tests/futility/test_gbb_utility.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233

#!/bin/bash -eux
# Copyright 2014 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

me=${0##*/}
TMP="$me.tmp"

# Work in scratch directory
cd "$OUTDIR"

# Helper utility to modify binary blobs
REPLACE="${BUILD_RUN}/tests/futility/binary_editor"

# First, let's test the basic functionality

# For simplicity, we'll use the same size for all properties.
${FUTILITY} gbb_utility -c 16,0x10,16,0x10 ${TMP}.blob

# Flags
${FUTILITY} gbb_utility -s --flags=0xdeadbeef ${TMP}.blob
${FUTILITY} gbb_utility -g --flags ${TMP}.blob | grep -i 0xdeadbeef

# HWID length should include the terminating null - this is too long
if ${FUTILITY} gbb_utility -s -i "0123456789ABCDEF" ${TMP}.blob; then false; fi
# This works
${FUTILITY} gbb_utility -s -i "0123456789ABCDE" ${TMP}.blob
# Read it back?
${FUTILITY} gbb_utility -g ${TMP}.blob | grep "0123456789ABCDE"

# Same kind of tests for the other fields, but they need binary files.

# too long
dd if=/dev/urandom bs=17 count=1 of=${TMP}.data1.toolong
dd if=/dev/urandom bs=17 count=1 of=${TMP}.data2.toolong
dd if=/dev/urandom bs=17 count=1 of=${TMP}.data3.toolong
if ${FUTILITY} gbb_utility -s --rootkey     ${TMP}.data1.toolong ${TMP}.blob; then false; fi
if ${FUTILITY} gbb_utility -s --recoverykey ${TMP}.data2.toolong ${TMP}.blob; then false; fi
if ${FUTILITY} gbb_utility -s --bmpfv       ${TMP}.data3.toolong ${TMP}.blob; then false; fi

# shorter than max should be okay, though
dd if=/dev/urandom bs=10 count=1 of=${TMP}.data1.short
dd if=/dev/urandom bs=10 count=1 of=${TMP}.data2.short
dd if=/dev/urandom bs=10 count=1 of=${TMP}.data3.short
${FUTILITY} gbb_utility -s \
  --rootkey     ${TMP}.data1.short \
  --recoverykey ${TMP}.data2.short \
  --bmpfv       ${TMP}.data3.short ${TMP}.blob
# read 'em back
${FUTILITY} gbb_utility -g \
  --rootkey     ${TMP}.read1 \
  --recoverykey ${TMP}.read2 \
  --bmpfv       ${TMP}.read3 ${TMP}.blob
# Verify (but remember, it's short)
cmp -n 10 ${TMP}.data1.short ${TMP}.read1
cmp -n 10 ${TMP}.data2.short ${TMP}.read2
cmp -n 10 ${TMP}.data3.short ${TMP}.read3

# Okay
dd if=/dev/urandom bs=16 count=1 of=${TMP}.data1
dd if=/dev/urandom bs=16 count=1 of=${TMP}.data2
dd if=/dev/urandom bs=16 count=1 of=${TMP}.data3
${FUTILITY} gbb_utility -s --rootkey     ${TMP}.data1 ${TMP}.blob
${FUTILITY} gbb_utility -s --recoverykey ${TMP}.data2 ${TMP}.blob
${FUTILITY} gbb_utility -s --bmpfv       ${TMP}.data3 ${TMP}.blob

# Read 'em back.
${FUTILITY} gbb_utility -g --rootkey     ${TMP}.read1 ${TMP}.blob
${FUTILITY} gbb_utility -g --recoverykey ${TMP}.read2 ${TMP}.blob
${FUTILITY} gbb_utility -g --bmpfv       ${TMP}.read3 ${TMP}.blob
# Verify
cmp ${TMP}.data1 ${TMP}.read1
cmp ${TMP}.data2 ${TMP}.read2
cmp ${TMP}.data3 ${TMP}.read3


