1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use, copy,
8 * modify, merge, publish, distribute, sublicense, and/or sell copies
9 * of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <base/files/file_util.h>
26 #include <gtest/gtest.h>
27 #include <libavb_cert/libavb_cert.h>
28 #include <openssl/objects.h>
29 #include <openssl/pem.h>
30 #include <openssl/rsa.h>
31 #include <openssl/sha.h>
32 #include <stdio.h>
33 #include <string.h>
34
35 #include "avb_unittest_util.h"
36 #include "fake_avb_ops.h"
37
38 namespace {
39
40 const char kMetadataPath[] = "test/data/cert_metadata.bin";
41 const char kPermanentAttributesPath[] =
42 "test/data/cert_permanent_attributes.bin";
43 const char kPRKPrivateKeyPath[] = "test/data/testkey_cert_prk.pem";
44 const char kPIKPrivateKeyPath[] = "test/data/testkey_cert_pik.pem";
45 const char kPSKPrivateKeyPath[] = "test/data/testkey_cert_psk.pem";
46 const char kPUKPrivateKeyPath[] = "test/data/testkey_cert_puk.pem";
47 const char kUnlockChallengePath[] = "test/data/cert_unlock_challenge.bin";
48 const char kUnlockCredentialPath[] = "test/data/cert_unlock_credential.bin";
49
50 class ScopedRSA {
51 public:
ScopedRSA(const char * pem_key_path)52 ScopedRSA(const char* pem_key_path) {
53 FILE* file = fopen(pem_key_path, "r");
54 rsa_ = PEM_read_RSAPrivateKey(file, nullptr, nullptr, nullptr);
55 fclose(file);
56 }
57
~ScopedRSA()58 ~ScopedRSA() {
59 if (rsa_) {
60 RSA_free(rsa_);
61 }
62 }
63
64 // PKCS #1 v1.5 signature using SHA512. Returns true on success.
Sign(const void * data_to_sign,size_t length,uint8_t signature[])65 bool Sign(const void* data_to_sign, size_t length, uint8_t signature[]) {
66 uint8_t digest[AVB_SHA512_DIGEST_SIZE];
67 const unsigned char* data_to_sign_buf =
68 reinterpret_cast<const unsigned char*>(data_to_sign);
69 SHA512(data_to_sign_buf, length, digest);
70 unsigned int signature_length = 0;
71 return (1 == RSA_sign(NID_sha512,
72 digest,
73 AVB_SHA512_DIGEST_SIZE,
74 signature,
75 &signature_length,
76 rsa_));
77 }
78
79 private:
80 RSA* rsa_;
81 };
82
83 } /* namespace */
84
85 namespace avb {
86
87 class AvbCertValidateTest : public ::testing::Test,
88 public FakeAvbOpsDelegateWithDefaults {
89 public:
~AvbCertValidateTest()90 ~AvbCertValidateTest() override {}
91
SetUp()92 void SetUp() override {
93 ReadDefaultData();
94 ops_.set_delegate(this);
95 ops_.set_permanent_attributes(attributes_);
96 ops_.set_stored_rollback_indexes({{AVB_CERT_PIK_VERSION_LOCATION, 0},
97 {AVB_CERT_PSK_VERSION_LOCATION, 0}});
98 }
99
100 // FakeAvbOpsDelegate methods.
read_from_partition(const char * partition,int64_t offset,size_t num_bytes,void * buffer,size_t * out_num_read)101 AvbIOResult read_from_partition(const char* partition,
102 int64_t offset,
103 size_t num_bytes,
104 void* buffer,
105 size_t* out_num_read) override {
106 // Expect method not used.
107 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
108 }
109
get_preloaded_partition(const char * partition,size_t num_bytes,uint8_t ** out_pointer,size_t * out_num_bytes_preloaded)110 AvbIOResult get_preloaded_partition(
111 const char* partition,
112 size_t num_bytes,
113 uint8_t** out_pointer,
114 size_t* out_num_bytes_preloaded) override {
115 // Expect method not used.
116 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
117 }
118
write_to_partition(const char * partition,int64_t offset,size_t num_bytes,const void * buffer)119 AvbIOResult write_to_partition(const char* partition,
120 int64_t offset,
121 size_t num_bytes,
122 const void* buffer) override {
123 // Expect method not used.
124 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
125 }
126
validate_vbmeta_public_key(AvbOps * ops,const uint8_t * public_key_data,size_t public_key_length,const uint8_t * public_key_metadata,size_t public_key_metadata_length,bool * out_key_is_trusted)127 AvbIOResult validate_vbmeta_public_key(AvbOps* ops,
128 const uint8_t* public_key_data,
129 size_t public_key_length,
130 const uint8_t* public_key_metadata,
131 size_t public_key_metadata_length,
132 bool* out_key_is_trusted) override {
133 // Expect method not used.
134 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
135 }
136
read_rollback_index(AvbOps * ops,size_t rollback_index_slot,uint64_t * out_rollback_index)137 AvbIOResult read_rollback_index(AvbOps* ops,
138 size_t rollback_index_slot,
139 uint64_t* out_rollback_index) override {
140 if ((fail_read_pik_rollback_index_ &&
141 rollback_index_slot == AVB_CERT_PIK_VERSION_LOCATION) ||
142 (fail_read_psk_rollback_index_ &&
143 rollback_index_slot == AVB_CERT_PSK_VERSION_LOCATION)) {
144 return AVB_IO_RESULT_ERROR_IO;
145 }
146 return ops_.read_rollback_index(
147 ops, rollback_index_slot, out_rollback_index);
148 }
149
write_rollback_index(AvbOps * ops,size_t rollback_index_slot,uint64_t rollback_index)150 AvbIOResult write_rollback_index(AvbOps* ops,
151 size_t rollback_index_slot,
152 uint64_t rollback_index) override {
153 // Expect method not used.
