1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use, copy,
8 * modify, merge, publish, distribute, sublicense, and/or sell copies
9 * of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <iostream>
26
27 #include <endian.h>
28 #include <inttypes.h>
29 #include <string.h>
30
31 #include <base/files/file_util.h>
32 #include <base/strings/string_util.h>
33 #include <base/strings/stringprintf.h>
34
35 #include <libavb/libavb.h>
36
37 #include "avb_unittest_util.h"
38
39 namespace avb {
40
41 class VerifyTest : public BaseAvbToolTest {
42 public:
VerifyTest()43 VerifyTest() {}
44
45 protected:
46 // Helper function for ModificationDetection test. Modifies
47 // boot_image_ in a number of places in the sub-array at |offset| of
48 // size |length| and checks that avb_vbmeta_image_verify() returns
49 // |expected_result|.
50 bool test_modification(AvbVBMetaVerifyResult expected_result,
51 size_t offset,
52 size_t length);
53 };
54
TEST_F(VerifyTest,BootImageStructSize)55 TEST_F(VerifyTest, BootImageStructSize) {
56 EXPECT_EQ(256UL, sizeof(AvbVBMetaImageHeader));
57 }
58
TEST_F(VerifyTest,CheckSHA256RSA2048)59 TEST_F(VerifyTest, CheckSHA256RSA2048) {
60 GenerateVBMetaImage("vbmeta.img",
61 "SHA256_RSA2048",
62 0,
63 base::FilePath("test/data/testkey_rsa2048.pem"));
64 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
65 avb_vbmeta_image_verify(
66 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
67 }
68
TEST_F(VerifyTest,CheckSHA256RSA4096)69 TEST_F(VerifyTest, CheckSHA256RSA4096) {
70 GenerateVBMetaImage("vbmeta.img",
71 "SHA256_RSA4096",
72 0,
73 base::FilePath("test/data/testkey_rsa4096.pem"));
74 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
75 avb_vbmeta_image_verify(
76 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
77 }
78
TEST_F(VerifyTest,CheckSHA256RSA8192)79 TEST_F(VerifyTest, CheckSHA256RSA8192) {
80 GenerateVBMetaImage("vbmeta.img",
81 "SHA256_RSA8192",
82 0,
83 base::FilePath("test/data/testkey_rsa8192.pem"));
84 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
85 avb_vbmeta_image_verify(
86 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
87 }
88
TEST_F(VerifyTest,CheckSHA512RSA2048)89 TEST_F(VerifyTest, CheckSHA512RSA2048) {
90 GenerateVBMetaImage("vbmeta.img",
91 "SHA512_RSA2048",
92 0,
93 base::FilePath("test/data/testkey_rsa2048.pem"));
94 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
95 avb_vbmeta_image_verify(
96 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
97 }
98
TEST_F(VerifyTest,CheckSHA512RSA4096)99 TEST_F(VerifyTest, CheckSHA512RSA4096) {
100 GenerateVBMetaImage("vbmeta.img",
101 "SHA512_RSA4096",
102 0,
103 base::FilePath("test/data/testkey_rsa4096.pem"));
104 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
105 avb_vbmeta_image_verify(
106 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
107 }
108
TEST_F(VerifyTest,CheckSHA512RSA8192)109 TEST_F(VerifyTest, CheckSHA512RSA8192) {
110 GenerateVBMetaImage("vbmeta.img",
111 "SHA512_RSA8192",
112 0,
113 base::FilePath("test/data/testkey_rsa8192.pem"));
114 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
115 avb_vbmeta_image_verify(
116 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
117 }
118
TEST_F(VerifyTest,CheckUnsigned)119 TEST_F(VerifyTest, CheckUnsigned) {
120 GenerateVBMetaImage("vbmeta.img", "", 0, base::FilePath(""));
121 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED,
122 avb_vbmeta_image_verify(
123 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
124 }
125
TEST_F(VerifyTest,CheckBiggerLength)126 TEST_F(VerifyTest, CheckBiggerLength) {
127 GenerateVBMetaImage("vbmeta.img",
128 "SHA256_RSA2048",
129 0,
130 base::FilePath("test/data/testkey_rsa2048.pem"));
131 // Check that it's OK if we pass a bigger length than what the
132 // header indicates.