# Okay, creating GBB blobs seems to work. Now let's make sure that corrupted
# blobs are rejected.

# Danger Will Robinson! We assume that ${TMP}.blob has this binary struct:
#
# Field                 Offset  Value
#
# signature:            0x0000  $GBB
# major_version:        0x0004  0x0001
# minor_version:        0x0006  0x0001
# header_size:          0x0008  0x00000080
# flags:                0x000c  0xdeadbeef
# hwid_offset:          0x0010  0x00000080
# hwid_size:            0x0014  0x00000010
# rootkey_offset:       0x0018  0x00000090
# rootkey_size:         0x001c  0x00000010
# bmpfv_offset:         0x0020  0x000000a0
# bmpfv_size:           0x0024  0x00000010
# recovery_key_offset:  0x0028  0x000000b0
# recovery_key_size:    0x002c  0x00000010
# pad:                  0x0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#                       0x0040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#                       0x0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#                       0x0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#                       0x0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
# (HWID)                0x0080  30 31 32 33 34 35 36 37 38 39 41 42 43 44 45 00
# (rootkey)             0x0090  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
# (bmpfv)               0x00a0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
# (recovery_key)        0x00b0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
#                       0x00c0  <EOF>
#

# bad major_version
cat ${TMP}.blob | ${REPLACE} 0x4 2 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi

# header size too large
cat ${TMP}.blob | ${REPLACE} 0x8 0x81 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi

# header size too small
cat ${TMP}.blob | ${REPLACE} 0x8 0x7f > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi

# HWID not null-terminated is invalid
cat ${TMP}.blob | ${REPLACE} 0x8f 0x41 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi

# HWID of length zero is okay
cat ${TMP}.blob | ${REPLACE} 0x14 0x00 > ${TMP}.blob.ok
${FUTILITY} gbb_utility ${TMP}.blob.ok
# And HWID of length 1 consisting only of '\0' is okay, too.
cat ${TMP}.blob | ${REPLACE} 0x14 0x01 | ${REPLACE} 0x80 0x00 > ${TMP}.blob.ok
${FUTILITY} gbb_utility ${TMP}.blob.ok

# zero-length HWID not null-terminated is invalid
cat ${TMP}.blob | ${REPLACE} 0x8f 0x41 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi

#  hwid_offset < GBB_HEADER_SIZE is invalid
cat ${TMP}.blob | ${REPLACE} 0x10 0x7f > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
cat ${TMP}.blob | ${REPLACE} 0x10 0x00 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi

#  rootkey_offset < GBB_HEADER_SIZE is invalid
cat ${TMP}.blob | ${REPLACE} 0x18 0x7f > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
cat ${TMP}.blob | ${REPLACE} 0x18 0x00 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi

#  bmpfv_offset < GBB_HEADER_SIZE is invalid
cat ${TMP}.blob | ${REPLACE} 0x20 0x7f > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
cat ${TMP}.blob | ${REPLACE} 0x20 0x00 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi

#  recovery_key_offset < GBB_HEADER_SIZE is invalid
cat ${TMP}.blob | ${REPLACE} 0x28 0x7f > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi
cat ${TMP}.blob | ${REPLACE} 0x28 0x00 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility ${TMP}.blob.bad; then false; fi

#  hwid: offset + size  == end of file is okay; beyond is invalid
cat ${TMP}.blob | ${REPLACE} 0x14 0x40 > ${TMP}.blob.bad
${FUTILITY} gbb_utility -g ${TMP}.blob.bad
cat ${TMP}.blob | ${REPLACE} 0x14 0x41 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility -g ${TMP}.blob.bad; then false; fi

#  rootkey: offset + size  == end of file is okay; beyond is invalid
cat ${TMP}.blob | ${REPLACE} 0x1c 0x30 > ${TMP}.blob.bad
${FUTILITY} gbb_utility -g ${TMP}.blob.bad
cat ${TMP}.blob | ${REPLACE} 0x1c 0x31 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility -g ${TMP}.blob.bad; then false; fi

