tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Support getting public key data

Browse source 
This allows the client to get the public key data without need to
provide the expected key data to load vbmeta. Then do the comparison by
themselves, to allow "key rotation".

Bug: 65470881
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Test: boot a device
Change-Id: Icd4e317c2f79cd35e46cdd14f858575ee692facd
This commit is contained in:
Bowgo Tsai 2019-01-31 15:25:42 +08:00
parent a15f385821
commit 7ee1aaea74
4 changed files with 147 additions and 84 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
fs_mgr/libfs_avb/avb_util.cpp
View file

@ -361,13 +361,21 @@ bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& e
}
VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta,
const std::string& expected_public_key_blob) {
const std::string& expected_public_key_blob,
std::string* out_public_key_data) {
const uint8_t* pk_data;
size_t pk_len;
::AvbVBMetaVerifyResult vbmeta_ret;
vbmeta_ret = avb_vbmeta_image_verify(vbmeta.data(), vbmeta.size(), &pk_data, &pk_len);
if (out_public_key_data != nullptr) {
out_public_key_data->clear();
if (pk_len > 0) {
out_public_key_data->append(reinterpret_cast<const char*>(pk_data), pk_len);
}
}
switch (vbmeta_ret) {
case AVB_VBMETA_VERIFY_RESULT_OK:
if (pk_data == nullptr || pk_len <= 0) {
@ -406,6 +414,7 @@ VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta,
std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partition_name,
const std::string& expected_public_key_blob,
std::string* out_public_key_data,
VBMetaVerifyResult* out_verify_result) {
uint64_t vbmeta_offset = 0;
uint64_t vbmeta_size = VBMetaData::kMaxVBMetaSize;
@ -434,7 +443,8 @@ std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partitio
return nullptr;
}
auto verify_result = VerifyVBMetaSignature(*vbmeta, expected_public_key_blob);
auto verify_result =
VerifyVBMetaSignature(*vbmeta, expected_public_key_blob, out_public_key_data);
if (out_verify_result != nullptr) *out_verify_result = verify_result;
if (verify_result == VBMetaVerifyResult::kSuccess ||
@ -494,10 +504,10 @@ std::vector<ChainInfo> GetChainPartitionInfo(const VBMetaData& vbmeta, bool* fat
// Loads the vbmeta from a given path.
std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath(
const std::string& image_path, const std::string& partition_name,
const std::string& expected_public_key_blob, bool allow_verification_error,
bool rollback_protection, bool is_chained_vbmeta, bool* out_verification_disabled,
VBMetaVerifyResult* out_verify_result) {
const std::string& image_path, const std::string& partition_name,
const std::string& expected_public_key_blob, bool allow_verification_error,
bool rollback_protection, bool is_chained_vbmeta, std::string* out_public_key_data,
bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result) {
// Ensures the device path (might be a symlink created by init) is ready to access.
if (!WaitForFile(image_path, 1s)) {
PERROR << "No such path: " << image_path;
@ -511,8 +521,8 @@ std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath(
}
VBMetaVerifyResult verify_result;
std::unique_ptr<VBMetaData> vbmeta =
VerifyVBMetaData(fd, partition_name, expected_public_key_blob, &verify_result);
std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(
fd, partition_name, expected_public_key_blob, out_public_key_data, &verify_result);
if (!vbmeta) {
LERROR << partition_name << ": Failed to load vbmeta, result: " << verify_result;
return nullptr;
@ -569,9 +579,10 @@ VBMetaVerifyResult LoadAndVerifyVbmetaByPartition(
bool verification_disabled = false;
VBMetaVerifyResult verify_result;
auto vbmeta = LoadAndVerifyVbmetaByPath(
image_path, partition_name, expected_public_key_blob, allow_verification_error,
rollback_protection, is_chained_vbmeta, &verification_disabled, &verify_result);
auto vbmeta = LoadAndVerifyVbmetaByPath(image_path, partition_name, expected_public_key_blob,
allow_verification_error, rollback_protection,
is_chained_vbmeta, nullptr /* out_public_key_data */,
&verification_disabled, &verify_result);
if (!vbmeta) {
return VBMetaVerifyResult::kError;