154 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
155 }
156
read_is_device_unlocked(AvbOps * ops,bool * out_is_device_unlocked)157 AvbIOResult read_is_device_unlocked(AvbOps* ops,
158 bool* out_is_device_unlocked) override {
159 // Expect method not used.
160 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
161 }
162
get_unique_guid_for_partition(AvbOps * ops,const char * partition,char * guid_buf,size_t guid_buf_size)163 AvbIOResult get_unique_guid_for_partition(AvbOps* ops,
164 const char* partition,
165 char* guid_buf,
166 size_t guid_buf_size) override {
167 // Expect method not used.
168 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
169 }
170
get_size_of_partition(AvbOps * ops,const char * partition,uint64_t * out_size)171 AvbIOResult get_size_of_partition(AvbOps* ops,
172 const char* partition,
173 uint64_t* out_size) override {
174 // Expect method not used.
175 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
176 }
177
read_persistent_value(const char * name,size_t buffer_size,uint8_t * out_buffer,size_t * out_num_bytes_read)178 AvbIOResult read_persistent_value(const char* name,
179 size_t buffer_size,
180 uint8_t* out_buffer,
181 size_t* out_num_bytes_read) override {
182 // Expect method not used.
183 return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
184 }
185
write_persistent_value(const char * name,size_t value_size,const uint8_t * value)186 AvbIOResult write_persistent_value(const char* name,
187 size_t value_size,
188 const uint8_t* value) override {
189 // Expect method not used.
190 return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
191 }
192
read_permanent_attributes(AvbCertPermanentAttributes * attributes)193 AvbIOResult read_permanent_attributes(
194 AvbCertPermanentAttributes* attributes) override {
195 if (fail_read_permanent_attributes_) {
196 return AVB_IO_RESULT_ERROR_IO;
197 }
198 return ops_.read_permanent_attributes(attributes);
199 }
200
read_permanent_attributes_hash(uint8_t hash[AVB_SHA256_DIGEST_SIZE])201 AvbIOResult read_permanent_attributes_hash(
202 uint8_t hash[AVB_SHA256_DIGEST_SIZE]) override {
203 if (fail_read_permanent_attributes_hash_) {
204 return AVB_IO_RESULT_ERROR_IO;
205 }
206 return ops_.read_permanent_attributes_hash(hash);
207 }
208
set_key_version(size_t rollback_index_location,uint64_t key_version)209 void set_key_version(size_t rollback_index_location,
210 uint64_t key_version) override {
211 ops_.set_key_version(rollback_index_location, key_version);
212 }
213
get_random(size_t num_bytes,uint8_t * output)214 AvbIOResult get_random(size_t num_bytes, uint8_t* output) override {
215 if (fail_get_random_) {
216 return AVB_IO_RESULT_ERROR_IO;
217 }
218 if (fake_random_.size() >= num_bytes) {
219 memcpy(output, fake_random_.data(), num_bytes);
220 return AVB_IO_RESULT_OK;
221 }
222 return ops_.get_random(num_bytes, output);
223 }
224
225 protected:
Validate(bool * is_trusted)226 virtual AvbIOResult Validate(bool* is_trusted) {
227 return avb_cert_validate_vbmeta_public_key(
228 ops_.avb_ops(),
229 metadata_.product_signing_key_certificate.signed_data.public_key,
230 AVB_CERT_PUBLIC_KEY_SIZE,
231 reinterpret_cast<const uint8_t*>(&metadata_),
232 sizeof(metadata_),
233 is_trusted);
234 }
235
ValidateUnlock(bool * is_trusted)236 AvbIOResult ValidateUnlock(bool* is_trusted) {
237 return avb_cert_validate_unlock_credential(
238 ops_.avb_cert_ops(), &unlock_credential_, is_trusted);
239 }
240
SignPIKCertificate()241 void SignPIKCertificate() {
242 memset(metadata_.product_intermediate_key_certificate.signature,
243 0,
244 AVB_RSA4096_NUM_BYTES);
245 ScopedRSA key(kPRKPrivateKeyPath);
246 ASSERT_TRUE(
247 key.Sign(&metadata_.product_intermediate_key_certificate.signed_data,
248 sizeof(AvbCertCertificateSignedData),
249 metadata_.product_intermediate_key_certificate.signature));
250 }
251
SignPSKCertificate()252 void SignPSKCertificate() {
253 memset(metadata_.product_signing_key_certificate.signature,
254 0,
255 AVB_RSA4096_NUM_BYTES);
256 ScopedRSA key(kPIKPrivateKeyPath);
257 ASSERT_TRUE(key.Sign(&metadata_.product_signing_key_certificate.signed_data,
258 sizeof(AvbCertCertificateSignedData),
259 metadata_.product_signing_key_certificate.signature));
260 }
261
SignUnlockCredentialPIKCertificate()262 void SignUnlockCredentialPIKCertificate() {
263 memset(unlock_credential_.product_intermediate_key_certificate.signature,
264 0,
265 AVB_RSA4096_NUM_BYTES);
266 ScopedRSA key(kPRKPrivateKeyPath);
267 ASSERT_TRUE(key.Sign(
268 &unlock_credential_.product_intermediate_key_certificate.signed_data,
269 sizeof(AvbCertCertificateSignedData),
270 unlock_credential_.product_intermediate_key_certificate.signature));
271 }
272
SignUnlockCredentialPUKCertificate()273 void SignUnlockCredentialPUKCertificate() {
274 memset(unlock_credential_.product_unlock_key_certificate.signature,
275 0,
276 AVB_RSA4096_NUM_BYTES);
277 ScopedRSA key(kPIKPrivateKeyPath);
278 ASSERT_TRUE(
279 key.Sign(&unlock_credential_.product_unlock_key_certificate.signed_data,
280 sizeof(AvbCertCertificateSignedData),
281 unlock_credential_.product_unlock_key_certificate.signature));
282 }
283
SignUnlockCredentialChallenge(const char * key_path)284 void SignUnlockCredentialChallenge(const char* key_path) {
285 memset(unlock_credential_.challenge_signature, 0, AVB_RSA4096_NUM_BYTES);
286 ScopedRSA key(key_path);
287 ASSERT_TRUE(key.Sign(unlock_challenge_.data(),
288 unlock_challenge_.size(),
289 unlock_credential_.challenge_signature));
290 }
291
PrepareUnlockCredential()292 bool PrepareUnlockCredential() {
293 // Stage a challenge to be remembered as the 'most recent challenge'. Then
294 // the next call to unlock with |unlock_credential_| is expected to succeed.