#  bmpfv: offset + size  == end of file is okay; beyond is invalid
cat ${TMP}.blob | ${REPLACE} 0x24 0x20 > ${TMP}.blob.bad
${FUTILITY} gbb_utility -g ${TMP}.blob.bad
cat ${TMP}.blob | ${REPLACE} 0x24 0x21 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility -g ${TMP}.blob.bad; then false; fi

#  recovery_key: offset + size  == end of file is okay; beyond is invalid
cat ${TMP}.blob | ${REPLACE} 0x2c 0x10 > ${TMP}.blob.bad
${FUTILITY} gbb_utility -g ${TMP}.blob.bad
cat ${TMP}.blob | ${REPLACE} 0x2c 0x11 > ${TMP}.blob.bad
if ${FUTILITY} gbb_utility -g ${TMP}.blob.bad; then false; fi

# hwid_size == 0 doesn't complain, but can't be set
cat ${TMP}.blob | ${REPLACE} 0x14 0x00 > ${TMP}.blob.bad
${FUTILITY} gbb_utility -g ${TMP}.blob.bad
if ${FUTILITY} gbb_utility -s -i "A" ${TMP}.blob.bad; then false; fi

# rootkey_size == 0 gives warning, gets nothing, can't be set
cat ${TMP}.blob | ${REPLACE} 0x1c 0x00 > ${TMP}.blob.bad
${FUTILITY} gbb_utility -g --rootkey     ${TMP}.read1 ${TMP}.blob.bad
if ${FUTILITY} gbb_utility -s --rootkey  ${TMP}.data1 ${TMP}.blob.bad; then false; fi

# bmpfv_size == 0 gives warning, gets nothing, can't be set
cat ${TMP}.blob | ${REPLACE} 0x24 0x00 > ${TMP}.blob.bad
${FUTILITY} gbb_utility -g --bmpfv       ${TMP}.read3 ${TMP}.blob.bad
if ${FUTILITY} gbb_utility -s --bmpfv    ${TMP}.data3 ${TMP}.blob.bad; then false; fi

# recovery_key_size == 0 gives warning, gets nothing, can't be set
cat ${TMP}.blob | ${REPLACE} 0x2c 0x00 > ${TMP}.blob.bad
${FUTILITY} gbb_utility -g --recoverykey ${TMP}.read2 ${TMP}.blob.bad
if ${FUTILITY} gbb_utility -s --recoverykey ${TMP}.data2 ${TMP}.blob.bad; then false; fi


# GBB v1.2 adds a sha256 digest field in what was previously padding:
#
# hwid_digest:          0x0030  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
#                       0x0040  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
# pad:                  0x0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#                       0x0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#                       0x0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
# (HWID)                0x0080  30 31 32 33 34 35 36 37 38 39 41 42 43 44 45 00

# See that the digest is updated properly.
hwid="123456789ABCDEF"
${FUTILITY} gbb_utility -s -i ${hwid} ${TMP}.blob
expect=$(echo -n "$hwid" | sha256sum | cut -d ' ' -f 1)
[ $(echo -n ${expect} | wc -c) == "64" ]
${FUTILITY} gbb_utility -g --digest ${TMP}.blob | grep ${expect}

# Garble the digest, see that it's noticed.
# (assuming these zeros aren't present)
cat ${TMP}.blob | ${REPLACE} 0x33 0x00 0x00 0x00 0x00 0x00 > ${TMP}.blob.bad
${FUTILITY} gbb_utility -g --digest ${TMP}.blob.bad | grep '0000000000'
${FUTILITY} gbb_utility -g --digest ${TMP}.blob.bad | grep 'invalid'

# Garble the HWID. The digest is unchanged, but now invalid.
cat ${TMP}.blob | ${REPLACE} 0x84 0x70 0x71 0x72 > ${TMP}.blob.bad
${FUTILITY} gbb_utility -g --digest ${TMP}.blob.bad | grep 'invalid'

# cleanup
rm -f ${TMP}*
exit 0