1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use, copy,
8 * modify, merge, publish, distribute, sublicense, and/or sell copies
9 * of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <base/files/file_util.h>
26 #include <base/strings/string_util.h>
27 #include <endian.h>
28 #include <inttypes.h>
29 #include <libavb/libavb.h>
30 #include <string.h>
31
32 #include <iostream>
33
34 #include "avb_unittest_util.h"
35
36 namespace avb {
37
38 class VerifyTest : public BaseAvbToolTest {
39 public:
VerifyTest()40 VerifyTest() {}
41
42 protected:
43 // Helper function for ModificationDetection test. Modifies
44 // boot_image_ in a number of places in the sub-array at |offset| of
45 // size |length| and checks that avb_vbmeta_image_verify() returns
46 // |expected_result|.
47 bool test_modification(AvbVBMetaVerifyResult expected_result,
48 size_t offset,
49 size_t length);
50 };
51
TEST_F(VerifyTest,BootImageStructSize)52 TEST_F(VerifyTest, BootImageStructSize) {
53 EXPECT_EQ(256UL, sizeof(AvbVBMetaImageHeader));
54 }
55
TEST_F(VerifyTest,CheckSHA256RSA2048)56 TEST_F(VerifyTest, CheckSHA256RSA2048) {
57 GenerateVBMetaImage(
58 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
59 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
60 avb_vbmeta_image_verify(
61 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
62 }
63
TEST_F(VerifyTest,CheckSHA256RSA4096)64 TEST_F(VerifyTest, CheckSHA256RSA4096) {
65 GenerateVBMetaImage(
66 "vbmeta.img", "SHA256_RSA4096", 0, "test/data/testkey_rsa4096.pem");
67 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
68 avb_vbmeta_image_verify(
69 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
70 }
71
TEST_F(VerifyTest,CheckSHA256RSA8192)72 TEST_F(VerifyTest, CheckSHA256RSA8192) {
73 GenerateVBMetaImage(
74 "vbmeta.img", "SHA256_RSA8192", 0, "test/data/testkey_rsa8192.pem");
75 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
76 avb_vbmeta_image_verify(
77 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
78 }
79
TEST_F(VerifyTest,CheckSHA512RSA2048)80 TEST_F(VerifyTest, CheckSHA512RSA2048) {
81 GenerateVBMetaImage(
82 "vbmeta.img", "SHA512_RSA2048", 0, "test/data/testkey_rsa2048.pem");
83 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
84 avb_vbmeta_image_verify(
85 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
86 }
87
TEST_F(VerifyTest,CheckSHA512RSA4096)88 TEST_F(VerifyTest, CheckSHA512RSA4096) {
89 GenerateVBMetaImage(
90 "vbmeta.img", "SHA512_RSA4096", 0, "test/data/testkey_rsa4096.pem");
91 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
92 avb_vbmeta_image_verify(
93 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
94 }
95
TEST_F(VerifyTest,CheckSHA512RSA8192)96 TEST_F(VerifyTest, CheckSHA512RSA8192) {
97 GenerateVBMetaImage(
98 "vbmeta.img", "SHA512_RSA8192", 0, "test/data/testkey_rsa8192.pem");
99 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
100 avb_vbmeta_image_verify(
101 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
102 }
103
TEST_F(VerifyTest,CheckUnsigned)104 TEST_F(VerifyTest, CheckUnsigned) {
105 GenerateVBMetaImage("vbmeta.img", "", 0, "");
106 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED,
107 avb_vbmeta_image_verify(
108 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
109 }
110
TEST_F(VerifyTest,CheckBiggerLength)111 TEST_F(VerifyTest, CheckBiggerLength) {
112 GenerateVBMetaImage(
113 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
114 // Check that it's OK if we pass a bigger length than what the
115 // header indicates.