133 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
134 avb_vbmeta_image_verify(
135 vbmeta_image_.data(), vbmeta_image_.size() + 8192, NULL, NULL));
136 }
137
TEST_F(VerifyTest,BadMagic)138 TEST_F(VerifyTest, BadMagic) {
139 GenerateVBMetaImage("vbmeta.img",
140 "SHA256_RSA2048",
141 0,
142 base::FilePath("test/data/testkey_rsa2048.pem"));
143 vbmeta_image_[0] = 'Z';
144 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
145 avb_vbmeta_image_verify(
146 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
147 }
148
TEST_F(VerifyTest,MajorVersionCheck)149 TEST_F(VerifyTest, MajorVersionCheck) {
150 GenerateVBMetaImage("vbmeta.img",
151 "SHA256_RSA2048",
152 0,
153 base::FilePath("test/data/testkey_rsa2048.pem"));
154
155 // Bail if it's a different major version.
156 AvbVBMetaImageHeader* h =
157 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
158 h->required_libavb_version_major = htobe32(1 + AVB_VERSION_MAJOR);
159 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION,
160 avb_vbmeta_image_verify(
161 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
162 }
163
TEST_F(VerifyTest,MinorVersionCheck)164 TEST_F(VerifyTest, MinorVersionCheck) {
165 GenerateVBMetaImage("vbmeta.img", "", 0, base::FilePath(""));
166
167 // Bail if required_libavb_version_minor exceeds our libavb version.
168 AvbVBMetaImageHeader* h =
169 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
170 h->required_libavb_version_minor = htobe32(1 + AVB_VERSION_MINOR);
171 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION,
172 avb_vbmeta_image_verify(
173 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
174 }
175
TEST_F(VerifyTest,NulTerminatedReleaseString)176 TEST_F(VerifyTest, NulTerminatedReleaseString) {
177 GenerateVBMetaImage("vbmeta.img", "", 0, base::FilePath(""));
178
179 // Bail if |release_string| isn't NUL-terminated.
180 AvbVBMetaImageHeader* h =
181 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
182 for (size_t n = 0; n < AVB_RELEASE_STRING_SIZE; n++) {
183 h->release_string[n] = 'a';
184 }
185 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
186 avb_vbmeta_image_verify(
187 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
188 }
189
TEST_F(VerifyTest,BlockSizesAddUpToLessThanLength)190 TEST_F(VerifyTest, BlockSizesAddUpToLessThanLength) {
191 GenerateVBMetaImage("vbmeta.img",
192 "SHA256_RSA2048",
193 0,
194 base::FilePath("test/data/testkey_rsa2048.pem"));
195
196 AvbVBMetaImageHeader* h =
197 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
198 AvbVBMetaImageHeader backup = *h;
199
200 // Check that the sum of the two block lengths is less than passed
201 // in size. Use a size that's a multiple of 64 to avoid failure on
202 // earlier check.
203 uint64_t size = vbmeta_image_.size() & (~0x3f);
204
205 h->authentication_data_block_size = htobe64(size);
206 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
207 avb_vbmeta_image_verify(
208 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
209 *h = backup;
210
211 h->auxiliary_data_block_size = htobe64(size);
212 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
213 avb_vbmeta_image_verify(
214 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
215 *h = backup;
216
217 // Overflow checks - choose overflow candidate so it's a multiple of
218 // 64 otherwise we'll fail on an earlier check.
219 size = 0xffffffffffffffc0UL;
220
221 h->authentication_data_block_size = htobe64(size);
222 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
223 avb_vbmeta_image_verify(
224 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
225 *h = backup;
226
227 h->auxiliary_data_block_size = htobe64(size);
228 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
229 avb_vbmeta_image_verify(
230 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
231 *h = backup;
232
233 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
234 avb_vbmeta_image_verify(
235 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
236 }
237
TEST_F(VerifyTest,BlockSizesMultipleOf64)238 TEST_F(VerifyTest, BlockSizesMultipleOf64) {
239 GenerateVBMetaImage("vbmeta.img",
240 "SHA256_RSA2048",
241 0,
242 base::FilePath("test/data/testkey_rsa2048.pem"));
243
244 AvbVBMetaImageHeader* h =
245 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
246 AvbVBMetaImageHeader backup = *h;
247
248 h->authentication_data_block_size =
249 htobe32(be32toh(h->authentication_data_block_size) - 32);
250 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
251 avb_vbmeta_image_verify(
252 vbmeta_image_.data(), vbmeta_image_.size() - 32, NULL, NULL));
253 *h = backup;
254
255 h->auxiliary_data_block_size =
256 htobe32(be32toh(h->auxiliary_data_block_size) - 32);
257 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
258 avb_vbmeta_image_verify(
259 vbmeta_image_.data(), vbmeta_image_.size() - 32, NULL, NULL));
260 *h = backup;
261
262 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
263 avb_vbmeta_image_verify(
264 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
265 }
266
TEST_F(VerifyTest,HashOutOfBounds)267 TEST_F(VerifyTest, HashOutOfBounds) {
268 GenerateVBMetaImage("vbmeta.img",
269 "SHA256_RSA2048",
270 0,
271 base::FilePath("test/data/testkey_rsa2048.pem"));
272
273 AvbVBMetaImageHeader* h =
274 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
275
276 // Check we catch when hash data goes out of bounds.
