;
589   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
590   EXPECT_FALSE(is_trusted);
591 }
592 
593 // A fixture with parameterized public key length.
594 class AvbCertValidateTestWithPublicKeyLength
595     : public AvbCertValidateTest,
596       public ::testing::WithParamInterface<size_t> {
597  protected:
Validate(bool * is_trusted)598   AvbIOResult Validate(bool* is_trusted) override {
599     return avb_cert_validate_vbmeta_public_key(
600         ops_.avb_ops(),
601         metadata_.product_signing_key_certificate.signed_data.public_key,
602         GetParam(),
603         reinterpret_cast<const uint8_t*>(&metadata_),
604         sizeof(metadata_),
605         is_trusted);
606   }
607 };
608 
TEST_P(AvbCertValidateTestWithPublicKeyLength,InvalidPublicKeyLength)609 TEST_P(AvbCertValidateTestWithPublicKeyLength, InvalidPublicKeyLength) {
610   bool is_trusted = true;
611   EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
612   EXPECT_FALSE(is_trusted);
613 }
614 
615 // Test a bunch of invalid public key length values.
616 INSTANTIATE_TEST_CASE_P(P,
617                         AvbCertValidateTestWithPublicKeyLength,
618                         ::testing::Values(0,
619                                           1,
620                                           AVB_CERT_PUBLIC_KEY_SIZE - 1,
621                                           AVB_CERT_PUBLIC_KEY_SIZE + 1,
622                                           AVB_CERT_PUBLIC_KEY_SIZE - 512,
623                                           -1));
624 
TEST_F(AvbCertValidateTest,PSKMismatch)625 TEST_F(AvbCertValidateTest, PSKMismatch) {
626   uint8_t bad_key[AVB_CERT_PUBLIC_KEY_SIZE] = {};
627   bool is_trusted = true;
628   EXPECT_EQ(AVB_IO_RESULT_OK,
629             avb_cert_validate_vbmeta_public_key(
630                 ops_.avb_ops(),
631                 bad_key,
632                 AVB_CERT_PUBLIC_KEY_SIZE,
633                 reinterpret_cast<const uint8_t*>(&metadata_),
634                 sizeof(metadata_),
635                 &is_trusted));
636   EXPECT_FALSE(is_trusted);
637 }
638 
TEST_F(AvbCertValidateTest,GenerateUnlockChallenge)639 TEST_F(AvbCertValidateTest, GenerateUnlockChallenge) {
640   fake_random_ = std::string(AVB_CERT_UNLOCK_CHALLENGE_SIZE, 'C');
641   AvbCertUnlockChallenge challenge;
642   EXPECT_EQ(
643       AVB_IO_RESULT_OK,
644       avb_cert_generate_unlock_challenge(ops_.avb_cert_ops(), &challenge));
645   EXPECT_EQ(1UL, challenge.version);
646   EXPECT_EQ(0,
647             memcmp(fake_random_.data(),
648                    challenge.challenge,
649                    AVB_CERT_UNLOCK_CHALLENGE_SIZE));
650   uint8_t expected_pid_hash[AVB_SHA256_DIGEST_SIZE];
651   SHA256(attributes_.product_id, AVB_CERT_PRODUCT_ID_SIZE, expected_pid_hash);
652   EXPECT_EQ(0,
653             memcmp(expected_pid_hash,
654                    challenge.product_id_hash,
655                    AVB_SHA256_DIGEST_SIZE));
656 }
657 
TEST_F(AvbCertValidateTest,GenerateUnlockChallenge_NoAttributes)658 TEST_F(AvbCertValidateTest, GenerateUnlockChallenge_NoAttributes) {
659   fail_read_permanent_attributes_ = true;
660   AvbCertUnlockChallenge challenge;
661   EXPECT_NE(
662       AVB_IO_RESULT_OK,
663       avb_cert_generate_unlock_challenge(ops_.avb_cert_ops(), &challenge));
664 }
665 
TEST_F(AvbCertValidateTest,GenerateUnlockChallenge_NoRNG)666 TEST_F(AvbCertValidateTest, GenerateUnlockChallenge_NoRNG) {
667   fail_get_random_ = true;
668   AvbCertUnlockChallenge challenge;
669   EXPECT_NE(
670       AVB_IO_RESULT_OK,
671       avb_cert_generate_unlock_challenge(ops_.avb_cert_ops(), &challenge));
672 }
673 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential)674 TEST_F(AvbCertValidateTest, ValidateUnlockCredential) {
675   ASSERT_TRUE(PrepareUnlockCredential());
676   bool is_trusted = true;
677   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
678   EXPECT_TRUE(is_trusted);
679 }
680 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_UnsupportedVersion)681 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_UnsupportedVersion) {
682   ASSERT_TRUE(PrepareUnlockCredential());
683   unlock_credential_.version++;
684   bool is_trusted = true;
