diff options
| author | David Pursell <dpursell@google.com> | 2024-04-08 10:00:10 -0700 |
|---|---|---|
| committer | David Pursell <dpursell@google.com> | 2024-04-12 14:17:02 -0700 |
| commit | 1bbcd661f0afe4ab56c7031f57d518a19015805e (patch) | |
| tree | a2fccac8be801cd617ff00a775f27053de3c0626 | |
| parent | 2eafbc6cd81957d2e4cfa6df40f181e3d1d5570a (diff) | |
| download | avb-1bbcd661f0afe4ab56c7031f57d518a19015805e.tar.gz | |
libavb: rename "ATX" to "cert"
ATX (Android Things eXtensions) is a misleading name because it is still
useful outside the deprecated Android Things project. It isn't tied to
anything AT-specific but is instead a general certificate-based
authorization mechanism that could be valuable to many AVB users.
To better represent this, rename "ATX" to "cert" to better describe its
purpose and functionality.
No functional changes have been made here, it's purely renaming and
reformatting.
Bug: b/333078493
Test: atest libavb_host_unittest (-2 pre-existing veritysetup errors)
Test: atest libavb_rs_test
Test: Fuchsia cert tests pass with new avbtool on old libavb firmware
Change-Id: I5d2f981a894db92dbd268cb0fcb53c21edf4e986
| -rw-r--r-- | Android.bp | 31 | ||||
| -rw-r--r-- | README.md | 27 | ||||
| -rwxr-xr-x | avbtool.py | 136 | ||||
| -rw-r--r-- | examples/cert/README.md | 6 | ||||
| -rw-r--r-- | examples/cert/avb_cert_slot_verify.c (renamed from examples/things/avb_atx_slot_verify.c) | 78 | ||||
| -rw-r--r-- | examples/cert/avb_cert_slot_verify.h (renamed from examples/things/avb_atx_slot_verify.h) | 41 | ||||
| -rw-r--r-- | examples/things/README.md | 6 | ||||
| -rw-r--r-- | libavb/avb_ops.h | 10 | ||||
| -rw-r--r-- | libavb_atx/avb_atx_types.h | 96 | ||||
| -rw-r--r-- | libavb_cert/avb_cert_ops.h (renamed from libavb_atx/avb_atx_ops.h) | 28 | ||||
| -rw-r--r-- | libavb_cert/avb_cert_types.h | 96 | ||||
| -rw-r--r-- | libavb_cert/avb_cert_validate.c (renamed from libavb_atx/avb_atx_validate.c) | 116 | ||||
| -rw-r--r-- | libavb_cert/avb_cert_validate.h (renamed from libavb_atx/avb_atx_validate.h) | 51 | ||||
| -rw-r--r-- | libavb_cert/libavb_cert.h (renamed from libavb_atx/libavb_atx.h) | 18 | ||||
| -rw-r--r-- | rust/bindgen/avb.h | 2 | ||||
| -rw-r--r-- | rust/src/cert.rs (renamed from rust/src/atx.rs) | 83 | ||||
| -rw-r--r-- | rust/src/lib.rs | 8 | ||||
| -rw-r--r-- | rust/src/ops.rs | 9 | ||||
| -rw-r--r-- | test/Android.bp | 28 | ||||
| -rw-r--r-- | test/at_auth_unlock_unittest.py | 24 | ||||
| -rwxr-xr-x | test/avb_cert_generate_test_data (renamed from test/avb_atx_generate_test_data) | 66 | ||||
| -rw-r--r-- | test/avb_cert_slot_verify_unittest.cc (renamed from test/avb_atx_slot_verify_unittest.cc) | 100 | ||||
| -rw-r--r-- | test/avb_cert_validate_unittest.cc (renamed from test/avb_atx_validate_unittest.cc) | 333 | ||||
| -rw-r--r-- | test/avbtool_unittest.cc | 68 | ||||
| -rw-r--r-- | test/data/cert_metadata.bin (renamed from test/data/atx_metadata.bin) | bin | 3244 -> 3244 bytes | |||
| -rw-r--r-- | test/data/cert_permanent_attributes.bin (renamed from test/data/atx_permanent_attributes.bin) | bin | 1052 -> 1052 bytes | |||
| -rw-r--r-- | test/data/cert_pik_certificate.bin (renamed from test/data/atx_pik_certificate.bin) | bin | 1620 -> 1620 bytes | |||
| -rw-r--r-- | test/data/cert_product_id.bin (renamed from test/data/atx_product_id.bin) | bin | 16 -> 16 bytes | |||
| -rw-r--r-- | test/data/cert_psk_certificate.bin (renamed from test/data/atx_psk_certificate.bin) | bin | 1620 -> 1620 bytes | |||
| -rw-r--r-- | test/data/cert_puk_certificate.bin (renamed from test/data/atx_puk_certificate.bin) | bin | 1620 -> 1620 bytes | |||
| -rw-r--r-- | test/data/cert_unlock_challenge.bin (renamed from test/data/atx_unlock_challenge.bin) | 0 | ||||
| -rw-r--r-- | test/data/cert_unlock_credential.bin (renamed from test/data/atx_unlock_credential.bin) | bin | 3756 -> 3756 bytes | |||
| -rw-r--r-- | test/data/testkey_cert_pik.pem (renamed from test/data/testkey_atx_pik.pem) | 0 | ||||
| -rw-r--r-- | test/data/testkey_cert_prk.pem (renamed from test/data/testkey_atx_prk.pem) | 0 | ||||
| -rw-r--r-- | test/data/testkey_cert_psk.pem (renamed from test/data/testkey_atx_psk.pem) | 0 | ||||
| -rw-r--r-- | test/data/testkey_cert_puk.pem (renamed from test/data/testkey_atx_puk.pem) | 0 | ||||
| -rw-r--r-- | test/fake_avb_ops.cc | 32 | ||||
| -rw-r--r-- | test/fake_avb_ops.h | 22 | ||||
| -rw-r--r-- | test/user_code_test.cc | 2 | ||||
| -rwxr-xr-x | tools/at_auth_unlock.py | 20 |
40 files changed, 775 insertions, 762 deletions
@@ -197,13 +197,14 @@ cc_library_static { defaults: ["libavb_standard_defaults"], } -// libavb + ATX +// libavb + cert // -// ATX provides some additional support for minimal certificate-based signing. +// The cert extensions provides some additional support for minimal +// certificate-based signing. cc_library_static { - name: "libavb_atx", + name: "libavb_cert", defaults: [ - "avb_atx_sources", + "avb_cert_sources", "libavb_standard_defaults", ], } @@ -231,11 +232,11 @@ cc_library_static { defaults: ["libavb_baremetal_defaults"], } -// Baremetal libavb + ATX +// Baremetal libavb + cert cc_library_static { - name: "libavb_baremetal_atx", + name: "libavb_cert_baremetal", defaults: [ - "avb_atx_sources", + "avb_cert_sources", "libavb_baremetal_defaults", ], } @@ -301,8 +302,8 @@ cc_library_host_static { } cc_defaults { - name: "avb_atx_sources", - srcs: ["libavb_atx/avb_atx_validate.c"], + name: "avb_cert_sources", + srcs: ["libavb_cert/avb_cert_validate.c"], } cc_library_host_static { @@ -316,8 +317,8 @@ cc_library_host_static { } cc_defaults { - name: "avb_things_example_sources", - srcs: ["examples/things/avb_atx_slot_verify.c"], + name: "avb_cert_example_sources", + srcs: ["examples/cert/avb_cert_slot_verify.c"], } cc_defaults { @@ -325,8 +326,8 @@ cc_defaults { defaults: [ "avb_defaults", "avb_sources", - "avb_atx_sources", - "avb_things_example_sources", + "avb_cert_sources", + "avb_cert_example_sources", ], required: [ "simg2img", @@ -361,8 +362,8 @@ cc_defaults { ], srcs: [ "test/avb_ab_flow_unittest.cc", - "test/avb_atx_validate_unittest.cc", - "test/avb_atx_slot_verify_unittest.cc", + "test/avb_cert_validate_unittest.cc", + "test/avb_cert_slot_verify_unittest.cc", "test/avb_crypto_ops_unittest.cc", "test/avb_slot_verify_unittest.cc", "test/avb_unittest_util.cc", @@ -229,11 +229,17 @@ well as operations that the boot loader or OS is expected to implement (see `avb_ops.h`). The main entry point for verification is `avb_slot_verify()`. -Android Things has specific requirements and validation logic for the -vbmeta public key. An extension is provided in `libavb_atx` which -performs this validation as an implementation of `libavb`'s public key -validation operation (see `avb_validate_vbmeta_public_key()` in -`avb_ops.h`). +An optional extension `libavb_cert` additionally provides a scalable +certificate-based authorization mechanism. The base `libavb` requires +the device to implement public key validation manually (see +`avb_validate_vbmeta_public_key()` in `avb_ops.h`), which can be +complicated when working with anything other than a single hardcoded +key. `libavb_cert` provides an implementation of this function which +provides built-in support for features such as key rotation. + +`libavb_cert` was previously named `libavb_atx` (Android Things eXtension) but +it has been renamed to better represent its usefulness as a general-purpose +extension rather than anything specific to the Android Things project. ## Files and Directories @@ -247,8 +253,8 @@ validation operation (see `avb_validate_vbmeta_public_key()` in expected to be provided by the platform is defined in `avb_sysdeps.h`. If the platform provides the standard C runtime `avb_sysdeps_posix.c` can be used. -* `libavb_atx/` - + An Android Things Extension for validating public key metadata. +* `libavb_cert/` + + A libavb extension for certificate-based authorization. * `libavb_user/` + Contains an `AvbOps` implementation suitable for use in Android userspace. This is used in `boot_control.avb` and `avbctl`. @@ -271,16 +277,15 @@ validation operation (see `avb_validate_vbmeta_public_key()` in verified boot. * `test/` + Unit tests for `abvtool`, `libavb`, `libavb_ab`, and - `libavb_atx`. + `libavb_cert`. * `tools/avbctl/` + Contains the source-code for a tool that can be used to control AVB at runtime in Android. * `examples/uefi/` + Contains the source-code for a UEFI-based boot-loader utilizing `libavb/` and `libavb_ab/`. -* `examples/things/` - + Contains the source-code for a slot verification suitable for Android - Things. +* `examples/cert/` + + Contains example source-code for using the `avb_cert` extension * `README.md` + This file. * `docs/` @@ -2412,13 +2412,13 @@ class Avb(object): misc_image.seek(self.AB_MISC_METADATA_OFFSET) misc_image.write(ab_data) - def info_image(self, image_filename, output, atx): + def info_image(self, image_filename, output, cert): """Implements the 'info_image' command. Arguments: image_filename: Image file to get information from (file object). output: Output file to write human-readable information to (file object). - atx: If True, show information about Android Things eXtension (ATX). + cert: If True, show information about the avb_cert certificates. """ image = ImageHandler(image_filename, read_only=True) o = output @@ -2471,8 +2471,8 @@ class Avb(object): if num_printed == 0: o.write(' (none)\n') - if atx and header.public_key_metadata_size: - o.write('Android Things eXtension (ATX):\n') + if cert and header.public_key_metadata_size: + o.write('avb_cert certificate:\n') key_metadata_offset = (header.SIZE + header.authentication_data_block_size + header.public_key_metadata_offset) @@ -2481,7 +2481,7 @@ class Avb(object): version, pik, psk = struct.unpack('<I1620s1620s', key_metadata_blob) o.write(' Metadata version: {}\n'.format(version)) - def print_atx_certificate(cert): + def print_certificate(cert): version, public_key, subject, usage, key_version, _ = ( struct.unpack('<I1032s32s32sQ512s', cert)) o.write(' Version: {}\n'.format(version)) @@ -2492,9 +2492,9 @@ class Avb(object): o.write(' Key version: {}\n'.format(key_version)) o.write(' Product Intermediate Key:\n') - print_atx_certificate(pik) + print_certificate(pik) o.write(' Product Signing Key:\n') - print_atx_certificate(psk) + print_certificate(psk) def verify_image(self, image_filename, key_path, expected_chain_partitions, follow_chain_partitions, accept_zeroed_hashtree): @@ -3862,16 +3862,16 @@ class Avb(object): image.truncate(original_image_size) raise AvbError('Adding hashtree_footer failed: {}.'.format(e)) from e - def make_atx_certificate(self, output, authority_key_path, subject_key_path, - subject_key_version, subject, - is_intermediate_authority, usage, signing_helper, - signing_helper_with_files): - """Implements the 'make_atx_certificate' command. + def make_certificate(self, output, authority_key_path, subject_key_path, + subject_key_version, subject, + is_intermediate_authority, usage, signing_helper, + signing_helper_with_files): + """Implements the 'make_certificate' command. - Android Things certificates are required for Android Things public key - metadata. They chain the vbmeta signing key for a particular product back to - a fused, permanent root key. These certificates are fixed-length and fixed- - format with the explicit goal of not parsing ASN.1 in bootloader code. + Certificates are required for avb_cert extension public key metadata. They + chain the vbmeta signing key for a particular product back to a fused, + permanent root key. These certificates are fixed-length and fixed-format + with the explicit goal of not parsing ASN.1 in bootloader code. Arguments: output: Certificate will be written to this file on success. @@ -3918,11 +3918,11 @@ class Avb(object): output.write(signed_data) output.write(signature) - def make_atx_permanent_attributes(self, output, root_authority_key_path, + def make_cert_permanent_attributes(self, output, root_authority_key_path, product_id): - """Implements the 'make_atx_permanent_attributes' command. + """Implements the 'make_cert_permanent_attributes' command. - Android Things permanent attributes are designed to be permanent for a + avb_cert permanent attributes are designed to be permanent for a particular product and a hash of these attributes should be fused into hardware to enforce this. @@ -3942,21 +3942,21 @@ class Avb(object): output.write(RSAPublicKey(root_authority_key_path).encode()) output.write(product_id) - def make_atx_metadata(self, output, intermediate_key_certificate, + def make_cert_metadata(self, output, intermediate_key_certificate, product_key_certificate): - """Implements the 'make_atx_metadata' command. + """Implements the 'make_cert_metadata' command. - Android Things metadata are included in vbmeta images to facilitate + avb_cert metadata are included in vbmeta images to facilitate verification. The output of this command can be used as the public_key_metadata argument to other commands. Arguments: output: Metadata will be written to this file on success. intermediate_key_certificate: A certificate file as output by - make_atx_certificate with + make_certificate with is_intermediate_authority set to true. product_key_certificate: A certificate file as output by - make_atx_certificate with + make_certificate with is_intermediate_authority set to false. Raises: @@ -3971,14 +3971,14 @@ class Avb(object): output.write(intermediate_key_certificate) output.write(product_key_certificate) - def make_atx_unlock_credential(self, output, intermediate_key_certificate, + def make_cert_unlock_credential(self, output, intermediate_key_certificate, unlock_key_certificate, challenge_path, unlock_key_path, signing_helper, signing_helper_with_files): - """Implements the 'make_atx_unlock_credential' command. + """Implements the 'make_cert_unlock_credential' command. - Android Things unlock credentials can be used to authorize the unlock of AVB - on a device. These credentials are presented to an Android Things bootloader + avb_cert unlock credentials can be used to authorize the unlock of AVB + on a device. These credentials are presented to an avb_cert bootloader via the fastboot interface in response to a 16-byte challenge. This method creates all fields of the credential except the challenge signature field (which is the last field) and can optionally create the challenge signature @@ -3987,10 +3987,10 @@ class Avb(object): Arguments: output: The credential will be written to this file on success. intermediate_key_certificate: A certificate file as output by - make_atx_certificate with + make_certificate with is_intermediate_authority set to true. unlock_key_certificate: A certificate file as output by - make_atx_certificate with + make_certificate with is_intermediate_authority set to false and the usage set to 'com.google.android.things.vboot.unlock'. @@ -4559,9 +4559,9 @@ class AvbTool(object): help='Write info to file', type=argparse.FileType('wt'), default=sys.stdout) - sub_parser.add_argument('--atx', - help=('Show information about Android Things ' - 'eXtension (ATX).'), + sub_parser.add_argument('--cert', '--atx', + help=('Show information about the avb_cert ' + 'extension certificate.'), action='store_true') sub_parser.set_defaults(func=self.info_image) @@ -4656,8 +4656,9 @@ class AvbTool(object): sub_parser.set_defaults(func=self.set_ab_metadata) sub_parser = subparsers.add_parser( - 'make_atx_certificate', - help='Create an Android Things eXtension (ATX) certificate.') + 'make_certificate', + aliases=['make_atx_certificate'], + help='Create an avb_cert extension certificate.') sub_parser.add_argument('--output', help='Write certificate to file', type=argparse.FileType('wb'), @@ -4695,11 +4696,12 @@ class AvbTool(object): metavar='APP', default=None, required=False) - sub_parser.set_defaults(func=self.make_atx_certificate) + sub_parser.set_defaults(func=self.make_certificate) sub_parser = subparsers.add_parser( - 'make_atx_permanent_attributes', - help='Create Android Things eXtension (ATX) permanent attributes.') + 'make_cert_permanent_attributes', + aliases=['make_atx_permanent_attributes'], + help='Create avb_cert extension permanent attributes.') sub_parser.add_argument('--output', help='Write attributes to file', type=argparse.FileType('wb'), @@ -4712,11 +4714,12 @@ class AvbTool(object): help=('Path to Product ID file'), type=argparse.FileType('rb'), required=True) - sub_parser.set_defaults(func=self.make_atx_permanent_attributes) + sub_parser.set_defaults(func=self.make_cert_permanent_attributes) sub_parser = subparsers.add_parser( - 'make_atx_metadata', - help='Create Android Things eXtension (ATX) metadata.') + 'make_cert_metadata', + aliases=['make_atx_metadata'], + help='Create avb_cert extension metadata.') sub_parser.add_argument('--output', help='Write metadata to file', type=argparse.FileType('wb'), @@ -4729,11 +4732,12 @@ class AvbTool(object): help='Path to product key certificate