// // Copyright (C) 2016 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // #include #include #include #include #include #include #include #include #include "nvram/hal/tests/scoped_nvram_device.h" namespace { constexpr uint32_t kTestIndex1 = 0xDEAD0001; constexpr uint32_t kTestIndex2 = 0xDEAD0002; constexpr uint32_t kTestIndexNeverExists = 0xDEAD0003; // Once we run a test that locks writing, that space is burned until reboot. // This value is the base index from which to dynamically burn spaces. constexpr uint32_t kTestIndexBurnBase = 0xDEAD0010; constexpr uint32_t kTestIndexBurnMax = 0xDEAD00FF; constexpr nvram_control_t kDefaultControls[] = {NV_CONTROL_BOOT_WRITE_LOCK, NV_CONTROL_BOOT_READ_LOCK}; constexpr char kNoAuth[] = ""; // If using authorization with an index returned by GetNextBurnSpace use this // as the value so the space can be cleaned up later. constexpr char kBurnSpaceAuth[] = "hal_test_burn"; // Returns true if |target| contains |value|. template bool Contains(T value, const std::vector& target) { return (std::find(target.begin(), target.end(), value) != target.end()); } // Returns true if |target| contains all of |values|. template bool ContainsAll(const std::vector& values, const std::vector& target) { return std::all_of(values.begin(), values.end(), [target](T value) { return Contains(value, target); }); } // Adds a few safety checks so tests don't get hardware into a state where it // needs factory reset. class SafeScopedNvramDevice : public nvram::ScopedNvramDevice { public: nvram_result_t CreateSpace(uint32_t index, uint64_t size_in_bytes, const std::vector& control_list, const std::string& authorization_value) override { CHECK(!Contains(NV_CONTROL_PERSISTENT_WRITE_LOCK, control_list)) << "Do not use NV_CONTROL_PERSISTENT_WRITE_LOCK in tests."; CHECK(!Contains(NV_CONTROL_BOOT_WRITE_LOCK, control_list) || !Contains(NV_CONTROL_WRITE_AUTHORIZATION, control_list) || authorization_value == kNoAuth || authorization_value == kBurnSpaceAuth) << "Do not lock spaces with unknown authorization values."; return nvram::ScopedNvramDevice::CreateSpace( index, size_in_bytes, control_list, authorization_value); } nvram_result_t DisableCreate() override { LOG(FATAL) << "Do not use DisableCreate in tests."; return NV_RESULT_OPERATION_DISABLED; } }; class ScopedNvramSpace { public: ScopedNvramSpace(SafeScopedNvramDevice* device, uint32_t index, uint32_t size) : ScopedNvramSpace(device, index, size, std::vector( &kDefaultControls[0], &kDefaultControls[arraysize(kDefaultControls)]), kNoAuth) {} ScopedNvramSpace(SafeScopedNvramDevice* device, uint32_t index, uint32_t size, const std::vector& control_list) : ScopedNvramSpace(device, index, size, control_list, kNoAuth) {} ScopedNvramSpace(SafeScopedNvramDevice* device, uint32_t index, uint32_t size, const std::vector& control_list, const std::string& authorization_value) : device_(device), index_(index), authorization_value_(authorization_value) { Create(size, control_list); } ~ScopedNvramSpace() { Delete(); } private: void Create(uint32_t size, const std::vector& control_list) { ASSERT_EQ( NV_RESULT_SUCCESS, device_->CreateSpace(index_, size, control_list, authorization_value_)); } void Delete() { ASSERT_EQ(NV_RESULT_SUCCESS, device_->DeleteSpace(index_, authorization_value_)); } SafeScopedNvramDevice* device_; uint32_t index_; std::string authorization_value_; }; // Remove all unlocked burn spaces. Returns false on failure. bool CleanBurnSpaces(SafeScopedNvramDevice* device) { // Burned spaces will only be available for cleanup after reboot so there's no // sense in attempting cleanup more than once. static bool cleaned = false; if (cleaned) { return true; } bool success = true; cleaned = true; std::vector space_index_list; if (device->GetSpaceList(&space_index_list) != NV_RESULT_SUCCESS) { return false; } for (uint32_t index : space_index_list) { if (index >= kTestIndexBurnBase && index <= kTestIndexBurnMax) { int write_lock, read_lock; if (device->IsSpaceLocked(index, &write_lock, &read_lock) != NV_RESULT_SUCCESS) { success = false; continue; } if (!write_lock) { nvram_result_t result = device->DeleteSpace(index, kNoAuth); if (result == NV_RESULT_ACCESS_DENIED) { result = device->DeleteSpace(index, kBurnSpaceAuth); } if (result != NV_RESULT_SUCCESS) { success = false; continue; } } } } return success; } // Returns the next available burn space index. If using authorization, the // value MUST be kBurnSpaceAuth. bool GetNextBurnSpace(SafeScopedNvramDevice* device, uint32_t* index) { if (!CleanBurnSpaces(device)) { return false; } std::vector space_index_list; if (device->GetSpaceList(&space_index_list) != NV_RESULT_SUCCESS) { return false; } *index = kTestIndexBurnBase; while (Contains(*index, space_index_list)) { (*index)++; } if (*index >= kTestIndexBurnMax) { return false; } return true; } std::string SHA256HashString(const std::string& input) { uint8_t hash[SHA256_DIGEST_LENGTH]; SHA256(reinterpret_cast(input.data()), input.size(), hash); return std::string(reinterpret_cast(hash), SHA256_DIGEST_LENGTH); } } // namespace namespace nvram { TEST(NVRAMModuleTest, TotalSize) { SafeScopedNvramDevice device; uint64_t total_size = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetTotalSizeInBytes(&total_size)); EXPECT_LE(2048u, total_size); }; TEST(NVRAMModuleTest, AvailableSize) { SafeScopedNvramDevice device; uint64_t available_size = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetAvailableSizeInBytes(&available_size)); uint64_t total_size = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetTotalSizeInBytes(&total_size)); EXPECT_LE(available_size, total_size); } TEST(NVRAMModuleTest, MaxSpaceSize) { SafeScopedNvramDevice device; uint64_t max_space_size = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetMaxSpaceSizeInBytes(&max_space_size)); uint64_t total_size = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetTotalSizeInBytes(&total_size)); EXPECT_LE(max_space_size, total_size); EXPECT_GE(max_space_size, 32u); } TEST(NVRAMModuleTest, MaxSpaces) { SafeScopedNvramDevice device; uint32_t num_spaces = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetMaxSpaces(&num_spaces)); EXPECT_LE(8u, num_spaces); } TEST(NVRAMModuleTest, SpaceList) { SafeScopedNvramDevice device; uint32_t max_spaces = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetMaxSpaces(&max_spaces)); std::vector space_index_list; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetSpaceList(&space_index_list)); ASSERT_LE(space_index_list.size(), max_spaces); // Add a test space and check it gets reported. { ScopedNvramSpace space(&device, kTestIndex1, 32); std::vector space_index_list2; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetSpaceList(&space_index_list2)); ASSERT_EQ(space_index_list.size() + 1, space_index_list2.size()); EXPECT_TRUE(ContainsAll(space_index_list, space_index_list2)); EXPECT_TRUE(Contains(kTestIndex1, space_index_list2)); } // Check we're back to the original list. std::vector space_index_list3; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetSpaceList(&space_index_list3)); ASSERT_EQ(space_index_list.size(), space_index_list3.size()); EXPECT_TRUE(ContainsAll(space_index_list, space_index_list3)); EXPECT_FALSE(Contains(kTestIndex1, space_index_list3)); } TEST(NVRAMModuleTest, SpaceSize) { SafeScopedNvramDevice