[avb][test] Move test util methods to a separate module
Bug: 256148034
Test: atest libpvmfw_avb.integration_test
Change-Id: Ibd24eadd1d8d8d6007dab9f63a28c963790a8563
diff --git a/pvmfw/avb/Android.bp b/pvmfw/avb/Android.bp
index 0527dfb..837f747 100644
--- a/pvmfw/avb/Android.bp
+++ b/pvmfw/avb/Android.bp
@@ -27,7 +27,7 @@
rust_test {
name: "libpvmfw_avb.integration_test",
crate_name: "pvmfw_avb_test",
- srcs: ["tests/*_test.rs"],
+ srcs: ["tests/*.rs"],
test_suites: ["general-tests"],
data: [
":avb_testkey_rsa2048_pub_bin",
diff --git a/pvmfw/avb/tests/api_test.rs b/pvmfw/avb/tests/api_test.rs
index 872ad63..2bd46d5 100644
--- a/pvmfw/avb/tests/api_test.rs
+++ b/pvmfw/avb/tests/api_test.rs
@@ -14,54 +14,48 @@
* limitations under the License.
*/
-use anyhow::Result;
-use avb_bindgen::{
- avb_footer_validate_and_byteswap, avb_vbmeta_image_header_to_host_byte_order, AvbFooter,
- AvbVBMetaImageHeader,
-};
-use pvmfw_avb::{verify_payload, AvbSlotVerifyError};
-use std::{
- fs,
- mem::{size_of, transmute, MaybeUninit},
- ptr,
-};
+mod utils;
-const MICRODROID_KERNEL_IMG_PATH: &str = "microdroid_kernel";
-const INITRD_NORMAL_IMG_PATH: &str = "microdroid_initrd_normal.img";
-const INITRD_DEBUG_IMG_PATH: &str = "microdroid_initrd_debuggable.img";
+use anyhow::Result;
+use avb_bindgen::{AvbFooter, AvbVBMetaImageHeader};
+use pvmfw_avb::AvbSlotVerifyError;
+use std::{fs, mem::size_of, ptr};
+use utils::*;
+
const TEST_IMG_WITH_ONE_HASHDESC_PATH: &str = "test_image_with_one_hashdesc.img";
const TEST_IMG_WITH_PROP_DESC_PATH: &str = "test_image_with_prop_desc.img";
const TEST_IMG_WITH_NON_INITRD_HASHDESC_PATH: &str = "test_image_with_non_initrd_hashdesc.img";
const UNSIGNED_TEST_IMG_PATH: &str = "unsigned_test.img";
-const PUBLIC_KEY_RSA2048_PATH: &str = "data/testkey_rsa2048_pub.bin";
-const PUBLIC_KEY_RSA4096_PATH: &str = "data/testkey_rsa4096_pub.bin";
const RANDOM_FOOTER_POS: usize = 30;
/// This test uses the Microdroid payload compiled on the fly to check that
/// the latest payload can be verified successfully.
