1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use, copy,
8 * modify, merge, publish, distribute, sublicense, and/or sell copies
9 * of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <iostream>
26
27 #include <endian.h>
28 #include <inttypes.h>
29 #include <string.h>
30
31 #include <base/files/file_util.h>
32 #include <base/strings/string_util.h>
33 #include <base/strings/stringprintf.h>
34
35 #include <libavb/libavb.h>
36
37 #include "avb_unittest_util.h"
38
39 namespace avb {
40
41 class VerifyTest : public BaseAvbToolTest {
42 public:
VerifyTest()43 VerifyTest() {}
44
45 protected:
46 // Helper function for ModificationDetection test. Modifies
47 // boot_image_ in a number of places in the sub-array at |offset| of
48 // size |length| and checks that avb_vbmeta_image_verify() returns
49 // |expected_result|.
50 bool test_modification(AvbVBMetaVerifyResult expected_result,
51 size_t offset,
52 size_t length);
53 };
54
TEST_F(VerifyTest,BootImageStructSize)55 TEST_F(VerifyTest, BootImageStructSize) {
56 EXPECT_EQ(256UL, sizeof(AvbVBMetaImageHeader));
57 }
58
TEST_F(VerifyTest,CheckSHA256RSA2048)59 TEST_F(VerifyTest, CheckSHA256RSA2048) {
60 GenerateVBMetaImage("vbmeta.img",
61 "SHA256_RSA2048",
62 0,
63 base::FilePath("test/data/testkey_rsa2048.pem"));
64 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
65 avb_vbmeta_image_verify(
66 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
67 }
68
TEST_F(VerifyTest,CheckSHA256RSA4096)69 TEST_F(VerifyTest, CheckSHA256RSA4096) {
70 GenerateVBMetaImage("vbmeta.img",
71 "SHA256_RSA4096",
72 0,
73 base::FilePath("test/data/testkey_rsa4096.pem"));
74 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
75 avb_vbmeta_image_verify(
76 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
77 }
78
TEST_F(VerifyTest,CheckSHA256RSA8192)79 TEST_F(VerifyTest, CheckSHA256RSA8192) {
80 GenerateVBMetaImage("vbmeta.img",
81 "SHA256_RSA8192",
82 0,
83 base::FilePath("test/data/testkey_rsa8192.pem"));
84 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
85 avb_vbmeta_image_verify(
86 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
87 }
88
TEST_F(VerifyTest,CheckSHA512RSA2048)89 TEST_F(VerifyTest, CheckSHA512RSA2048) {
90 GenerateVBMetaImage("vbmeta.img",
91 "SHA512_RSA2048",
92 0,
93 base::FilePath("test/data/testkey_rsa2048.pem"));
94 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
95 avb_vbmeta_image_verify(
96 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
97 }
98
TEST_F(VerifyTest,CheckSHA512RSA4096)99 TEST_F(VerifyTest, CheckSHA512RSA4096) {
100 GenerateVBMetaImage("vbmeta.img",
101 "SHA512_RSA4096",
102 0,
103 base::FilePath("test/data/testkey_rsa4096.pem"));
104 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
105 avb_vbmeta_image_verify(
106 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
107 }
108
TEST_F(VerifyTest,CheckSHA512RSA8192)109 TEST_F(VerifyTest, CheckSHA512RSA8192) {
110 GenerateVBMetaImage("vbmeta.img",
111 "SHA512_RSA8192",
112 0,
113 base::FilePath("test/data/testkey_rsa8192.pem"));
114 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
115 avb_vbmeta_image_verify(
116 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
117 }
118
TEST_F(VerifyTest,CheckUnsigned)119 TEST_F(VerifyTest, CheckUnsigned) {
120 GenerateVBMetaImage("vbmeta.img", "", 0, base::FilePath(""));
121 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED,
122 avb_vbmeta_image_verify(
123 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
124 }
125
TEST_F(VerifyTest,CheckBiggerLength)126 TEST_F(VerifyTest, CheckBiggerLength) {
127 GenerateVBMetaImage("vbmeta.img",
128 "SHA256_RSA2048",
129 0,
130 base::FilePath("test/data/testkey_rsa2048.pem"));
131 // Check that it's OK if we pass a bigger length than what the
132 // header indicates.