295 fake_random_ = unlock_challenge_;
296 AvbCertUnlockChallenge challenge;
297 return (AVB_IO_RESULT_OK == avb_cert_generate_unlock_challenge(
298 ops_.avb_cert_ops(), &challenge));
299 }
300
301 AvbCertPermanentAttributes attributes_;
302 AvbCertPublicKeyMetadata metadata_;
303 bool fail_read_permanent_attributes_{false};
304 bool fail_read_permanent_attributes_hash_{false};
305 bool fail_read_pik_rollback_index_{false};
306 bool fail_read_psk_rollback_index_{false};
307 bool fail_get_random_{false};
308 std::string fake_random_;
309 AvbCertUnlockCredential unlock_credential_;
310 std::string unlock_challenge_;
311
312 private:
ReadDefaultData()313 void ReadDefaultData() {
314 std::string tmp;
315 ASSERT_TRUE(base::ReadFileToString(base::FilePath(kMetadataPath), &tmp));
316 ASSERT_EQ(tmp.size(), sizeof(AvbCertPublicKeyMetadata));
317 memcpy(&metadata_, tmp.data(), tmp.size());
318 ASSERT_TRUE(
319 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp));
320 ASSERT_EQ(tmp.size(), sizeof(AvbCertPermanentAttributes));
321 memcpy(&attributes_, tmp.data(), tmp.size());
322 ASSERT_TRUE(base::ReadFileToString(base::FilePath(kUnlockChallengePath),
323 &unlock_challenge_));
324 ASSERT_EQ(size_t(AVB_CERT_UNLOCK_CHALLENGE_SIZE), unlock_challenge_.size());
325 ASSERT_TRUE(
326 base::ReadFileToString(base::FilePath(kUnlockCredentialPath), &tmp));
327 ASSERT_EQ(tmp.size(), sizeof(AvbCertUnlockCredential));
328 memcpy(&unlock_credential_, tmp.data(), tmp.size());
329 }
330 };
331
TEST_F(AvbCertValidateTest,Success)332 TEST_F(AvbCertValidateTest, Success) {
333 bool is_trusted = false;
334 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
335 EXPECT_TRUE(is_trusted);
336
337 // Check that the key versions were reported correctly.
338 EXPECT_EQ(
339 ops_.get_verified_rollback_indexes()[AVB_CERT_PIK_VERSION_LOCATION],
340 metadata_.product_intermediate_key_certificate.signed_data.key_version);
341 EXPECT_EQ(ops_.get_verified_rollback_indexes()[AVB_CERT_PSK_VERSION_LOCATION],
342 metadata_.product_signing_key_certificate.signed_data.key_version);
343 EXPECT_EQ(2UL, ops_.get_verified_rollback_indexes().size());
344 }
345
TEST_F(AvbCertValidateTest,SuccessAfterNewSign)346 TEST_F(AvbCertValidateTest, SuccessAfterNewSign) {
347 std::string old_pik_sig(
348 reinterpret_cast<char*>(
349 metadata_.product_intermediate_key_certificate.signature),
350 AVB_RSA4096_NUM_BYTES);
351 std::string old_psk_sig(
352 reinterpret_cast<char*>(
353 metadata_.product_signing_key_certificate.signature),
354 AVB_RSA4096_NUM_BYTES);
355 SignPIKCertificate();
356 SignPSKCertificate();
357 std::string new_pik_sig(
358 reinterpret_cast<char*>(
359 metadata_.product_intermediate_key_certificate.signature),
360 AVB_RSA4096_NUM_BYTES);
361 std::string new_psk_sig(
362 reinterpret_cast<char*>(
363 metadata_.product_signing_key_certificate.signature),
364 AVB_RSA4096_NUM_BYTES);
365 EXPECT_EQ(old_pik_sig, new_pik_sig);
366 EXPECT_EQ(old_psk_sig, new_psk_sig);
367 bool is_trusted = false;
368 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
369 EXPECT_TRUE(is_trusted);
370 }
371
TEST_F(AvbCertValidateTest,FailReadPermamentAttributes)372 TEST_F(AvbCertValidateTest, FailReadPermamentAttributes) {
373 fail_read_permanent_attributes_ = true;
374 bool is_trusted = true;
375 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
376 EXPECT_FALSE(is_trusted);
377 }
378
TEST_F(AvbCertValidateTest,FailReadPermamentAttributesHash)379 TEST_F(AvbCertValidateTest, FailReadPermamentAttributesHash) {
380 fail_read_permanent_attributes_hash_ = true;
381 bool is_trusted = true;
382 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
383 EXPECT_FALSE(is_trusted);
384 }
385
TEST_F(AvbCertValidateTest,UnsupportedPermanentAttributesVersion)386 TEST_F(AvbCertValidateTest, UnsupportedPermanentAttributesVersion) {
387 attributes_.version = 25;
388 ops_.set_permanent_attributes(attributes_);
389 bool is_trusted = true;
390 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
391 EXPECT_FALSE(is_trusted);
392 }
393
TEST_F(AvbCertValidateTest,PermanentAttributesHashMismatch)394 TEST_F(AvbCertValidateTest, PermanentAttributesHashMismatch) {
395 ops_.set_permanent_attributes_hash("bad_hash");
396 bool is_trusted = true;
397 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
398 EXPECT_FALSE(is_trusted);
399 }
400
401 // A fixture with parameterized metadata length.