116 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
117 avb_vbmeta_image_verify(
118 vbmeta_image_.data(), vbmeta_image_.size() + 8192, NULL, NULL));
119 }
120
TEST_F(VerifyTest,BadMagic)121 TEST_F(VerifyTest, BadMagic) {
122 GenerateVBMetaImage(
123 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
124 vbmeta_image_[0] = 'Z';
125 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
126 avb_vbmeta_image_verify(
127 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
128 }
129
TEST_F(VerifyTest,MajorVersionCheck)130 TEST_F(VerifyTest, MajorVersionCheck) {
131 GenerateVBMetaImage(
132 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
133
134 // Bail if it's a different major version.
135 AvbVBMetaImageHeader* h =
136 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
137 h->required_libavb_version_major = htobe32(1 + AVB_VERSION_MAJOR);
138 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION,
139 avb_vbmeta_image_verify(
140 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
141 }
142
TEST_F(VerifyTest,MinorVersionCheck)143 TEST_F(VerifyTest, MinorVersionCheck) {
144 GenerateVBMetaImage("vbmeta.img", "", 0, "");
145
146 // Bail if required_libavb_version_minor exceeds our libavb version.
147 AvbVBMetaImageHeader* h =
148 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
149 h->required_libavb_version_minor = htobe32(1 + AVB_VERSION_MINOR);
150 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION,
151 avb_vbmeta_image_verify(
152 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
153 }
154
TEST_F(VerifyTest,NulTerminatedReleaseString)155 TEST_F(VerifyTest, NulTerminatedReleaseString) {
156 GenerateVBMetaImage("vbmeta.img", "", 0, "");
157
158 // Bail if |release_string| isn't NUL-terminated.
159 AvbVBMetaImageHeader* h =
160 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
161 for (size_t n = 0; n < AVB_RELEASE_STRING_SIZE; n++) {
162 h->release_string[n] = 'a';
163 }
164 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
165 avb_vbmeta_image_verify(
166 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
167 }
168
TEST_F(VerifyTest,BlockSizesAddUpToLessThanLength)169 TEST_F(VerifyTest, BlockSizesAddUpToLessThanLength) {
170 GenerateVBMetaImage(
171 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
172
173 AvbVBMetaImageHeader* h =
174 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
175 AvbVBMetaImageHeader backup = *h;
176
177 // Check that the sum of the two block lengths is less than passed
178 // in size. Use a size that's a multiple of 64 to avoid failure on
179 // earlier check.
180 uint64_t size = vbmeta_image_.size() & (~0x3f);
181
182 h->authentication_data_block_size = htobe64(size);
183 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
184 avb_vbmeta_image_verify(
185 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
186 *h = backup;
187
188 h->auxiliary_data_block_size = htobe64(size);
189 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
190 avb_vbmeta_image_verify(
191 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
192 *h = backup;
193
194 // Overflow checks - choose overflow candidate so it's a multiple of
195 // 64 otherwise we'll fail on an earlier check.
196 size = 0xffffffffffffffc0UL;
197
198 h->authentication_data_block_size = htobe64(size);
199 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
200 avb_vbmeta_image_verify(
201 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
202 *h = backup;
203
204 h->auxiliary_data_block_size = htobe64(size);
205 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
206 avb_vbmeta_image_verify(
207 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
208 *h = backup;
209
210 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
211 avb_vbmeta_image_verify(
212 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
213 }
214
TEST_F(VerifyTest,BlockSizesMultipleOf64)215 TEST_F(VerifyTest, BlockSizesMultipleOf64) {
216 GenerateVBMetaImage(
217 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
218
219 AvbVBMetaImageHeader* h =
220 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
221 AvbVBMetaImageHeader backup = *h;
222
223 h->authentication_data_block_size =
224 htobe32(be32toh(h->authentication_data_block_size) - 32);
225 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
226 avb_vbmeta_image_verify(
227 vbmeta_image_.data(), vbmeta_image_.size() - 32, NULL, NULL));
228 *h = backup;
229
230 h->auxiliary_data_block_size =
231 htobe32(be32toh(h->auxiliary_data_block_size) - 32);
232 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
233 avb_vbmeta_image_verify(
234 vbmeta_image_.data(), vbmeta_image_.size() - 32, NULL, NULL));
235 *h = backup;
236
237 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
238 avb_vbmeta_image_verify(
239 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
240 }
241
TEST_F(VerifyTest,HashOutOfBounds)242 TEST_F(VerifyTest, HashOutOfBounds) {
243 GenerateVBMetaImage(
244 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
245
246 AvbVBMetaImageHeader* h =
247 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
248
249 // Check we catch when hash data goes out of bounds.