133 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
134 avb_vbmeta_image_verify(
135 vbmeta_image_.data(), vbmeta_image_.size() + 8192, NULL, NULL));
136 }
137
TEST_F(VerifyTest,BadMagic)138 TEST_F(VerifyTest, BadMagic) {
139 GenerateVBMetaImage("vbmeta.img",
140 "SHA256_RSA2048",
141 0,
142 base::FilePath("test/data/testkey_rsa2048.pem"));
143 vbmeta_image_[0] = 'Z';
144 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
145 avb_vbmeta_image_verify(
146 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
147 }
148
TEST_F(VerifyTest,MajorVersionCheck)149 TEST_F(VerifyTest, MajorVersionCheck) {
150 GenerateVBMetaImage("vbmeta.img",
151 "SHA256_RSA2048",
152 0,
153 base::FilePath("test/data/testkey_rsa2048.pem"));
154
155 // Bail if it's a different major version.
156 AvbVBMetaImageHeader* h =
157 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
158 h->required_libavb_version_major = htobe32(1 + AVB_VERSION_MAJOR);
159 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION,
160 avb_vbmeta_image_verify(
161 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
162 }
163
TEST_F(VerifyTest,MinorVersionCheck)164 TEST_F(VerifyTest, MinorVersionCheck) {
165 GenerateVBMetaImage("vbmeta.img", "", 0, base::FilePath(""));
166
167 // Bail if required_libavb_version_minor exceeds our libavb version.
168 AvbVBMetaImageHeader* h =
169 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
170 h->required_libavb_version_minor = htobe32(1 + AVB_VERSION_MINOR);
171 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION,
172 avb_vbmeta_image_verify(
173 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
174 }
175
TEST_F(VerifyTest,NulTerminatedReleaseString)176 TEST_F(VerifyTest, NulTerminatedReleaseString) {
177 GenerateVBMetaImage("vbmeta.img", "", 0, base::FilePath(""));
178
179 // Bail if |release_string| isn't NUL-terminated.
180 AvbVBMetaImageHeader* h =
181 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
182 for (size_t n = 0; n < AVB_RELEASE_STRING_SIZE; n++) {
183 h->release_string[n] = 'a';
184 }
185 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
186 avb_vbmeta_image_verify(
187 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
188 }
189
TEST_F(VerifyTest,BlockSizesAddUpToLessThanLength)190 TEST_F(VerifyTest, BlockSizesAddUpToLessThanLength) {
191 GenerateVBMetaImage("vbmeta.img",
192 "SHA256_RSA2048",
193 0,
194 base::FilePath("test/data/testkey_rsa2048.pem"));
195
196 AvbVBMetaImageHeader* h =
197 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
198 AvbVBMetaImageHeader backup = *h;
199
200 // Check that the sum of the two block lengths is less than passed
201 // in size. Use a size that's a multiple of 64 to avoid failure on
202 // earlier check.
203 uint64_t size = vbmeta_image_.size() & (~0x3f);
204
205 h->authentication_data_block_size = htobe64(size);
206 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
207 avb_vbmeta_image_verify(
208 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
209 *h = backup;
210
211 h->auxiliary_data_block_size = htobe64(size);
212 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
213 avb_vbmeta_image_verify(
214 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
215 *h = backup;
216
217 // Overflow checks - choose overflow candidate so it's a multiple of
218 // 64 otherwise we'll fail on an earlier check.