file', type=argparse.FileType('rb'), required=True) - sub_parser.set_defaults(func=self.make_atx_metadata) + sub_parser.set_defaults(func=self.make_cert_metadata) sub_parser = subparsers.add_parser( - 'make_atx_unlock_credential', - help='Create an Android Things eXtension (ATX) unlock credential.') + 'make_cert_unlock_credential', + aliases=['make_atx_unlock_credential'], + help='Create an avb_cert extension unlock credential.') sub_parser.add_argument('--output', help='Write credential to file', type=argparse.FileType('wb'), @@ -4766,7 +4770,7 @@ class AvbTool(object): metavar='APP', default=None, required=False) - sub_parser.set_defaults(func=self.make_atx_unlock_credential) + sub_parser.set_defaults(func=self.make_cert_unlock_credential) args = parser.parse_args(argv[1:]) try: @@ -4905,7 +4909,7 @@ class AvbTool(object): def info_image(self, args): """Implements the 'info_image' sub-command.""" - self.avb.info_image(args.image.name, args.output, args.atx) + self.avb.info_image(args.image.name, args.output, args.cert) def verify_image(self, args): """Implements the 'verify_image' sub-command.""" @@ -4928,32 +4932,32 @@ class AvbTool(object): self.avb.calculate_kernel_cmdline(args.image.name, args.hashtree_disabled, args.output) - def make_atx_certificate(self, args): - """Implements the 'make_atx_certificate' sub-command.""" - self.avb.make_atx_certificate(args.output, args.authority_key, - args.subject_key.name, - args.subject_key_version, - args.subject.read(), - args.subject_is_intermediate_authority, - args.usage, - args.signing_helper, - args.signing_helper_with_files) - - def make_atx_permanent_attributes(self, args): - """Implements the 'make_atx_permanent_attributes' sub-command.""" - self.avb.make_atx_permanent_attributes(args.output, + def make_certificate(self, args): + """Implements the 'make_certificate' sub-command.""" + self.avb.make_certificate(args.output, args.authority_key, + args.subject_key.name, + args.subject_key_version, + args.subject.read(), + args.subject_is_intermediate_authority, + args.usage, + args.signing_helper, + args.signing_helper_with_files) + + def make_cert_permanent_attributes(self, args): + """Implements the 'make_cert_permanent_attributes' sub-command.""" + self.avb.make_cert_permanent_attributes(args.output, args.root_authority_key.name, args.product_id.read()) - def make_atx_metadata(self, args): - """Implements the 'make_atx_metadata' sub-command.""" - self.avb.make_atx_metadata(args.output, + def make_cert_metadata(self, args): + """Implements the 'make_cert_metadata' sub-command.""" + self.avb.make_cert_metadata(args.output, args.intermediate_key_certificate.read(), args.product_key_certificate.read()) - def make_atx_unlock_credential(self, args): - """Implements the 'make_atx_unlock_credential' sub-command.""" - self.avb.make_atx_unlock_credential( + def make_cert_unlock_credential(self, args): + """Implements the 'make_cert_unlock_credential' sub-command.""" + self.avb.make_cert_unlock_credential( args.output, args.intermediate_key_certificate.read(), args.unlock_key_certificate.read(), diff --git a/examples/cert/README.md b/examples/cert/README.md new file mode 100644 index 0000000..3828b97 --- /dev/null +++ b/examples/cert/README.md @@ -0,0 +1,6 @@ +# avb_cert Example +--- + +This directory contains example source code for an integration of libavb and +the libavb_cert extension. The implementation includes rollback index +management and vbmeta hash computation. diff --git a/examples/things/avb_atx_slot_verify.c b/examples/cert/avb_cert_slot_verify.c index 0de6d2e..b0fcaa8 100644 --- a/examples/things/avb_atx_slot_verify.c +++ b/examples/cert/avb_cert_slot_verify.c @@ -22,11 +22,11 @@ * SOFTWARE. */ -#include "avb_atx_slot_verify.h" +#include "avb_cert_slot_verify.h" #include <libavb/avb_sha.h> #include <libavb/libavb.h> -#include <libavb_atx/libavb_atx.h> +#include <libavb_cert/libavb_cert.h> /* Chosen to be generous but still require a huge number of increase operations * before exhausting the 64-bit space. @@ -36,31 +36,31 @@ static const uint64_t kRollbackIndexIncreaseThreshold = 1000000000; /* By convention, when a rollback index is not used the value remains zero. */ static const uint64_t kRollbackIndexNotUsed = 0; -typedef struct _AvbAtxOpsContext { +typedef struct _AvbCertOpsContext { size_t key_version_location[AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS]; uint64_t key_version_value[AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS]; size_t next_key_version_slot; -} AvbAtxOpsContext; +} AvbCertOpsContext; -typedef struct _AvbAtxOpsWithContext { - AvbAtxOps atx_ops; - AvbAtxOpsContext context; -} AvbAtxOpsWithContext; +typedef struct _AvbCertOpsWithContext { + AvbCertOps cert_ops; + AvbCertOpsContext context; +} AvbCertOpsWithContext; -/* Returns context associated with |atx_ops| returned by +/* Returns context associated with |cert_ops| returned by * setup_ops_with_context(). */ -static AvbAtxOpsContext* get_ops_context(AvbAtxOps* atx_ops) { - return &((AvbAtxOpsWithContext*)atx_ops)->context; +static AvbCertOpsContext* get_ops_context(AvbCertOps* cert_ops) { + return &((AvbCertOpsWithContext*)cert_ops)->context; } -/* An implementation of AvbAtxOps::set_key_version that saves the key version +/* An implementation of AvbCertOps::set_key_version that saves the key version * information to ops context data. */ -static void save_key_version_to_context(AvbAtxOps* atx_ops, +static void save_key_version_to_context(AvbCertOps* cert_ops, size_t rollback_index_location, uint64_t key_version) { - AvbAtxOpsContext* context = get_ops_context(atx_ops); + AvbCertOpsContext* context = get_ops_context(cert_ops); size_t offset = context->next_key_version_slot++; if (offset < AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS) { context->key_version_location[offset] = rollback_index_location; @@ -73,14 +73,14 @@ static void save_key_version_to_context(AvbAtxOps* atx_ops, * The set_key_version function will be replaced in order to collect the key * version information in the context. */ -static AvbAtxOps* setup_ops_with_context( - const AvbAtxOps* existing_ops, AvbAtxOpsWithContext* ops_with_context) { - avb_memset(ops_with_context, 0, sizeof(AvbAtxOpsWithContext)); - ops_with_context->atx_ops = *existing_ops; +static AvbCertOps* setup_ops_with_context( + const AvbCertOps* existing_ops, AvbCertOpsWithContext* ops_with_context) { + avb_memset(ops_with_context, 0, sizeof(AvbCertOpsWithContext)); + ops_with_context->cert_ops = *existing_ops; // Close the loop on the circular reference. - ops_with_context->atx_ops.ops->atx_ops = &ops_with_context->atx_ops; - ops_with_context->atx_ops.set_key_version = save_key_version_to_context; - return &ops_with_context->atx_ops; + ops_with_context->cert_ops.ops->cert_ops = &ops_with_context->cert_ops; + ops_with_context->cert_ops.set_key_version = save_key_version_to_context; + return &ops_with_context->cert_ops; } /* Updates the stored rollback index value for |location| to match |value|. */ @@ -122,54 +122,54 @@ static AvbSlotVerifyResult update_rollback_index(AvbOps* ops, return AVB_SLOT_VERIFY_RESULT_OK; } -AvbSlotVerifyResult avb_atx_slot_verify( - AvbAtxOps* atx_ops, +AvbSlotVerifyResult avb_cert_slot_verify( + AvbCertOps* cert_ops, const char* ab_suffix, - AvbAtxLockState lock_state, - AvbAtxSlotState slot_state, - AvbAtxOemDataState oem_data_state, + AvbCertLockState lock_state, + AvbCertSlotState slot_state, + AvbCertOemDataState oem_data_state, AvbSlotVerifyData** verify_data, - uint8_t vbh_extension[AVB_SHA256_DIGEST_SIZE]) { + uint8_t vbmeta_digest[AVB_SHA256_DIGEST_SIZE]) { const char* partitions_without_oem[] = {"boot", NULL}; const char* partitions_with_oem[] = {"boot", "oem_bootloader", NULL}; AvbSlotVerifyResult result = AVB_SLOT_VERIFY_RESULT_OK; size_t i = 0; - AvbAtxOpsWithContext ops_with_context; + AvbCertOpsWithContext ops_with_context; - atx_ops = setup_ops_with_context(atx_ops, &ops_with_context); + cert_ops = setup_ops_with_context(cert_ops, &ops_with_context); - result = avb_slot_verify(atx_ops->ops, - (oem_data_state == AVB_ATX_OEM_DATA_NOT_USED) + result = avb_slot_verify(cert_ops->ops, + (oem_data_state == AVB_CERT_OEM_DATA_NOT_USED) ? partitions_without_oem : partitions_with_oem, ab_suffix, - (lock_state == AVB_ATX_UNLOCKED) + (lock_state == AVB_CERT_UNLOCKED) ? AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR : AVB_SLOT_VERIFY_FLAGS_NONE, AVB_HASHTREE_ERROR_MODE_EIO, verify_data); - if (result != AVB_SLOT_VERIFY_RESULT_OK || lock_state == AVB_ATX_UNLOCKED) { + if (result != AVB_SLOT_VERIFY_RESULT_OK || lock_state == AVB_CERT_UNLOCKED) { return result; } - /* Compute the Android Things Verified Boot Hash (VBH) extension. */ + /* Compute the vbmeta digest. */ avb_slot_verify_data_calculate_vbmeta_digest( - *verify_data, AVB_DIGEST_TYPE_SHA256, vbh_extension); + *verify_data, AVB_DIGEST_TYPE_SHA256, vbmeta_digest); /* Increase rollback index values to match the verified slot. */ - if (slot_state == AVB_ATX_SLOT_MARKED_SUCCESSFUL) { + if (slot_state == AVB_CERT_SLOT_MARKED_SUCCESSFUL) { for (i = 0; i < AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS; i++) { uint64_t rollback_index_value = (*verify_data)->rollback_indexes[i]; if (rollback_index_value != kRollbackIndexNotUsed) { - result = update_rollback_index(atx_ops->ops, i, rollback_index_value); + result = update_rollback_index(cert_ops->ops, i, rollback_index_value); if (result != AVB_SLOT_VERIFY_RESULT_OK) { goto out; } } } - /* Also increase rollback index values for Android Things key version + /* Also increase rollback index values for the avb_cert key version * locations. */ for (i = 0; i < AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS; i++) { @@ -179,7 +179,7 @@ AvbSlotVerifyResult avb_atx_slot_verify( ops_with_context.context.key_version_value[i]; if (rollback_index_value != kRollbackIndexNotUsed) { result = update_rollback_index( - atx_ops->ops, rollback_index_location, rollback_index_value); + cert_ops->ops, rollback_index_location, rollback_index_value); if (result != AVB_SLOT_VERIFY_RESULT_OK) { goto out; } diff --git a/examples/things/avb_atx_slot_verify.h b/examples/cert/avb_cert_slot_verify.h index 517b097..d2d82ce 100644 --- a/examples/things/avb_atx_slot_verify.h +++ b/examples/cert/avb_cert_slot_verify.h @@ -22,29 +22,29 @@ * SOFTWARE. */ -#ifndef AVB_ATX_SLOT_VERIFY_H_ -#define AVB_ATX_SLOT_VERIFY_H_ +#ifndef AVB_CERT_SLOT_VERIFY_H_ +#define AVB_CERT_SLOT_VERIFY_H_ -#include <libavb_atx/libavb_atx.h> +#include <libavb_cert/libavb_cert.h> #ifdef __cplusplus extern "C" { #endif typedef enum { - AVB_ATX_LOCKED, - AVB_ATX_UNLOCKED, -} AvbAtxLockState; + AVB_CERT_LOCKED, + AVB_CERT_UNLOCKED, +} AvbCertLockState; typedef enum { - AVB_ATX_SLOT_MARKED_SUCCESSFUL, - AVB_ATX_SLOT_NOT_MARKED_SUCCESSFUL, -} AvbAtxSlotState; + AVB_CERT_SLOT_MARKED_SUCCESSFUL, + AVB_CERT_SLOT_NOT_MARKED_SUCCESSFUL, +} AvbCertSlotState; typedef enum { - AVB_ATX_OEM_DATA_USED, - AVB_ATX_OEM_DATA_NOT_USED, -} AvbAtxOemDataState; + AVB_CERT_OEM_DATA_USED, + AVB_CERT_OEM_DATA_NOT_USED, +} AvbCertOemDataState; /* Performs a full verification of the slot identified by |ab_suffix|. If * |lock_state| indicates verified boot is unlocked then verification errors @@ -61,21 +61,20 @@ typedef enum { * * The semantics of |out_data| are the same as for avb_slot_verify(). * - * On success, an Android Things |vbh_extension| is populated. This value must - * be extended into the Verified Boot Hash value accumulated from earlier boot - * stages. + * On success, the SHA256 vbmeta digest is written to |vbmeta_digest|. This + * value may be used e.g. for device attestation. * * All of the function pointers in |ops| must be valid except for * set_key_version, which will be ignored and may be NULL. */ -AvbSlotVerifyResult avb_atx_slot_verify( - AvbAtxOps* ops, +AvbSlotVerifyResult avb_cert_slot_verify( + AvbCertOps* ops, const char* ab_suffix, - AvbAtxLockState lock_state, - AvbAtxSlotState slot_state, - AvbAtxOemDataState oem_data_state, + AvbCertLockState lock_state, + AvbCertSlotState slot_state, + AvbCertOemDataState oem_data_state, AvbSlotVerifyData** verify_data, - uint8_t vbh_extension[AVB_SHA256_DIGEST_SIZE]); + uint8_t vbmeta_digest[AVB_SHA256_DIGEST_SIZE]); #ifdef __cplusplus } diff --git a/examples/things/README.md b/examples/things/README.md deleted file mode 100644 index 45509af..0000000 --- a/examples/things/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Android Things Example ---- - -This directory contains example source code for an Android Things integration of -lib_avb and lib_avb_atx. The implementation includes rollback index management -and Verified Boot Hash (VBH) computation. diff --git a/libavb/avb_ops.h b/libavb/avb_ops.h index dec163d..f037eae 100644 --- a/libavb/avb_ops.h +++ b/libavb/avb_ops.h @@ -82,8 +82,8 @@ typedef struct AvbOps AvbOps; /* Forward-declaration of operations in libavb_ab. */ struct AvbABOps; -/* Forward-declaration of operations in libavb_atx. */ -struct AvbAtxOps; +/* Forward-declaration of operations in libavb_cert. */ +struct AvbCertOps; /* High-level operations/functions/methods that are platform * dependent. @@ -104,10 +104,10 @@ struct AvbOps { */ struct AvbABOps* ab_ops; - /* If libavb_atx is used, this should point to the - * AvbAtxOps. Otherwise it must be set to NULL. + /* If libavb_cert is used, this should point to the + * AvbCertOps. Otherwise it must be set to NULL. */ - struct AvbAtxOps* atx_ops; + struct AvbCertOps* cert_ops; /* Reads |num_bytes| from offset |offset| from partition with name * |partition| (NUL-terminated UTF-8 string). If |offset| is diff --git a/libavb_atx/avb_atx_types.h b/libavb_atx/avb_atx_types.h deleted file mode 100644 index e78bbfa..0000000 --- a/libavb_atx/avb_atx_types.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#if !defined(AVB_INSIDE_LIBAVB_ATX_H) && !defined(AVB_COMPILATION) -#error \ - "Never include this file directly, include libavb_atx/libavb_atx.h instead." -#endif - -#ifndef AVB_ATX_TYPES_H_ -#define AVB_ATX_TYPES_H_ - -#include <libavb/libavb.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* Size in bytes of an Android Things product ID. */ -#define AVB_ATX_PRODUCT_ID_SIZE 16 - -/* Size in bytes of an Android Things unlock challenge. */ -#define AVB_ATX_UNLOCK_CHALLENGE_SIZE 16 - -/* Size in bytes of a serialized public key with a 4096-bit modulus. */ -#define AVB_ATX_PUBLIC_KEY_SIZE (sizeof(AvbRSAPublicKeyHeader) + 1024) - -/* Data structure of Android Things permanent attributes. */ -typedef struct AvbAtxPermanentAttributes { - uint32_t version; - uint8_t product_root_public_key[AVB_ATX_PUBLIC_KEY_SIZE]; - uint8_t product_id[AVB_ATX_PRODUCT_ID_SIZE]; -} AVB_ATTR_PACKED AvbAtxPermanentAttributes; - -/* Data structure of signed fields in an Android Things certificate. */ -typedef struct AvbAtxCertificateSignedData { - uint32_t version; - uint8_t public_key[AVB_ATX_PUBLIC_KEY_SIZE]; - uint8_t subject[AVB_SHA256_DIGEST_SIZE]; - uint8_t usage[AVB_SHA256_DIGEST_SIZE]; - uint64_t key_version; -} AVB_ATTR_PACKED AvbAtxCertificateSignedData; - -/* Data structure of an Android Things certificate. */ -typedef struct AvbAtxCertificate { - AvbAtxCertificateSignedData signed_data; - uint8_t signature[AVB_RSA4096_NUM_BYTES]; -} AVB_ATTR_PACKED AvbAtxCertificate; - -/* Data structure of Android Things public key metadata in vbmeta. */ -typedef struct AvbAtxPublicKeyMetadata { - uint32_t version; - AvbAtxCertificate product_intermediate_key_certificate; - AvbAtxCertificate product_signing_key_certificate; -} AVB_ATTR_PACKED AvbAtxPublicKeyMetadata; - -/* Data structure of an Android Things unlock challenge. */ -typedef struct AvbAtxUnlockChallenge { - uint32_t version; - uint8_t product_id_hash[AVB_SHA256_DIGEST_SIZE]; - uint8_t challenge[AVB_ATX_UNLOCK_CHALLENGE_SIZE]; -} AVB_ATTR_PACKED AvbAtxUnlockChallenge; - -/* Data structure of an Android Things unlock credential. */ -typedef struct AvbAtxUnlockCredential { - uint32_t version; - AvbAtxCertificate product_intermediate_key_certificate; - AvbAtxCertificate product_unlock_key_certificate; - uint8_t challenge_signature[AVB_RSA4096_NUM_BYTES]; -} AVB_ATTR_PACKED AvbAtxUnlockCredential; - -#ifdef __cplusplus -} -#endif - -#endif /* AVB_ATX_TYPES_H_ */ diff --git a/libavb_atx/avb_atx_ops.h b/libavb_cert/avb_cert_ops.h index 53c898d..2c1f6a8 100644 --- a/libavb_atx/avb_atx_ops.h +++ b/libavb_cert/avb_cert_ops.h @@ -22,27 +22,27 @@ * SOFTWARE. */ -#if !defined(AVB_INSIDE_LIBAVB_ATX_H) && !defined(AVB_COMPILATION) +#if !defined(AVB_INSIDE_LIBAVB_CERT_H) && !defined(AVB_COMPILATION) #error \ - "Never include this file directly, include libavb_atx/libavb_atx.h instead." + "Never include this file directly, include libavb_cert/libavb_cert.h instead." #endif -#ifndef AVB_ATX_OPS_H_ -#define AVB_ATX_OPS_H_ +#ifndef AVB_CERT_OPS_H_ +#define AVB_CERT_OPS_H_ #include <libavb/libavb.h> -#include "avb_atx_types.h" +#include "avb_cert_types.h" #ifdef __cplusplus extern "C" { #endif -struct AvbAtxOps; -typedef struct AvbAtxOps AvbAtxOps; +struct AvbCertOps; +typedef struct AvbCertOps AvbCertOps; -/* An extension to AvbOps required by avb_atx_validate_vbmeta_public_key(). */ -struct AvbAtxOps { +/* An extension to AvbOps required by avb_cert_validate_vbmeta_public_key(). */ +struct AvbCertOps { /* Operations from libavb. */ AvbOps* ops; @@ -51,19 +51,19 @@ struct AvbAtxOps { * |attributes|. */ AvbIOResult (*read_permanent_attributes)( - AvbAtxOps* atx_ops, AvbAtxPermanentAttributes* attributes); + AvbCertOps* cert_ops, AvbCertPermanentAttributes* attributes); /* Reads a |hash| of permanent attributes. This hash MUST be retrieved from a * permanently read-only location (e.g. fuses) when a device is LOCKED. On * success, returned AVB_IO_RESULT_OK and populates |hash|. */ AvbIOResult (*read_permanent_attributes_hash)( - AvbAtxOps* atx_ops, uint8_t hash[AVB_SHA256_DIGEST_SIZE]); + AvbCertOps* cert_ops, uint8_t hash[AVB_SHA256_DIGEST_SIZE]); /* Provides the key version of a key used during verification. This may be * useful for managing the minimum key version. */ - void (*set_key_version)(AvbAtxOps* atx_ops, + void (*set_key_version)(AvbCertOps* cert_ops, size_t rollback_index_location, uint64_t key_version); @@ -72,7 +72,7 @@ struct AvbAtxOps { * * Returns AVB_IO_RESULT_OK on success, otherwise an error code. */ - AvbIOResult (*get_random)(AvbAtxOps* atx_ops, + AvbIOResult (*get_random)(AvbCertOps* cert_ops, size_t num_bytes, uint8_t* output); }; @@ -81,4 +81,4 @@ struct AvbAtxOps { } #endif -#endif /* AVB_ATX_OPS_H_ */ +#endif /* AVB_CERT_OPS_H_ */ diff --git a/libavb_cert/avb_cert_types.h b/libavb_cert/avb_cert_types.h new file mode 100644 index 0000000..14975ee --- /dev/null +++ b/libavb_cert/avb_cert_types.h @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#if !defined(AVB_INSIDE_LIBAVB_CERT_H) && !defined(AVB_COMPILATION) +#error \ + "Never include this file directly, include libavb_cert/libavb_cert.h instead." +#endif + +#ifndef AVB_CERT_TYPES_H_ +#define AVB_CERT_TYPES_H_ + +#include <libavb/libavb.