402 class AvbCertValidateTestWithMetadataLength
403 : public AvbCertValidateTest,
404 public ::testing::WithParamInterface<size_t> {
405 protected:
Validate(bool * is_trusted)406 AvbIOResult Validate(bool* is_trusted) override {
407 return avb_cert_validate_vbmeta_public_key(
408 ops_.avb_ops(),
409 metadata_.product_signing_key_certificate.signed_data.public_key,
410 AVB_CERT_PUBLIC_KEY_SIZE,
411 reinterpret_cast<const uint8_t*>(&metadata_),
412 GetParam(),
413 is_trusted);
414 }
415 };
416
TEST_P(AvbCertValidateTestWithMetadataLength,InvalidMetadataLength)417 TEST_P(AvbCertValidateTestWithMetadataLength, InvalidMetadataLength) {
418 bool is_trusted = true;
419 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
420 EXPECT_FALSE(is_trusted);
421 }
422
423 // Test a bunch of invalid metadata length values.
424 INSTANTIATE_TEST_CASE_P(P,
425 AvbCertValidateTestWithMetadataLength,
426 ::testing::Values(0,
427 1,
428 sizeof(AvbCertPublicKeyMetadata) - 1,
429 sizeof(AvbCertPublicKeyMetadata) + 1,
430 -1));
431
TEST_F(AvbCertValidateTest,UnsupportedMetadataVersion)432 TEST_F(AvbCertValidateTest, UnsupportedMetadataVersion) {
433 metadata_.version = 25;
434 bool is_trusted = true;
435 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
436 EXPECT_FALSE(is_trusted);
437 }
438
TEST_F(AvbCertValidateTest,FailReadPIKRollbackIndex)439 TEST_F(AvbCertValidateTest, FailReadPIKRollbackIndex) {
440 fail_read_pik_rollback_index_ = true;
441 bool is_trusted = true;
442 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
443 EXPECT_FALSE(is_trusted);
444 }
445
TEST_F(AvbCertValidateTest,UnsupportedPIKCertificateVersion)446 TEST_F(AvbCertValidateTest, UnsupportedPIKCertificateVersion) {
447 metadata_.product_intermediate_key_certificate.signed_data.version = 25;
448 SignPIKCertificate();
449 bool is_trusted = true;
450 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
451 EXPECT_FALSE(is_trusted);
452 }
453
TEST_F(AvbCertValidateTest,BadPIKCert_ModifiedSubjectPublicKey)454 TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedSubjectPublicKey) {
455 metadata_.product_intermediate_key_certificate.signed_data.public_key[0] ^= 1;
456 bool is_trusted = true;
457 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
458 EXPECT_FALSE(is_trusted);
459 }
460
TEST_F(AvbCertValidateTest,BadPIKCert_ModifiedSubject)461 TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedSubject) {
462 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1;
463 bool is_trusted = true;
464 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
465 EXPECT_FALSE(is_trusted);
466 }
467
TEST_F(AvbCertValidateTest,BadPIKCert_ModifiedUsage)468 TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedUsage) {
469 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1;
470 bool is_trusted = true;
471 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
472 EXPECT_FALSE(is_trusted);
473 }
474
TEST_F(AvbCertValidateTest,BadPIKCert_ModifiedKeyVersion)475 TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedKeyVersion) {
476 metadata_.product_intermediate_key_certificate.signed_data.key_version ^= 1;
477 bool is_trusted = true;
478 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
479 EXPECT_FALSE(is_trusted);
480 }
481
TEST_F(AvbCertValidateTest,BadPIKCert_BadSignature)482 TEST_F(AvbCertValidateTest, BadPIKCert_BadSignature) {
483 metadata_.product_intermediate_key_certificate.signature[0] ^= 1;
484 bool is_trusted = true;
485 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
486 EXPECT_FALSE(is_trusted);
487 }
488
TEST_F(AvbCertValidateTest,PIKCertSubjectIgnored)489 TEST_F(AvbCertValidateTest, PIKCertSubjectIgnored) {
490 metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1;
491 SignPIKCertificate();
492 bool is_trusted = false;
493 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
494 EXPECT_TRUE(is_trusted);
495 }
496
TEST_F(AvbCertValidateTest,PIKCertUnexpectedUsage)497 TEST_F(AvbCertValidateTest, PIKCertUnexpectedUsage) {
498 metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1;
499 SignPIKCertificate();
500 bool is_trusted = true;
501 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
502 EXPECT_FALSE(is_trusted);
503 }
504
TEST_F(AvbCertValidateTest,PIKRollback)505 TEST_F(AvbCertValidateTest, PIKRollback) {
506 ops_.set_stored_rollback_indexes(
507 {{AVB_CERT_PIK_VERSION_LOCATION,
508 metadata_.product_intermediate_key_certificate.signed_data.key_version +
509 1},
510 {AVB_CERT_PSK_VERSION_LOCATION, 0}});
511 bool is_trusted = true;
512 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
513 EXPECT_FALSE(is_trusted);
514 }
515
TEST_F(AvbCertValidateTest,FailReadPSKRollbackIndex)516 TEST_F(AvbCertValidateTest, FailReadPSKRollbackIndex) {
517 fail_read_psk_rollback_index_ = true;
518 bool is_trusted = true;
519 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted));
520 EXPECT_FALSE(is_trusted);
521 }
522
TEST_F(AvbCertValidateTest,UnsupportedPSKCertificateVersion)523 TEST_F(AvbCertValidateTest, UnsupportedPSKCertificateVersion) {
524 metadata_.product_signing_key_certificate.signed_data.version = 25;
525 SignPSKCertificate();
526 bool is_trusted = true;
527 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
528 EXPECT_FALSE(is_trusted);
529 }
530
TEST_F(AvbCertValidateTest,BadPSKCert_ModifiedSubjectPublicKey)531 TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedSubjectPublicKey) {
532 metadata_.product_signing_key_certificate.signed_data.public_key[0] ^= 1;
533 bool is_trusted = true;
534 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
535 EXPECT_FALSE(is_trusted);
536 }
537
TEST_F(AvbCertValidateTest,BadPSKCert_ModifiedSubject)538 TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedSubject) {