219 size = 0xffffffffffffffc0UL;
220
221 h->authentication_data_block_size = htobe64(size);
222 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
223 avb_vbmeta_image_verify(
224 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
225 *h = backup;
226
227 h->auxiliary_data_block_size = htobe64(size);
228 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
229 avb_vbmeta_image_verify(
230 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
231 *h = backup;
232
233 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
234 avb_vbmeta_image_verify(
235 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
236 }
237
TEST_F(VerifyTest,BlockSizesMultipleOf64)238 TEST_F(VerifyTest, BlockSizesMultipleOf64) {
239 GenerateVBMetaImage("vbmeta.img",
240 "SHA256_RSA2048",
241 0,
242 base::FilePath("test/data/testkey_rsa2048.pem"));
243
244 AvbVBMetaImageHeader* h =
245 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
246 AvbVBMetaImageHeader backup = *h;
247
248 h->authentication_data_block_size =
249 htobe32(be32toh(h->authentication_data_block_size) - 32);
250 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
251 avb_vbmeta_image_verify(
252 vbmeta_image_.data(), vbmeta_image_.size() - 32, NULL, NULL));
253 *h = backup;
254
255 h->auxiliary_data_block_size =
256 htobe32(be32toh(h->auxiliary_data_block_size) - 32);
257 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
258 avb_vbmeta_image_verify(
259 vbmeta_image_.data(), vbmeta_image_.size() - 32, NULL, NULL));
260 *h = backup;
261
262 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
263 avb_vbmeta_image_verify(
264 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
265 }
266
TEST_F(VerifyTest,HashOutOfBounds)267 TEST_F(VerifyTest, HashOutOfBounds) {
268 GenerateVBMetaImage("vbmeta.img",
269 "SHA256_RSA2048",
270 0,
271 base::FilePath("test/data/testkey_rsa2048.pem"));
272
273 AvbVBMetaImageHeader* h =
274 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
275
276 // Check we catch when hash data goes out of bounds.
277 h->hash_offset = htobe64(4);
278 h->hash_size = htobe64(be64toh(h->authentication_data_block_size));
279 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
280 avb_vbmeta_image_verify(
281 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
282
283 // Overflow checks.
284 h->hash_offset = htobe64(4);
285 h->hash_size = htobe64(0xfffffffffffffffeUL);
286 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
287 avb_vbmeta_image_verify(
288 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
289 }
290
TEST_F(VerifyTest,SignatureOutOfBounds)291 TEST_F(VerifyTest, SignatureOutOfBounds) {
292 GenerateVBMetaImage("vbmeta.img",
293 "SHA256_RSA2048",
294 0,
295 base::FilePath("test/data/testkey_rsa2048.pem"));
296
297 AvbVBMetaImageHeader* h =
298 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
299
300 // Check we catch when signature data goes out of bounds.
301 h->signature_offset = htobe64(4);
302 h->signature_size = htobe64(be64toh(h->authentication_data_block_size));
303 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
304 avb_vbmeta_image_verify(
305 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
306
307 // Overflow checks.
308 h->signature_offset = htobe64(4);
309 h->signature_size = htobe64(0xfffffffffffffffeUL);
310 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
311 avb_vbmeta_image_verify(
312 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
313 }
314
TEST_F(VerifyTest,PublicKeyOutOfBounds)315 TEST_F(VerifyTest, PublicKeyOutOfBounds) {
316 GenerateVBMetaImage("vbmeta.img",
317 "SHA256_RSA2048",
318 0,
319 base::FilePath("test/data/testkey_rsa2048.pem"));
320
321 AvbVBMetaImageHeader* h =
322 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
323
324 // Check we catch when public key data goes out of bounds.
325 h->public_key_offset = htobe64(4);
326 h->public_key_size = htobe64(be64toh(h->auxiliary_data_block_size));
327 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
328 avb_vbmeta_image_verify(
329 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
330
331 // Overflow checks.
332 h->public_key_offset = htobe64(4);
333 h->public_key_size = htobe64(0xfffffffffffffffeUL);
334 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
335 avb_vbmeta_image_verify(
336 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
337 }
338
TEST_F(VerifyTest,PublicKeyMetadataOutOfBounds)339 TEST_F(VerifyTest, PublicKeyMetadataOutOfBounds) {
340 GenerateVBMetaImage("vbmeta.img",
341 "SHA256_RSA2048",
342 0,
343 base::FilePath("test/data/testkey_rsa2048.pem"));
344
345 AvbVBMetaImageHeader* h =
346 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
347
348 // Check we catch when public key metadata data goes out of bounds.
349 h->public_key_metadata_offset = htobe64(4);
350 h->public_key_metadata_size = htobe64(be64toh(h->auxiliary_data_block_size));
351 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
352 avb_vbmeta_image_verify(
353 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
354
355 // Overflow checks.