250 h->hash_offset = htobe64(4);
251 h->hash_size = htobe64(be64toh(h->authentication_data_block_size));
252 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
253 avb_vbmeta_image_verify(
254 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
255
256 // Overflow checks.
257 h->hash_offset = htobe64(4);
258 h->hash_size = htobe64(0xfffffffffffffffeUL);
259 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
260 avb_vbmeta_image_verify(
261 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
262 }
263
TEST_F(VerifyTest,SignatureOutOfBounds)264 TEST_F(VerifyTest, SignatureOutOfBounds) {
265 GenerateVBMetaImage(
266 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
267
268 AvbVBMetaImageHeader* h =
269 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
270
271 // Check we catch when signature data goes out of bounds.
272 h->signature_offset = htobe64(4);
273 h->signature_size = htobe64(be64toh(h->authentication_data_block_size));
274 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
275 avb_vbmeta_image_verify(
276 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
277
278 // Overflow checks.
279 h->signature_offset = htobe64(4);
280 h->signature_size = htobe64(0xfffffffffffffffeUL);
281 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
282 avb_vbmeta_image_verify(
283 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
284 }
285
TEST_F(VerifyTest,PublicKeyOutOfBounds)286 TEST_F(VerifyTest, PublicKeyOutOfBounds) {
287 GenerateVBMetaImage(
288 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
289
290 AvbVBMetaImageHeader* h =
291 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
292
293 // Check we catch when public key data goes out of bounds.
294 h->public_key_offset = htobe64(4);
295 h->public_key_size = htobe64(be64toh(h->auxiliary_data_block_size));
296 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
297 avb_vbmeta_image_verify(
298 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
299
300 // Overflow checks.
301 h->public_key_offset = htobe64(4);
302 h->public_key_size = htobe64(0xfffffffffffffffeUL);
303 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
304 avb_vbmeta_image_verify(
305 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
306 }
307
TEST_F(VerifyTest,PublicKeyMetadataOutOfBounds)308 TEST_F(VerifyTest, PublicKeyMetadataOutOfBounds) {
309 GenerateVBMetaImage(
310 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
311
312 AvbVBMetaImageHeader* h =
313 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
314
315 // Check we catch when public key metadata data goes out of bounds.
316 h->public_key_metadata_offset = htobe64(4);
317 h->public_key_metadata_size = htobe64(be64toh(h->auxiliary_data_block_size));
318 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
319 avb_vbmeta_image_verify(
320 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
321
322 // Overflow checks.
323 h->public_key_metadata_offset = htobe64(4);
324 h->public_key_metadata_size = htobe64(0xfffffffffffffffeUL);
325 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
326 avb_vbmeta_image_verify(
327 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
328 }
329
TEST_F(VerifyTest,InvalidAlgorithmField)330 TEST_F(VerifyTest, InvalidAlgorithmField) {
331 GenerateVBMetaImage(
332 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
333
334 AvbVBMetaImageHeader* h =
335 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
336 AvbVBMetaImageHeader backup = *h;
337
338 // Check we bail on unknown algorithm.
339 h->algorithm_type = htobe32(_AVB_ALGORITHM_NUM_TYPES);
340 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
341 avb_vbmeta_image_verify(
342 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
343 *h = backup;
344 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
345 avb_vbmeta_image_verify(
346 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
347 }
348
TEST_F(VerifyTest,PublicKeyBlockTooSmall)349 TEST_F(VerifyTest, PublicKeyBlockTooSmall) {
350 GenerateVBMetaImage(
351 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
352
353 AvbVBMetaImageHeader* h =
354 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
355 AvbVBMetaImageHeader backup = *h;
356
357 // Check we bail if the auxiliary data block is too small.