#[test]
fn latest_normal_payload_passes_verification() -> Result<()> {
- assert_payload_verification_succeeds(
+ assert_payload_verification_with_initrd_eq(
&load_latest_signed_kernel()?,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
+ Ok(()),
)
}
#[test]
fn latest_debug_payload_passes_verification() -> Result<()> {
- assert_payload_verification_succeeds(
+ assert_payload_verification_with_initrd_eq(
&load_latest_signed_kernel()?,
&load_latest_initrd_debug()?,
&load_trusted_public_key()?,
+ Ok(()),
)
}
#[test]
fn payload_expecting_no_initrd_passes_verification_with_no_initrd() -> Result<()> {
- assert_payload_verification_with_no_initrd_eq(
+ assert_payload_verification_eq(
&fs::read(TEST_IMG_WITH_ONE_HASHDESC_PATH)?,
+ /*initrd=*/ None,
&load_trusted_public_key()?,
Ok(()),
)
@@ -69,8 +63,9 @@
#[test]
fn payload_with_non_initrd_descriptor_passes_verification_with_no_initrd() -> Result<()> {
- assert_payload_verification_with_no_initrd_eq(
+ assert_payload_verification_eq(
&fs::read(TEST_IMG_WITH_NON_INITRD_HASHDESC_PATH)?,
+ /*initrd=*/ None,
&load_trusted_public_key()?,
Ok(()),
)
@@ -78,8 +73,9 @@
#[test]
fn payload_with_prop_descriptor_fails_verification_with_no_initrd() -> Result<()> {
- assert_payload_verification_with_no_initrd_eq(
+ assert_payload_verification_eq(
&fs::read(TEST_IMG_WITH_PROP_DESC_PATH)?,
+ /*initrd=*/ None,
&load_trusted_public_key()?,
Err(AvbSlotVerifyError::InvalidMetadata),
)
@@ -87,8 +83,9 @@
#[test]
fn payload_expecting_initrd_fails_verification_with_no_initrd() -> Result<()> {
- assert_payload_verification_with_no_initrd_eq(
+ assert_payload_verification_eq(
&load_latest_signed_kernel()?,
+ /*initrd=*/ None,
&load_trusted_public_key()?,
Err(AvbSlotVerifyError::InvalidMetadata),
)
@@ -96,41 +93,41 @@
#[test]
fn payload_with_empty_public_key_fails_verification() -> Result<()> {
- assert_payload_verification_fails(
+ assert_payload_verification_with_initrd_eq(
&load_latest_signed_kernel()?,
&load_latest_initrd_normal()?,
/*trusted_public_key=*/ &[0u8; 0],
- AvbSlotVerifyError::PublicKeyRejected,
+ Err(AvbSlotVerifyError::PublicKeyRejected),
)
}
#[test]
fn payload_with_an_invalid_public_key_fails_verification() -> Result<()> {
- assert_payload_verification_fails(
+ assert_payload_verification_with_initrd_eq(
&load_latest_signed_kernel()?,
&load_latest_initrd_normal()?,
/*trusted_public_key=*/ &[0u8; 512],
- AvbSlotVerifyError::PublicKeyRejected,
+ Err(AvbSlotVerifyError::PublicKeyRejected),
)
}
#[test]
fn payload_with_a_different_valid_public_key_fails_verification() -> Result<()> {
- assert_payload_verification_fails(
+ assert_payload_verification_with_initrd_eq(
&load_latest_signed_kernel()?,
&load_latest_initrd_normal()?,
&fs::read(PUBLIC_KEY_RSA2048_PATH)?,
- AvbSlotVerifyError::PublicKeyRejected,
+ Err(AvbSlotVerifyError::PublicKeyRejected),
)
}
#[test]
fn unsigned_kernel_fails_verification() -> Result<()> {
- assert_payload_verification_fails(
+ assert_payload_verification_with_initrd_eq(
&fs::read(UNSIGNED_TEST_IMG_PATH)?,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Io,
+ Err(AvbSlotVerifyError::Io),
)
}
@@ -139,11 +136,11 @@
let mut kernel = load_latest_signed_kernel()?;
kernel[1] = !kernel[1]; // Flip the bits
- assert_payload_verification_fails(
+ assert_payload_verification_with_initrd_eq(
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Verification,
+ Err(AvbSlotVerifyError::Verification),
)
}
@@ -153,11 +150,11 @@
let avb_footer_index = kernel.len() - size_of::<AvbFooter>() + RANDOM_FOOTER_POS;
kernel[avb_footer_index] = !kernel[avb_footer_index];
- assert_payload_verification_fails(
+ assert_payload_verification_with_initrd_eq(
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::InvalidMetadata,
+ Err(AvbSlotVerifyError::InvalidMetadata),
)
}
@@ -169,11 +166,11 @@
kernel[vbmeta_index] = !kernel[vbmeta_index]; // Flip the bits
- assert_payload_verification_fails(
+ assert_payload_verification_with_initrd_eq(
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::InvalidMetadata,
+ Err(AvbSlotVerifyError::InvalidMetadata),
)
}
@@ -192,17 +189,17 @@
kernel[public_key_offset..(public_key_offset + public_key_size)]
.copy_from_slice(&empty_public_key);
- assert_payload_verification_fails(
+ assert_payload_verification_with_initrd_eq(
&kernel,
&load_latest_initrd_normal()?,
&empty_public_key,
- AvbSlotVerifyError::Verification,
+ Err(AvbSlotVerifyError::Verification),
)?;
- assert_payload_verification_fails(
+ assert_payload_verification_with_initrd_eq(
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Verification,
+ Err(AvbSlotVerifyError::Verification),
)
}
@@ -234,81 +231,10 @@
AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED, vbmeta_header.flags as u32,
"VBMeta verification flag should be disabled now."