356 h->public_key_metadata_offset = htobe64(4);
357 h->public_key_metadata_size = htobe64(0xfffffffffffffffeUL);
358 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
359 avb_vbmeta_image_verify(
360 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
361 }
362
TEST_F(VerifyTest,InvalidAlgorithmField)363 TEST_F(VerifyTest, InvalidAlgorithmField) {
364 GenerateVBMetaImage("vbmeta.img",
365 "SHA256_RSA2048",
366 0,
367 base::FilePath("test/data/testkey_rsa2048.pem"));
368
369 AvbVBMetaImageHeader* h =
370 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
371 AvbVBMetaImageHeader backup = *h;
372
373 // Check we bail on unknown algorithm.
374 h->algorithm_type = htobe32(_AVB_ALGORITHM_NUM_TYPES);
375 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
376 avb_vbmeta_image_verify(
377 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
378 *h = backup;
379 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
380 avb_vbmeta_image_verify(
381 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
382 }
383
TEST_F(VerifyTest,PublicKeyBlockTooSmall)384 TEST_F(VerifyTest, PublicKeyBlockTooSmall) {
385 GenerateVBMetaImage("vbmeta.img",
386 "SHA256_RSA2048",
387 0,
388 base::FilePath("test/data/testkey_rsa2048.pem"));
389
390 AvbVBMetaImageHeader* h =
391 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
392 AvbVBMetaImageHeader backup = *h;
393
394 // Check we bail if the auxiliary data block is too small.
395 uint64_t change = be64toh(h->auxiliary_data_block_size) - 64;
396 h->auxiliary_data_block_size = htobe64(change);
397 EXPECT_EQ(
398 AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
399 avb_vbmeta_image_verify(
400 vbmeta_image_.data(), vbmeta_image_.size() - change, NULL, NULL));
401 *h = backup;
402 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
403 avb_vbmeta_image_verify(
404 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
405 }
406
test_modification(AvbVBMetaVerifyResult expected_result,size_t offset,size_t length)407 bool VerifyTest::test_modification(AvbVBMetaVerifyResult expected_result,
408 size_t offset,
409 size_t length) {
410 uint8_t* d = reinterpret_cast<uint8_t*>(vbmeta_image_.data());
411 const int kNumCheckpoints = 16;
412
413 // Test |kNumCheckpoints| modifications in the start, middle, and
414 // end of given sub-array.
415 for (int n = 0; n <= kNumCheckpoints; n++) {
416 size_t o = std::min(length * n / kNumCheckpoints, length - 1) + offset;
417 d[o] ^= 0x80;
418 AvbVBMetaVerifyResult result = avb_vbmeta_image_verify(
419 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL);
420 d[o] ^= 0x80;
421 if (result != expected_result) {
422 return false;
423 }
424 }
425
426 return true;
427 }
428
TEST_F(VerifyTest,ModificationDetection)429 TEST_F(VerifyTest, ModificationDetection) {
430 GenerateVBMetaImage("vbmeta.img",
431 "SHA256_RSA2048",
432 0,
433 base::FilePath("test/data/testkey_rsa2048.pem"));
434
435 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
436 avb_vbmeta_image_verify(
437 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
438
439 AvbVBMetaImageHeader h;
440 avb_vbmeta_image_header_to_host_byte_order(
441 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data()), &h);
442
443 size_t header_block_offset = 0;
444 size_t authentication_block_offset =
445 header_block_offset + sizeof(AvbVBMetaImageHeader);
446 size_t auxiliary_block_offset =
447 authentication_block_offset + h.authentication_data_block_size;
448
449 // Ensure we detect modification of the header data block. Do this
450 // in a field that's not validated so INVALID_VBMETA_HEADER
451 // isn't returned.
452 EXPECT_TRUE(test_modification(
453 AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
454 offsetof(AvbVBMetaImageHeader, reserved),
455 sizeof(AvbVBMetaImageHeader) - offsetof(AvbVBMetaImageHeader, reserved)));
456 // Also check the |reserved| field.
457 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
458 offsetof(AvbVBMetaImageHeader, reserved),
459 sizeof(AvbVBMetaImageHeader().reserved)));
460
461 // Ensure we detect modifications in the auxiliary data block.
462 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
463 auxiliary_block_offset,
464 h.auxiliary_data_block_size));
465
466 // Modifications in the hash part of the Authentication data block
467 // should also yield HASH_MISMATCH. This is because the hash check
468 // compares the calculated hash against the stored hash.