539 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1;
540 bool is_trusted = true;
541 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
542 EXPECT_FALSE(is_trusted);
543 }
544
TEST_F(AvbCertValidateTest,BadPSKCert_ModifiedUsage)545 TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedUsage) {
546 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1;
547 bool is_trusted = true;
548 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
549 EXPECT_FALSE(is_trusted);
550 }
551
TEST_F(AvbCertValidateTest,BadPSKCert_ModifiedKeyVersion)552 TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedKeyVersion) {
553 metadata_.product_signing_key_certificate.signed_data.key_version ^= 1;
554 bool is_trusted = true;
555 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
556 EXPECT_FALSE(is_trusted);
557 }
558
TEST_F(AvbCertValidateTest,BadPSKCert_BadSignature)559 TEST_F(AvbCertValidateTest, BadPSKCert_BadSignature) {
560 metadata_.product_signing_key_certificate.signature[0] ^= 1;
561 bool is_trusted = true;
562 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
563 EXPECT_FALSE(is_trusted);
564 }
565
TEST_F(AvbCertValidateTest,PSKCertUnexpectedSubject)566 TEST_F(AvbCertValidateTest, PSKCertUnexpectedSubject) {
567 metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1;
568 SignPSKCertificate();
569 bool is_trusted = true;
570 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
571 EXPECT_FALSE(is_trusted);
572 }
573
TEST_F(AvbCertValidateTest,PSKCertUnexpectedUsage)574 TEST_F(AvbCertValidateTest, PSKCertUnexpectedUsage) {
575 metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1;
576 SignPSKCertificate();
577 bool is_trusted = true;
578 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
579 EXPECT_FALSE(is_trusted);
580 }
581
TEST_F(AvbCertValidateTest,PSKRollback)582 TEST_F(AvbCertValidateTest, PSKRollback) {
583 ops_.set_stored_rollback_indexes(
584 {{AVB_CERT_PIK_VERSION_LOCATION, 0},
585 {AVB_CERT_PSK_VERSION_LOCATION,
586 metadata_.product_signing_key_certificate.signed_data.key_version +
587 1}});
588 bool is_trusted = true;
589 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
590 EXPECT_FALSE(is_trusted);
591 }
592
593 // A fixture with parameterized public key length.
594 class AvbCertValidateTestWithPublicKeyLength
595 : public AvbCertValidateTest,
596 public ::testing::WithParamInterface<size_t> {
597 protected:
Validate(bool * is_trusted)598 AvbIOResult Validate(bool* is_trusted) override {
599 return avb_cert_validate_vbmeta_public_key(
600 ops_.avb_ops(),
601 metadata_.product_signing_key_certificate.signed_data.public_key,
602 GetParam(),
603 reinterpret_cast<const uint8_t*>(&metadata_),
604 sizeof(metadata_),
605 is_trusted);
606 }
607 };
608
TEST_P(AvbCertValidateTestWithPublicKeyLength,InvalidPublicKeyLength)609 TEST_P(AvbCertValidateTestWithPublicKeyLength, InvalidPublicKeyLength) {
610 bool is_trusted = true;
611 EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted));
612 EXPECT_FALSE(is_trusted);
613 }
614
615 // Test a bunch of invalid public key length values.
616 INSTANTIATE_TEST_CASE_P(P,
617 AvbCertValidateTestWithPublicKeyLength,
618 ::testing::Values(0,
619 1,
620 AVB_CERT_PUBLIC_KEY_SIZE - 1,
621 AVB_CERT_PUBLIC_KEY_SIZE + 1,
622 AVB_CERT_PUBLIC_KEY_SIZE - 512,
623 -1));
624
TEST_F(AvbCertValidateTest,PSKMismatch)625 TEST_F(AvbCertValidateTest, PSKMismatch) {
626 uint8_t bad_key[AVB_CERT_PUBLIC_KEY_SIZE] = {};
627 bool is_trusted = true;
628 EXPECT_EQ(AVB_IO_RESULT_OK,
629 avb_cert_validate_vbmeta_public_key(
630 ops_.avb_ops(),
631 bad_key,
632 AVB_CERT_PUBLIC_KEY_SIZE,
633 reinterpret_cast<const uint8_t*>(&metadata_),
634 sizeof(metadata_),
635 &is_trusted));
636 EXPECT_FALSE(is_trusted);
637 }
638
TEST_F(AvbCertValidateTest,GenerateUnlockChallenge)639 TEST_F(AvbCertValidateTest, GenerateUnlockChallenge) {
640 fake_random_ = std::string(AVB_CERT_UNLOCK_CHALLENGE_SIZE, 'C');
641 AvbCertUnlockChallenge challenge;
642 EXPECT_EQ(
643 AVB_IO_RESULT_OK,
644 avb_cert_generate_unlock_challenge(ops_.avb_cert_ops(), &challenge));
645 EXPECT_EQ(1UL, challenge.version);
646 EXPECT_EQ(0,
647 memcmp(fake_random_.data(),
648 challenge.challenge,
649 AVB_CERT_UNLOCK_CHALLENGE_SIZE));
650 uint8_t expected_pid_hash[AVB_SHA256_DIGEST_SIZE];
651 SHA256(attributes_.product_id, AVB_CERT_PRODUCT_ID_SIZE, expected_pid_hash);
652 EXPECT_EQ(0,
653 memcmp(expected_pid_hash,
654 challenge.product_id_hash,
655 AVB_SHA256_DIGEST_SIZE));
656 }
657
TEST_F(AvbCertValidateTest,GenerateUnlockChallenge_NoAttributes)658 TEST_F(AvbCertValidateTest, GenerateUnlockChallenge_NoAttributes) {
659 fail_read_permanent_attributes_ = true;
660 AvbCertUnlockChallenge challenge;
661 EXPECT_NE(
662 AVB_IO_RESULT_OK,
663 avb_cert_generate_unlock_challenge(ops_.avb_cert_ops(), &challenge));
664 }
665
TEST_F(AvbCertValidateTest,GenerateUnlockChallenge_NoRNG)666 TEST_F(AvbCertValidateTest, GenerateUnlockChallenge_NoRNG) {
667 fail_get_random_ = true;
668 AvbCertUnlockChallenge challenge;
669 EXPECT_NE(
670 AVB_IO_RESULT_OK,
671 avb_cert_generate_unlock_challenge(ops_.avb_cert_ops(), &challenge));
672 }
673
TEST_F(AvbCertValidateTest,ValidateUnlockCredential)674 TEST_F(AvbCertValidateTest, ValidateUnlockCredential) {
675 ASSERT_TRUE(PrepareUnlockCredential());
676 bool is_trusted = true;
677 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
678 EXPECT_TRUE(is_trusted);
679 }
680
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_UnsupportedVersion)681 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_UnsupportedVersion) {
682 ASSERT_TRUE(PrepareUnlockCredential());
683 unlock_credential_.version++;
684 bool is_trusted = true;