12
fs_mgr/libfs_avb/avb_util.h
View file

@ -79,10 +79,12 @@ std::unique_ptr<AvbFooter> GetAvbFooter(int fd);
std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partition_name,
const std::string& expected_public_key_blob,
std::string* out_public_key_data,
VBMetaVerifyResult* out_verify_result);
VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta,
const std::string& expected_public_key_blob);
const std::string& expected_public_key_blob,
std::string* out_public_key_data);
bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob);
@ -94,10 +96,10 @@ std::vector<ChainInfo> GetChainPartitionInfo(const VBMetaData& vbmeta, bool* fat
// Loads the single vbmeta from a given path.
std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath(
const std::string& image_path, const std::string& partition_name,
const std::string& expected_public_key_blob, bool allow_verification_error,
bool rollback_protection, bool is_chained_vbmeta, bool* out_verification_disabled,
VBMetaVerifyResult* out_verify_result);
const std::string& image_path, const std::string& partition_name,
const std::string& expected_public_key_blob, bool allow_verification_error,
bool rollback_protection, bool is_chained_vbmeta, std::string* out_public_key_data,
bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result);
// Loads the top-level vbmeta and all its chained vbmeta images.
// The actual device path is constructed at runtime by:

7
fs_mgr/libfs_avb/fs_avb.cpp
View file

@ -407,9 +407,10 @@ AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry,
bool verification_disabled = false;
std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
fstab_entry->blk_device, "" /* partition_name, no need for a standalone path */,
expected_key_blob, allow_verification_error, rollback_protection,
false /* not is_chained_vbmeta */, &verification_disabled, nullptr /* out_verify_result */);
fstab_entry->blk_device, "" /* partition_name, no need for a standalone path */,
expected_key_blob, allow_verification_error, rollback_protection,
false /* not is_chained_vbmeta */, nullptr /* out_public_key_data */,
&verification_disabled, nullptr /* out_verify_result */);
if (!vbmeta) {
LERROR << "Failed to load vbmeta: " << fstab_entry->blk_device;