469 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
470 authentication_block_offset + h.hash_offset,
471 h.hash_size));
472
473 // Modifications in the signature part of the Authentication data
474 // block, should not cause a hash mismatch ... but will cause a
475 // signature mismatch.
476 EXPECT_TRUE(
477 test_modification(AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH,
478 authentication_block_offset + h.signature_offset,
479 h.signature_size));
480
481 // Mofications outside the hash and signature parts of the
482 // Authentication data block are not detected. This is because it's
483 // not part of the hash calculation.
484 uint64_t offset = h.signature_offset + h.signature_size;
485 ASSERT_LT(h.hash_offset, h.signature_offset);
486 ASSERT_LT(offset + 1, h.authentication_data_block_size);
487 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_OK,
488 authentication_block_offset + offset,
489 h.authentication_data_block_size - offset));
490 }
491
TEST_F(VerifyTest,VBMetaHeaderByteswap)492 TEST_F(VerifyTest, VBMetaHeaderByteswap) {
493 AvbVBMetaImageHeader h;
494 AvbVBMetaImageHeader s;
495 uint32_t n32;
496 uint64_t n64;
497
498 n32 = 0x11223344;
499 n64 = 0x1122334455667788;
500
501 h.required_libavb_version_major = htobe32(n32);
502 n32++;
503 h.required_libavb_version_minor = htobe32(n32);
504 n32++;
505 h.authentication_data_block_size = htobe64(n64);
506 n64++;
507 h.auxiliary_data_block_size = htobe64(n64);
508 n64++;
509 h.algorithm_type = htobe32(n32);
510 n32++;
511 h.hash_offset = htobe64(n64);
512 n64++;
513 h.hash_size = htobe64(n64);
514 n64++;
515 h.signature_offset = htobe64(n64);
516 n64++;
517 h.signature_size = htobe64(n64);
518 n64++;
519 h.public_key_offset = htobe64(n64);
520 n64++;
521 h.public_key_size = htobe64(n64);
522 n64++;
523 h.public_key_metadata_offset = htobe64(n64);
524 n64++;
525 h.public_key_metadata_size = htobe64(n64);
526 n64++;
527 h.descriptors_offset = htobe64(n64);
528 n64++;
529 h.descriptors_size = htobe64(n64);
530 n64++;
531 h.rollback_index = htobe64(n64);
532 n64++;
533 h.flags = htobe32(n32);
534 n32++;
535
536 avb_vbmeta_image_header_to_host_byte_order(&h, &s);
537
538 n32 = 0x11223344;
539 n64 = 0x1122334455667788;
540
541 EXPECT_EQ(n32, s.required_libavb_version_major);
542 n32++;
543 EXPECT_EQ(n32, s.required_libavb_version_minor);
544 n32++;
545 EXPECT_EQ(n64, s.authentication_data_block_size);
546 n64++;
547 EXPECT_EQ(n64, s.auxiliary_data_block_size);
548 n64++;
549 EXPECT_EQ(n32, s.algorithm_type);
550 n32++;
551 EXPECT_EQ(n64, s.hash_offset);
552 n64++;
553 EXPECT_EQ(n64, s.hash_size);
554 n64++;
555 EXPECT_EQ(n64, s.signature_offset);
556 n64++;
557 EXPECT_EQ(n64, s.signature_size);
558 n64++;
559 EXPECT_EQ(n64, s.public_key_offset);
560 n64++;
561 EXPECT_EQ(n64, s.public_key_size);
562 n64++;
563 EXPECT_EQ(n64, s.public_key_metadata_offset);
564 n64++;
565 EXPECT_EQ(n64, s.public_key_metadata_size);
566 n64++;
567 EXPECT_EQ(n64, s.descriptors_offset);
568 n64++;
569 EXPECT_EQ(n64, s.descriptors_size);
570 n64++;
571 EXPECT_EQ(n64, s.rollback_index);
572 n64++;
573 EXPECT_EQ(n32, s.flags);
574 n32++;
575
576 // If new fields are added, the following will fail. This is to
577 // remind that byteswapping code (in avb_util.c) and unittests for
578 // this should be updated.
579 static_assert(offsetof(AvbVBMetaImageHeader, reserved) == 176,
580 "Remember to unittest byteswapping of newly added fields");
581 }
582
583 } // namespace avb
584