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* Size in bytes of a libavb_cert product ID. */ +#define AVB_CERT_PRODUCT_ID_SIZE 16 + +/* Size in bytes of a libavb_cert unlock challenge. */ +#define AVB_CERT_UNLOCK_CHALLENGE_SIZE 16 + +/* Size in bytes of a serialized public key with a 4096-bit modulus. */ +#define AVB_CERT_PUBLIC_KEY_SIZE (sizeof(AvbRSAPublicKeyHeader) + 1024) + +/* Data structure of libavb_cert permanent attributes. */ +typedef struct AvbCertPermanentAttributes { + uint32_t version; + uint8_t product_root_public_key[AVB_CERT_PUBLIC_KEY_SIZE]; + uint8_t product_id[AVB_CERT_PRODUCT_ID_SIZE]; +} AVB_ATTR_PACKED AvbCertPermanentAttributes; + +/* Data structure of signed fields in a libavb_cert certificate. */ +typedef struct AvbCertCertificateSignedData { + uint32_t version; + uint8_t public_key[AVB_CERT_PUBLIC_KEY_SIZE]; + uint8_t subject[AVB_SHA256_DIGEST_SIZE]; + uint8_t usage[AVB_SHA256_DIGEST_SIZE]; + uint64_t key_version; +} AVB_ATTR_PACKED AvbCertCertificateSignedData; + +/* Data structure of a libavb_cert certificate. */ +typedef struct AvbCertCertificate { + AvbCertCertificateSignedData signed_data; + uint8_t signature[AVB_RSA4096_NUM_BYTES]; +} AVB_ATTR_PACKED AvbCertCertificate; + +/* Data structure of the libavb_cert public key metadata in vbmeta. */ +typedef struct AvbCertPublicKeyMetadata { + uint32_t version; + AvbCertCertificate product_intermediate_key_certificate; + AvbCertCertificate product_signing_key_certificate; +} AVB_ATTR_PACKED AvbCertPublicKeyMetadata; + +/* Data structure of a libavb_cert unlock challenge. */ +typedef struct AvbCertUnlockChallenge { + uint32_t version; + uint8_t product_id_hash[AVB_SHA256_DIGEST_SIZE]; + uint8_t challenge[AVB_CERT_UNLOCK_CHALLENGE_SIZE]; +} AVB_ATTR_PACKED AvbCertUnlockChallenge; + +/* Data structure of a libavb_cert unlock credential. */ +typedef struct AvbCertUnlockCredential { + uint32_t version; + AvbCertCertificate product_intermediate_key_certificate; + AvbCertCertificate product_unlock_key_certificate; + uint8_t challenge_signature[AVB_RSA4096_NUM_BYTES]; +} AVB_ATTR_PACKED AvbCertUnlockCredential; + +#ifdef __cplusplus +} +#endif + +#endif /* AVB_CERT_TYPES_H_ */ diff --git a/libavb_atx/avb_atx_validate.c b/libavb_cert/avb_cert_validate.c index 90e8990..223f73b 100644 --- a/libavb_atx/avb_atx_validate.c +++ b/libavb_cert/avb_cert_validate.c @@ -22,7 +22,7 @@ * SOFTWARE. */ -#include "avb_atx_validate.h" +#include "avb_cert_validate.h" #include <libavb/avb_rsa.h> #include <libavb/avb_sha.h> @@ -30,7 +30,7 @@ #include <libavb/avb_util.h> /* The most recent unlock challenge generated. */ -static uint8_t last_unlock_challenge[AVB_ATX_UNLOCK_CHALLENGE_SIZE]; +static uint8_t last_unlock_challenge[AVB_CERT_UNLOCK_CHALLENGE_SIZE]; static bool last_unlock_challenge_set = false; /* Computes the SHA256 |hash| of |length| bytes of |data|. */ @@ -62,7 +62,7 @@ static void sha256_str(const char* str, uint8_t hash[AVB_SHA256_DIGEST_SIZE]) { /* Verifies structure and |expected_hash| of permanent |attributes|. */ static bool verify_permanent_attributes( - const AvbAtxPermanentAttributes* attributes, + const AvbCertPermanentAttributes* attributes, const uint8_t expected_hash[AVB_SHA256_DIGEST_SIZE]) { uint8_t hash[AVB_SHA256_DIGEST_SIZE]; @@ -70,7 +70,7 @@ static bool verify_permanent_attributes( avb_error("Unsupported permanent attributes version.\n"); return false; } - sha256((const uint8_t*)attributes, sizeof(AvbAtxPermanentAttributes), hash); + sha256((const uint8_t*)attributes, sizeof(AvbCertPermanentAttributes), hash); if (0 != avb_safe_memcmp(hash, expected_hash, AVB_SHA256_DIGEST_SIZE)) { avb_error("Invalid permanent attributes.\n"); return false; @@ -80,8 +80,8 @@ static bool verify_permanent_attributes( /* Verifies the format, key version, usage, and signature of a certificate. */ static bool verify_certificate( - const AvbAtxCertificate* certificate, - const uint8_t authority[AVB_ATX_PUBLIC_KEY_SIZE], + const AvbCertCertificate* certificate, + const uint8_t authority[AVB_CERT_PUBLIC_KEY_SIZE], uint64_t minimum_key_version, const uint8_t expected_usage[AVB_SHA256_DIGEST_SIZE]) { const AvbAlgorithmData* algorithm_data; @@ -93,10 +93,10 @@ static bool verify_certificate( } algorithm_data = avb_get_algorithm_data(AVB_ALGORITHM_TYPE_SHA512_RSA4096); sha512((const uint8_t*)&certificate->signed_data, - sizeof(AvbAtxCertificateSignedData), + sizeof(AvbCertCertificateSignedData), certificate_hash); if (!avb_rsa_verify(authority, - AVB_ATX_PUBLIC_KEY_SIZE, + AVB_CERT_PUBLIC_KEY_SIZE, certificate->signature, AVB_RSA4096_NUM_BYTES, certificate_hash, @@ -121,8 +121,8 @@ static bool verify_certificate( /* Verifies signature and fields of a PIK certificate. */ static bool verify_pik_certificate( - const AvbAtxCertificate* certificate, - const uint8_t authority[AVB_ATX_PUBLIC_KEY_SIZE], + const AvbCertCertificate* certificate, + const uint8_t authority[AVB_CERT_PUBLIC_KEY_SIZE], uint64_t minimum_version) { uint8_t expected_usage[AVB_SHA256_DIGEST_SIZE]; @@ -137,10 +137,10 @@ static bool verify_pik_certificate( /* Verifies signature and fields of a PSK certificate. */ static bool verify_psk_certificate( - const AvbAtxCertificate* certificate, - const uint8_t authority[AVB_ATX_PUBLIC_KEY_SIZE], + const AvbCertCertificate* certificate, + const uint8_t authority[AVB_CERT_PUBLIC_KEY_SIZE], uint64_t minimum_version, - const uint8_t product_id[AVB_ATX_PRODUCT_ID_SIZE]) { + const uint8_t product_id[AVB_CERT_PRODUCT_ID_SIZE]) { uint8_t expected_subject[AVB_SHA256_DIGEST_SIZE]; uint8_t expected_usage[AVB_SHA256_DIGEST_SIZE]; @@ -150,7 +150,7 @@ static bool verify_psk_certificate( avb_error("Invalid PSK certificate.\n"); return false; } - sha256(product_id, AVB_ATX_PRODUCT_ID_SIZE, expected_subject); + sha256(product_id, AVB_CERT_PRODUCT_ID_SIZE, expected_subject); if (0 != avb_safe_memcmp(certificate->signed_data.subject, expected_subject, AVB_SHA256_DIGEST_SIZE)) { @@ -162,10 +162,10 @@ static bool verify_psk_certificate( /* Verifies signature and fields of a PUK certificate. */ static bool verify_puk_certificate( - const AvbAtxCertificate* certificate, - const uint8_t authority[AVB_ATX_PUBLIC_KEY_SIZE], + const AvbCertCertificate* certificate, + const uint8_t authority[AVB_CERT_PUBLIC_KEY_SIZE], uint64_t minimum_version, - const uint8_t product_id[AVB_ATX_PRODUCT_ID_SIZE]) { + const uint8_t product_id[AVB_CERT_PRODUCT_ID_SIZE]) { uint8_t expected_subject[AVB_SHA256_DIGEST_SIZE]; uint8_t expected_usage[AVB_SHA256_DIGEST_SIZE]; @@ -175,7 +175,7 @@ static bool verify_puk_certificate( avb_error("Invalid PUK certificate.\n"); return false; } - sha256(product_id, AVB_ATX_PRODUCT_ID_SIZE, expected_subject); + sha256(product_id, AVB_CERT_PRODUCT_ID_SIZE, expected_subject); if (0 != avb_safe_memcmp(certificate->signed_data.subject, expected_subject, AVB_SHA256_DIGEST_SIZE)) { @@ -185,7 +185,7 @@ static bool verify_puk_certificate( return true; } -AvbIOResult avb_atx_validate_vbmeta_public_key( +AvbIOResult avb_cert_validate_vbmeta_public_key( AvbOps* ops, const uint8_t* public_key_data, size_t public_key_length, @@ -193,9 +193,9 @@ AvbIOResult avb_atx_validate_vbmeta_public_key( size_t public_key_metadata_length, bool* out_is_trusted) { AvbIOResult result = AVB_IO_RESULT_OK; - AvbAtxPermanentAttributes permanent_attributes; + AvbCertPermanentAttributes permanent_attributes; uint8_t permanent_attributes_hash[AVB_SHA256_DIGEST_SIZE]; - AvbAtxPublicKeyMetadata metadata; + AvbCertPublicKeyMetadata metadata; uint64_t minimum_version; /* Be pessimistic so we can exit early without having to remember to clear. @@ -203,14 +203,14 @@ AvbIOResult avb_atx_validate_vbmeta_public_key( *out_is_trusted = false; /* Read and verify permanent attributes. */ - result = ops->atx_ops->read_permanent_attributes(ops->atx_ops, - &permanent_attributes); + result = ops->cert_ops->read_permanent_attributes(ops->cert_ops, + &permanent_attributes); if (result != AVB_IO_RESULT_OK) { avb_error("Failed to read permanent attributes.\n"); return result; } - result = ops->atx_ops->read_permanent_attributes_hash( - ops->atx_ops, permanent_attributes_hash); + result = ops->cert_ops->read_permanent_attributes_hash( + ops->cert_ops, permanent_attributes_hash); if (result != AVB_IO_RESULT_OK) { avb_error("Failed to read permanent attributes hash.\n"); return result; @@ -221,11 +221,11 @@ AvbIOResult avb_atx_validate_vbmeta_public_key( } /* Sanity check public key metadata. */ - if (public_key_metadata_length != sizeof(AvbAtxPublicKeyMetadata)) { + if (public_key_metadata_length != sizeof(AvbCertPublicKeyMetadata)) { avb_error("Invalid public key metadata.\n"); return AVB_IO_RESULT_OK; } - avb_memcpy(&metadata, public_key_metadata, sizeof(AvbAtxPublicKeyMetadata)); + avb_memcpy(&metadata, public_key_metadata, sizeof(AvbCertPublicKeyMetadata)); if (metadata.version != 1) { avb_error("Unsupported public key metadata.\n"); return AVB_IO_RESULT_OK; @@ -233,7 +233,7 @@ AvbIOResult avb_atx_validate_vbmeta_public_key( /* Verify the PIK certificate. */ result = ops->read_rollback_index( - ops, AVB_ATX_PIK_VERSION_LOCATION, &minimum_version); + ops, AVB_CERT_PIK_VERSION_LOCATION, &minimum_version); if (result != AVB_IO_RESULT_OK) { avb_error("Failed to read PIK minimum version.\n"); return result; @@ -246,7 +246,7 @@ AvbIOResult avb_atx_validate_vbmeta_public_key( /* Verify the PSK certificate. */ result = ops->read_rollback_index( - ops, AVB_ATX_PSK_VERSION_LOCATION, &minimum_version); + ops, AVB_CERT_PSK_VERSION_LOCATION, &minimum_version); if (result != AVB_IO_RESULT_OK) { avb_error("Failed to read PSK minimum version.\n"); return result; @@ -260,45 +260,45 @@ AvbIOResult avb_atx_validate_vbmeta_public_key( } /* Verify the PSK is the same key that verified vbmeta. */ - if (public_key_length != AVB_ATX_PUBLIC_KEY_SIZE) { + if (public_key_length != AVB_CERT_PUBLIC_KEY_SIZE) { avb_error("Public key length mismatch.\n"); return AVB_IO_RESULT_OK; } if (0 != avb_safe_memcmp( metadata.product_signing_key_certificate.signed_data.public_key, public_key_data, - AVB_ATX_PUBLIC_KEY_SIZE)) { + AVB_CERT_PUBLIC_KEY_SIZE)) { avb_error("Public key mismatch.\n"); return AVB_IO_RESULT_OK; } /* Report the key versions used during verification. */ - ops->atx_ops->set_key_version( - ops->atx_ops, - AVB_ATX_PIK_VERSION_LOCATION, + ops->cert_ops->set_key_version( + ops->cert_ops, + AVB_CERT_PIK_VERSION_LOCATION, metadata.product_intermediate_key_certificate.signed_data.key_version); - ops->atx_ops->set_key_version( - ops->atx_ops, - AVB_ATX_PSK_VERSION_LOCATION, + ops->cert_ops->set_key_version( + ops->cert_ops, + AVB_CERT_PSK_VERSION_LOCATION, metadata.product_signing_key_certificate.signed_data.key_version); *out_is_trusted = true; return AVB_IO_RESULT_OK; } -AvbIOResult avb_atx_generate_unlock_challenge( - AvbAtxOps* atx_ops, AvbAtxUnlockChallenge* out_unlock_challenge) { +AvbIOResult avb_cert_generate_unlock_challenge( + AvbCertOps* cert_ops, AvbCertUnlockChallenge* out_unlock_challenge) { AvbIOResult result = AVB_IO_RESULT_OK; - AvbAtxPermanentAttributes permanent_attributes; + AvbCertPermanentAttributes permanent_attributes; /* We need the permanent attributes to compute the product_id_hash. */ - result = atx_ops->read_permanent_attributes(atx_ops, &permanent_attributes); + result = cert_ops->read_permanent_attributes(cert_ops, &permanent_attributes); if (result != AVB_IO_RESULT_OK) { avb_error("Failed to read permanent attributes.\n"); return result; } - result = atx_ops->get_random( - atx_ops, AVB_ATX_UNLOCK_CHALLENGE_SIZE, last_unlock_challenge); + result = cert_ops->get_random( + cert_ops, AVB_CERT_UNLOCK_CHALLENGE_SIZE, last_unlock_challenge); if (result != AVB_IO_RESULT_OK) { avb_error("Failed to generate random challenge.\n"); return result; @@ -306,20 +306,20 @@ AvbIOResult avb_atx_generate_unlock_challenge( last_unlock_challenge_set = true; out_unlock_challenge->version = 1; sha256(permanent_attributes.product_id, - AVB_ATX_PRODUCT_ID_SIZE, + AVB_CERT_PRODUCT_ID_SIZE, out_unlock_challenge->product_id_hash); avb_memcpy(out_unlock_challenge->challenge, last_unlock_challenge, - AVB_ATX_UNLOCK_CHALLENGE_SIZE); + AVB_CERT_UNLOCK_CHALLENGE_SIZE); return result; } -AvbIOResult avb_atx_validate_unlock_credential( - AvbAtxOps* atx_ops, - const AvbAtxUnlockCredential* unlock_credential, +AvbIOResult avb_cert_validate_unlock_credential( + AvbCertOps* cert_ops, + const AvbCertUnlockCredential* unlock_credential, bool* out_is_trusted) { AvbIOResult result = AVB_IO_RESULT_OK; - AvbAtxPermanentAttributes permanent_attributes; + AvbCertPermanentAttributes permanent_attributes; uint8_t permanent_attributes_hash[AVB_SHA256_DIGEST_SIZE]; uint64_t minimum_version; const AvbAlgorithmData* algorithm_data; @@ -336,13 +336,13 @@ AvbIOResult avb_atx_validate_unlock_credential( } /* Read and verify permanent attributes. */ - result = atx_ops->read_permanent_attributes(atx_ops, &permanent_attributes); + result = cert_ops->read_permanent_attributes(cert_ops, &permanent_attributes); if (result != AVB_IO_RESULT_OK) { avb_error("Failed to read permanent attributes.\n"); return result; } - result = atx_ops->read_permanent_attributes_hash(atx_ops, - permanent_attributes_hash); + result = cert_ops->read_permanent_attributes_hash(cert_ops, + permanent_attributes_hash); if (result != AVB_IO_RESULT_OK) { avb_error("Failed to read permanent attributes hash.\n"); return result; @@ -353,8 +353,8 @@ AvbIOResult avb_atx_validate_unlock_credential( } /* Verify the PIK certificate. */ - result = atx_ops->ops->read_rollback_index( - atx_ops->ops, AVB_ATX_PIK_VERSION_LOCATION, &minimum_version); + result = cert_ops->ops->read_rollback_index( + cert_ops->ops, AVB_CERT_PIK_VERSION_LOCATION, &minimum_version); if (result != AVB_IO_RESULT_OK) { avb_error("Failed to read PIK minimum version.\n"); return result; @@ -367,8 +367,8 @@ AvbIOResult avb_atx_validate_unlock_credential( } /* Verify the PUK certificate. The minimum version is shared with the PSK. */ - result = atx_ops->ops->read_rollback_index( - atx_ops->ops, AVB_ATX_PSK_VERSION_LOCATION, &minimum_version); + result = cert_ops->ops->read_rollback_index( + cert_ops->ops, AVB_CERT_PSK_VERSION_LOCATION, &minimum_version); if (result != AVB_IO_RESULT_OK) { avb_error("Failed to read PSK minimum version.\n"); return result; @@ -387,14 +387,14 @@ AvbIOResult avb_atx_validate_unlock_credential( avb_error("Challenge does not exist.