device; ScopedNvramSpace space(&device, kTestIndex1, 17); ScopedNvramSpace space2(&device, kTestIndex2, 32); uint64_t size = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetSpaceSize(kTestIndex1, &size)); EXPECT_EQ(17u, size); ASSERT_EQ(NV_RESULT_SUCCESS, device.GetSpaceSize(kTestIndex2, &size)); EXPECT_EQ(32u, size); EXPECT_EQ(NV_RESULT_SPACE_DOES_NOT_EXIST, device.GetSpaceSize(kTestIndexNeverExists, &size)); } TEST(NVRAMModuleTest, SpaceControls) { SafeScopedNvramDevice device; ScopedNvramSpace space(&device, kTestIndex1, 32); std::vector expected_control_list( &kDefaultControls[0], &kDefaultControls[arraysize(kDefaultControls)]); std::vector control_list; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetSpaceControls(kTestIndex1, &control_list)); ASSERT_EQ(expected_control_list.size(), control_list.size()); EXPECT_TRUE(ContainsAll(expected_control_list, control_list)); EXPECT_EQ(NV_RESULT_SPACE_DOES_NOT_EXIST, device.GetSpaceControls(kTestIndexNeverExists, &control_list)); } TEST(NVRAMModuleTest, IsLocked) { SafeScopedNvramDevice device; ScopedNvramSpace space(&device, kTestIndex1, 32); int write_lock, read_lock; ASSERT_EQ(NV_RESULT_SUCCESS, device.IsSpaceLocked(kTestIndex1, &write_lock, &read_lock)); EXPECT_FALSE(read_lock); EXPECT_FALSE(write_lock); ASSERT_EQ(NV_RESULT_SUCCESS, device.EnableReadLock(kTestIndex1, kNoAuth)); ASSERT_EQ(NV_RESULT_SUCCESS, device.IsSpaceLocked(kTestIndex1, &write_lock, &read_lock)); EXPECT_TRUE(read_lock); EXPECT_FALSE(write_lock); EXPECT_EQ( NV_RESULT_SPACE_DOES_NOT_EXIST, device.IsSpaceLocked(kTestIndexNeverExists, &write_lock, &read_lock)); } TEST(NVRAMModuleTest, CreateSmall) { SafeScopedNvramDevice device; ScopedNvramSpace space(&device, kTestIndex1, 1); } TEST(NVRAMModuleTest, CreateLarge) { SafeScopedNvramDevice device; uint64_t max_space_size = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetMaxSpaceSizeInBytes(&max_space_size)); uint64_t available_size = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetAvailableSizeInBytes(&available_size)); ScopedNvramSpace space(&device, kTestIndex1, std::min(max_space_size, available_size)); } TEST(NVRAMModuleTest, CreateWithCustomControls) { const std::vector kControlList{ NV_CONTROL_BOOT_WRITE_LOCK, NV_CONTROL_READ_AUTHORIZATION, NV_CONTROL_WRITE_EXTEND}; SafeScopedNvramDevice device; ScopedNvramSpace space(&device, kTestIndex1, 32, kControlList); std::vector control_list; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetSpaceControls(kTestIndex1, &control_list)); ASSERT_EQ(kControlList.size(), control_list.size()); EXPECT_TRUE(ContainsAll(control_list, kControlList)); EXPECT_TRUE(ContainsAll(kControlList, control_list)); } TEST(NVRAMModuleTest, CreateWithAuthorization) { SafeScopedNvramDevice device; std::string password = "hunter2"; ScopedNvramSpace space( &device, kTestIndex1, 32, {NV_CONTROL_WRITE_AUTHORIZATION, NV_CONTROL_READ_AUTHORIZATION}, password); std::string data = "test"; std::string bad_password = "*******"; EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.WriteSpace(kTestIndex1, data, bad_password)); EXPECT_EQ(NV_RESULT_SUCCESS, device.WriteSpace(kTestIndex1, data, password)); } TEST(NVRAMModuleTest, CreateAlreadyExists) { SafeScopedNvramDevice device; ScopedNvramSpace space(&device, kTestIndex1, 32); EXPECT_EQ(NV_RESULT_SPACE_ALREADY_EXISTS, device.CreateSpace(kTestIndex1, 32, {}, kNoAuth)); } TEST(NVRAMModuleTest, Delete) { SafeScopedNvramDevice device; { ScopedNvramSpace space(&device, kTestIndex1, 32); uint64_t size = 0; EXPECT_EQ(NV_RESULT_SUCCESS, device.GetSpaceSize(kTestIndex1, &size)); } // ScopedNvramSpace