277 h->hash_offset = htobe64(4);
278 h->hash_size = htobe64(be64toh(h->authentication_data_block_size));
279 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
280 avb_vbmeta_image_verify(
281 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
282
283 // Overflow checks.
284 h->hash_offset = htobe64(4);
285 h->hash_size = htobe64(0xfffffffffffffffeUL);
286 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
287 avb_vbmeta_image_verify(
288 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
289 }
290
TEST_F(VerifyTest,SignatureOutOfBounds)291 TEST_F(VerifyTest, SignatureOutOfBounds) {
292 GenerateVBMetaImage("vbmeta.img",
293 "SHA256_RSA2048",
294 0,
295 base::FilePath("test/data/testkey_rsa2048.pem"));
296
297 AvbVBMetaImageHeader* h =
298 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
299
300 // Check we catch when signature data goes out of bounds.
301 h->signature_offset = htobe64(4);
302 h->signature_size = htobe64(be64toh(h->authentication_data_block_size));
303 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
304 avb_vbmeta_image_verify(
305 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
306
307 // Overflow checks.
308 h->signature_offset = htobe64(4);
309 h->signature_size = htobe64(0xfffffffffffffffeUL);
310 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
311 avb_vbmeta_image_verify(
312 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
313 }
314
TEST_F(VerifyTest,PublicKeyOutOfBounds)315 TEST_F(VerifyTest, PublicKeyOutOfBounds) {
316 GenerateVBMetaImage("vbmeta.img",
317 "SHA256_RSA2048",
318 0,
319 base::FilePath("test/data/testkey_rsa2048.pem"));
320
321 AvbVBMetaImageHeader* h =
322 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
323
324 // Check we catch when public key data goes out of bounds.
325 h->public_key_offset = htobe64(4);
326 h->public_key_size = htobe64(be64toh(h->auxiliary_data_block_size));
327 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
328 avb_vbmeta_image_verify(
329 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
330
331 // Overflow checks.
332 h->public_key_offset = htobe64(4);
333 h->public_key_size = htobe64(0xfffffffffffffffeUL);
334 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
335 avb_vbmeta_image_verify(
336 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
337 }
338
TEST_F(VerifyTest,PublicKeyMetadataOutOfBounds)339 TEST_F(VerifyTest, PublicKeyMetadataOutOfBounds) {
340 GenerateVBMetaImage("vbmeta.img",
341 "SHA256_RSA2048",
342 0,
343 base::FilePath("test/data/testkey_rsa2048.pem"));
344
345 AvbVBMetaImageHeader* h =
346 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
347
348 // Check we catch when public key metadata data goes out of bounds.
349 h->public_key_metadata_offset = htobe64(4);
350 h->public_key_metadata_size = htobe64(be64toh(h->auxiliary_data_block_size));
351 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
352 avb_vbmeta_image_verify(
353 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
354
355 // Overflow checks.
356 h->public_key_metadata_offset = htobe64(4);
357 h->public_key_metadata_size = htobe64(0xfffffffffffffffeUL);
358 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
359 avb_vbmeta_image_verify(
360 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
361 }
362
TEST_F(VerifyTest,InvalidAlgorithmField)363 TEST_F(VerifyTest, InvalidAlgorithmField) {
364 GenerateVBMetaImage("vbmeta.img",
365 "SHA256_RSA2048",
366 0,
367 base::FilePath("test/data/testkey_rsa2048.pem"));
368
369 AvbVBMetaImageHeader* h =
370 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
371 AvbVBMetaImageHeader backup = *h;
372
373 // Check we bail on unknown algorithm.