179
fs_mgr/libfs_avb/tests/avb_util_test.cpp
View file

@ -390,13 +390,36 @@ TEST_F(AvbUtilTest, VerifyVBMetaSignature) {
"hashtree", signing_key, "SHA256_RSA4096",
10 /* rollback_index */);
auto expected_public_key = ExtractPublicKeyAvbBlob(signing_key);
EXPECT_EQ(VBMetaVerifyResult::kSuccess, VerifyVBMetaSignature(vbmeta, expected_public_key));
auto expected_public_key_blob = ExtractPublicKeyAvbBlob(signing_key);
EXPECT_EQ(VBMetaVerifyResult::kSuccess,
VerifyVBMetaSignature(vbmeta, expected_public_key_blob,
nullptr /* out_public_key_data */));
// Converts the expected key into an 'unexpected' key.
expected_public_key[10] ^= 0x80;
expected_public_key_blob[10] ^= 0x80;
EXPECT_EQ(VBMetaVerifyResult::kErrorVerification,
VerifyVBMetaSignature(vbmeta, expected_public_key));
VerifyVBMetaSignature(vbmeta, expected_public_key_blob,
nullptr /* out_public_key_data */));
}
TEST_F(AvbUtilTest, VerifyVBMetaSignatureOutputPublicKeyData) {
const size_t image_size = 10 * 1024 * 1024;
const size_t partition_size = 15 * 1024 * 1024;
auto signing_key = data_dir_.Append("testkey_rsa4096.pem");
auto vbmeta = GenerateImageAndExtractVBMetaData("system", image_size, partition_size,
"hashtree", signing_key, "SHA256_RSA4096",
10 /* rollback_index */);
std::string out_public_key_data;
auto expected_public_key_blob = ExtractPublicKeyAvbBlob(signing_key);
EXPECT_EQ(VBMetaVerifyResult::kSuccess,
VerifyVBMetaSignature(vbmeta, expected_public_key_blob, &out_public_key_data));
EXPECT_EQ(out_public_key_data, expected_public_key_blob);
// Converts the expected key into an 'unexpected' key.
expected_public_key_blob[10] ^= 0x80;
EXPECT_EQ(VBMetaVerifyResult::kErrorVerification,
VerifyVBMetaSignature(vbmeta, expected_public_key_blob, &out_public_key_data));
EXPECT_NE(out_public_key_data, expected_public_key_blob);
}
bool AvbUtilTest::TestVBMetaModification(VBMetaVerifyResult expected_result,
@ -409,7 +432,8 @@ bool AvbUtilTest::TestVBMetaModification(VBMetaVerifyResult expected_result,
for (int n = 0; n <= kNumCheckIntervals; n++) {
size_t o = std::min(length * n / kNumCheckIntervals, length - 1) + offset;
d[o] ^= 0x80;
VBMetaVerifyResult result = VerifyVBMetaSignature(vbmeta, "" /* expected_public_key */);
VBMetaVerifyResult result = VerifyVBMetaSignature(vbmeta, "" /* expected_public_key_blob */,
nullptr /* out_public_key_data */);
d[o] ^= 0x80;
if (result != expected_result) {
return false;
@ -455,7 +479,9 @@ TEST_F(AvbUtilTest, VerifyVBMetaSignatureNotSigned) {
"system", image_size, partition_size, "hashtree", {} /* avb_signing_key */,
"" /* avb_algorithm */, 10 /* rollback_index */);
EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, VerifyVBMetaSignature(vbmeta, ""));
EXPECT_EQ(VBMetaVerifyResult::kErrorVerification,
VerifyVBMetaSignature(vbmeta, "" /* expected_public_key_blob */,
nullptr /* out_public_key_data */));
}
TEST_F(AvbUtilTest, VerifyVBMetaSignatureInvalidVBMeta) {
@ -467,7 +493,9 @@ TEST_F(AvbUtilTest, VerifyVBMetaSignatureInvalidVBMeta) {
VBMetaData invalid_vbmeta((const uint8_t*)vbmeta_buffer.data(), vbmeta_buffer.size(),
"invalid_vbmeta");
EXPECT_EQ(VBMetaVerifyResult::kError, VerifyVBMetaSignature(invalid_vbmeta, ""));
EXPECT_EQ(VBMetaVerifyResult::kError,
VerifyVBMetaSignature(invalid_vbmeta, "" /* expected_public_key_blob */,
nullptr /* out_public_Key_data */));
}
bool AvbUtilTest::CompareVBMeta(const base::FilePath& avb_image_path,
@ -537,11 +565,15 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataWithoutFooter) {
ASSERT_TRUE(fd > 0);
VBMetaVerifyResult verify_result;
std::unique_ptr<VBMetaData> vbmeta =
VerifyVBMetaData(fd, "vbmeta", "" /*expected_public_key_blob */, &verify_result);
std::string out_public_key_data;
std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(
fd, "vbmeta", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result);
EXPECT_TRUE(vbmeta != nullptr);
EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result);
auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem"));
EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data);
// Checkes the returned vbmeta content is the same as that extracted via avbtool.
vbmeta->GetVBMetaHeader(true /* update_vbmeta_size */);
EXPECT_TRUE(CompareVBMeta(vbmeta_path, *vbmeta));
@ -561,11 +593,15 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataWithFooter) {
ASSERT_TRUE(fd > 0);
VBMetaVerifyResult verify_result;
std::unique_ptr<VBMetaData> vbmeta =
VerifyVBMetaData(fd, "system", "" /*expected_public_key_blob */, &verify_result);
std::string out_public_key_data;
std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(
fd, "system", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result);
EXPECT_TRUE(vbmeta != nullptr);
EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result);
auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem"));
EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data);
// Checkes the returned vbmeta content is the same as that extracted via avbtool.
EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
}
@ -617,11 +653,15 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) {
EXPECT_TRUE(footer != nullptr);
VBMetaVerifyResult verify_result;