358 uint64_t change = be64toh(h->auxiliary_data_block_size) - 64;
359 h->auxiliary_data_block_size = htobe64(change);
360 EXPECT_EQ(
361 AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
362 avb_vbmeta_image_verify(
363 vbmeta_image_.data(), vbmeta_image_.size() - change, NULL, NULL));
364 *h = backup;
365 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
366 avb_vbmeta_image_verify(
367 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
368 }
369
TEST_F(VerifyTest,VbmetaImageSmallerThanMagic)370 TEST_F(VerifyTest, VbmetaImageSmallerThanMagic) {
371 uint8_t vbmeta_onebyte[1] = {0};
372 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
373 avb_vbmeta_image_verify(
374 vbmeta_onebyte, 1, NULL, NULL));
375 }
376
test_modification(AvbVBMetaVerifyResult expected_result,size_t offset,size_t length)377 bool VerifyTest::test_modification(AvbVBMetaVerifyResult expected_result,
378 size_t offset,
379 size_t length) {
380 uint8_t* d = reinterpret_cast<uint8_t*>(vbmeta_image_.data());
381 const int kNumCheckpoints = 16;
382
383 // Test |kNumCheckpoints| modifications in the start, middle, and
384 // end of given sub-array.
385 for (int n = 0; n <= kNumCheckpoints; n++) {
386 size_t o = std::min(length * n / kNumCheckpoints, length - 1) + offset;
387 d[o] ^= 0x80;
388 AvbVBMetaVerifyResult result = avb_vbmeta_image_verify(
389 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL);
390 d[o] ^= 0x80;
391 if (result != expected_result) {
392 return false;
393 }
394 }
395
396 return true;
397 }
398
TEST_F(VerifyTest,ModificationDetection)399 TEST_F(VerifyTest, ModificationDetection) {
400 GenerateVBMetaImage(
401 "vbmeta.img", "SHA256_RSA2048", 0, "test/data/testkey_rsa2048.pem");
402
403 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
404 avb_vbmeta_image_verify(
405 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
406
407 AvbVBMetaImageHeader h;
408 avb_vbmeta_image_header_to_host_byte_order(
409 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data()), &h);
410
411 size_t header_block_offset = 0;
412 size_t authentication_block_offset =
413 header_block_offset + sizeof(AvbVBMetaImageHeader);
414 size_t auxiliary_block_offset =
415 authentication_block_offset + h.authentication_data_block_size;
416
417 // Ensure we detect modification of the header data block. Do this
418 // in a field that's not validated so INVALID_VBMETA_HEADER
419 // isn't returned.
420 EXPECT_TRUE(test_modification(
421 AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
422 offsetof(AvbVBMetaImageHeader, reserved),
423 sizeof(AvbVBMetaImageHeader) - offsetof(AvbVBMetaImageHeader, reserved)));
424 // Also check the |reserved| field.
425 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
426 offsetof(AvbVBMetaImageHeader, reserved),
427 sizeof(AvbVBMetaImageHeader().reserved)));
428
429 // Ensure we detect modifications in the auxiliary data block.
430 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
431 auxiliary_block_offset,
432 h.auxiliary_data_block_size));
433
434 // Modifications in the hash part of the Authentication data block
435 // should also yield HASH_MISMATCH. This is because the hash check
436 // compares the calculated hash against the stored hash.
437 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
438 authentication_block_offset + h.hash_offset,
439 h.hash_size));
440
441 // Modifications in the signature part of the Authentication data
442 // block, should not cause a hash mismatch ... but will cause a
443 // signature mismatch.