\n"); return AVB_IO_RESULT_OK; } - sha512(last_unlock_challenge, AVB_ATX_UNLOCK_CHALLENGE_SIZE, challenge_hash); + sha512(last_unlock_challenge, AVB_CERT_UNLOCK_CHALLENGE_SIZE, challenge_hash); last_unlock_challenge_set = false; /* Verify the challenge signature. */ algorithm_data = avb_get_algorithm_data(AVB_ALGORITHM_TYPE_SHA512_RSA4096); if (!avb_rsa_verify(unlock_credential->product_unlock_key_certificate .signed_data.public_key, - AVB_ATX_PUBLIC_KEY_SIZE, + AVB_CERT_PUBLIC_KEY_SIZE, unlock_credential->challenge_signature, AVB_RSA4096_NUM_BYTES, challenge_hash, diff --git a/libavb_atx/avb_atx_validate.h b/libavb_cert/avb_cert_validate.h index 1a0690d..009f2c9 100644 --- a/libavb_atx/avb_atx_validate.h +++ b/libavb_cert/avb_cert_validate.h @@ -22,47 +22,46 @@ * SOFTWARE. */ -#if !defined(AVB_INSIDE_LIBAVB_ATX_H) && !defined(AVB_COMPILATION) +#if !defined(AVB_INSIDE_LIBAVB_CERT_H) && !defined(AVB_COMPILATION) #error \ - "Never include this file directly, include libavb_atx/libavb_atx.h instead." + "Never include this file directly, include libavb_cert/libavb_cert.h instead." #endif -#ifndef AVB_ATX_VALIDATE_H_ -#define AVB_ATX_VALIDATE_H_ +#ifndef AVB_CERT_VALIDATE_H_ +#define AVB_CERT_VALIDATE_H_ -#include "avb_atx_ops.h" -#include "avb_atx_types.h" +#include "avb_cert_ops.h" +#include "avb_cert_types.h" #ifdef __cplusplus extern "C" { #endif -/* Rollback index locations for Android Things key versions. */ -#define AVB_ATX_PIK_VERSION_LOCATION 0x1000 -#define AVB_ATX_PSK_VERSION_LOCATION 0x1001 +/* Rollback index locations for libavb_cert key versions. */ +#define AVB_CERT_PIK_VERSION_LOCATION 0x1000 +#define AVB_CERT_PSK_VERSION_LOCATION 0x1001 -/* An implementation of validate_vbmeta_public_key for Android Things. See +/* An implementation of `validate_vbmeta_public_key()` for libavb_cert. See * libavb/avb_ops.h for details on validate_vbmeta_public_key in general. This - * implementation uses the metadata expected with Android Things vbmeta images - * to perform validation on the public key. The ATX ops must be implemented. - * That is, |ops->atx_ops| must be valid. + * implementation uses the metadata expected with libavb_cert vbmeta images + * to perform validation on the public key. The cert ops must be implemented. + * That is, |ops->cert_ops| must be valid. * * There are a multiple values that need verification: * - Permanent Product Attributes: A hash of these attributes is fused into * hardware. Consistency is checked. * - Product Root Key (PRK): This key is provided in permanent attributes and - * is the root authority for all Android Things - * products. + * is the root authority. * - Product Intermediate Key (PIK): This key is a rotated intermediary. It is * certified by the PRK. * - Product Signing Key (PSK): This key is a rotated authority for a specific - * Android Things product. It is certified by a - * PIK and must match |public_key_data|. + * product. It is certified by a PIK and must + * match |public_key_data|. * - Product ID: This value is provided in permanent attributes and is unique - * to a specific Android Things product. This value must match - * the subject of the PSK certificate. + * to a specific product. This value must match the subject of + * the PSK certificate. */ -AvbIOResult avb_atx_validate_vbmeta_public_key( +AvbIOResult avb_cert_validate_vbmeta_public_key( AvbOps* ops, const uint8_t* public_key_data, size_t public_key_length, @@ -71,21 +70,21 @@ AvbIOResult avb_atx_validate_vbmeta_public_key( bool* out_is_trusted); /* Generates a challenge which can be used to create an unlock credential. */ -AvbIOResult avb_atx_generate_unlock_challenge( - AvbAtxOps* atx_ops, AvbAtxUnlockChallenge* out_unlock_challenge); +AvbIOResult avb_cert_generate_unlock_challenge( + AvbCertOps* cert_ops, AvbCertUnlockChallenge* out_unlock_challenge); /* Validates an unlock credential. The certificate validation is very similar to * the validation of public key metadata except in place of the PSK is a Product * Unlock Key (PUK) and the certificate usage field identifies it as such. The * challenge signature field is verified against this PUK. */ -AvbIOResult avb_atx_validate_unlock_credential( - AvbAtxOps* atx_ops, - const AvbAtxUnlockCredential* unlock_credential, +AvbIOResult avb_cert_validate_unlock_credential( + AvbCertOps* cert_ops, + const AvbCertUnlockCredential* unlock_credential, bool* out_is_trusted); #ifdef __cplusplus } #endif -#endif /* AVB_ATX_VALIDATE_H_ */ +#endif /* AVB_CERT_VALIDATE_H_ */ diff --git a/libavb_atx/libavb_atx.h b/libavb_cert/libavb_cert.h index 839c0af..dced5ac 100644 --- a/libavb_atx/libavb_atx.h +++ b/libavb_cert/libavb_cert.h @@ -22,20 +22,20 @@ * SOFTWARE. */ -#ifndef LIBAVB_ATX_H_ -#define LIBAVB_ATX_H_ +#ifndef LIBAVB_CERT_H_ +#define LIBAVB_CERT_H_ #include <libavb/libavb.h> -/* The AVB_INSIDE_LIBAVB_ATX_H preprocessor symbol is used to enforce +/* The AVB_INSIDE_LIBAVB_CERT_H preprocessor symbol is used to enforce * library users to include only this file. All public interfaces, and * only public interfaces, must be included here. */ -#define AVB_INSIDE_LIBAVB_ATX_H -#include "avb_atx_ops.h" -#include "avb_atx_types.h" -#include "avb_atx_validate.h" -#undef AVB_INSIDE_LIBAVB_ATX_H +#define AVB_INSIDE_LIBAVB_CERT_H +#include "avb_cert_ops.h" +#include "avb_cert_types.h" +#include "avb_cert_validate.h" +#undef AVB_INSIDE_LIBAVB_CERT_H -#endif /* LIBAVB_ATX_H_ */ +#endif /* LIBAVB_CERT_H_ */ diff --git a/rust/bindgen/avb.h b/rust/bindgen/avb.h index b9849b6..3d841c1 100644 --- a/rust/bindgen/avb.h +++ b/rust/bindgen/avb.h @@ -17,4 +17,4 @@ #pragma once #include <libavb/libavb.h> -#include <libavb_atx/libavb_atx.h> +#include <libavb_cert/libavb_cert.h> diff --git a/rust/src/atx.rs b/rust/src/cert.rs index e9192d2..adf682e 100644 --- a/rust/src/atx.rs +++ b/rust/src/cert.rs @@ -12,10 +12,10 @@ // See the License for the specific language governing permissions and // limitations under the License. -//! ATX support. +//! libavb_cert support. //! -//! ATX is an optional extension on top of the standard libavb API. It provides two additional -//! features: +//! libavb_cert is an optional extension on top of the standard libavb API. It provides two +//! additional features: //! //! 1. Key management //! 2. Authenticated unlock @@ -25,7 +25,7 @@ //! become complicated when using best-practices such as key heirarchies and rotations, which often //! results in implementations omitting these features and just using a single fixed key. //! -//! ATX enables these features more easily by internally managing a set of related keys: +//! libavb_cert enables these features more easily by internally managing a set of related keys: //! //! * Product root key (PRK): un-rotateable root key //! * Product intermediate key (PIK): rotateable key signed by the PRK @@ -38,9 +38,9 @@ //! The device validates keys using a fixed blob of data called "permanent attributes", which can //! authenticate via the PRK and never needs to change even when PIK/PSK are rotated. //! -//! To use this functionality, implement the `AtxOps` trait and forward +//! To use this functionality, implement the `CertOps` trait and forward //! `validate_vbmeta_public_key()` and/or `validate_public_key_for_partition()` to the provided -//! `atx_validate_vbmeta_public_key()` implementation. +//! `cert_validate_vbmeta_public_key()` implementation. //! //! # Authenticated unlock //! Typically devices support fastboot commands such as `fastboot flashing unlock` to unlock the @@ -49,9 +49,9 @@ //! //! Authenticated unlock introduces one additional key, the product unlock key (PUK), which is //! signed by the PIK. The PUK is in the same key heirarchy but a distinct key, so that access to -//! the PUK does not give the ability to sign images. When authenticated unlock is requested, ATX -//! produces a randomized "challenge token" which the user must then properly sign with the PUK -//! in order to unlock. +//! the PUK does not give the ability to sign images. When authenticated unlock is requested, +//! libavb_cert produces a randomized "challenge token" which the user must then properly sign with +//! the PUK in order to unlock. //! //! It's up to individual device policy how to use authenticated unlock. For example a device may //! want to support standard un-authenticated unlock for most operations, but then additionally @@ -63,13 +63,13 @@ //! # 1. Generate an unlock challenge (the exact fastboot command is device-specific). //! $ fastboot oem get-auth-unlock-challenge //! -//! # Internally, the device calls `atx_generate_unlock_challenge()` to generate the token. +//! # Internally, the device calls `cert_generate_unlock_challenge()` to generate the token. //! //! # 2. Download the challenge token from the device. //! $ fastboot get_staged /tmp/challenge.bin //! //! # 3. Sign the challenge with the PUK. -//! $ avbtool make_atx_unlock_credential \ +//! $ avbtool make_cert_unlock_credential \ //! --challenge /tmp/challenge.bin \ //! --output /tmp/signed.bin \ //! ... # see --help for full args @@ -80,35 +80,35 @@ //! # 5. Unlock the device (the exact fastboot command is device-specific). //! $ fastboot oem auth-unlock //! -//! # Internally, the device calls `atx_validate_unlock_credential()` to verify the credential. +//! # Internally, the device calls `cert_validate_unlock_credential()` to verify the credential. //! ``` use crate::{IoError, IoResult, Ops}; -/// ATX permanent attributes. -pub use avb_bindgen::AvbAtxPermanentAttributes as AtxPermanentAttributes; +/// libavb_cert permanent attributes. +pub use avb_bindgen::AvbCertPermanentAttributes as CertPermanentAttributes; /// Authenticated unlock challenge. -pub use avb_bindgen::AvbAtxUnlockChallenge as AtxUnlockChallenge; +pub use avb_bindgen::AvbCertUnlockChallenge as CertUnlockChallenge; /// Signed authenticated unlock credential. -pub use avb_bindgen::AvbAtxUnlockCredential as AtxUnlockCredential; +pub use avb_bindgen::AvbCertUnlockCredential as CertUnlockCredential; /// Size in bytes of a SHA256 digest. pub const SHA256_DIGEST_SIZE: usize = avb_bindgen::AVB_SHA256_DIGEST_SIZE as usize; /// Product intermediate key (PIK) rollback index location. /// -/// If using ATX APIs, make sure no vbmetas use this location, it must be reserved for the PIK. -pub const ATX_PIK_VERSION_LOCATION: usize = avb_bindgen::AVB_ATX_PIK_VERSION_LOCATION as usize; +/// If using libavb_cert, make sure no vbmetas use this location, it must be reserved for the PIK. +pub const CERT_PIK_VERSION_LOCATION: usize = avb_bindgen::AVB_CERT_PIK_VERSION_LOCATION as usize; /// Product signing key (PSK) rollback index location. /// -/// If using ATX APIs, make sure no vbmetas use this location, it must be reserved for the PSK. -pub const ATX_PSK_VERSION_LOCATION: usize = avb_bindgen::AVB_ATX_PSK_VERSION_LOCATION as usize; +/// If using libavb_cert, make sure no vbmetas use this location, it must be reserved for the PSK. +pub const CERT_PSK_VERSION_LOCATION: usize = avb_bindgen::AVB_CERT_PSK_VERSION_LOCATION as usize; -/// ATX additional callbacks. -pub trait AtxOps<'a>: Ops<'a> { +/// libavb_cert additional callbacks. +pub trait CertOps<'a>: Ops<'a> { /// Reads the device's permanent attributes. /// /// The full permanent attributes are not required to be securely stored; corruption of this @@ -123,7 +123,7 @@ pub trait AtxOps<'a>: Ops<'a> { /// Unit on success, error on failure. fn read_permanent_attributes( &mut self, - attributes: &mut AtxPermanentAttributes, + attributes: &mut CertPermanentAttributes, ) -> IoResult<()>; /// Reads the SHA256 hash of the device's permanent attributes. @@ -142,7 +142,7 @@ pub trait AtxOps<'a>: Ops<'a> { /// Provides the key version for the rotateable keys. /// - /// ATX stores signing key versions as rollback indices; when this function is called it + /// libavb_cert stores signing key versions as rollback indices; when this function is called it /// indicates that the key at the given index location is using the given version. /// /// The exact steps to take when receiving this callback depend on device policy, but generally @@ -176,10 +176,10 @@ pub trait AtxOps<'a>: Ops<'a> { fn get_random(&mut self, bytes: &mut [u8]) -> IoResult<()>; } -/// ATX-provided vbmeta key validation. +/// Certificate-based vbmeta key validation. /// /// This can be called from `validate_vbmeta_public_key()` or `validate_public_key_for_partition()` -/// to provide the correct behavior using the ATX keys, such as: +/// to provide the correct behavior using the libavb_cert keys, such as: /// /// ``` /// impl avb::Ops for MyOps { @@ -188,23 +188,24 @@ pub trait AtxOps<'a>: Ops<'a> { /// public_key: &[u8], /// public_key_metadata: Option<&[u8]>, /// ) -> IoResult<bool> { -/// atx_validate_vbmeta_public_key(self, public_key, public_key_metadata) +/// cert_validate_vbmeta_public_key(self, public_key, public_key_metadata) /// } /// } /// ``` /// /// We don't automatically call this from the validation functions because it's up to the device -/// when to use ATX e.g. a device may want to use ATX only for specific partitions. +/// when to use certificate authentication e.g. a device may want to use libavb_cert only for +/// specific partitions. /// /// # Arguments -/// * `ops`: the `AtxOps` callback implementations. +/// * `ops`: the `CertOps` callback implementations. /// * `public_key`: the public key. /// * `public_key_metadata`: public key metadata. /// /// # Returns /// True if the given key is valid, false if it is not, `IoError` on error. -pub fn atx_validate_vbmeta_public_key( - _ops: &mut dyn AtxOps, +pub fn cert_validate_vbmeta_public_key( + _ops: &mut dyn CertOps, _public_key: &[u8], _public_key_metadata: Option<&[u8]>, ) -> IoResult<bool> { @@ -216,14 +217,16 @@ pub fn atx_validate_vbmeta_public_key( /// /// Used to create a challenge token to be signed with the PUK. /// -/// The user can sign the resulting token via `avbtool make_atx_unlock_credential`. +/// The user can sign the resulting token via `avbtool make_cert_unlock_credential`. /// /// # Arguments -/// * `atx_ops`: the `AtxOps` callback implementations. +/// * `cert_ops`: the `CertOps` callback implementations. /// /// # Returns -/// The challenge to sign with the PUK, or `IoError` on `atx_ops` failure. -pub fn atx_generate_unlock_challenge(_atx_ops: &mut dyn AtxOps) -> IoResult<AtxUnlockChallenge> { +/// The challenge to sign with the PUK, or `IoError` on `cert_ops` failure. +pub fn cert_generate_unlock_challenge( + _cert_ops: &mut dyn CertOps, +) -> IoResult<CertUnlockChallenge> { // TODO(b/320543206): implement Err(IoError::NotImplemented) } @@ -234,16 +237,16 @@ pub fn atx_generate_unlock_challenge(_atx_ops: &mut dyn AtxOps) -> IoResult<AtxU /// device's permanent attributes. /// /// # Arguments -/// * `atx_ops`: the `AtxOps` callback implementations. +/// * `cert_ops`: the `CertOps` callback implementations. /// * `credential`: the signed unlock credential to verify. /// /// # Returns /// * `Ok(true)` if the credential validated /// * `Ok(false)` if it failed validation -/// * `Err(IoError)` on `atx_ops` failure -pub fn atx_validate_unlock_credential( - _atx_ops: &mut dyn AtxOps, - _credential: &AtxUnlockCredential, +/// * `Err(IoError)` on `cert_ops` failure +pub fn cert_validate_unlock_credential( + _cert_ops: &mut dyn CertOps, + _credential: &CertUnlockCredential, ) -> IoResult<bool> { // TODO(b/320543206): implement Err(IoError::NotImplemented) diff --git a/rust/src/lib.rs b/rust/src/lib.rs index 2a49cee..16bf066 100644 --- a/rust/src/lib.rs +++ b/rust/src/lib.rs @@ -26,15 +26,15 @@ // panic_handler and eh_personality conditional on actually building a dylib. #![cfg_attr(not(any(test, android_dylib)), no_std)] -mod atx; +mod cert; mod descriptor; mod error; mod ops; mod verify; -pub use atx::{ - atx_generate_unlock_challenge, atx_validate_unlock_credential, atx_validate_vbmeta_public_key, - AtxOps, AtxPermanentAttributes, ATX_PIK_VERSION_LOCATION, ATX_PSK_VERSION_LOCATION, +pub use cert::{ + cert_generate_unlock_challenge, cert_validate_unlock_credential, cert_validate_vbmeta_public_key, + CertOps, CertPermanentAttributes, CERT_PIK_VERSION_LOCATION, CERT_PSK_VERSION_LOCATION, SHA256_DIGEST_SIZE, }; pub use descriptor::{ diff --git a/rust/src/ops.rs b/rust/src/ops.rs index cc3a9cf..10f2b1a 100644 --- a/rust/src/ops.rs +++ b/rust/src/ops.rs @@ -86,7 +86,7 @@ pub trait Ops<'a> { /// Checks if the given public key is valid for vbmeta image signing. /// - /// If using ATX, this should forward to `atx_validate_vbmeta_public_key()`. + /// If using libavb_cert, this should forward to `cert_validate_vbmeta_public_key()`. /// /// # Arguments /// * `public_key`: the public key. @@ -218,7 +218,8 @@ pub trait Ops<'a> { /// partition. If this flag is not used, the `validate_vbmeta_public_key()` callback is used /// instead, and this function will never be called. /// - /// If using ATX for `partition`, this should forward to `atx_validate_vbmeta_public_key()`. + /// If using libavb_cert for `partition`, this should forward to + /// `cert_validate_vbmeta_public_key()`. /// /// # Arguments /// * `partition`: partition name. @@ -320,8 +321,8 @@ impl<'o, 'p> ScopedAvbOps<'o, 'p> { // Rust won't transitively cast so we need to cast twice manually, but the compiler // is smart enough to deduce the types we need. user_data: user_data as *mut _ as *mut _, - ab_ops: ptr::null_mut(), // Deprecated, no need to support. - atx_ops: ptr::null_mut(), // TODO: support optional ATX. + ab_ops: ptr::null_mut(), // Deprecated, no need to