685   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
686   EXPECT_FALSE(is_trusted);
687 }
688 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_NoAttributes)689 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_NoAttributes) {
690   PrepareUnlockCredential();
691   fail_read_permanent_attributes_ = true;
692   bool is_trusted = true;
693   EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
694   EXPECT_FALSE(is_trusted);
695 }
696 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_NoAttributesHash)697 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_NoAttributesHash) {
698   PrepareUnlockCredential();
699   fail_read_permanent_attributes_hash_ = true;
700   bool is_trusted = true;
701   EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
702   EXPECT_FALSE(is_trusted);
703 }
704 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_UnsupportedAttributesVersion)705 TEST_F(AvbCertValidateTest,
706        ValidateUnlockCredential_UnsupportedAttributesVersion) {
707   ASSERT_TRUE(PrepareUnlockCredential());
708   attributes_.version = 25;
709   ops_.set_permanent_attributes(attributes_);
710   bool is_trusted = true;
711   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
712   EXPECT_FALSE(is_trusted);
713 }
714 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_AttributesHashMismatch)715 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_AttributesHashMismatch) {
716   ASSERT_TRUE(PrepareUnlockCredential());
717   ops_.set_permanent_attributes_hash("bad_hash");
718   bool is_trusted = true;
719   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
720   EXPECT_FALSE(is_trusted);
721 }
722 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_FailReadPIKRollbackIndex)723 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_FailReadPIKRollbackIndex) {
724   ASSERT_TRUE(PrepareUnlockCredential());
725   fail_read_pik_rollback_index_ = true;
726   bool is_trusted = true;
727   EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
728   EXPECT_FALSE(is_trusted);
729 }
730 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_UnsupportedPIKCertificateVersion)731 TEST_F(AvbCertValidateTest,
732        ValidateUnlockCredential_UnsupportedPIKCertificateVersion) {
733   ASSERT_TRUE(PrepareUnlockCredential());
734   unlock_credential_.product_intermediate_key_certificate.signed_data.version =
735       25;
736   SignUnlockCredentialPIKCertificate();
737   bool is_trusted = true;
738   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
739   EXPECT_FALSE(is_trusted);
740 }
741 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedSubjectPublicKey)742 TEST_F(AvbCertValidateTest,
743        ValidateUnlockCredential_BadPIKCert_ModifiedSubjectPublicKey) {
744   ASSERT_TRUE(PrepareUnlockCredential());
745   unlock_credential_.product_intermediate_key_certificate.signed_data
746       .public_key[0] ^= 1;
747   bool is_trusted = true;
748   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
749   EXPECT_FALSE(is_trusted);
750 }
751 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedSubject)752 TEST_F(AvbCertValidateTest,
753        ValidateUnlockCredential_BadPIKCert_ModifiedSubject) {
754   ASSERT_TRUE(PrepareUnlockCredential());
755   unlock_credential_.product_intermediate_key_certificate.signed_data
756       .subject[0] ^= 1;
757   bool is_trusted = true;
758   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
759   EXPECT_FALSE(is_trusted);
760 }
761 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedUsage)762 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPIKCert_ModifiedUsage) {
763   ASSERT_TRUE(PrepareUnlockCredential());
764   unlock_credential_.product_intermediate_key_certificate.signed_data
765       .usage[0] ^= 1;
766   bool is_trusted = true;
767   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
768   EXPECT_FALSE(is_trusted);
769 }
770 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedKeyVersion)771 TEST_F(AvbCertValidateTest,
772        ValidateUnlockCredential_BadPIKCert_ModifiedKeyVersion) {
773   ASSERT_TRUE(PrepareUnlockCredential());
774   unlock_credential_.product_intermediate_key_certificate.signed_data
775       .key_version ^= 1;
776   bool is_trusted = true;