std::unique_ptr<VBMetaData> vbmeta =
VerifyVBMetaData(fd, "system", "" /*expected_public_key_blob */, &verify_result);
std::string out_public_key_data;
std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(
fd, "system", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result);
EXPECT_NE(nullptr, vbmeta);
EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result);
auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem"));
EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data);
// Modifies hash and signature, checks there is verification error.
auto header = vbmeta->GetVBMetaHeader(true /* update_vbmeta_size */);
size_t header_block_offset = 0;
@ -636,7 +676,7 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) {
ASSERT_TRUE(hash_modified_fd > 0);
// Should return ErrorVerification.
vbmeta = VerifyVBMetaData(hash_modified_fd, "system", "" /*expected_public_key_blob */,
&verify_result);
nullptr /* out_public_key_data */, &verify_result);
EXPECT_NE(nullptr, vbmeta);
EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result);
@ -651,7 +691,7 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) {
ASSERT_TRUE(aux_modified_fd > 0);
// Should return ErrorVerification.
vbmeta = VerifyVBMetaData(aux_modified_fd, "system", "" /*expected_public_key_blob */,
&verify_result);
nullptr /* out_public_key_data */, &verify_result);
EXPECT_NE(nullptr, vbmeta);
EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result);
@ -661,7 +701,8 @@ TEST_F(AvbUtilTest, VerifyVBMetaDataError) {
android::base::unique_fd ok_fd(open(system_path.value().c_str(), O_RDONLY | O_CLOEXEC));
ASSERT_TRUE(ok_fd > 0);
// Should return ResultOK..
vbmeta = VerifyVBMetaData(ok_fd, "system", "" /*expected_public_key_blob */, &verify_result);
vbmeta = VerifyVBMetaData(ok_fd, "system", "" /*expected_public_key_blob */,
nullptr /* out_public_key_data */, &verify_result);
EXPECT_NE(nullptr, vbmeta);
EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result);
@ -850,22 +891,22 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPath) {
20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d",
"--internal_release_string \"unit test\"");
base::FilePath rsa4096_public_key =
ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem"));
std::string expected_key_blob_4096;
EXPECT_TRUE(base::ReadFileToString(rsa4096_public_key, &expected_key_blob_4096));
std::string expected_key_blob_4096 =
ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem"));
bool verification_disabled;
VBMetaVerifyResult verify_result;
std::string out_public_key_data;
std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
system_path.value(), "system_other", expected_key_blob_4096,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, &verification_disabled, &verify_result);
system_path.value(), "system_other", expected_key_blob_4096,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, &out_public_key_data, &verification_disabled,
&verify_result);
EXPECT_NE(nullptr, vbmeta);
EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result);
EXPECT_EQ(false, verification_disabled);
EXPECT_EQ(expected_key_blob_4096, out_public_key_data);
EXPECT_EQ(2112UL, vbmeta->size());
EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path());
@ -884,11 +925,8 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathErrorVerification) {
20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d",
"--internal_release_string \"unit test\"");
base::FilePath rsa4096_public_key =
ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem"));
std::string expected_key_blob_4096;
EXPECT_TRUE(base::ReadFileToString(rsa4096_public_key, &expected_key_blob_4096));
std::string expected_key_blob_4096 =
ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem"));
// Modifies the auxiliary data of system_other.img
auto fd = OpenUniqueReadFd(system_path);
@ -909,16 +947,18 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathErrorVerification) {
VBMetaVerifyResult verify_result;
// Not allow verification error.
std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
system_path.value(), "system_other", expected_key_blob_4096,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result);
system_path.value(), "system_other", expected_key_blob_4096,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
nullptr /* verification_disabled */, &verify_result);
EXPECT_EQ(nullptr, vbmeta);
// Allow verification error.
vbmeta = LoadAndVerifyVbmetaByPath(
system_path.value(), "system_other", expected_key_blob_4096,
true /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result);
system_path.value(), "system_other", expected_key_blob_4096,
true /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
nullptr /* verification_disabled */, &verify_result);
EXPECT_NE(nullptr, vbmeta);
EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result);
@ -933,16 +973,18 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathErrorVerification) {
// Not allow verification error.
vbmeta = LoadAndVerifyVbmetaByPath(
system_path.value(), "system_other", expected_key_blob_4096,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result);