support. + cert_ops: ptr::null_mut(), // TODO: support optional libavb_cert. read_from_partition: Some(read_from_partition), get_preloaded_partition: Some(get_preloaded_partition), write_to_partition: None, // Not needed, only used for deprecated A/B. diff --git a/test/Android.bp b/test/Android.bp index dd6d02a..6ceaf1e 100644 --- a/test/Android.bp +++ b/test/Android.bp @@ -34,11 +34,11 @@ python_test_host { "at_auth_unlock", ], data: [ - "data/atx_pik_certificate.bin", - "data/atx_puk_certificate.bin", - "data/atx_unlock_challenge.bin", - "data/atx_unlock_credential.bin", - "data/testkey_atx_puk.pem", + "data/cert_pik_certificate.bin", + "data/cert_puk_certificate.bin", + "data/cert_unlock_challenge.bin", + "data/cert_unlock_credential.bin", + "data/testkey_cert_puk.pem", ], test_config: "at_auth_unlock_unittest.xml", } @@ -58,22 +58,22 @@ filegroup { srcs: ["data/testkey_rsa2048.pem"], } -// ATX test public key. +// libavb_cert test public key. filegroup { - name: "avb_atx_testkey_psk", - srcs: ["data/testkey_atx_psk.pem"], + name: "avb_cert_testkey_psk", + srcs: ["data/testkey_cert_psk.pem"], } -// ATX test public key metadata. PSK and PIK versions are both set to 42. +// libavb_cert test public key metadata. PSK and PIK versions are both set to 42. filegroup { - name: "avb_atx_test_metadata", - srcs: ["data/atx_metadata.bin"], + name: "avb_cert_test_metadata", + srcs: ["data/cert_metadata.bin"], } -// ATX test permanent attributes for the above public key. +// libavb_cert test permanent attributes for the above public key. filegroup { - name: "avb_atx_test_permanent_attributes", - srcs: ["data/atx_permanent_attributes.bin"], + name: "avb_cert_test_permanent_attributes", + srcs: ["data/cert_permanent_attributes.bin"], } genrule { diff --git a/test/at_auth_unlock_unittest.py b/test/at_auth_unlock_unittest.py index 7683565..adc045b 100644 --- a/test/at_auth_unlock_unittest.py +++ b/test/at_auth_unlock_unittest.py @@ -32,11 +32,11 @@ def dataPath(file): return os.path.join(os.path.dirname(__file__), 'data', file) -DATA_FILE_PIK_CERTIFICATE = dataPath('atx_pik_certificate.bin') -DATA_FILE_PUK_CERTIFICATE = dataPath('atx_puk_certificate.bin') -DATA_FILE_PUK_KEY = dataPath('testkey_atx_puk.pem') -DATA_FILE_UNLOCK_CHALLENGE = dataPath('atx_unlock_challenge.bin') -DATA_FILE_UNLOCK_CREDENTIAL = dataPath('atx_unlock_credential.bin') +DATA_FILE_PIK_CERTIFICATE = dataPath('cert_pik_certificate.bin') +DATA_FILE_PUK_CERTIFICATE = dataPath('cert_puk_certificate.bin') +DATA_FILE_PUK_KEY = dataPath('testkey_cert_puk.pem') +DATA_FILE_UNLOCK_CHALLENGE = dataPath('cert_unlock_challenge.bin') +DATA_FILE_UNLOCK_CREDENTIAL = dataPath('cert_unlock_credential.bin') def createTempZip(contents): @@ -197,7 +197,7 @@ class UnlockCredentialsTest(unittest.TestCase): def writeFullUnlockChallenge(out_file, product_id_hash=None): - """Helper function to create a file with a full AvbAtxUnlockChallenge struct. + """Helper function to create a file with a full AvbCertUnlockChallenge struct. Arguments: product_id_hash: [optional] 32 byte value to include in the challenge as the @@ -206,7 +206,7 @@ def writeFullUnlockChallenge(out_file, product_id_hash=None): """ if product_id_hash is None: with open(DATA_FILE_PUK_CERTIFICATE, 'rb') as f: - product_id_hash = GetAtxCertificateSubject(f.read()) + product_id_hash = GetCertCertificateSubject(f.read()) assert len(product_id_hash) == 32 with open(out_file, 'wb') as out: @@ -216,7 +216,7 @@ def writeFullUnlockChallenge(out_file, product_id_hash=None): out.write(f.read()) -class MakeAtxUnlockCredentialTest(unittest.TestCase): +class MakeCertUnlockCredentialTest(unittest.TestCase): def testCredentialIsCorrect(self): with validUnlockCredsZip() as zip: @@ -230,8 +230,8 @@ class MakeAtxUnlockCredentialTest(unittest.TestCase): out_cred = os.path.join(tempdir, 'credential') # Compare unlock credential generated by function with one generated - # using 'avbtool make_atx_unlock_credential', to check correctness. - MakeAtxUnlockCredential(creds, challenge, out_cred) + # using 'avbtool make_cert_unlock_credential', to check correctness. + MakeCertUnlockCredential(creds, challenge, out_cred) self.assertTrue(filecmp.cmp(out_cred, DATA_FILE_UNLOCK_CREDENTIAL)) finally: shutil.rmtree(tempdir) @@ -245,10 +245,10 @@ class MakeAtxUnlockCredentialTest(unittest.TestCase): out_cred = os.path.join(tempdir, 'credential') # The bundled unlock challenge is just the 16 byte challenge, not the - # full AvbAtxUnlockChallenge like this expects. + # full AvbCertUnlockChallenge like this expects. with self.assertRaises(ValueError): challenge = UnlockChallenge(DATA_FILE_UNLOCK_CHALLENGE) - MakeAtxUnlockCredential(creds, challenge, out_cred) + MakeCertUnlockCredential(creds, challenge, out_cred) finally: shutil.rmtree(tempdir) diff --git a/test/avb_atx_generate_test_data b/test/avb_cert_generate_test_data index 795a2b1..5671523 100755 --- a/test/avb_atx_generate_test_data +++ b/test/avb_cert_generate_test_data @@ -24,23 +24,23 @@ # SOFTWARE. # -# This shell-script generates ATX test data in the working directory. +# This shell-script generates libavb_cert test data in the working directory. # An avbtool executable is assumed to reside in the parent directory # of this script. # -# The *atx* test data in the test/data/ directory was generated with +# The *cert* test data in the test/data/ directory was generated with # this script. It is consistent with the expectations of avbtool unit -# tests and ATX unit tests. This script exists as a record of how the +# tests and avb_cert unit tests. This script exists as a record of how the # data was generated and as a convenience if it ever needs to be # generated again. # # Typical usage: # -# $ cd test/data; ../avb_atx_generate_test_data +# $ cd test/data; ../avb_cert_generate_test_data set -e -TMP_FILE=$(mktemp /tmp/atx_generator.XXXXXXXXXX) +TMP_FILE=$(mktemp /tmp/cert_generator.XXXXXXXXXX) trap "rm -f '${TMP_FILE}'" EXIT AVBTOOL=$(dirname "$0")/../avbtool.py @@ -48,58 +48,58 @@ AVBTOOL=$(dirname "$0")/../avbtool.py echo AVBTOOL = ${AVBTOOL} # Get a zero product ID. -echo 00000000000000000000000000000000 | xxd -r -p - atx_product_id.bin +echo 00000000000000000000000000000000 | xxd -r -p - cert_product_id.bin # Generate key pairs. -if [ ! -f testkey_atx_prk.pem ]; then +if [ ! -f testkey_cert_prk.pem ]; then openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \ - -out testkey_atx_prk.pem + -out testkey_cert_prk.pem fi -if [ ! -f testkey_atx_pik.pem ]; then +if [ ! -f testkey_cert_pik.pem ]; then openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \ - -out testkey_atx_pik.pem + -out testkey_cert_pik.pem fi -if [ ! -f testkey_atx_psk.pem ]; then +if [ ! -f testkey_cert_psk.pem ]; then openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \ - -out testkey_atx_psk.pem + -out testkey_cert_psk.pem fi -if [ ! -f testkey_atx_puk.pem ]; then +if [ ! -f testkey_cert_puk.pem ]; then openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -outform PEM \ - -out testkey_atx_puk.pem + -out testkey_cert_puk.pem fi # Construct permanent attributes. -${AVBTOOL} make_atx_permanent_attributes --output=atx_permanent_attributes.bin \ - --product_id=atx_product_id.bin --root_authority_key=testkey_atx_prk.pem +${AVBTOOL} make_cert_permanent_attributes --output=cert_permanent_attributes.bin \ + --product_id=cert_product_id.bin --root_authority_key=testkey_cert_prk.pem # Construct a PIK certificate. echo -n "fake PIK subject" > ${TMP_FILE} -${AVBTOOL} make_atx_certificate --output=atx_pik_certificate.bin \ - --subject=${TMP_FILE} --subject_key=testkey_atx_pik.pem \ +${AVBTOOL} make_certificate --output=cert_pik_certificate.bin \ + --subject=${TMP_FILE} --subject_key=testkey_cert_pik.pem \ --subject_is_intermediate_authority --subject_key_version 42 \ - --authority_key=testkey_atx_prk.pem + --authority_key=testkey_cert_prk.pem # Construct a PSK certificate. -${AVBTOOL} make_atx_certificate --output=atx_psk_certificate.bin \ - --subject=atx_product_id.bin --subject_key=testkey_atx_psk.pem \ - --subject_key_version 42 --authority_key=testkey_atx_pik.pem +${AVBTOOL} make_certificate --output=cert_psk_certificate.bin \ + --subject=cert_product_id.bin --subject_key=testkey_cert_psk.pem \ + --subject_key_version 42 --authority_key=testkey_cert_pik.pem # Construct metadata. -${AVBTOOL} make_atx_metadata --output=atx_metadata.bin \ - --intermediate_key_certificate=atx_pik_certificate.bin \ - --product_key_certificate=atx_psk_certificate.bin +${AVBTOOL} make_cert_metadata --output=cert_metadata.bin \ + --intermediate_key_certificate=cert_pik_certificate.bin \ + --product_key_certificate=cert_psk_certificate.bin # Generate a random unlock challenge. -head -c 16 /dev/urandom > atx_unlock_challenge.bin +head -c 16 /dev/urandom > cert_unlock_challenge.bin # Construct a PUK certificate. -${AVBTOOL} make_atx_certificate --output=atx_puk_certificate.bin \ - --subject=atx_product_id.bin --subject_key=testkey_atx_puk.pem \ +${AVBTOOL} make_certificate --output=cert_puk_certificate.bin \ + --subject=cert_product_id.bin --subject_key=testkey_cert_puk.pem \ --usage=com.google.android.things.vboot.unlock --subject_key_version 42 \ - --authority_key=testkey_atx_pik.pem + --authority_key=testkey_cert_pik.pem # Construct an unlock credential. -${AVBTOOL} make_atx_unlock_credential --output=atx_unlock_credential.bin \ - --intermediate_key_certificate=atx_pik_certificate.bin \ - --unlock_key_certificate=atx_puk_certificate.bin \ - --challenge=atx_unlock_challenge.bin --unlock_key=testkey_atx_puk.pem +${AVBTOOL} make_cert_unlock_credential --output=cert_unlock_credential.bin \ + --intermediate_key_certificate=cert_pik_certificate.bin \ + --unlock_key_certificate=cert_puk_certificate.bin \ + --challenge=cert_unlock_challenge.bin --unlock_key=testkey_cert_puk.pem diff --git a/test/avb_atx_slot_verify_unittest.cc b/test/avb_cert_slot_verify_unittest.cc index ff0abda..69cd412 100644 --- a/test/avb_atx_slot_verify_unittest.cc +++ b/test/avb_cert_slot_verify_unittest.cc @@ -22,41 +22,41 @@ * SOFTWARE. */ -#include <stdio.h> -#include <string.h> +#include "examples/cert/avb_cert_slot_verify.h" #include <base/files/file_util.h> #include <gtest/gtest.h> #include <openssl/sha.h> +#include <stdio.h> +#include <string.h> #include "avb_unittest_util.h" -#include "examples/things/avb_atx_slot_verify.h" #include "fake_avb_ops.h" namespace { -const char kMetadataPath[] = "test/data/atx_metadata.bin"; +const char kMetadataPath[] = "test/data/cert_metadata.bin"; const char kPermanentAttributesPath[] = - "test/data/atx_permanent_attributes.bin"; + "test/data/cert_permanent_attributes.bin"; const uint64_t kNewRollbackValue = 42; } /* namespace */ namespace avb { -// A fixture for testing avb_atx_slot_verify() with ATX. This test is +// A fixture for testing avb_cert_slot_verify() with libavb_cert. This test is // parameterized on the initial stored rollback index (same value used in all // relevant locations). -class AvbAtxSlotVerifyExampleTest +class AvbCertSlotVerifyExampleTest : public BaseAvbToolTest, public FakeAvbOpsDelegateWithDefaults, public ::testing::WithParamInterface<uint64_t> { public: - ~AvbAtxSlotVerifyExampleTest() override = default; + ~AvbCertSlotVerifyExampleTest() override = default; void SetUp() override { BaseAvbToolTest::SetUp(); - ReadAtxDefaultData(); + ReadCertDefaultData(); ops_.set_partition_dir(testdir_); ops_.set_delegate(this); ops_.set_permanent_attributes(attributes_); @@ -70,14 +70,14 @@ class AvbAtxSlotVerifyExampleTest const uint8_t* public_key_metadata, size_t public_key_metadata_length, bool* out_key_is_trusted) override { - // Send to ATX implementation. - ++num_atx_calls_; - return avb_atx_validate_vbmeta_public_key(ops, - public_key_data, - public_key_length, - public_key_metadata, - public_key_metadata_length, - out_key_is_trusted); + // Send to libavb_cert implementation. + ++num_cert_calls_; + return avb_cert_validate_vbmeta_public_key(ops, + public_key_data, + public_key_length, + public_key_metadata, + public_key_metadata_length, + out_key_is_trusted); } AvbIOResult write_rollback_index(AvbOps* ops, @@ -100,34 +100,34 @@ class AvbAtxSlotVerifyExampleTest void RunSlotVerify() { ops_.set_stored_rollback_indexes( {{0, initial_rollback_value_}, - {AVB_ATX_PIK_VERSION_LOCATION, initial_rollback_value_}, - {AVB_ATX_PSK_VERSION_LOCATION, initial_rollback_value_}}); + {AVB_CERT_PIK_VERSION_LOCATION, initial_rollback_value_}, + {AVB_CERT_PSK_VERSION_LOCATION, initial_rollback_value_}}); std::string metadata_option = "--public_key_metadata="; metadata_option += kMetadataPath; GenerateVBMetaImage("vbmeta_a.img", "SHA512_RSA4096", kNewRollbackValue, - base::FilePath("test/data/testkey_atx_psk.pem"), + base::FilePath("test/data/testkey_cert_psk.pem"), metadata_option); SHA256(vbmeta_image_.data(), vbmeta_image_.size(), expected_vbh_extension_); ops_.set_expected_public_key( - PublicKeyAVB(base::FilePath("test/data/testkey_atx_psk.pem"))); + PublicKeyAVB(base::FilePath("test/data/testkey_cert_psk.pem"))); AvbSlotVerifyData* slot_data = NULL; EXPECT_EQ(expected_result_, - avb_atx_slot_verify(ops_.avb_atx_ops(), - "_a", - lock_state_, - slot_state_, - oem_data_state_, - &slot_data, - actual_vbh_extension_)); + avb_cert_slot_verify(ops_.avb_cert_ops(), + "_a", + lock_state_, + slot_state_, + oem_data_state_, + &slot_data, + actual_vbh_extension_)); if (expected_result_ == AVB_SLOT_VERIFY_RESULT_OK) { EXPECT_NE(nullptr, slot_data); avb_slot_verify_data_free(slot_data); - // Make sure ATX is being run. - EXPECT_EQ(1, num_atx_calls_); + // Make sure libavb_cert is being run. + EXPECT_EQ(1, num_cert_calls_); // Make sure we're hooking set_key_version. EXPECT_EQ(0, num_key_version_calls_); } @@ -135,7 +135,7 @@ class AvbAtxSlotVerifyExampleTest void CheckVBH() { if (expected_result_ != AVB_SLOT_VERIFY_RESULT_OK || - lock_state_ == AVB_ATX_UNLOCKED) { + lock_state_ == AVB_CERT_UNLOCKED) { memset(&expected_vbh_extension_, 0, AVB_SHA256_DIGEST_SIZE); } // Check that the VBH was correctly calculated. @@ -148,8 +148,8 @@ class AvbAtxSlotVerifyExampleTest void CheckNewRollbackState() { uint64_t expected_rollback_value = kNewRollbackValue; if (expected_result_ != AVB_SLOT_VERIFY_RESULT_OK || - lock_state_ == AVB_ATX_UNLOCKED || - slot_state_ != AVB_ATX_SLOT_MARKED_SUCCESSFUL) { + lock_state_ == AVB_CERT_UNLOCKED || + slot_state_ != AVB_CERT_SLOT_MARKED_SUCCESSFUL) { // Check that rollback indexes were unmodified. expected_rollback_value = initial_rollback_value_; } @@ -158,9 +158,9 @@ class AvbAtxSlotVerifyExampleTest ops_.get_stored_rollback_indexes(); EXPECT_EQ(expected_rollback_value, stored_rollback_indexes[0]); EXPECT_EQ(expected_rollback_value, - stored_rollback_indexes[AVB_ATX_PIK_VERSION_LOCATION]); + stored_rollback_indexes[AVB_CERT_PIK_VERSION_LOCATION]); EXPECT_EQ(expected_rollback_value, - stored_rollback_indexes[AVB_ATX_PSK_VERSION_LOCATION]); + stored_rollback_indexes[AVB_CERT_PSK_VERSION_LOCATION]); // Check that if the rollback did not need to change, there were no writes. if (initial_rollback_value_ == kNewRollbackValue || initial_rollback_value_ == expected_rollback_value) { @@ -171,29 +171,29 @@ class AvbAtxSlotVerifyExampleTest } protected: - AvbAtxPermanentAttributes attributes_; - int num_atx_calls_ = 0; + AvbCertPermanentAttributes attributes_; + int num_cert_calls_ = 0; int num_key_version_calls_ = 0; int num_write_rollback_calls_ = 0; AvbSlotVerifyResult expected_result_ = AVB_SLOT_VERIFY_RESULT_OK; uint64_t initial_rollback_value_ = 0; - AvbAtxLockState lock_state_ = AVB_ATX_LOCKED; - AvbAtxSlotState slot_state_ = AVB_ATX_SLOT_MARKED_SUCCESSFUL; - AvbAtxOemDataState oem_data_state_ = AVB_ATX_OEM_DATA_NOT_USED; + AvbCertLockState lock_state_ = AVB_CERT_LOCKED; + AvbCertSlotState slot_state_ = AVB_CERT_SLOT_MARKED_SUCCESSFUL; + AvbCertOemDataState oem_data_state_ = AVB_CERT_OEM_DATA_NOT_USED; uint8_t expected_vbh_extension_[AVB_SHA256_DIGEST_SIZE] = {}; uint8_t actual_vbh_extension_[AVB_SHA256_DIGEST_SIZE] = {}; private: - void ReadAtxDefaultData() { + void ReadCertDefaultData() { std::string tmp; ASSERT_TRUE( base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp)); - ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes)); + ASSERT_EQ(tmp.size(), sizeof(AvbCertPermanentAttributes)); memcpy(&attributes_, tmp.data(), tmp.size()); } }; -TEST_P(AvbAtxSlotVerifyExampleTest, RunWithStartingIndex) { +TEST_P(AvbCertSlotVerifyExampleTest, RunWithStartingIndex) { initial_rollback_value_ = GetParam(); RunSlotVerify(); CheckVBH(); @@ -201,29 +201,29 @@ TEST_P(AvbAtxSlotVerifyExampleTest, RunWithStartingIndex) { } INSTANTIATE_TEST_CASE_P(P, - AvbAtxSlotVerifyExampleTest, + AvbCertSlotVerifyExampleTest, ::testing::Values(0, 1, kNewRollbackValue / 2, kNewRollbackValue - 1, kNewRollbackValue)); -TEST_F(AvbAtxSlotVerifyExampleTest, RunUnlocked) { - lock_state_ = AVB_ATX_UNLOCKED; +TEST_F(AvbCertSlotVerifyExampleTest, RunUnlocked) { + lock_state_ = AVB_CERT_UNLOCKED; RunSlotVerify(); CheckVBH(); CheckNewRollbackState(); } -TEST_F(AvbAtxSlotVerifyExampleTest, RunWithSlotNotMarkedSuccessful) { - slot_state_ = AVB_ATX_SLOT_NOT_MARKED_SUCCESSFUL; +TEST_F(AvbCertSlotVerifyExampleTest, RunWithSlotNotMarkedSuccessful) { + slot_state_ = AVB_CERT_SLOT_NOT_MARKED_SUCCESSFUL; RunSlotVerify(); CheckVBH(); CheckNewRollbackState(); } -TEST_F(AvbAtxSlotVerifyExampleTest, RunWithOemData) { - oem_data_state_ = AVB_ATX_OEM_DATA_USED; +TEST_F(AvbCertSlotVerifyExampleTest, RunWithOemData) { + oem_data_state_ = AVB_CERT_OEM_DATA_USED; RunSlotVerify(); CheckVBH(); CheckNewRollbackState(); diff --git a/test/avb_atx_validate_unittest.cc b/test/avb_cert_validate_unittest.cc index 945f6ca..63a34fe 100644 --- a/test/avb_atx_validate_unittest.cc +++ b/test/avb_cert_validate_unittest.cc @@ -22,32 +22,30 @@ * SOFTWARE. */ -#include <stdio.h> -#include <string.h> - #include <base/files/file_util.h> #include <gtest/gtest.h> +#include <libavb_cert/libavb_cert.h> #include <openssl/objects.h> #include <openssl/pem.h> #include <openssl/rsa.h> #include <openssl/sha.h> - -#include <libavb_atx/libavb_atx.h> +#include <stdio.h> +#include <string.h> #include "avb_unittest_util.h" #include "fake_avb_ops.h" namespace { -const char kMetadataPath[] = "test/data/atx_metadata.bin"; +const char kMetadataPath[] = "test/data/cert_metadata.bin"; const char kPermanentAttributesPath[] = - "test/data/atx_permanent_attributes.bin"; -const char kPRKPrivateKeyPath[] = "test/data/testkey_atx_prk.pem"; -const char kPIKPrivateKeyPath[] = "test/data/testkey_atx_pik.pem"; -const char kPSKPrivateKeyPath[] = "test/data/testkey_atx_psk.pem"; -const char kPUKPrivateKeyPath[] = "test/data/testkey_atx_puk.pem"; -const char kUnlockChallengePath[] = "test/data/atx_unlock_challenge.bin"; -const char kUnlockCredentialPath[] = "test/data/atx_unlock_credential.bin"; + "test/data/cert_permanent_attributes.bin"; +const char kPRKPrivateKeyPath[] = "test/data/testkey_cert_prk.pem"; +const char kPIKPrivateKeyPath[] = "test/data/testkey_cert_pik.pem"; +const char kPSKPrivateKeyPath[] = "test/data/testkey_cert_psk.pem"; +const char kPUKPrivateKeyPath[] = "test/data/testkey_cert_puk.pem"; +const char kUnlockChallengePath[] = "test/data/cert_unlock_challenge.bin"; +const char kUnlockCredentialPath[] = "test/data/cert_unlock_credential.bin"; class ScopedRSA { public: @@ -86,17 +84,17 @@ class ScopedRSA { namespace avb { -class AvbAtxValidateTest : public ::testing::Test, - public FakeAvbOpsDelegateWithDefaults { +class AvbCertValidateTest : public ::testing::Test, + public FakeAvbOpsDelegateWithDefaults { public: - ~AvbAtxValidateTest() override {} + ~AvbCertValidateTest() override {} void SetUp() override { ReadDefaultData(); ops_.set_delegate(this); ops_.set_permanent_attributes(attributes_); - ops_.set_stored_rollback_indexes( - {{AVB_ATX_PIK_VERSION_LOCATION, 0}, {AVB_ATX_PSK_VERSION_LOCATION, 0}}); + ops_.set_stored_rollback_indexes({{AVB_CERT_PIK_VERSION_LOCATION, 0}, + {AVB_CERT_PSK_VERSION_LOCATION, 0}}); } // FakeAvbOpsDelegate methods. @@ -140,9 +138,9 @@ class AvbAtxValidateTest : public ::testing::Test, size_t rollback_index_slot, uint64_t* out_rollback_index) override { if ((fail_read_pik_rollback_index_ && - rollback_index_slot == AVB_ATX_PIK_VERSION_LOCATION) || + rollback_index_slot == AVB_CERT_PIK_VERSION_LOCATION) || (fail_read_psk_rollback_index_ && - rollback_index_slot == AVB_ATX_PSK_VERSION_LOCATION)) { + rollback_index_slot == AVB_CERT_PSK_VERSION_LOCATION)) { return AVB_IO_RESULT_ERROR_IO; } return ops_.read_rollback_index( @@ -193,7 +191,7 @@ class AvbAtxValidateTest : public ::testing::Test, } AvbIOResult read_permanent_attributes( - AvbAtxPermanentAttributes* attributes) override { + AvbCertPermanentAttributes* attributes) override { if (fail_read_permanent_attributes_) { return AVB_IO_RESULT_ERROR_IO; } @@ -226,18 +224,18 @@ class AvbAtxValidateTest : public ::testing::Test, protected: virtual AvbIOResult Validate(bool* is_trusted) { - return avb_atx_validate_vbmeta_public_key( + return avb_cert_validate_vbmeta_public_key( ops_.avb_ops(), metadata_.product_signing_key_certificate.signed_data.public_key, - AVB_ATX_PUBLIC_KEY_SIZE, + AVB_CERT_PUBLIC_KEY_SIZE, reinterpret_cast<const uint8_t*>(&metadata_), sizeof(metadata_), is_trusted); } AvbIOResult ValidateUnlock(bool* is_trusted) { - return avb_atx_validate_unlock_credential( - ops_.avb_atx_ops(), &unlock_credential_, is_trusted); + return avb_cert_validate_unlock_credential( + ops_.avb_cert_ops(), &unlock_credential_, is_trusted); } void SignPIKCertificate() { @@ -247,7 +245,7 @@ class AvbAtxValidateTest : public ::testing::Test, ScopedRSA key(kPRKPrivateKeyPath); ASSERT_TRUE( key.Sign(&metadata_.product_intermediate_key_certificate.signed_data, - sizeof(AvbAtxCertificateSignedData), + sizeof(AvbCertCertificateSignedData), metadata_.product_intermediate_key_certificate.signature)); } @@ -257,7 +255,7 @@ class AvbAtxValidateTest : public ::testing::Test, AVB_RSA4096_NUM_BYTES); ScopedRSA key(kPIKPrivateKeyPath); ASSERT_TRUE(key.Sign(&metadata_.product_signing_key_certificate.signed_data, - sizeof(AvbAtxCertificateSignedData), + sizeof(AvbCertCertificateSignedData), metadata_.product_signing_key_certificate.signature)); } @@ -268,7 +266,7 @@ class AvbAtxValidateTest : public ::testing::Test, ScopedRSA key(kPRKPrivateKeyPath); ASSERT_TRUE(key.Sign( &unlock_credential_.product_intermediate_key_certificate.signed_data, - sizeof(AvbAtxCertificateSignedData), + sizeof(AvbCertCertificateSignedData), unlock_credential_.product_intermediate_key_certificate.signature)); } @@ -279,7 +277,7 @@ class AvbAtxValidateTest : public ::testing::Test, ScopedRSA key(kPIKPrivateKeyPath); ASSERT_TRUE( key.Sign(&unlock_credential_.product_unlock_key_certificate.signed_data, - sizeof(AvbAtxCertificateSignedData), + sizeof(AvbCertCertificateSignedData), unlock_credential_.product_unlock_key_certificate.signature)); } @@ -295,57 +293,57 @@ class AvbAtxValidateTest : public ::testing::Test, // Stage a challenge to be remembered as the 'most recent challenge'. Then // the next call to unlock with |unlock_credential_| is expected to succeed. fake_random_ = unlock_challenge_; - AvbAtxUnlockChallenge challenge; - return (AVB_IO_RESULT_OK == - avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge)); + AvbCertUnlockChallenge challenge; + return (AVB_IO_RESULT_OK == avb_cert_generate_unlock_challenge( + ops_.avb_cert_ops(), &challenge)); } - AvbAtxPermanentAttributes attributes_; - AvbAtxPublicKeyMetadata metadata_; + AvbCertPermanentAttributes attributes_; + AvbCertPublicKeyMetadata metadata_; bool fail_read_permanent_attributes_{false}; bool fail_read_permanent_attributes_hash_{false}; bool fail_read_pik_rollback_index_{false}; bool fail_read_psk_rollback_index_{false}; bool fail_get_random_{false}; std::string fake_random_; - AvbAtxUnlockCredential unlock_credential_; + AvbCertUnlockCredential unlock_credential_; std::string unlock_challenge_; private: void ReadDefaultData() { std::string tmp; ASSERT_TRUE(base::ReadFileToString(base::FilePath(kMetadataPath), &tmp)); - ASSERT_EQ(tmp.size(), sizeof(AvbAtxPublicKeyMetadata)); + ASSERT_EQ(tmp.size(), sizeof(AvbCertPublicKeyMetadata)); memcpy(&metadata_, tmp.data(), tmp.size()); ASSERT_TRUE( base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp)); - ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes)); + ASSERT_EQ(tmp.size(), sizeof(AvbCertPermanentAttributes)); memcpy(&attributes_, tmp.data(), tmp.size()); ASSERT_TRUE(base::ReadFileToString(base::FilePath(kUnlockChallengePath), &unlock_challenge_)); - ASSERT_EQ(size_t(AVB_ATX_UNLOCK_CHALLENGE_SIZE), unlock_challenge_.size()); + ASSERT_EQ(size_t(AVB_CERT_UNLOCK_CHALLENGE_SIZE), unlock_challenge_.size()); ASSERT_TRUE( base::ReadFileToString(base::FilePath(kUnlockCredentialPath), &tmp)); - ASSERT_EQ(tmp.size(), sizeof(AvbAtxUnlockCredential)); + ASSERT_EQ(tmp.size(), sizeof(AvbCertUnlockCredential)); memcpy(&unlock_credential_, tmp.data(), tmp.size()); } }; -TEST_F(AvbAtxValidateTest, Success) { +TEST_F(AvbCertValidateTest, Success) { bool is_trusted = false; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_TRUE(is_trusted); // Check that the key versions were reported correctly. EXPECT_EQ( - ops_.get_verified_rollback_indexes()[AVB_ATX_PIK_VERSION_LOCATION], + ops_.get_verified_rollback_indexes()[AVB_CERT_PIK_VERSION_LOCATION], metadata_.product_intermediate_key_certificate.signed_data.key_version); - EXPECT_EQ(ops_.get_verified_rollback_indexes()[AVB_ATX_PSK_VERSION_LOCATION], + EXPECT_EQ(ops_.get_verified_rollback_indexes()[AVB_CERT_PSK_VERSION_LOCATION], metadata_.product_signing_key_certificate.signed_data.key_version); EXPECT_EQ(2UL, ops_.get_verified_rollback_indexes().size()); } -TEST_F(AvbAtxValidateTest, SuccessAfterNewSign) { +TEST_F(AvbCertValidateTest, SuccessAfterNewSign) { std::string old_pik_sig( reinterpret_cast<char*>( metadata_.product_intermediate_key_certificate.signature), @@ -371,21 +369,21 @@ TEST_F(AvbAtxValidateTest, SuccessAfterNewSign) { EXPECT_TRUE(is_trusted); } -TEST_F(AvbAtxValidateTest, FailReadPermamentAttributes) { +TEST_F(AvbCertValidateTest, FailReadPermamentAttributes) { fail_read_permanent_attributes_ = true; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, FailReadPermamentAttributesHash) { +TEST_F(AvbCertValidateTest, FailReadPermamentAttributesHash) { fail_read_permanent_attributes_hash_ = true; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, UnsupportedPermanentAttributesVersion) { +TEST_F(AvbCertValidateTest, UnsupportedPermanentAttributesVersion) { attributes_.version = 25; ops_.set_permanent_attributes(attributes_); bool is_trusted = true; @@ -393,7 +391,7 @@ TEST_F(AvbAtxValidateTest, UnsupportedPermanentAttributesVersion) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, PermanentAttributesHashMismatch) { +TEST_F(AvbCertValidateTest, PermanentAttributesHashMismatch) { ops_.set_permanent_attributes_hash("bad_hash"); bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); @@ -401,22 +399,22 @@ TEST_F(AvbAtxValidateTest, PermanentAttributesHashMismatch) { } // A fixture with parameterized metadata length. -class AvbAtxValidateTestWithMetadataLength - : public AvbAtxValidateTest, +class AvbCertValidateTestWithMetadataLength + : public AvbCertValidateTest, public ::testing::WithParamInterface<size_t> { protected: AvbIOResult Validate(bool* is_trusted) override { - return avb_atx_validate_vbmeta_public_key( + return avb_cert_validate_vbmeta_public_key( ops_.avb_ops(), metadata_.product_signing_key_certificate.signed_data.public_key, - AVB_ATX_PUBLIC_KEY_SIZE, + AVB_CERT_PUBLIC_KEY_SIZE, reinterpret_cast<const uint8_t*>(&metadata_), GetParam(), is_trusted); } }; -TEST_P(AvbAtxValidateTestWithMetadataLength, InvalidMetadataLength) { +TEST_P(AvbCertValidateTestWithMetadataLength, InvalidMetadataLength) { bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); @@ -424,28 +422,28 @@ TEST_P(AvbAtxValidateTestWithMetadataLength, InvalidMetadataLength) { // Test a bunch of invalid metadata length values. INSTANTIATE_TEST_CASE_P(P, - AvbAtxValidateTestWithMetadataLength, + AvbCertValidateTestWithMetadataLength, ::testing::Values(0, 1, - sizeof(AvbAtxPublicKeyMetadata) - 1, - sizeof(AvbAtxPublicKeyMetadata) + 1, + sizeof(AvbCertPublicKeyMetadata) - 1, + sizeof(AvbCertPublicKeyMetadata) + 1, -1)); -TEST_F(AvbAtxValidateTest, UnsupportedMetadataVersion) { +TEST_F(AvbCertValidateTest, UnsupportedMetadataVersion) { metadata_.version = 25; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, FailReadPIKRollbackIndex) { +TEST_F(AvbCertValidateTest, FailReadPIKRollbackIndex) { fail_read_pik_rollback_index_ = true; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, UnsupportedPIKCertificateVersion) { +TEST_F(AvbCertValidateTest, UnsupportedPIKCertificateVersion) { metadata_.product_intermediate_key_certificate.signed_data.version = 25; SignPIKCertificate(); bool is_trusted = true; @@ -453,42 +451,42 @@ TEST_F(AvbAtxValidateTest, UnsupportedPIKCertificateVersion) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubjectPublicKey) { +TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedSubjectPublicKey) { metadata_.product_intermediate_key_certificate.signed_data.public_key[0] ^= 1; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedSubject) { +TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedSubject) { metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedUsage) { +TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedUsage) { metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, BadPIKCert_ModifiedKeyVersion) { +TEST_F(AvbCertValidateTest, BadPIKCert_ModifiedKeyVersion) { metadata_.product_intermediate_key_certificate.signed_data.key_version ^= 1; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, BadPIKCert_BadSignature) { +TEST_F(AvbCertValidateTest, BadPIKCert_BadSignature) { metadata_.product_intermediate_key_certificate.signature[0] ^= 1; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, PIKCertSubjectIgnored) { +TEST_F(AvbCertValidateTest, PIKCertSubjectIgnored) { metadata_.product_intermediate_key_certificate.signed_data.subject[0] ^= 1; SignPIKCertificate(); bool is_trusted = false; @@ -496,7 +494,7 @@ TEST_F(AvbAtxValidateTest, PIKCertSubjectIgnored) { EXPECT_TRUE(is_trusted); } -TEST_F(AvbAtxValidateTest, PIKCertUnexpectedUsage) { +TEST_F(AvbCertValidateTest, PIKCertUnexpectedUsage) { metadata_.product_intermediate_key_certificate.signed_data.usage[0] ^= 1; SignPIKCertificate(); bool is_trusted = true; @@ -504,25 +502,25 @@ TEST_F(AvbAtxValidateTest, PIKCertUnexpectedUsage) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, PIKRollback) { +TEST_F(AvbCertValidateTest, PIKRollback) { ops_.set_stored_rollback_indexes( - {{AVB_ATX_PIK_VERSION_LOCATION, + {{AVB_CERT_PIK_VERSION_LOCATION, metadata_.product_intermediate_key_certificate.signed_data.key_version + 1}, - {AVB_ATX_PSK_VERSION_LOCATION, 0}}); + {AVB_CERT_PSK_VERSION_LOCATION, 0}}); bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, FailReadPSKRollbackIndex) { +TEST_F(AvbCertValidateTest, FailReadPSKRollbackIndex) { fail_read_psk_rollback_index_ = true; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_ERROR_IO, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, UnsupportedPSKCertificateVersion) { +TEST_F(AvbCertValidateTest, UnsupportedPSKCertificateVersion) { metadata_.product_signing_key_certificate.signed_data.version = 25; SignPSKCertificate(); bool is_trusted = true; @@ -530,42 +528,42 @@ TEST_F(AvbAtxValidateTest, UnsupportedPSKCertificateVersion) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubjectPublicKey) { +TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedSubjectPublicKey) { metadata_.product_signing_key_certificate.signed_data.public_key[0] ^= 1; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedSubject) { +TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedSubject) { metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedUsage) { +TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedUsage) { metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, BadPSKCert_ModifiedKeyVersion) { +TEST_F(AvbCertValidateTest, BadPSKCert_ModifiedKeyVersion) { metadata_.product_signing_key_certificate.signed_data.key_version ^= 1; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, BadPSKCert_BadSignature) { +TEST_F(AvbCertValidateTest, BadPSKCert_BadSignature) { metadata_.product_signing_key_certificate.signature[0] ^= 1; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, PSKCertUnexpectedSubject) { +TEST_F(AvbCertValidateTest, PSKCertUnexpectedSubject) { metadata_.product_signing_key_certificate.signed_data.subject[0] ^= 1; SignPSKCertificate(); bool is_trusted = true; @@ -573,7 +571,7 @@ TEST_F(AvbAtxValidateTest, PSKCertUnexpectedSubject) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, PSKCertUnexpectedUsage) { +TEST_F(AvbCertValidateTest, PSKCertUnexpectedUsage) { metadata_.product_signing_key_certificate.signed_data.usage[0] ^= 1; SignPSKCertificate(); bool is_trusted = true; @@ -581,10 +579,10 @@ TEST_F(AvbAtxValidateTest, PSKCertUnexpectedUsage) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, PSKRollback) { +TEST_F(AvbCertValidateTest, PSKRollback) { ops_.set_stored_rollback_indexes( - {{AVB_ATX_PIK_VERSION_LOCATION, 0}, - {AVB_ATX_PSK_VERSION_LOCATION, + {{AVB_CERT_PIK_VERSION_LOCATION, 0}, + {AVB_CERT_PSK_VERSION_LOCATION, metadata_.product_signing_key_certificate.signed_data.key_version + 1}}); bool is_trusted = true; @@ -593,12 +591,12 @@ TEST_F(AvbAtxValidateTest, PSKRollback) { } // A fixture with parameterized public key length. -class AvbAtxValidateTestWithPublicKeyLength - : public AvbAtxValidateTest, +class AvbCertValidateTestWithPublicKeyLength + : public AvbCertValidateTest, public ::testing::WithParamInterface<size_t> { protected: AvbIOResult Validate(bool* is_trusted) override { - return avb_atx_validate_vbmeta_public_key( + return