374 h->algorithm_type = htobe32(_AVB_ALGORITHM_NUM_TYPES);
375 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
376 avb_vbmeta_image_verify(
377 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
378 *h = backup;
379 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
380 avb_vbmeta_image_verify(
381 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
382 }
383
TEST_F(VerifyTest,PublicKeyBlockTooSmall)384 TEST_F(VerifyTest, PublicKeyBlockTooSmall) {
385 GenerateVBMetaImage("vbmeta.img",
386 "SHA256_RSA2048",
387 0,
388 base::FilePath("test/data/testkey_rsa2048.pem"));
389
390 AvbVBMetaImageHeader* h =
391 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data());
392 AvbVBMetaImageHeader backup = *h;
393
394 // Check we bail if the auxiliary data block is too small.
395 uint64_t change = be64toh(h->auxiliary_data_block_size) - 64;
396 h->auxiliary_data_block_size = htobe64(change);
397 EXPECT_EQ(
398 AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
399 avb_vbmeta_image_verify(
400 vbmeta_image_.data(), vbmeta_image_.size() - change, NULL, NULL));
401 *h = backup;
402 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
403 avb_vbmeta_image_verify(
404 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
405 }
406
TEST_F(VerifyTest,VbmetaImageSmallerThanMagic)407 TEST_F(VerifyTest, VbmetaImageSmallerThanMagic) {
408 uint8_t vbmeta_onebyte[1] = {0};
409 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER,
410 avb_vbmeta_image_verify(
411 vbmeta_onebyte, 1, NULL, NULL));
412 }
413
test_modification(AvbVBMetaVerifyResult expected_result,size_t offset,size_t length)414 bool VerifyTest::test_modification(AvbVBMetaVerifyResult expected_result,
415 size_t offset,
416 size_t length) {
417 uint8_t* d = reinterpret_cast<uint8_t*>(vbmeta_image_.data());
418 const int kNumCheckpoints = 16;
419
420 // Test |kNumCheckpoints| modifications in the start, middle, and
421 // end of given sub-array.
422 for (int n = 0; n <= kNumCheckpoints; n++) {
423 size_t o = std::min(length * n / kNumCheckpoints, length - 1) + offset;
424 d[o] ^= 0x80;
425 AvbVBMetaVerifyResult result = avb_vbmeta_image_verify(
426 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL);
427 d[o] ^= 0x80;
428 if (result != expected_result) {
429 return false;
430 }
431 }
432
433 return true;
434 }
435
TEST_F(VerifyTest,ModificationDetection)436 TEST_F(VerifyTest, ModificationDetection) {
437 GenerateVBMetaImage("vbmeta.img",
438 "SHA256_RSA2048",
439 0,
440 base::FilePath("test/data/testkey_rsa2048.pem"));
441
442 EXPECT_EQ(AVB_VBMETA_VERIFY_RESULT_OK,
443 avb_vbmeta_image_verify(
444 vbmeta_image_.data(), vbmeta_image_.size(), NULL, NULL));
445
446 AvbVBMetaImageHeader h;
447 avb_vbmeta_image_header_to_host_byte_order(
448 reinterpret_cast<AvbVBMetaImageHeader*>(vbmeta_image_.data()), &h);
449
450 size_t header_block_offset = 0;
451 size_t authentication_block_offset =
452 header_block_offset + sizeof(AvbVBMetaImageHeader);
453 size_t auxiliary_block_offset =
454 authentication_block_offset + h.authentication_data_block_size;
455
456 // Ensure we detect modification of the header data block. Do this
457 // in a field that's not validated so INVALID_VBMETA_HEADER
458 // isn't returned.
459 EXPECT_TRUE(test_modification(
460 AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
461 offsetof(AvbVBMetaImageHeader, reserved),
462 sizeof(AvbVBMetaImageHeader) - offsetof(AvbVBMetaImageHeader, reserved)));
463 // Also check the |reserved| field.
464 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
465 offsetof(AvbVBMetaImageHeader, reserved),
466 sizeof(AvbVBMetaImageHeader().reserved)));
467
468 // Ensure we detect modifications in the auxiliary data block.
469 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
470 auxiliary_block_offset,
471 h.auxiliary_data_block_size));
472
473 // Modifications in the hash part of the Authentication data block
474 // should also yield HASH_MISMATCH. This is because the hash check
475 // compares the calculated hash against the stored hash.