);
- assert_payload_verification_fails(
+ assert_payload_verification_with_initrd_eq(
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- AvbSlotVerifyError::Verification,
+ Err(AvbSlotVerifyError::Verification),
)
}
-
-fn extract_avb_footer(kernel: &[u8]) -> Result<AvbFooter> {
- let footer_start = kernel.len() - size_of::<AvbFooter>();
- // SAFETY: The slice is the same size as the struct which only contains simple data types.
- let mut footer = unsafe {
- transmute::<[u8; size_of::<AvbFooter>()], AvbFooter>(kernel[footer_start..].try_into()?)
- };
- // SAFETY: The function updates the struct in-place.
- unsafe {
- avb_footer_validate_and_byteswap(&footer, &mut footer);
- }
- Ok(footer)
-}
-
-fn extract_vbmeta_header(kernel: &[u8], footer: &AvbFooter) -> Result<AvbVBMetaImageHeader> {
- let vbmeta_offset: usize = footer.vbmeta_offset.try_into()?;
- let vbmeta_size: usize = footer.vbmeta_size.try_into()?;
- let vbmeta_src = &kernel[vbmeta_offset..(vbmeta_offset + vbmeta_size)];
- // SAFETY: The latest kernel has a valid VBMeta header at the position specified in footer.
- let vbmeta_header = unsafe {
- let mut header = MaybeUninit::uninit();
- let src = vbmeta_src.as_ptr() as *const _ as *const AvbVBMetaImageHeader;
- avb_vbmeta_image_header_to_host_byte_order(src, header.as_mut_ptr());
- header.assume_init()
- };
- Ok(vbmeta_header)
-}
-
-fn assert_payload_verification_with_no_initrd_eq(
- kernel: &[u8],
- trusted_public_key: &[u8],
- expected_result: Result<(), AvbSlotVerifyError>,
-) -> Result<()> {
- assert_eq!(expected_result, verify_payload(kernel, /*initrd=*/ None, trusted_public_key));
- Ok(())
-}
-
-fn assert_payload_verification_fails(
- kernel: &[u8],
- initrd: &[u8],
- trusted_public_key: &[u8],
- expected_error: AvbSlotVerifyError,
-) -> Result<()> {
- assert_eq!(Err(expected_error), verify_payload(kernel, Some(initrd), trusted_public_key));
- Ok(())
-}
-
-fn assert_payload_verification_succeeds(
- kernel: &[u8],
- initrd: &[u8],
- trusted_public_key: &[u8],
-) -> Result<()> {
- assert_eq!(Ok(()), verify_payload(kernel, Some(initrd), trusted_public_key));
- Ok(())
-}
-
-fn load_latest_signed_kernel() -> Result<Vec<u8>> {
- Ok(fs::read(MICRODROID_KERNEL_IMG_PATH)?)
-}
-
-fn load_latest_initrd_normal() -> Result<Vec<u8>> {
- Ok(fs::read(INITRD_NORMAL_IMG_PATH)?)
-}
-
-fn load_latest_initrd_debug() -> Result<Vec<u8>> {
- Ok(fs::read(INITRD_DEBUG_IMG_PATH)?)
-}
-
-fn load_trusted_public_key() -> Result<Vec<u8>> {
- Ok(fs::read(PUBLIC_KEY_RSA4096_PATH)?)
