From patchwork Thu Oct 25 09:29:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 988982 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=softathome.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42ghl71bmmz9sBk for ; Thu, 25 Oct 2018 20:33:39 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id C9DFEC21F1B; Thu, 25 Oct 2018 09:31:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 6EDC9C21F2A; Thu, 25 Oct 2018 09:29:51 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 4AE66C21EE4; Thu, 25 Oct 2018 09:29:46 +0000 (UTC) Received: from vrout30.yaziba.net (vrout30.yaziba.net [185.56.204.33]) by lists.denx.de (Postfix) with ESMTPS id E9B13C21F1B for ; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from mtaout20.int.yaziba.net (mtaout20.int.yaziba.net [10.4.20.37]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by vrout30.yaziba.net (mx10.yaziba.net) with ESMTPS id 350E452011; Thu, 25 Oct 2018 11:29:45 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mtaout20.int.yaziba.net (Postfix) with ESMTP id D019F1604DE; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at mtaout20.int.yaziba.net Received: from mtaout20.int.yaziba.net ([127.0.0.1]) by localhost (mtaout20.int.yaziba.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Rtb0f1Za_Fjo; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) Received: from sahnlpt0333.softathome.com (unknown [149.6.166.170]) by mtaout20.int.yaziba.net (Postfix) with ESMTPSA id 8B06216020E; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, michal.simek@xilinx.com, joe.hershberger@ni.com, marex@denx.de, yamada.masahiro@socionext.com, aford173@gmail.com, woods.technical@gmail.com, teddy.reed@gmail.com, jun.nie@linaro.org, peron.clem@gmail.com, peng.fan@nxp.com, keguang.zhang@gmail.com, andre.przywara@arm.com, philipp.tomsich@theobroma-systems.com, bin.chen@linaro.org, jsg@jsg.id.au, nomble@palism.com, swarren@nvidia.com, paul.burton@mips.com, alex.kiernan@gmail.com Date: Thu, 25 Oct 2018 11:29:36 +0200 Message-Id: <1540459776-1935-6-git-send-email-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> References: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> X-DRWEB-SCAN: ok X-CLAMAV-SCAN: ok X-VRSPAM-SCORE: 0 X-VRSPAM-STATE: legit X-VRSPAM-CAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrgeelgdduiecutefuodetggdotefrucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhestddtredtredttdenucfhrhhomheprfhhihhlihhpphgvucftvgihnhgvshcuoehphhhilhhiphhpvgdrrhgvhihnvghssehsohhfthgrthhhohhmvgdrtghomheqnecukfhppedugeelrdeirdduieeirddujedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhht X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH V2 6/6] test: vboot: add padding pss for rsa signature X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- test/py/tests/test_vboot.py | 10 +++--- test/py/tests/vboot/sign-configs-sha1-pss.its | 46 +++++++++++++++++++++++++ test/py/tests/vboot/sign-configs-sha256-pss.its | 46 +++++++++++++++++++++++++ test/py/tests/vboot/sign-images-sha1-pss.its | 44 +++++++++++++++++++++++ test/py/tests/vboot/sign-images-sha256-pss.its | 44 +++++++++++++++++++++++ 5 files changed, 186 insertions(+), 4 deletions(-) create mode 100644 test/py/tests/vboot/sign-configs-sha1-pss.its create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss.its create mode 100644 test/py/tests/vboot/sign-images-sha1-pss.its create mode 100644 test/py/tests/vboot/sign-images-sha256-pss.its Changelog: v2: - new patch in the serie - add vboot for pss padding (thanks Simon Glass) diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py index e9cbd57..f427c69 100644 --- a/test/py/tests/test_vboot.py +++ b/test/py/tests/test_vboot.py @@ -126,7 +126,7 @@ def test_vboot(u_boot_console): handle.write(struct.pack(">I", size)) return struct.unpack(">I", total_size)[0] - def test_with_algo(sha_algo): + def test_with_algo(sha_algo, padding): """Test verified boot with the given hash algorithm. This is the main part of the test code. The same procedure is followed @@ -144,7 +144,7 @@ def test_vboot(u_boot_console): # Build the FIT, but don't sign anything yet cons.log.action('%s: Test FIT with signed images' % sha_algo) - make_fit('sign-images-%s.its' % sha_algo) + make_fit('sign-images-%s%s.its' % (sha_algo , padding)) run_bootm(sha_algo, 'unsigned images', 'dev-', True) # Sign images with our dev keys @@ -226,8 +226,10 @@ def test_vboot(u_boot_console): # afterwards. old_dtb = cons.config.dtb cons.config.dtb = dtb - test_with_algo('sha1') - test_with_algo('sha256') + test_with_algo('sha1','') + test_with_algo('sha1','-pss') + test_with_algo('sha256','') + test_with_algo('sha256','-pss') finally: # Go back to the original U-Boot with the correct dtb. cons.config.dtb = old_dtb diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its new file mode 100644 index 0000000..3c3ab20 --- /dev/null +++ b/test/py/tests/vboot/sign-configs-sha1-pss.its @@ -0,0 +1,46 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + hash@1 { + algo = "sha1"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + hash@1 { + algo = "sha1"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + sign-images = "fdt", "kernel"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its new file mode 100644 index 0000000..8e33510 --- /dev/null +++ b/test/py/tests/vboot/sign-configs-sha256-pss.its @@ -0,0 +1,46 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + hash@1 { + algo = "sha256"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + hash@1 { + algo = "sha256"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + sign-images = "fdt", "kernel"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its new file mode 100644 index 0000000..d19c4d7 --- /dev/null +++ b/test/py/tests/vboot/sign-images-sha1-pss.its @@ -0,0 +1,44 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its new file mode 100644 index 0000000..43612f8 --- /dev/null +++ b/test/py/tests/vboot/sign-images-sha256-pss.its @@ -0,0 +1,44 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + }; + }; +};