444 EXPECT_TRUE(
445 test_modification(AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH,
446 authentication_block_offset + h.signature_offset,
447 h.signature_size));
448
449 // Mofications outside the hash and signature parts of the
450 // Authentication data block are not detected. This is because it's
451 // not part of the hash calculation.
452 uint64_t offset = h.signature_offset + h.signature_size;
453 ASSERT_LT(h.hash_offset, h.signature_offset);
454 ASSERT_LT(offset + 1, h.authentication_data_block_size);
455 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_OK,
456 authentication_block_offset + offset,
457 h.authentication_data_block_size - offset));
458 }
459
TEST_F(VerifyTest,VBMetaHeaderByteswap)460 TEST_F(VerifyTest, VBMetaHeaderByteswap) {
461 AvbVBMetaImageHeader h;
462 AvbVBMetaImageHeader s;
463 uint32_t n32;
464 uint64_t n64;
465
466 n32 = 0x11223344;
467 n64 = 0x1122334455667788;
468
469 h.required_libavb_version_major = htobe32(n32);
470 n32++;
471 h.required_libavb_version_minor = htobe32(n32);
472 n32++;
473 h.authentication_data_block_size = htobe64(n64);
474 n64++;
475 h.auxiliary_data_block_size = htobe64(n64);
476 n64++;
477 h.algorithm_type = htobe32(n32);
478 n32++;
479 h.hash_offset = htobe64(n64);
480 n64++;
481 h.hash_size = htobe64(n64);
482 n64++;
483 h.signature_offset = htobe64(n64);
484 n64++;
485 h.signature_size = htobe64(n64);
486 n64++;
487 h.public_key_offset = htobe64(n64);
488 n64++;
489 h.public_key_size = htobe64(n64);
490 n64++;
491 h.public_key_metadata_offset = htobe64(n64);
492 n64++;
493 h.public_key_metadata_size = htobe64(n64);
494 n64++;
495 h.descriptors_offset = htobe64(n64);
496 n64++;
497 h.descriptors_size = htobe64(n64);
498 n64++;
499 h.rollback_index = htobe64(n64);
500 n64++;
501 h.flags = htobe32(n32);
502 n32++;
503
504 avb_vbmeta_image_header_to_host_byte_order(&h, &s);
505
506 n32 = 0x11223344;
507 n64 = 0x1122334455667788;
508
509 EXPECT_EQ(n32, s.required_libavb_version_major);
510 n32++;
511 EXPECT_EQ(n32, s.required_libavb_version_minor);
512 n32++;
513 EXPECT_EQ(n64, s.authentication_data_block_size);
514 n64++;
515 EXPECT_EQ(n64, s.auxiliary_data_block_size);
516 n64++;
517 EXPECT_EQ(n32, s.algorithm_type);
518 n32++;
519 EXPECT_EQ(n64, s.hash_offset);
520 n64++;
521 EXPECT_EQ(n64, s.hash_size);
522 n64++;
523 EXPECT_EQ(n64, s.signature_offset);
524 n64++;
525 EXPECT_EQ(n64, s.signature_size);
526 n64++;
527 EXPECT_EQ(n64, s.public_key_offset);
528 n64++;
529 EXPECT_EQ(n64, s.public_key_size);
530 n64++;
531 EXPECT_EQ(n64, s.public_key_metadata_offset);
532 n64++;
533 EXPECT_EQ(n64, s.public_key_metadata_size);
534 n64++;
535 EXPECT_EQ(n64, s.descriptors_offset);
536 n64++;
537 EXPECT_EQ(n64, s.descriptors_size);
538 n64++;
539 EXPECT_EQ(n64, s.rollback_index);
540 n64++;
541 EXPECT_EQ(n32, s.flags);
542 n32++;
543
544 // If new fields are added, the following will fail. This is to
545 // remind that byteswapping code (in avb_util.c) and unittests for
546 // this should be updated.
547 static_assert(offsetof(AvbVBMetaImageHeader, reserved) == 176,
548 "Remember to unittest byteswapping of newly added fields");
549 }
550
551 } // namespace avb
552