685 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
686 EXPECT_FALSE(is_trusted);
687 }
688
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_NoAttributes)689 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_NoAttributes) {
690 PrepareUnlockCredential();
691 fail_read_permanent_attributes_ = true;
692 bool is_trusted = true;
693 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
694 EXPECT_FALSE(is_trusted);
695 }
696
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_NoAttributesHash)697 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_NoAttributesHash) {
698 PrepareUnlockCredential();
699 fail_read_permanent_attributes_hash_ = true;
700 bool is_trusted = true;
701 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
702 EXPECT_FALSE(is_trusted);
703 }
704
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_UnsupportedAttributesVersion)705 TEST_F(AvbCertValidateTest,
706 ValidateUnlockCredential_UnsupportedAttributesVersion) {
707 ASSERT_TRUE(PrepareUnlockCredential());
708 attributes_.version = 25;
709 ops_.set_permanent_attributes(attributes_);
710 bool is_trusted = true;
711 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
712 EXPECT_FALSE(is_trusted);
713 }
714
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_AttributesHashMismatch)715 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_AttributesHashMismatch) {
716 ASSERT_TRUE(PrepareUnlockCredential());
717 ops_.set_permanent_attributes_hash("bad_hash");
718 bool is_trusted = true;
719 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
720 EXPECT_FALSE(is_trusted);
721 }
722
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_FailReadPIKRollbackIndex)723 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_FailReadPIKRollbackIndex) {
724 ASSERT_TRUE(PrepareUnlockCredential());
725 fail_read_pik_rollback_index_ = true;
726 bool is_trusted = true;
727 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
728 EXPECT_FALSE(is_trusted);
729 }
730
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_UnsupportedPIKCertificateVersion)731 TEST_F(AvbCertValidateTest,
732 ValidateUnlockCredential_UnsupportedPIKCertificateVersion) {
733 ASSERT_TRUE(PrepareUnlockCredential());
734 unlock_credential_.product_intermediate_key_certificate.signed_data.version =
735 25;
736 SignUnlockCredentialPIKCertificate();
737 bool is_trusted = true;
738 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
739 EXPECT_FALSE(is_trusted);
740 }
741
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedSubjectPublicKey)742 TEST_F(AvbCertValidateTest,
743 ValidateUnlockCredential_BadPIKCert_ModifiedSubjectPublicKey) {
744 ASSERT_TRUE(PrepareUnlockCredential());
745 unlock_credential_.product_intermediate_key_certificate.signed_data
746 .public_key[0] ^= 1;
747 bool is_trusted = true;
748 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
749 EXPECT_FALSE(is_trusted);
750 }
751
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedSubject)752 TEST_F(AvbCertValidateTest,
753 ValidateUnlockCredential_BadPIKCert_ModifiedSubject) {
754 ASSERT_TRUE(PrepareUnlockCredential());
755 unlock_credential_.product_intermediate_key_certificate.signed_data
756 .subject[0] ^= 1;
757 bool is_trusted = true;
758 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
759 EXPECT_FALSE(is_trusted);
760 }
761
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedUsage)762 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPIKCert_ModifiedUsage) {
763 ASSERT_TRUE(PrepareUnlockCredential());
764 unlock_credential_.product_intermediate_key_certificate.signed_data
765 .usage[0] ^= 1;
766 bool is_trusted = true;
767 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
768 EXPECT_FALSE(is_trusted);
769 }
770
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPIKCert_ModifiedKeyVersion)771 TEST_F(AvbCertValidateTest,
772 ValidateUnlockCredential_BadPIKCert_ModifiedKeyVersion) {
773 ASSERT_TRUE(PrepareUnlockCredential());
774 unlock_credential_.product_intermediate_key_certificate.signed_data
775 .key_version ^= 1;
776 bool is_trusted = true;
777 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
778 EXPECT_FALSE(is_trusted);
779 }
780
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPIKCert_BadSignature)781 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPIKCert_BadSignature) {
782 ASSERT_TRUE(PrepareUnlockCredential());
783 unlock_credential_.product_intermediate_key_certificate.signature[0] ^= 1;
784 bool is_trusted = true;
785 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
786 EXPECT_FALSE(is_trusted);
787 }
788
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PIKCertSubjectIgnored)789 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PIKCertSubjectIgnored) {
790 ASSERT_TRUE(PrepareUnlockCredential());
791 unlock_credential_.product_intermediate_key_certificate.signed_data
792 .subject[0] ^= 1;
793 SignUnlockCredentialPIKCertificate();
794 bool is_trusted = false;
795 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
796 EXPECT_TRUE(is_trusted);
797 }
798
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PIKCertUnexpectedUsage)799 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PIKCertUnexpectedUsage) {
800 ASSERT_TRUE(PrepareUnlockCredential());
801 unlock_credential_.product_intermediate_key_certificate.signed_data
802 .usage[0] ^= 1;
803 SignUnlockCredentialPIKCertificate();
804 bool is_trusted = true;
805 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
806 EXPECT_FALSE(is_trusted);
807 }
808
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PIKRollback)809 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PIKRollback) {
810 ASSERT_TRUE(PrepareUnlockCredential());
811 ops_.set_stored_rollback_indexes(