will call Delete when it falls out of scope. Now we can // make sure that worked. uint64_t size = 0; EXPECT_EQ(NV_RESULT_SPACE_DOES_NOT_EXIST, device.GetSpaceSize(kTestIndex1, &size)); } TEST(NVRAMModuleTest, WriteLock) { SafeScopedNvramDevice device; uint32_t index; ASSERT_TRUE(GetNextBurnSpace(&device, &index)); ASSERT_EQ( NV_RESULT_SUCCESS, device.CreateSpace(index, 32, {NV_CONTROL_BOOT_WRITE_LOCK}, kNoAuth)); int write_lock, read_lock; EXPECT_EQ(NV_RESULT_SUCCESS, device.IsSpaceLocked(index, &write_lock, &read_lock)); EXPECT_FALSE(write_lock); EXPECT_FALSE(read_lock); // It should be possible to delete if the space has not yet been locked. ASSERT_EQ(NV_RESULT_SUCCESS, device.DeleteSpace(index, kNoAuth)); ASSERT_EQ( NV_RESULT_SUCCESS, device.CreateSpace(index, 32, {NV_CONTROL_BOOT_WRITE_LOCK}, kNoAuth)); EXPECT_EQ(NV_RESULT_SUCCESS, device.WriteSpace(index, "test", kNoAuth)); EXPECT_EQ(NV_RESULT_SUCCESS, device.EnableWriteLock(index, kNoAuth)); EXPECT_EQ(NV_RESULT_SUCCESS, device.IsSpaceLocked(index, &write_lock, &read_lock)); EXPECT_TRUE(write_lock); EXPECT_FALSE(read_lock); EXPECT_EQ(NV_RESULT_OPERATION_DISABLED, device.WriteSpace(index, "test2", kNoAuth)); EXPECT_EQ(NV_RESULT_OPERATION_DISABLED, device.DeleteSpace(index, kNoAuth)); std::string data; EXPECT_EQ(NV_RESULT_SUCCESS, device.ReadSpace(index, 4, kNoAuth, &data)); EXPECT_EQ("test", data); } TEST(NVRAMModuleTest, ReadLock) { uint32_t index = kTestIndex1; SafeScopedNvramDevice device; ScopedNvramSpace space(&device, index, 32, {NV_CONTROL_BOOT_READ_LOCK}); int write_lock, read_lock; EXPECT_EQ(NV_RESULT_SUCCESS, device.IsSpaceLocked(index, &write_lock, &read_lock)); EXPECT_FALSE(write_lock); EXPECT_FALSE(read_lock); EXPECT_EQ(NV_RESULT_SUCCESS, device.WriteSpace(index, "test", kNoAuth)); std::string data; EXPECT_EQ(NV_RESULT_SUCCESS, device.ReadSpace(index, 4, kNoAuth, &data)); EXPECT_EQ("test", data); EXPECT_EQ(NV_RESULT_SUCCESS, device.EnableReadLock(index, kNoAuth)); EXPECT_EQ(NV_RESULT_SUCCESS, device.IsSpaceLocked(index, &write_lock, &read_lock)); EXPECT_FALSE(write_lock); EXPECT_TRUE(read_lock); EXPECT_EQ(NV_RESULT_OPERATION_DISABLED, device.ReadSpace(index, 4, kNoAuth, &data)); EXPECT_EQ(NV_RESULT_SUCCESS, device.WriteSpace(index, "test2", kNoAuth)); } TEST(NVRAMModuleTest, WriteAuthorization) { uint32_t index = kTestIndex1; std::string password = "hunter2"; SafeScopedNvramDevice device; ScopedNvramSpace space(&device, index, 32, {NV_CONTROL_WRITE_AUTHORIZATION}, password); EXPECT_EQ(NV_RESULT_SUCCESS, device.WriteSpace(index, "test", password)); EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.WriteSpace(index, "test2", kNoAuth)); EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.WriteSpace(index, "test3", "bad_password")); EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.DeleteSpace(index, kNoAuth)); EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.DeleteSpace(index, "bad")); std::string data; EXPECT_EQ(NV_RESULT_SUCCESS, device.ReadSpace(index, 4, kNoAuth, &data)); EXPECT_EQ("test", data); EXPECT_EQ(NV_RESULT_SUCCESS, device.ReadSpace(index, 4, password, &data)); } TEST(NVRAMModuleTest, ReadAuthorization) { uint32_t index = kTestIndex1; std::string password = "hunter2"; SafeScopedNvramDevice device; ScopedNvramSpace space(&device, index, 32, {NV_CONTROL_READ_AUTHORIZATION}, password); ASSERT_EQ(NV_RESULT_SUCCESS, device.WriteSpace(index, "test", password)); EXPECT_EQ(NV_RESULT_SUCCESS, device.WriteSpace(index, "test2", kNoAuth)); std::string data; EXPECT_EQ(NV_RESULT_SUCCESS, device.ReadSpace(index, 4, password, &data)); EXPECT_EQ("test", data); EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.ReadSpace(index, 