-}
diff --git a/pvmfw/avb/tests/utils.rs b/pvmfw/avb/tests/utils.rs
new file mode 100644
index 0000000..aa40bb8
--- /dev/null
+++ b/pvmfw/avb/tests/utils.rs
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Utility methods used by API tests.
+
+use anyhow::Result;
+use avb_bindgen::{
+ avb_footer_validate_and_byteswap, avb_vbmeta_image_header_to_host_byte_order, AvbFooter,
+ AvbVBMetaImageHeader,
+};
+use pvmfw_avb::{verify_payload, AvbSlotVerifyError};
+use std::{
+ fs,
+ mem::{size_of, transmute, MaybeUninit},
+};
+
+const MICRODROID_KERNEL_IMG_PATH: &str = "microdroid_kernel";
+const INITRD_NORMAL_IMG_PATH: &str = "microdroid_initrd_normal.img";
+const INITRD_DEBUG_IMG_PATH: &str = "microdroid_initrd_debuggable.img";
+const PUBLIC_KEY_RSA4096_PATH: &str = "data/testkey_rsa4096_pub.bin";
+
+pub const PUBLIC_KEY_RSA2048_PATH: &str = "data/testkey_rsa2048_pub.bin";
+
+pub fn assert_payload_verification_with_initrd_eq(
+ kernel: &[u8],
+ initrd: &[u8],
+ trusted_public_key: &[u8],
+ expected_result: Result<(), AvbSlotVerifyError>,
+) -> Result<()> {
+ assert_payload_verification_eq(kernel, Some(initrd), trusted_public_key, expected_result)
+}
+
+pub fn assert_payload_verification_eq(
+ kernel: &[u8],
+ initrd: Option<&[u8]>,
+ trusted_public_key: &[u8],
+ expected_result: Result<(), AvbSlotVerifyError>,
+) -> Result<()> {
+ assert_eq!(expected_result, verify_payload(kernel, initrd, trusted_public_key));
+ Ok(())
+}
+
+pub fn load_latest_signed_kernel() -> Result<Vec<u8>> {
+ Ok(fs::read(MICRODROID_KERNEL_IMG_PATH)?)
+}
+
+pub fn load_latest_initrd_normal() -> Result<Vec<u8>> {
+ Ok(fs::read(INITRD_NORMAL_IMG_PATH)?)
+}
+
+pub fn load_latest_initrd_debug() -> Result<Vec<u8>> {
+ Ok(fs::read(INITRD_DEBUG_IMG_PATH)?)
+}
+
+pub fn load_trusted_public_key() -> Result<Vec<u8>> {
+ Ok(fs::read(PUBLIC_KEY_RSA4096_PATH)?)
+}
+
+pub fn extract_avb_footer(kernel: &[u8]) -> Result<AvbFooter> {
+ let footer_start = kernel.len() - size_of::<AvbFooter>();
+ // SAFETY: The slice is the same size as the struct which only contains simple data types.
+ let mut footer = unsafe {
+ transmute::<[u8; size_of::<AvbFooter>()], AvbFooter>(kernel[footer_start..].try_into()?)
+ };
+ // SAFETY: The function updates the struct in-place.
+ unsafe {
+ avb_footer_validate_and_byteswap(&footer, &mut footer);
+ }
+ Ok(footer)
+}
+
+pub fn extract_vbmeta_header(kernel: &[u8], footer: &AvbFooter) -> Result<AvbVBMetaImageHeader> {
+ let vbmeta_offset: usize = footer.vbmeta_offset.try_into()?;
+ let vbmeta_size: usize = footer.vbmeta_size.try_into()?;
+ let vbmeta_src = &kernel[vbmeta_offset..(vbmeta_offset + vbmeta_size)];
+ // SAFETY: The latest kernel has a valid VBMeta header at the position specified in footer.
+ let vbmeta_header = unsafe {
+ let mut header = MaybeUninit::uninit();
+ let src = vbmeta_src.as_ptr() as *const _ as *const AvbVBMetaImageHeader;
+ avb_vbmeta_image_header_to_host_byte_order(src, header.as_mut_ptr());
+ header.assume_init()
+ };
+ Ok(vbmeta_header)
+}