812 {{AVB_CERT_PIK_VERSION_LOCATION,
813 unlock_credential_.product_intermediate_key_certificate.signed_data
814 .key_version +
815 1},
816 {AVB_CERT_PSK_VERSION_LOCATION, 0}});
817 bool is_trusted = true;
818 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
819 EXPECT_FALSE(is_trusted);
820 }
821
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_FailReadPSKRollbackIndex)822 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_FailReadPSKRollbackIndex) {
823 ASSERT_TRUE(PrepareUnlockCredential());
824 fail_read_psk_rollback_index_ = true;
825 bool is_trusted = true;
826 EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, ValidateUnlock(&is_trusted));
827 EXPECT_FALSE(is_trusted);
828 }
829
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_UnsupportedPUKCertificateVersion)830 TEST_F(AvbCertValidateTest,
831 ValidateUnlockCredential_UnsupportedPUKCertificateVersion) {
832 ASSERT_TRUE(PrepareUnlockCredential());
833 unlock_credential_.product_unlock_key_certificate.signed_data.version = 25;
834 SignUnlockCredentialPUKCertificate();
835 bool is_trusted = true;
836 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
837 EXPECT_FALSE(is_trusted);
838 }
839
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedSubjectPublicKey)840 TEST_F(AvbCertValidateTest,
841 ValidateUnlockCredential_BadPUKCert_ModifiedSubjectPublicKey) {
842 ASSERT_TRUE(PrepareUnlockCredential());
843 unlock_credential_.product_unlock_key_certificate.signed_data.public_key[0] ^=
844 1;
845 bool is_trusted = true;
846 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
847 EXPECT_FALSE(is_trusted);
848 }
849
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedSubject)850 TEST_F(AvbCertValidateTest,
851 ValidateUnlockCredential_BadPUKCert_ModifiedSubject) {
852 ASSERT_TRUE(PrepareUnlockCredential());
853 unlock_credential_.product_unlock_key_certificate.signed_data.subject[0] ^= 1;
854 bool is_trusted = true;
855 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
856 EXPECT_FALSE(is_trusted);
857 }
858
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedUsage)859 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPUKCert_ModifiedUsage) {
860 ASSERT_TRUE(PrepareUnlockCredential());
861 unlock_credential_.product_unlock_key_certificate.signed_data.usage[0] ^= 1;
862 bool is_trusted = true;
863 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
864 EXPECT_FALSE(is_trusted);
865 }
866
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPUKCert_ModifiedKeyVersion)867 TEST_F(AvbCertValidateTest,
868 ValidateUnlockCredential_BadPUKCert_ModifiedKeyVersion) {
869 ASSERT_TRUE(PrepareUnlockCredential());
870 unlock_credential_.product_unlock_key_certificate.signed_data.key_version ^=
871 1;
872 bool is_trusted = true;
873 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
874 EXPECT_FALSE(is_trusted);
875 }
876
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadPUKCert_BadSignature)877 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPUKCert_BadSignature) {
878 ASSERT_TRUE(PrepareUnlockCredential());
879 unlock_credential_.product_unlock_key_certificate.signature[0] ^= 1;
880 bool is_trusted = true;
881 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
882 EXPECT_FALSE(is_trusted);
883 }
884
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PUKCertUnexpectedSubject)885 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PUKCertUnexpectedSubject) {
886 ASSERT_TRUE(PrepareUnlockCredential());
887 unlock_credential_.product_unlock_key_certificate.signed_data.subject[0] ^= 1;
888 SignUnlockCredentialPUKCertificate();
889 bool is_trusted = true;
890 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
891 EXPECT_FALSE(is_trusted);
892 }
893
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PUKCertUnexpectedUsage)894 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PUKCertUnexpectedUsage) {
895 ASSERT_TRUE(PrepareUnlockCredential());
896 unlock_credential_.product_unlock_key_certificate.signed_data.usage[0] ^= 1;
897 SignUnlockCredentialPUKCertificate();
898 bool is_trusted = true;
899 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
900 EXPECT_FALSE(is_trusted);
901 }
902
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_PUKRollback)903 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PUKRollback) {
904 ASSERT_TRUE(PrepareUnlockCredential());
905 ops_.set_stored_rollback_indexes(
906 {{AVB_CERT_PIK_VERSION_LOCATION, 0},
907 {AVB_CERT_PSK_VERSION_LOCATION,
908 unlock_credential_.product_unlock_key_certificate.signed_data
909 .key_version +
910 1}});
911 bool is_trusted = true;
912 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
913 EXPECT_FALSE(is_trusted);
914 }
915
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_BadChallengeSignature)916 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadChallengeSignature) {
917 ASSERT_TRUE(PrepareUnlockCredential());
918 unlock_credential_.challenge_signature[10] ^= 1;
919 bool is_trusted = true;
920 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
921 EXPECT_FALSE(is_trusted);
922 }
923
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_ChallengeMismatch)924 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_ChallengeMismatch) {
925 ASSERT_TRUE(PrepareUnlockCredential());
926 unlock_challenge_ = "bad";
927 SignUnlockCredentialChallenge(kPUKPrivateKeyPath);
928 bool is_trusted = true;
929 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
930 EXPECT_FALSE(is_trusted);
931 }
932
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_UnlockWithPSK)933 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_UnlockWithPSK) {
934 ASSERT_TRUE(PrepareUnlockCredential());
935 // Copy the PSK cert as the PUK cert.