4, kNoAuth, &data)); EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.ReadSpace(index, 4, "bad_password", &data)); } TEST(NVRAMModuleTest, WriteLockAuthorization) { SafeScopedNvramDevice device; uint32_t index; ASSERT_TRUE(GetNextBurnSpace(&device, &index)); ASSERT_EQ(NV_RESULT_SUCCESS, device.CreateSpace(index, 32, {NV_CONTROL_BOOT_WRITE_LOCK, NV_CONTROL_BOOT_READ_LOCK, NV_CONTROL_WRITE_AUTHORIZATION}, kBurnSpaceAuth)); EXPECT_EQ(NV_RESULT_SUCCESS, device.EnableReadLock(index, kNoAuth)); EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.EnableWriteLock(index, kNoAuth)); EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.EnableWriteLock(index, "bad")); EXPECT_EQ(NV_RESULT_SUCCESS, device.EnableWriteLock(index, kBurnSpaceAuth)); } TEST(NVRAMModuleTest, ReadLockAuthorization) { uint32_t index = kTestIndex1; std::string password = "hunter2"; SafeScopedNvramDevice device; ScopedNvramSpace space(&device, index, 32, {NV_CONTROL_BOOT_WRITE_LOCK, NV_CONTROL_BOOT_READ_LOCK, NV_CONTROL_READ_AUTHORIZATION}, password); EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.EnableReadLock(index, kNoAuth)); EXPECT_EQ(NV_RESULT_ACCESS_DENIED, device.EnableReadLock(index, "bad")); EXPECT_EQ(NV_RESULT_SUCCESS, device.EnableReadLock(index, password)); } TEST(NVRAMModuleTest, WriteExtend) { uint32_t index = kTestIndex1; SafeScopedNvramDevice device; ScopedNvramSpace space(&device, index, 32, {NV_CONTROL_WRITE_EXTEND}); ASSERT_EQ(NV_RESULT_SUCCESS, device.WriteSpace(index, "test", kNoAuth)); std::string data; EXPECT_EQ(NV_RESULT_SUCCESS, device.ReadSpace(index, 32, kNoAuth, &data)); std::string hash1 = SHA256HashString(std::string(32, 0) + "test"); EXPECT_EQ(hash1, data); EXPECT_EQ(NV_RESULT_SUCCESS, device.WriteSpace(index, "test2", kNoAuth)); EXPECT_EQ(NV_RESULT_SUCCESS, device.ReadSpace(index, 32, kNoAuth, &data)); std::string hash2 = SHA256HashString(hash1 + "test2"); EXPECT_EQ(hash2, data); } TEST(NVRAMModuleTest, WriteExtendTooShort) { uint32_t index = kTestIndex1; SafeScopedNvramDevice device; // Only SHA-256 is supported. Try 20 which is SHA-1 output. EXPECT_EQ( NV_RESULT_INVALID_PARAMETER, device.CreateSpace(index, 20, {NV_CONTROL_WRITE_EXTEND}, kNoAuth)); EXPECT_EQ(NV_RESULT_SPACE_DOES_NOT_EXIST, device.WriteSpace(index, "test", kNoAuth)); } TEST(NVRAMModuleTest, WriteExtendTooLong) { uint32_t index = kTestIndex1; SafeScopedNvramDevice device; uint64_t max_space_size = 0; ASSERT_EQ(NV_RESULT_SUCCESS, device.GetMaxSpaceSizeInBytes(&max_space_size)); if (max_space_size > 32) { // Only SHA-256 is supported. Try 64 which is SHA-512 output. EXPECT_EQ(NV_RESULT_INVALID_PARAMETER, device.CreateSpace(index, std::min(max_space_size, 64), {NV_CONTROL_WRITE_EXTEND}, kNoAuth)); EXPECT_EQ(NV_RESULT_SPACE_DOES_NOT_EXIST, device.WriteSpace(index, "test", kNoAuth)); } } TEST(NVRAMModuleTest, InitialValue) { uint32_t index = kTestIndex1; SafeScopedNvramDevice device; ScopedNvramSpace space(&device, index, 32); std::string data; ASSERT_EQ(NV_RESULT_SUCCESS, device.ReadSpace(index, 32, kNoAuth, &data)); EXPECT_EQ(std::string(32, 0), data); } TEST(NVRAMModuleTest, ReadWriteSpaceDoesNotExist) { uint32_t index = kTestIndexNeverExists; SafeScopedNvramDevice device; EXPECT_EQ(NV_RESULT_SPACE_DOES_NOT_EXIST, device.WriteSpace(index, "test", kNoAuth)); std::string data; EXPECT_EQ(NV_RESULT_SPACE_DOES_NOT_EXIST, device.ReadSpace(index, 1, kNoAuth, &data)); EXPECT_EQ(NV_RESULT_SPACE_DOES_NOT_EXIST, device.EnableWriteLock(index, kNoAuth)); EXPECT_EQ(NV_RESULT_SPACE_DOES_NOT_EXIST, device.EnableReadLock(index, kNoAuth)); } } // namespace nvram