777   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
778   EXPECT_FALSE(is_trusted);
779 }
780 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPIKCert_BadSignature)781 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPIKCert_BadSignature) {
782   ASSERT_TRUE(PrepareUnlockCredential());
783   unlock_credential_.product_intermediate_key_certificate.signature[0] ^= 1;
784   bool is_trusted = true;
785   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
786   EXPECT_FALSE(is_trusted);
787 }
788 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PIKCertSubjectIgnored)789 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PIKCertSubjectIgnored) {
790   ASSERT_TRUE(PrepareUnlockCredential());
791   unlock_credential_.product_intermediate_key_certificate.signed_data
792       .subject[0] ^= 1;
793   SignUnlockCredentialPIKCertificate();
794   bool is_trusted = false;
795   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
796   EXPECT_TRUE(is_trusted);
797 }
798 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PIKCertUnexpectedUsage)799 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PIKCertUnexpectedUsage) {
800   ASSERT_TRUE(PrepareUnlockCredential());
801   unlock_credential_.product_intermediate_key_certificate.signed_data
802       .usage[0] ^= 1;
803   SignUnlockCredentialPIKCertificate();
804   bool is_trusted = true;
805   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
806   EXPECT_FALSE(is_trusted);
807 }
808 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PIKRollback)809 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PIKRollback) {
810   ASSERT_TRUE(PrepareUnlockCredential());
811   ops_.set_stored_rollback_indexes(
812       {{AVB_CERT_PIK_VERSION_LOCATION,
813         unlock_credential_.product_intermediate_key_certificate.signed_data
814                 .key_version +
815             1},
816        {AVB_CERT_PSK_VERSION_LOCATION, 0}});
817   bool is_trusted = true;
818   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
819   EXPECT_FALSE(is_trusted);
820 }
821 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_FailReadPSKRollbackIndex)822 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_FailReadPSKRollbackIndex) {
823   ASSERT_TRUE(PrepareUnlockCredential());
824   fail_read_psk_rollback_index_ = true;
825   bool is_trusted = true;
826   EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
827   EXPECT_FALSE(is_trusted);
828 }
829 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_UnsupportedPUKCertificateVersion)830 TEST_F(AvbCertValidateTest,
831        ValidateUnlockCredential_UnsupportedPUKCertificateVersion) {
832   ASSERT_TRUE(PrepareUnlockCredential());
833   unlock_credential_.product_unlock_key_certificate.signed_data.version = 25;
834   SignUnlockCredentialPUKCertificate();
835   bool is_trusted = true;
836   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
837   EXPECT_FALSE(is_trusted);
838 }
839 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedSubjectPublicKey)840 TEST_F(AvbCertValidateTest,
841        ValidateUnlockCredential_BadPUKCert_ModifiedSubjectPublicKey) {
842   ASSERT_TRUE(PrepareUnlockCredential());
843   unlock_credential_.product_unlock_key_certificate.signed_data.public_key[0] ^=
844       1;
845   bool is_trusted = true;
846   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
847   EXPECT_FALSE(is_trusted);
848 }
849 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedSubject)850 TEST_F(AvbCertValidateTest,
851        ValidateUnlockCredential_BadPUKCert_ModifiedSubject) {
852   ASSERT_TRUE(PrepareUnlockCredential());
853   unlock_credential_.product_unlock_key_certificate.signed_data.subject[0] ^= 1;
854   bool is_trusted = true;
855   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
856   EXPECT_FALSE(is_trusted);
857 }
858 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedUsage)859 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPUKCert_ModifiedUsage) {
860   ASSERT_TRUE(PrepareUnlockCredential());
861   unlock_credential_.product_unlock_key_certificate.signed_data.usage[0] ^= 1;
862   bool is_trusted = true;
863   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
864   EXPECT_FALSE(is_trusted);