936 memcpy(&unlock_credential_.product_unlock_key_certificate,
937 &metadata_.product_signing_key_certificate,
938 sizeof(AvbCertCertificate));
939 // Sign the challenge with the PSK instead of the PUK.
940 SignUnlockCredentialChallenge(kPSKPrivateKeyPath);
941 bool is_trusted = true;
942 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
943 EXPECT_FALSE(is_trusted);
944 }
945
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_ReplayChallenge)946 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_ReplayChallenge) {
947 ASSERT_TRUE(PrepareUnlockCredential());
948 bool is_trusted = true;
949 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
950 EXPECT_TRUE(is_trusted);
951 // A second attempt with the same challenge should fail.
952 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
953 EXPECT_FALSE(is_trusted);
954 }
955
TEST_F(AvbCertValidateTest,ValidateUnlockCredential_MultipleUnlock)956 TEST_F(AvbCertValidateTest, ValidateUnlockCredential_MultipleUnlock) {
957 ASSERT_TRUE(PrepareUnlockCredential());
958 bool is_trusted = true;
959 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
960 EXPECT_TRUE(is_trusted);
961 // A second attempt with a newly staged challenge should succeed.
962 ASSERT_TRUE(PrepareUnlockCredential());
963 EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted));
964 EXPECT_TRUE(is_trusted);
965 }
966
967 // A fixture for testing avb_slot_verify() with libavb_cert.
968 class AvbCertSlotVerifyTest : public BaseAvbToolTest,
969 public FakeAvbOpsDelegateWithDefaults {
970 public:
971 ~AvbCertSlotVerifyTest() override = default;
972
SetUp()973 void SetUp() override {
974 BaseAvbToolTest::SetUp();
975 ReadCertDefaultData();
976 ops_.set_partition_dir(testdir_);
977 ops_.set_delegate(this);
978 ops_.set_permanent_attributes(attributes_);
979 ops_.set_stored_rollback_indexes({{0, 0},
980 {1, 0},
981 {2, 0},
982 {3, 0},
983 {AVB_CERT_PIK_VERSION_LOCATION, 0},
984 {AVB_CERT_PSK_VERSION_LOCATION, 0}});
985 ops_.set_stored_is_device_unlocked(false);
986 }
987
988 // FakeAvbOpsDelegate override.
validate_vbmeta_public_key(AvbOps * ops,const uint8_t * public_key_data,size_t public_key_length,const uint8_t * public_key_metadata,size_t public_key_metadata_length,bool * out_key_is_trusted)989 AvbIOResult validate_vbmeta_public_key(AvbOps* ops,
990 const uint8_t* public_key_data,
991 size_t public_key_length,
992 const uint8_t* public_key_metadata,
993 size_t public_key_metadata_length,
994 bool* out_key_is_trusted) override {
995 // Send to libavb_cert implementation.
996 ++num_cert_calls_;
997 return avb_cert_validate_vbmeta_public_key(ops_.avb_ops(),
998 public_key_data,
999 public_key_length,
1000 public_key_metadata,
1001 public_key_metadata_length,
1002 out_key_is_trusted);
1003 }
1004
1005 protected:
1006 AvbCertPermanentAttributes attributes_;
1007 int num_cert_calls_ = 0;
1008
1009 private:
ReadCertDefaultData()1010 void ReadCertDefaultData() {
1011 std::string tmp;
1012 ASSERT_TRUE(
1013 base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp));
1014 ASSERT_EQ(tmp.size(), sizeof(AvbCertPermanentAttributes));
1015 memcpy(&attributes_, tmp.data(), tmp.size());
1016 }
1017 };
1018
TEST_F(AvbCertSlotVerifyTest,SlotVerifyWithCert)1019 TEST_F(AvbCertSlotVerifyTest, SlotVerifyWithCert) {
1020 std::string metadata_option = "--public_key_metadata=";
1021 metadata_option += kMetadataPath;
1022 GenerateVBMetaImage("vbmeta_a.img",
1023 "SHA512_RSA4096",
1024 0,
1025 "test/data/testkey_cert_psk.pem",
1026 metadata_option);
1027
1028 ops_.set_expected_public_key(PublicKeyAVB("test/data/testkey_cert_psk.pem"));
1029
1030 AvbSlotVerifyData* slot_data = NULL;
1031 const char* requested_partitions[] = {"boot", NULL};
1032 EXPECT_EQ(AVB_SLOT_VERIFY_RESULT_OK,
1033 avb_slot_verify(ops_.avb_ops(),
1034 requested_partitions,
1035 "_a",
1036 AVB_SLOT_VERIFY_FLAGS_NONE,
1037 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE,
1038 &slot_data));
1039 EXPECT_NE(nullptr, slot_data);
1040 avb_slot_verify_data_free(slot_data);
1041 EXPECT_EQ(1, num_cert_calls_);
1042 }
1043
1044 } // namespace avb
1045