avb_cert_validate_vbmeta_public_key( ops_.avb_ops(), metadata_.product_signing_key_certificate.signed_data.public_key, GetParam(), @@ -608,7 +606,7 @@ class AvbAtxValidateTestWithPublicKeyLength } }; -TEST_P(AvbAtxValidateTestWithPublicKeyLength, InvalidPublicKeyLength) { +TEST_P(AvbCertValidateTestWithPublicKeyLength, InvalidPublicKeyLength) { bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, Validate(&is_trusted)); EXPECT_FALSE(is_trusted); @@ -616,68 +614,71 @@ TEST_P(AvbAtxValidateTestWithPublicKeyLength, InvalidPublicKeyLength) { // Test a bunch of invalid public key length values. INSTANTIATE_TEST_CASE_P(P, - AvbAtxValidateTestWithPublicKeyLength, + AvbCertValidateTestWithPublicKeyLength, ::testing::Values(0, 1, - AVB_ATX_PUBLIC_KEY_SIZE - 1, - AVB_ATX_PUBLIC_KEY_SIZE + 1, - AVB_ATX_PUBLIC_KEY_SIZE - 512, + AVB_CERT_PUBLIC_KEY_SIZE - 1, + AVB_CERT_PUBLIC_KEY_SIZE + 1, + AVB_CERT_PUBLIC_KEY_SIZE - 512, -1)); -TEST_F(AvbAtxValidateTest, PSKMismatch) { - uint8_t bad_key[AVB_ATX_PUBLIC_KEY_SIZE] = {}; +TEST_F(AvbCertValidateTest, PSKMismatch) { + uint8_t bad_key[AVB_CERT_PUBLIC_KEY_SIZE] = {}; bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, - avb_atx_validate_vbmeta_public_key( + avb_cert_validate_vbmeta_public_key( ops_.avb_ops(), bad_key, - AVB_ATX_PUBLIC_KEY_SIZE, + AVB_CERT_PUBLIC_KEY_SIZE, reinterpret_cast<const uint8_t*>(&metadata_), sizeof(metadata_), &is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, GenerateUnlockChallenge) { - fake_random_ = std::string(AVB_ATX_UNLOCK_CHALLENGE_SIZE, 'C'); - AvbAtxUnlockChallenge challenge; - EXPECT_EQ(AVB_IO_RESULT_OK, - avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge)); +TEST_F(AvbCertValidateTest, GenerateUnlockChallenge) { + fake_random_ = std::string(AVB_CERT_UNLOCK_CHALLENGE_SIZE, 'C'); + AvbCertUnlockChallenge challenge; + EXPECT_EQ( + AVB_IO_RESULT_OK, + avb_cert_generate_unlock_challenge(ops_.avb_cert_ops(), &challenge)); EXPECT_EQ(1UL, challenge.version); EXPECT_EQ(0, memcmp(fake_random_.data(), challenge.challenge, - AVB_ATX_UNLOCK_CHALLENGE_SIZE)); + AVB_CERT_UNLOCK_CHALLENGE_SIZE)); uint8_t expected_pid_hash[AVB_SHA256_DIGEST_SIZE]; - SHA256(attributes_.product_id, AVB_ATX_PRODUCT_ID_SIZE, expected_pid_hash); + SHA256(attributes_.product_id, AVB_CERT_PRODUCT_ID_SIZE, expected_pid_hash); EXPECT_EQ(0, memcmp(expected_pid_hash, challenge.product_id_hash, AVB_SHA256_DIGEST_SIZE)); } -TEST_F(AvbAtxValidateTest, GenerateUnlockChallenge_NoAttributes) { +TEST_F(AvbCertValidateTest, GenerateUnlockChallenge_NoAttributes) { fail_read_permanent_attributes_ = true; - AvbAtxUnlockChallenge challenge; - EXPECT_NE(AVB_IO_RESULT_OK, - avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge)); + AvbCertUnlockChallenge challenge; + EXPECT_NE( + AVB_IO_RESULT_OK, + avb_cert_generate_unlock_challenge(ops_.avb_cert_ops(), &challenge)); } -TEST_F(AvbAtxValidateTest, GenerateUnlockChallenge_NoRNG) { +TEST_F(AvbCertValidateTest, GenerateUnlockChallenge_NoRNG) { fail_get_random_ = true; - AvbAtxUnlockChallenge challenge; - EXPECT_NE(AVB_IO_RESULT_OK, - avb_atx_generate_unlock_challenge(ops_.avb_atx_ops(), &challenge)); + AvbCertUnlockChallenge challenge; + EXPECT_NE( + AVB_IO_RESULT_OK, + avb_cert_generate_unlock_challenge(ops_.avb_cert_ops(), &challenge)); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential) { ASSERT_TRUE(PrepareUnlockCredential()); bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); EXPECT_TRUE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_UnsupportedVersion) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_UnsupportedVersion) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.version++; bool is_trusted = true; @@ -685,7 +686,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_UnsupportedVersion) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_NoAttributes) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_NoAttributes) { PrepareUnlockCredential(); fail_read_permanent_attributes_ = true; bool is_trusted = true; @@ -693,7 +694,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_NoAttributes) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_NoAttributesHash) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_NoAttributesHash) { PrepareUnlockCredential(); fail_read_permanent_attributes_hash_ = true; bool is_trusted = true; @@ -701,7 +702,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_NoAttributesHash) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_UnsupportedAttributesVersion) { ASSERT_TRUE(PrepareUnlockCredential()); attributes_.version = 25; @@ -711,7 +712,7 @@ TEST_F(AvbAtxValidateTest, EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_AttributesHashMismatch) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_AttributesHashMismatch) { ASSERT_TRUE(PrepareUnlockCredential()); ops_.set_permanent_attributes_hash("bad_hash"); bool is_trusted = true; @@ -719,7 +720,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_AttributesHashMismatch) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_FailReadPIKRollbackIndex) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_FailReadPIKRollbackIndex) { ASSERT_TRUE(PrepareUnlockCredential()); fail_read_pik_rollback_index_ = true; bool is_trusted = true; @@ -727,7 +728,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_FailReadPIKRollbackIndex) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_UnsupportedPIKCertificateVersion) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_intermediate_key_certificate.signed_data.version = @@ -738,7 +739,7 @@ TEST_F(AvbAtxValidateTest, EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPIKCert_ModifiedSubjectPublicKey) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_intermediate_key_certificate.signed_data @@ -748,7 +749,7 @@ TEST_F(AvbAtxValidateTest, EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPIKCert_ModifiedSubject) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_intermediate_key_certificate.signed_data @@ -758,7 +759,7 @@ TEST_F(AvbAtxValidateTest, EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPIKCert_ModifiedUsage) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPIKCert_ModifiedUsage) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_intermediate_key_certificate.signed_data .usage[0] ^= 1; @@ -767,7 +768,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPIKCert_ModifiedUsage) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPIKCert_ModifiedKeyVersion) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_intermediate_key_certificate.signed_data @@ -777,7 +778,7 @@ TEST_F(AvbAtxValidateTest, EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPIKCert_BadSignature) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPIKCert_BadSignature) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_intermediate_key_certificate.signature[0] ^= 1; bool is_trusted = true; @@ -785,7 +786,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPIKCert_BadSignature) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKCertSubjectIgnored) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PIKCertSubjectIgnored) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_intermediate_key_certificate.signed_data .subject[0] ^= 1; @@ -795,7 +796,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKCertSubjectIgnored) { EXPECT_TRUE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKCertUnexpectedUsage) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PIKCertUnexpectedUsage) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_intermediate_key_certificate.signed_data .usage[0] ^= 1; @@ -805,20 +806,20 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKCertUnexpectedUsage) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PIKRollback) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PIKRollback) { ASSERT_TRUE(PrepareUnlockCredential()); ops_.set_stored_rollback_indexes( - {{AVB_ATX_PIK_VERSION_LOCATION, + {{AVB_CERT_PIK_VERSION_LOCATION, unlock_credential_.product_intermediate_key_certificate.signed_data .key_version + 1}, - {AVB_ATX_PSK_VERSION_LOCATION, 0}}); + {AVB_CERT_PSK_VERSION_LOCATION, 0}}); bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_FailReadPSKRollbackIndex) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_FailReadPSKRollbackIndex) { ASSERT_TRUE(PrepareUnlockCredential()); fail_read_psk_rollback_index_ = true; bool is_trusted = true; @@ -826,7 +827,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_FailReadPSKRollbackIndex) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_UnsupportedPUKCertificateVersion) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_unlock_key_certificate.signed_data.version = 25; @@ -836,7 +837,7 @@ TEST_F(AvbAtxValidateTest, EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPUKCert_ModifiedSubjectPublicKey) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_unlock_key_certificate.signed_data.public_key[0] ^= @@ -846,7 +847,7 @@ TEST_F(AvbAtxValidateTest, EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPUKCert_ModifiedSubject) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_unlock_key_certificate.signed_data.subject[0] ^= 1; @@ -855,7 +856,7 @@ TEST_F(AvbAtxValidateTest, EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPUKCert_ModifiedUsage) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPUKCert_ModifiedUsage) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_unlock_key_certificate.signed_data.usage[0] ^= 1; bool is_trusted = true; @@ -863,7 +864,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPUKCert_ModifiedUsage) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPUKCert_ModifiedKeyVersion) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_unlock_key_certificate.signed_data.key_version ^= @@ -873,7 +874,7 @@ TEST_F(AvbAtxValidateTest, EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPUKCert_BadSignature) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadPUKCert_BadSignature) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_unlock_key_certificate.signature[0] ^= 1; bool is_trusted = true; @@ -881,7 +882,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadPUKCert_BadSignature) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKCertUnexpectedSubject) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PUKCertUnexpectedSubject) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_unlock_key_certificate.signed_data.subject[0] ^= 1; SignUnlockCredentialPUKCertificate(); @@ -890,7 +891,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKCertUnexpectedSubject) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKCertUnexpectedUsage) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PUKCertUnexpectedUsage) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.product_unlock_key_certificate.signed_data.usage[0] ^= 1; SignUnlockCredentialPUKCertificate(); @@ -899,11 +900,11 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKCertUnexpectedUsage) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKRollback) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_PUKRollback) { ASSERT_TRUE(PrepareUnlockCredential()); ops_.set_stored_rollback_indexes( - {{AVB_ATX_PIK_VERSION_LOCATION, 0}, - {AVB_ATX_PSK_VERSION_LOCATION, + {{AVB_CERT_PIK_VERSION_LOCATION, 0}, + {AVB_CERT_PSK_VERSION_LOCATION, unlock_credential_.product_unlock_key_certificate.signed_data .key_version + 1}}); @@ -912,7 +913,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_PUKRollback) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadChallengeSignature) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_BadChallengeSignature) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_credential_.challenge_signature[10] ^= 1; bool is_trusted = true; @@ -920,7 +921,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_BadChallengeSignature) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_ChallengeMismatch) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_ChallengeMismatch) { ASSERT_TRUE(PrepareUnlockCredential()); unlock_challenge_ = "bad"; SignUnlockCredentialChallenge(kPUKPrivateKeyPath); @@ -929,12 +930,12 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_ChallengeMismatch) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_UnlockWithPSK) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_UnlockWithPSK) { ASSERT_TRUE(PrepareUnlockCredential()); // Copy the PSK cert as the PUK cert. memcpy(&unlock_credential_.product_unlock_key_certificate, &metadata_.product_signing_key_certificate, - sizeof(AvbAtxCertificate)); + sizeof(AvbCertCertificate)); // Sign the challenge with the PSK instead of the PUK. SignUnlockCredentialChallenge(kPSKPrivateKeyPath); bool is_trusted = true; @@ -942,7 +943,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_UnlockWithPSK) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_ReplayChallenge) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_ReplayChallenge) { ASSERT_TRUE(PrepareUnlockCredential()); bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); @@ -952,7 +953,7 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_ReplayChallenge) { EXPECT_FALSE(is_trusted); } -TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_MultipleUnlock) { +TEST_F(AvbCertValidateTest, ValidateUnlockCredential_MultipleUnlock) { ASSERT_TRUE(PrepareUnlockCredential()); bool is_trusted = true; EXPECT_EQ(AVB_IO_RESULT_OK, ValidateUnlock(&is_trusted)); @@ -963,15 +964,15 @@ TEST_F(AvbAtxValidateTest, ValidateUnlockCredential_MultipleUnlock) { EXPECT_TRUE(is_trusted); } -// A fixture for testing avb_slot_verify() with ATX. -class AvbAtxSlotVerifyTest : public BaseAvbToolTest, - public FakeAvbOpsDelegateWithDefaults { +// A fixture for testing avb_slot_verify() with libavb_cert. +class AvbCertSlotVerifyTest : public BaseAvbToolTest, + public FakeAvbOpsDelegateWithDefaults { public: - ~AvbAtxSlotVerifyTest() override = default; + ~AvbCertSlotVerifyTest() override = default; void SetUp() override { BaseAvbToolTest::SetUp(); - ReadAtxDefaultData(); + ReadCertDefaultData(); ops_.set_partition_dir(testdir_); ops_.set_delegate(this); ops_.set_permanent_attributes(attributes_); @@ -979,8 +980,8 @@ class AvbAtxSlotVerifyTest : public BaseAvbToolTest, {1, 0}, {2, 0}, {3, 0}, - {AVB_ATX_PIK_VERSION_LOCATION, 0}, - {AVB_ATX_PSK_VERSION_LOCATION, 0}}); + {AVB_CERT_PIK_VERSION_LOCATION, 0}, + {AVB_CERT_PSK_VERSION_LOCATION, 0}}); ops_.set_stored_is_device_unlocked(false); } @@ -991,41 +992,41 @@ class AvbAtxSlotVerifyTest : public BaseAvbToolTest, const uint8_t* public_key_metadata, size_t public_key_metadata_length, bool* out_key_is_trusted) override { - // Send to ATX implementation. - ++num_atx_calls_; - return avb_atx_validate_vbmeta_public_key(ops_.avb_ops(), - public_key_data, - public_key_length, - public_key_metadata, - public_key_metadata_length, - out_key_is_trusted); + // Send to libavb_cert implementation. + ++num_cert_calls_; + return avb_cert_validate_vbmeta_public_key(ops_.avb_ops(), + public_key_data, + public_key_length, + public_key_metadata, + public_key_metadata_length, + out_key_is_trusted); } protected: - AvbAtxPermanentAttributes attributes_; - int num_atx_calls_ = 0; + AvbCertPermanentAttributes attributes_; + int num_cert_calls_ = 0; private: - void ReadAtxDefaultData() { + void ReadCertDefaultData() { std::string tmp; ASSERT_TRUE( base::ReadFileToString(base::FilePath(kPermanentAttributesPath), &tmp)); - ASSERT_EQ(tmp.size(), sizeof(AvbAtxPermanentAttributes)); + ASSERT_EQ(tmp.size(), sizeof(AvbCertPermanentAttributes)); memcpy(&attributes_, tmp.data(), tmp.size()); } }; -TEST_F(AvbAtxSlotVerifyTest, SlotVerifyWithAtx) { +TEST_F(AvbCertSlotVerifyTest, SlotVerifyWithCert) { std::string metadata_option = "--public_key_metadata="; metadata_option += kMetadataPath; GenerateVBMetaImage("vbmeta_a.img", "SHA512_RSA4096", 0, - base::FilePath("test/data/testkey_atx_psk.pem"), + base::FilePath("test/data/testkey_cert_psk.pem"), metadata_option); ops_.set_expected_public_key( - PublicKeyAVB(base::FilePath("test/data/testkey_atx_psk.pem"))); + PublicKeyAVB(base::FilePath("test/data/testkey_cert_psk.pem"))); AvbSlotVerifyData* slot_data = NULL; const char* requested_partitions[] = {"boot", NULL}; @@ -1038,7 +1039,7 @@ TEST_F(AvbAtxSlotVerifyTest, SlotVerifyWithAtx) { &slot_data)); EXPECT_NE(nullptr, slot_data); avb_slot_verify_data_free(slot_data); - EXPECT_EQ(1, num_atx_calls_); + EXPECT_EQ(1, num_cert_calls_); } } // namespace avb diff --git a/test/avbtool_unittest.cc b/test/avbtool_unittest.cc index 753aaca..7e5a453 100644 --- a/test/avbtool_unittest.cc +++ b/test/avbtool_unittest.cc @@ -3453,131 +3453,131 @@ TEST_F(AvbToolTest_PrintRequiredVersion, Vbmeta_1_2) { PrintWithMakeVbmetaImage(2); } -TEST_F(AvbToolTest, MakeAtxPikCertificate) { +TEST_F(AvbToolTest, MakeCertPikCertificate) { base::FilePath subject_path = testdir_.Append("tmp_subject"); ASSERT_TRUE(base::WriteFile(subject_path, "fake PIK subject", 16)); base::FilePath pubkey_path = testdir_.Append("tmp_pubkey.pem"); EXPECT_COMMAND( 0, - "openssl pkey -pubout -in test/data/testkey_atx_pik.pem -out %s", + "openssl pkey -pubout -in test/data/testkey_cert_pik.pem -out %s", pubkey_path.value().c_str()); base::FilePath output_path = testdir_.Append("tmp_certificate.bin"); EXPECT_COMMAND(0, - "./avbtool.py make_atx_certificate" + "./avbtool.py make_certificate" " --subject %s" " --subject_key %s" " --subject_key_version 42" " --subject_is_intermediate_authority" - " --authority_key test/data/testkey_atx_prk.pem" + " --authority_key test/data/testkey_cert_prk.pem" " --output %s", subject_path.value().c_str(), pubkey_path.value().c_str(), output_path.value().c_str()); EXPECT_COMMAND(0, - "diff test/data/atx_pik_certificate.bin %s", + "diff test/data/cert_pik_certificate.bin %s", output_path.value().c_str()); } -TEST_F(AvbToolTest, MakeAtxPskCertificate) { +TEST_F(AvbToolTest, MakeCertPskCertificate) { base::FilePath pubkey_path = testdir_.Append("tmp_pubkey.pem"); EXPECT_COMMAND( 0, - "openssl pkey -pubout -in test/data/testkey_atx_psk.pem -out %s", + "openssl pkey -pubout -in test/data/testkey_cert_psk.pem -out %s", pubkey_path.value().c_str()); base::FilePath output_path = testdir_.Append("tmp_certificate.bin"); EXPECT_COMMAND(0, - "./avbtool.py make_atx_certificate" - " --subject test/data/atx_product_id.bin" + "./avbtool.py make_certificate" + " --subject test/data/cert_product_id.bin" " --subject_key %s" " --subject_key_version 42" - " --authority_key test/data/testkey_atx_pik.pem" + " --authority_key test/data/testkey_cert_pik.pem" " --output %s", pubkey_path.value().c_str(), output_path.value().c_str()); EXPECT_COMMAND(0, - "diff test/data/atx_psk_certificate.bin %s", + "diff test/data/cert_psk_certificate.bin %s", output_path.value().c_str()); } -TEST_F(AvbToolTest, MakeAtxPukCertificate) { +TEST_F(AvbToolTest, MakeCertPukCertificate) { base::FilePath pubkey_path = testdir_.Append("tmp_pubkey.pem"); EXPECT_COMMAND( 0, - "openssl pkey -pubout -in test/data/testkey_atx_puk.pem -out %s", + "openssl pkey -pubout -in test/data/testkey_cert_puk.pem -out %s", pubkey_path.value().c_str()); base::FilePath output_path = testdir_.Append("tmp_certificate.bin"); EXPECT_COMMAND(0, - "./avbtool.py make_atx_certificate" - " --subject test/data/atx_product_id.bin" + "./avbtool.py make_certificate" + " --subject test/data/cert_product_id.bin" " --subject_key %s" " --subject_key_version 42" " --usage com.google.android.things.vboot.unlock" - " --authority_key test/data/testkey_atx_pik.pem" + " --authority_key test/data/testkey_cert_pik.pem" " --output %s", pubkey_path.value().c_str(), output_path.value().c_str()); EXPECT_COMMAND(0, - "diff test/data/atx_puk_certificate.bin %s", + "diff test/data/cert_puk_certificate.bin %s", output_path.value().c_str()); } -TEST_F(AvbToolTest, MakeAtxPermanentAttributes) { +TEST_F(AvbToolTest, MakeCertPermanentAttributes) { base::FilePath pubkey_path = testdir_.Append("tmp_pubkey.pem"); EXPECT_COMMAND( 0, - "openssl pkey -pubout -in test/data/testkey_atx_prk.pem -out %s", + "openssl pkey -pubout -in test/data/testkey_cert_prk.pem -out %s", pubkey_path.value().c_str()); base::FilePath output_path = testdir_.Append("tmp_attributes.bin"); EXPECT_COMMAND(0, - "./avbtool.py make_atx_permanent_attributes" + "./avbtool.py make_cert_permanent_attributes" " --root_authority_key %s" - " --product_id test/data/atx_product_id.bin" + " --product_id test/data/cert_product_id.bin" " --output %s", pubkey_path.value().c_str(), output_path.value().c_str()); EXPECT_COMMAND(0, - "diff test/data/atx_permanent_attributes.bin %s", + "diff test/data/cert_permanent_attributes.bin %s", output_path.value().c_str()); } -TEST_F(AvbToolTest, MakeAtxMetadata) { +TEST_F(AvbToolTest, MakeCertMetadata) { base::FilePath output_path = testdir_.Append("tmp_metadata.bin"); EXPECT_COMMAND( 0, - "./avbtool.py make_atx_metadata" - " --intermediate_key_certificate test/data/atx_pik_certificate.bin" - " --product_key_certificate test/data/atx_psk_certificate.bin" + "./avbtool.py make_cert_metadata" + " --intermediate_key_certificate test/data/cert_pik_certificate.bin" + " --product_key_certificate test/data/cert_psk_certificate.bin" " --output %s", output_path.value().c_str()); EXPECT_COMMAND( - 0, "diff test/data/atx_metadata.bin %s", output_path.value().c_str()); + 0, "diff test/data/cert_metadata.bin %s", output_path.value().c_str()); } -TEST_F(AvbToolTest, MakeAtxUnlockCredential) { +TEST_F(AvbToolTest, MakeCertUnlockCredential) { base::FilePath output_path = testdir_.Append("tmp_credential.bin"); EXPECT_COMMAND( 0, - "./avbtool.py make_atx_unlock_credential" - " --intermediate_key_certificate test/data/atx_pik_certificate.bin" - " --unlock_key_certificate test/data/atx_puk_certificate.bin" - " --challenge test/data/atx_unlock_challenge.bin" - " --unlock_key test/data/testkey_atx_puk.pem" + "./avbtool.py make_cert_unlock_credential" + " --intermediate_key_certificate test/data/cert_pik_certificate.bin" + " --unlock_key_certificate test/data/cert_puk_certificate.bin" + " --challenge test/data/cert_unlock_challenge.bin" + " --unlock_key test/data/testkey_cert_puk.pem" " --output %s", output_path.value().c_str()); EXPECT_COMMAND(0, - "diff test/data/atx_unlock_credential.bin %s", + "diff test/data/cert_unlock_credential.bin %s", output_path.value().c_str()); } diff --git a/test/data/atx_metadata.bin b/test/data/cert_metadata.bin Binary files differindex 58666a1..58666a1 100644 --- a/test/data/atx_metadata.bin +++ b/test/data/cert_metadata.bin diff --git a/test/data/atx_permanent_attributes.bin b/test/data/cert_permanent_attributes.bin Binary files differindex 51ab594..51ab594 100644 --- a/test/data/atx_permanent_attributes.bin +++ b/test/data/cert_permanent_attributes.bin diff --git a/test/data/atx_pik_certificate.bin b/test/data/cert_pik_certificate.bin Binary files differindex 6e01e6c..6e01e6c 100644 --- a/test/data/atx_pik_certificate.bin +++ b/test/data/cert_pik_certificate.bin diff --git a/test/data/atx_product_id.bin b/test/data/cert_product_id.bin Binary files differindex 01d633b..01d633b 100644 --- a/test/data/atx_product_id.bin +++ b/test/data/cert_product_id.bin diff --git a/test/data/atx_psk_certificate.bin b/test/data/cert_psk_certificate.bin Binary files differindex c0cfeda..c0cfeda 100644 --- a/test/data/atx_psk_certificate.bin +++ b/test/data/cert_psk_certificate.bin diff --git a/test/data/atx_puk_certificate.bin b/test/data/cert_puk_certificate.bin Binary files differindex 0e02cfe..0e02cfe 100644 --- a/test/data/atx_puk_certificate.bin +++ b/test/data/cert_puk_certificate.bin diff --git a/test/data/atx_unlock_challenge.bin b/test/data/cert_unlock_challenge.bin index 23494f9..23494f9 100644 --- a/test/data/atx_unlock_challenge.bin +++ b/test/data/cert_unlock_challenge.bin diff --git a/test/data/atx_unlock_credential.bin b/test/data/cert_unlock_credential.bin Binary files differindex b5b46d9..b5b46d9 100644 --- a/test/data/atx_unlock_credential.bin +++ b/test/data/cert_unlock_credential.bin diff --git a/test/data/testkey_atx_pik.pem b/test/data/testkey_cert_pik.pem index 5f34cb9..5f34cb9 100644 --- a/test/data/testkey_atx_pik.pem +++ b/test/data/testkey_cert_pik.pem diff --git a/test/data/testkey_atx_prk.pem b/test/data/testkey_cert_prk.pem index 17a8cce..17a8cce 100644 --- a/test/data/testkey_atx_prk.pem +++ b/test/data/testkey_cert_prk.pem diff --git a/test/data/testkey_atx_psk.pem b/test/data/testkey_cert_psk.pem index 71bfebf..71bfebf 100644 --- a/test/data/testkey_atx_psk.pem +++ b/test/data/testkey_cert_psk.pem diff --git a/test/data/testkey_atx_puk.pem b/test/data/testkey_cert_puk.pem index c8053be..c8053be 100644 --- a/test/data/testkey_atx_puk.pem +++ b/test/data/testkey_cert_puk.pem diff --git a/test/fake_avb_ops.cc b/test/fake_avb_ops.cc index 0f4db5a..517770e 100644 --- a/test/fake_avb_ops.cc +++ b/test/fake_avb_ops.cc @@ -398,7 +398,7 @@ AvbIOResult FakeAvbOps::write_persistent_value(const char* name, } AvbIOResult FakeAvbOps::read_permanent_attributes( - AvbAtxPermanentAttributes* attributes) { + AvbCertPermanentAttributes* attributes) { *attributes = permanent_attributes_; return AVB_IO_RESULT_OK; } @@ -407,7 +407,7 @@ AvbIOResult FakeAvbOps::read_permanent_attributes_hash( uint8_t hash[AVB_SHA256_DIGEST_SIZE]) { if (permanent_attributes_hash_.empty()) { SHA256(reinterpret_cast<const unsigned char*>(&permanent_attributes_), - sizeof(AvbAtxPermanentAttributes), + sizeof(AvbCertPermanentAttributes), hash); return AVB_IO_RESULT_OK; } @@ -560,31 +560,31 @@ static AvbIOResult my_ops_write_persistent_value(AvbOps* ops, } static AvbIOResult my_ops_read_permanent_attributes( - AvbAtxOps* atx_ops, AvbAtxPermanentAttributes* attributes) { - return FakeAvbOps::GetInstanceFromAvbOps(atx_ops->ops) + AvbCertOps* cert_ops, AvbCertPermanentAttributes* attributes) { + return FakeAvbOps::GetInstanceFromAvbOps(cert_ops->ops) ->delegate() ->read_permanent_attributes(attributes); } static AvbIOResult my_ops_read_permanent_attributes_hash( - AvbAtxOps* atx_ops, uint8_t hash[AVB_SHA256_DIGEST_SIZE]) { - return FakeAvbOps::GetInstanceFromAvbOps(atx_ops->ops) + AvbCertOps* cert_ops, uint8_t hash[AVB_SHA256_DIGEST_SIZE]) { + return FakeAvbOps::GetInstanceFromAvbOps(cert_ops->ops) ->delegate() ->read_permanent_attributes_hash(hash); } -static void my_ops_set_key_version(AvbAtxOps* atx_ops, +static void my_ops_set_key_version(AvbCertOps* cert_ops, size_t rollback_index_location, uint64_t key_version) { - return FakeAvbOps::GetInstanceFromAvbOps(atx_ops->ops) + return FakeAvbOps::GetInstanceFromAvbOps(cert_ops->ops) ->delegate() ->set_key_version(rollback_index_location, key_version); } -static AvbIOResult my_ops_get_random(AvbAtxOps* atx_ops, +static AvbIOResult my_ops_get_random(AvbCertOps* cert_ops, size_t num_bytes, uint8_t* output) { - return FakeAvbOps::GetInstanceFromAvbOps(atx_ops->ops) + return FakeAvbOps::GetInstanceFromAvbOps(cert_ops->ops) ->delegate() ->get_random(num_bytes, output); } @@ -592,7 +592,7 @@ static AvbIOResult my_ops_get_random(AvbAtxOps* atx_ops, FakeAvbOps::FakeAvbOps() { memset(&avb_ops_, 0, sizeof(avb_ops_)); avb_ops_.ab_ops = &avb_ab_ops_; - avb_ops_.atx_ops = &avb_atx_ops_; + avb_ops_.cert_ops = &avb_cert_ops_; avb_ops_.user_data = this; avb_ops_.read_from_partition = my_ops_read_from_partition; avb_ops_.write_to_partition = my_ops_write_to_partition; @@ -612,12 +612,12 @@ FakeAvbOps::FakeAvbOps() { avb_ab_ops_.read_ab_metadata = avb_ab_data_read; avb_ab_ops_.write_ab_metadata = avb_ab_data_write; - avb_atx_ops_.ops = &avb_ops_; - avb_atx_ops_.read_permanent_attributes = my_ops_read_permanent_attributes; - avb_atx_ops_.read_permanent_attributes_hash = + avb_cert_ops_.ops = &avb_ops_; + avb_cert_ops_.read_permanent_attributes = my_ops_read_permanent_attributes; + avb_cert_ops_.read_permanent_attributes_hash = my_ops_read_permanent_attributes_hash; - avb_atx_ops_.set_key_version = my_ops_set_key_version; - avb_atx_ops_.get_random = my_ops_get_random; + avb_cert_ops_.set_key_version = my_ops_set_key_version; + avb_cert_ops_.get_random = my_ops_get_random; delegate_ = this; } diff --git a/test/fake_avb_ops.h b/test/fake_avb_ops.h index 5dea5bd..8d9e49b 100644 --- a/test/fake_avb_ops.h +++ b/test/fake_avb_ops.h @@ -26,13 +26,13 @@ #define FAKE_AVB_OPS_H_ #include <base/files/file_util.h> +#include <libavb_ab/libavb_ab.h> +#include <libavb_cert/libavb_cert.h> + #include <map> #include <set> #include <string> -#include <libavb_ab/libavb_ab.h> -#include <libavb_atx/libavb_atx.h> - namespace avb { // A delegate interface for ops callbacks. This allows tests to override default @@ -106,7 +106,7 @@ class FakeAvbOpsDelegate { uint32_t* out_rollback_index_location) = 0; virtual AvbIOResult read_permanent_attributes( - AvbAtxPermanentAttributes* attributes) = 0; + AvbCertPermanentAttributes* attributes) = 0; virtual AvbIOResult read_permanent_attributes_hash( uint8_t hash[AVB_SHA256_DIGEST_SIZE]) = 0; @@ -139,8 +139,8 @@ class FakeAvbOps : public FakeAvbOpsDelegate { return &avb_ab_ops_; } - AvbAtxOps* avb_atx_ops() { - return &avb_atx_ops_; + AvbCertOps* avb_cert_ops() { + return &avb_cert_ops_; } FakeAvbOpsDelegate* delegate() { @@ -192,7 +192,7 @@ class FakeAvbOps : public FakeAvbOpsDelegate { stored_is_device_unlocked_ = stored_is_device_unlocked; } - void set_permanent_attributes(const AvbAtxPermanentAttributes& attributes) { + void set_permanent_attributes(const AvbCertPermanentAttributes& attributes) { permanent_attributes_ = attributes; } @@ -283,7 +283,7 @@ class FakeAvbOps : public FakeAvbOpsDelegate { uint32_t* out_rollback_index_location) override; AvbIOResult read_permanent_attributes( - AvbAtxPermanentAttributes* attributes) override; + AvbCertPermanentAttributes* attributes) override; AvbIOResult read_permanent_attributes_hash( uint8_t hash[AVB_SHA256_DIGEST_SIZE]) override; @@ -296,7 +296,7 @@ class FakeAvbOps : public FakeAvbOpsDelegate { private: AvbOps avb_ops_; AvbABOps avb_ab_ops_; - AvbAtxOps avb_atx_ops_; + AvbCertOps avb_cert_ops_; FakeAvbOpsDelegate* delegate_; @@ -314,7 +314,7 @@ class FakeAvbOps : public FakeAvbOpsDelegate { bool stored_is_device_unlocked_; - AvbAtxPermanentAttributes permanent_attributes_; + AvbCertPermanentAttributes permanent_attributes_; std::string permanent_attributes_hash_; std::set<std::string> partition_names_read_from_; @@ -434,7 +434,7 @@ class FakeAvbOpsDelegateWithDefaults : public FakeAvbOpsDelegate { } AvbIOResult read_permanent_attributes( - AvbAtxPermanentAttributes* attributes) override { + AvbCertPermanentAttributes* attributes) override { return ops_.read_permanent_attributes(attributes); } diff --git a/test/user_code_test.cc b/test/user_code_test.cc index fd851f3..8c449c3 100644 --- a/test/user_code_test.cc +++ b/test/user_code_test.cc @@ -26,4 +26,4 @@ // defining AVB_COMPILATION (which user code must not). #include "libavb/libavb.h" #include "libavb_ab/libavb_ab.h" -#include "libavb_atx/libavb_atx.h" +#include "libavb_cert/libavb_cert.h" diff --git a/tools/at_auth_unlock.py b/tools/at_auth_unlock.py index c7e6869..ee08040 100755 --- a/tools/at_auth_unlock.py +++ b/tools/at_auth_unlock.py @@ -99,7 +99,7 @@ class UnlockCredentials(object): unlock_cert_file, unlock_key_file, source_file=None): - # The certificates are AvbAtxCertificate structs as defined in libavb_atx, + # The certificates are AvbCertCertificate structs as defined in libavb_cert, # not an X.509 certificate. Do a basic length sanity check when reading # them. EXPECTED_CERTIFICATE_SIZE = 1620 @@ -199,10 +199,10 @@ class UnlockCredentials(object): class UnlockChallenge(object): - """Helper class for parsing the AvbAtxUnlockChallenge struct returned from 'fastboot oem at-get-vboot-unlock-challenge'. + """Helper class for parsing the AvbCertUnlockChallenge struct returned from 'fastboot oem at-get-vboot-unlock-challenge'. The file provided to the constructor should be the full 52-byte - AvbAtxUnlockChallenge struct, not just the challenge itself. + AvbCertUnlockChallenge struct, not just the challenge itself. """ def __init__(self, challenge_file): @@ -230,8 +230,8 @@ class UnlockChallenge(object): return self._challenge_data -def GetAtxCertificateSubject(cert): - """Parses and returns the subject field from the given AvbAtxCertificate struct.""" +def GetCertCertificateSubject(cert): + """Parses and returns the subject field from the given AvbCertCertificate struct.""" CERT_SUBJECT_OFFSET = 4 + 1032 # Format version and public key come before subject CERT_SUBJECT_LENGTH = 32 return cert[CERT_SUBJECT_OFFSET:CERT_SUBJECT_OFFSET + CERT_SUBJECT_LENGTH] @@ -251,12 +251,12 @@ def SelectMatchingUnlockCredential(all_creds, challenge): 'fastboot oem at-get-vboot-unlock-challenge'. """ for creds in all_creds: - if GetAtxCertificateSubject(creds.unlock_cert) == challenge.product_id_hash: + if GetCertCertificateSubject(creds.unlock_cert) == challenge.product_id_hash: return creds -def MakeAtxUnlockCredential(creds, challenge, out_file): - """Simple reimplementation of 'avbtool make_atx_unlock_credential'. +def MakeCertUnlockCredential(creds, challenge, out_file): + """Simple reimplementation of 'avbtool make_cert_unlock_credential'. Generates an Android Things authenticated unlock credential to authorize unlocking AVB on a device. @@ -271,7 +271,7 @@ def MakeAtxUnlockCredential(creds, challenge, out_file): certificate, and PUK private key. challenge: UnlockChallenge object created from challenge obtained via 'fastboot oem at-get-vboot-unlock-challenge'. - out_file: Output filename to write the AvbAtxUnlockCredential struct to. + out_file: Output filename to write the AvbCertUnlockCredential struct to. Raises: ValueError: If challenge has wrong length. @@ -333,7 +333,7 @@ def AuthenticatedUnlock(all_creds, serial=None, verbose=False): if selected_cred.source_file: print('Found matching unlock credentials: {}'.format( selected_cred.source_file)) - MakeAtxUnlockCredential(selected_cred, challenge, credential_file) + MakeCertUnlockCredential(selected_cred, challenge, credential_file) fastboot_cmd(['stage', credential_file]) fastboot_cmd(['oem', 'at-unlock-vboot']) |