system_path.value(), "system_other", expected_key_blob_4096,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
nullptr /* verification_disabled */, &verify_result);
EXPECT_EQ(nullptr, vbmeta);
// Allow verification error.
vbmeta = LoadAndVerifyVbmetaByPath(
system_path.value(), "system_other", expected_key_blob_4096,
true /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result);
system_path.value(), "system_other", expected_key_blob_4096,
true /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
nullptr /* verification_disabled */, &verify_result);
EXPECT_NE(nullptr, vbmeta);
EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result);
}
@ -958,24 +1000,22 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathUnexpectedPublicKey) {
20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d",
"--internal_release_string \"unit test\"");
base::FilePath rsa2048_public_key =
ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa2048.pem"));
base::FilePath rsa4096_public_key =
ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem"));
std::string expected_key_blob_4096;
EXPECT_TRUE(base::ReadFileToString(rsa4096_public_key, &expected_key_blob_4096));
std::string unexpected_key_blob_2048;
EXPECT_TRUE(base::ReadFileToString(rsa2048_public_key, &unexpected_key_blob_2048));
std::string unexpected_key_blob_2048 =
ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa2048.pem"));
std::string expected_key_blob_4096 =
ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem"));
// Uses the correct expected public key.
VBMetaVerifyResult verify_result;
std::string out_public_key_data;
std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
system_path.value(), "system_other", expected_key_blob_4096,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result);
system_path.value(), "system_other", expected_key_blob_4096,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, &out_public_key_data,
nullptr /* verification_disabled */, &verify_result);
EXPECT_NE(nullptr, vbmeta);
EXPECT_EQ(verify_result, VBMetaVerifyResult::kSuccess);
EXPECT_EQ(expected_key_blob_4096, out_public_key_data);
EXPECT_EQ(2112UL, vbmeta->size());
EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path());
EXPECT_EQ("system_other", vbmeta->partition());
@ -983,17 +1023,23 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathUnexpectedPublicKey) {
// Uses the wrong expected public key with allow_verification_error set to false.
vbmeta = LoadAndVerifyVbmetaByPath(
system_path.value(), "system_other", unexpected_key_blob_2048,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result);
system_path.value(), "system_other", unexpected_key_blob_2048,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, &out_public_key_data,
nullptr /* verification_disabled */, &verify_result);
EXPECT_EQ(nullptr, vbmeta);
// Checks out_public_key_data is still loaded properly, if the error is due
// to an unexpected public key instead of vbmeta image verification error.
EXPECT_EQ(expected_key_blob_4096, out_public_key_data);
// Uses the wrong expected public key with allow_verification_error set to true.
vbmeta = LoadAndVerifyVbmetaByPath(
system_path.value(), "system_other", unexpected_key_blob_2048,
true /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* verification_disabled */, &verify_result);
system_path.value(), "system_other", unexpected_key_blob_2048,
true /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, &out_public_key_data,
nullptr /* verification_disabled */, &verify_result);
EXPECT_NE(nullptr, vbmeta);
EXPECT_EQ(expected_key_blob_4096, out_public_key_data);
EXPECT_EQ(verify_result, VBMetaVerifyResult::kErrorVerification);
EXPECT_EQ(2112UL, vbmeta->size());
EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path());
@ -1022,10 +1068,12 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathVerificationDisabled) {
SetVBMetaFlags(system_path, AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED);
bool verification_disabled;
VBMetaVerifyResult verify_result;
std::string out_public_key_data;
std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
system_path.value(), "system_other", expected_key_blob_4096,
true /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, &verification_disabled, &verify_result);
system_path.value(), "system_other", expected_key_blob_4096,
true /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
&verification_disabled, &verify_result);
EXPECT_NE(nullptr, vbmeta);
EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result);
@ -1039,9 +1087,10 @@ TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathVerificationDisabled) {
// Since the vbmeta flags is modified, vbmeta will be nullptr
// if verification error isn't allowed.
vbmeta = LoadAndVerifyVbmetaByPath(
system_path.value(), "system_other", expected_key_blob_4096,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, &verification_disabled, &verify_result);
system_path.value(), "system_other", expected_key_blob_4096,
false /* allow_verification_error */, false /* rollback_protection */,
false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
&verification_disabled, &verify_result);
EXPECT_EQ(nullptr, vbmeta);
}