865 }
866 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedKeyVersion)867 TEST_F(AvbCertValidateTest,
868        ValidateUnlockCredential_BadPUKCert_ModifiedKeyVersion) {
869   ASSERT_TRUE(PrepareUnlockCredential());
870   unlock_credential_.product_unlock_key_certificate.signed_data.key_version ^=
871       1;
872   bool is_trusted = true;
873   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
874   EXPECT_FALSE(is_trusted);
875 }
876 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPUKCert_BadSignature)877 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPUKCert_BadSignature) {
878   ASSERT_TRUE(PrepareUnlockCredential());
879   unlock_credential_.product_unlock_key_certificate.signature[0] ^= 1;
880   bool is_trusted = true;
881   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
882   EXPECT_FALSE(is_trusted);
883 }
884 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PUKCertUnexpectedSubject)885 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PUKCertUnexpectedSubject) {
886   ASSERT_TRUE(PrepareUnlockCredential());
887   unlock_credential_.product_unlock_key_certificate.signed_data.subject[0] ^= 1;
888   SignUnlockCredentialPUKCertificate();
889   bool is_trusted = true;
890   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
891   EXPECT_FALSE(is_trusted);
892 }
893 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PUKCertUnexpectedUsage)894 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PUKCertUnexpectedUsage) {
895   ASSERT_TRUE(PrepareUnlockCredential());
896   unlock_credential_.product_unlock_key_certificate.signed_data.usage[0] ^= 1;
897   SignUnlockCredentialPUKCertificate();
898   bool is_trusted = true;
899   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
900   EXPECT_FALSE(is_trusted);
901 }
902 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PUKRollback)903 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PUKRollback) {
904   ASSERT_TRUE(PrepareUnlockCredential());
905   ops_.set_stored_rollback_indexes(
906       {{AVB_CERT_PIK_VERSION_LOCATION, 0},
907        {AVB_CERT_PSK_VERSION_LOCATION,
908         unlock_credential_.product_unlock_key_certificate.signed_data
909                 .key_version +
910             1}});
911   bool is_trusted = true;
912   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
913   EXPECT_FALSE(is_trusted);
914 }
915 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadChallengeSignature)916 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadChallengeSignature) {
917   ASSERT_TRUE(PrepareUnlockCredential());
918   unlock_credential_.challenge_signature[10] ^= 1;
919   bool is_trusted = true;
920   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
921   EXPECT_FALSE(is_trusted);
922 }
923 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_ChallengeMismatch)924 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_ChallengeMismatch) {
925   ASSERT_TRUE(PrepareUnlockCredential());
926   unlock_challenge_ = "bad";
927   SignUnlockCredentialChallenge(kPUKPrivateKeyPath);
928   bool is_trusted = true;
929   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
930   EXPECT_FALSE(is_trusted);
931 }
932 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_UnlockWithPSK)933 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_UnlockWithPSK) {
934   ASSERT_TRUE(PrepareUnlockCredential());
935   // Copy the PSK cert as the PUK cert.
936   memcpy(&unlock_credential_.product_unlock_key_certificate,
937          &metadata_.product_signing_key_certificate,
938          sizeof(AvbCertCertificate));
939   // Sign the challenge with the PSK instead of the PUK.
940   SignUnlockCredentialChallenge(kPSKPrivateKeyPath);
941   bool is_trusted = true;
942   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
943   EXPECT_FALSE(is_trusted);
944 }
945 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_ReplayChallenge)946 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_ReplayChallenge) {
947   ASSERT_TRUE(PrepareUnlockCredential());
948   bool is_trusted = true;
949   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
950   EXPECT_TRUE(is_trusted);
951   // A second attempt with the same challenge should fail.