476 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH,
477 authentication_block_offset + h.hash_offset,
478 h.hash_size));
479
480 // Modifications in the signature part of the Authentication data
481 // block, should not cause a hash mismatch ... but will cause a
482 // signature mismatch.
483 EXPECT_TRUE(
484 test_modification(AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH,
485 authentication_block_offset + h.signature_offset,
486 h.signature_size));
487
488 // Mofications outside the hash and signature parts of the
489 // Authentication data block are not detected. This is because it's
490 // not part of the hash calculation.
491 uint64_t offset = h.signature_offset + h.signature_size;
492 ASSERT_LT(h.hash_offset, h.signature_offset);
493 ASSERT_LT(offset + 1, h.authentication_data_block_size);
494 EXPECT_TRUE(test_modification(AVB_VBMETA_VERIFY_RESULT_OK,
495 authentication_block_offset + offset,
496 h.authentication_data_block_size - offset));
497 }
498
TEST_F(VerifyTest,VBMetaHeaderByteswap)499 TEST_F(VerifyTest, VBMetaHeaderByteswap) {
500 AvbVBMetaImageHeader h;
501 AvbVBMetaImageHeader s;
502 uint32_t n32;
503 uint64_t n64;
504
505 n32 = 0x11223344;
506 n64 = 0x1122334455667788;
507
508 h.required_libavb_version_major = htobe32(n32);
509 n32++;
510 h.required_libavb_version_minor = htobe32(n32);
511 n32++;
512 h.authentication_data_block_size = htobe64(n64);
513 n64++;
514 h.auxiliary_data_block_size = htobe64(n64);
515 n64++;
516 h.algorithm_type = htobe32(n32);
517 n32++;
518 h.hash_offset = htobe64(n64);
519 n64++;
520 h.hash_size = htobe64(n64);
521 n64++;
522 h.signature_offset = htobe64(n64);
523 n64++;
524 h.signature_size = htobe64(n64);
525 n64++;
526 h.public_key_offset = htobe64(n64);
527 n64++;
528 h.public_key_size = htobe64(n64);
529 n64++;
530 h.public_key_metadata_offset = htobe64(n64);
531 n64++;
532 h.public_key_metadata_size = htobe64(n64);
533 n64++;
534 h.descriptors_offset = htobe64(n64);
535 n64++;
536 h.descriptors_size = htobe64(n64);
537 n64++;
538 h.rollback_index = htobe64(n64);
539 n64++;
540 h.flags = htobe32(n32);
541 n32++;
542
543 avb_vbmeta_image_header_to_host_byte_order(&h, &s);
544
545 n32 = 0x11223344;
546 n64 = 0x1122334455667788;
547
548 EXPECT_EQ(n32, s.required_libavb_version_major);
549 n32++;
550 EXPECT_EQ(n32, s.required_libavb_version_minor);
551 n32++;
552 EXPECT_EQ(n64, s.authentication_data_block_size);
553 n64++;
554 EXPECT_EQ(n64, s.auxiliary_data_block_size);
555 n64++;
556 EXPECT_EQ(n32, s.algorithm_type);
557 n32++;
558 EXPECT_EQ(n64, s.hash_offset);
559 n64++;
560 EXPECT_EQ(n64, s.hash_size);
561 n64++;
562 EXPECT_EQ(n64, s.signature_offset);
563 n64++;
564 EXPECT_EQ(n64, s.signature_size);
565 n64++;
566 EXPECT_EQ(n64, s.public_key_offset);
567 n64++;
568 EXPECT_EQ(n64, s.public_key_size);
569 n64++;
570 EXPECT_EQ(n64, s.public_key_metadata_offset);
571 n64++;
572 EXPECT_EQ(n64, s.public_key_metadata_size);
573 n64++;
574 EXPECT_EQ(n64, s.descriptors_offset);
575 n64++;
576 EXPECT_EQ(n64, s.descriptors_size);
577 n64++;
578 EXPECT_EQ(n64, s.rollback_index);
579 n64++;
580 EXPECT_EQ(n32, s.flags);
581 n32++;
582
583 // If new fields are added, the following will fail. This is to
584 // remind that byteswapping code (in avb_util.c) and unittests for
585 // this should be updated.
586 static_assert(offsetof(AvbVBMetaImageHeader, reserved) == 176,
587 "Remember to unittest byteswapping of newly added fields");
588 }
589
590 } // namespace avb
591