952   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
953   EXPECT_FALSE(is_trusted);
954 }
955 
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_MultipleUnlock)956 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_MultipleUnlock) {
957   ASSERT_TRUE(PrepareUnlockCredential());
958   bool is_trusted = true;
959   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
960   EXPECT_TRUE(is_trusted);
961   // A second attempt with a newly staged challenge should succeed.
962   ASSERT_TRUE(PrepareUnlockCredential());
963   EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
964   EXPECT_TRUE(is_trusted);
965 }
966 
967 // A fixture for testing avb_slot_verify() with libavb_cert.
968 class AvbCertSlotVerifyTest : public BaseAvbToolTest,
969                               public FakeAvbOpsDelegateWithDefaults {
970  public:
971   ~AvbCertSlotVerifyTest() override = default;
972 
SetUp()973   void SetUp() override {
974     BaseAvbToolTest::SetUp();
975     ReadCertDefaultData();
976     ops_.set_partition_dir(testdir_);
977     ops_.set_delegate(this);
978     ops_.set_permanent_attributes(attributes_);
979     ops_.set_stored_rollback_indexes({{0, 0},
980                                       {1, 0},
981                                       {2, 0},
982                                       {3, 0},
983                                       {AVB_CERT_PIK_VERSION_LOCATION, 0},
984                                       {AVB_CERT_PSK_VERSION_LOCATION, 0}});
985     ops_.set_stored_is_device_unlocked(false);
986   }
987 
988   // FakeAvbOpsDelegate override.
validate_vbmeta_public_key(AvbOps * ops,const uint8_t * public_key_data,size_t public_key_length,const uint8_t * public_key_metadata,size_t public_key_metadata_length,bool * out_key_is_trusted)989   AvbIOResult validate_vbmeta_public_key(AvbOps* ops,
990                                          const uint8_t* public_key_data,
991                                          size_t public_key_length,
992                                          const uint8_t* public_key_metadata,
993                                          size_t public_key_metadata_length,
994                                          bool* out_key_is_trusted) override {
995     // Send to libavb_cert implementation.
996     ++num_cert_calls_;
997     return avb_cert_validate_vbmeta_public_key(ops_.avb_ops(),
998                                                public_key_data,
999                                                public_key_length,
1000                                                public_key_metadata,
1001                                                public_key_metadata_length,
1002                                                out_key_is_trusted);
1003   }
1004 
1005  protected:
1006   AvbCertPermanentAttributes attributes_;
1007   int num_cert_calls_ = 0;
1008 
1009  private:
ReadCertDefaultData()1010   void ReadCertDefaultData() {
1011     std::string tmp;
1012     ASSERT_TRUE(
1013         base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp));
1014     ASSERT_EQ(tmp.size(), sizeof(AvbCertPermanentAttributes));
1015     memcpy(&attributes_, tmp.data(), tmp.size());
1016   }
1017 };
1018 
TEST_F(AvbCertSlotVerifyTest,SlotVerifyWithCert)1019 TEST_F(AvbCertSlotVerifyTest, SlotVerifyWithCert) {
1020   std::string metadata_option = "--public_key_metadata=";
1021   metadata_option += kMetadataPath;
1022   GenerateVBMetaImage("vbmeta_a.img",
1023                       "SHA512_RSA4096",
1024                       0,
1025                       "test/data/testkey_cert_psk.pem",
1026                       metadata_option);
1027 
1028   ops_.set_expected_public_key(PublicKeyAVB("test/data/testkey_cert_psk.pem"));
1029 
1030   AvbSlotVerifyData* slot_data = NULL;
1031   const char* requested_partitions[] = {"boot", NULL};
1032   EXPECT_EQ(AVB_SLOT_VERIFY_RESULT_OK,
1033             avb_slot_verify(ops_.avb_ops(),
1034                             requested_partitions,
1035                             "_a",
1036                             AVB_SLOT_VERIFY_FLAGS_NONE,
1037                             AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE,
1038                             &slot_data));
1039   EXPECT_NE(nullptr, slot_data);
1040   avb_slot_verify_data_free(slot_data);
1041   EXPECT_EQ(1, num_cert_calls_);
1042 }
1043 
1044 }  // namespace avb
1045