Message ID | 20230710092554.90443-4-christian.taedcke-oss@weidmueller.com |
---|---|
State | Superseded |
Delegated to: | Simon Glass |
Headers | show |
Series | binman: Add support for externally encrypted blobs | expand |
Hi Christian, On Mon, 10 Jul 2023 at 03:26, <christian.taedcke-oss@weidmueller.com> wrote: > > From: Christian Taedcke <christian.taedcke@weidmueller.com> > > Add tests to reach 100% code coverage for the added etype encrypted. > > Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com> > --- > > Changes in v4: > - fix failing test testEncryptedKeyFile > > Changes in v3: > - rebase on u-boot-dm/mkim-working > - remove unnecessary test testEncryptedNoContent > - wrap some lines at 80 cols > > Changes in v2: > - adapt tests for changed entry implementation > > tools/binman/ftest.py | 53 +++++++++++++++++++ > tools/binman/test/291_encrypted_no_algo.dts | 19 +++++++ > .../test/292_encrypted_invalid_iv_file.dts | 23 ++++++++ > .../binman/test/293_encrypted_missing_key.dts | 28 ++++++++++ > .../binman/test/294_encrypted_key_source.dts | 29 ++++++++++ > tools/binman/test/295_encrypted_key_file.dts | 29 ++++++++++ > 6 files changed, 181 insertions(+) > create mode 100644 tools/binman/test/291_encrypted_no_algo.dts > create mode 100644 tools/binman/test/292_encrypted_invalid_iv_file.dts > create mode 100644 tools/binman/test/293_encrypted_missing_key.dts > create mode 100644 tools/binman/test/294_encrypted_key_source.dts > create mode 100644 tools/binman/test/295_encrypted_key_file.dts nit below: Reviewed-by: Simon Glass <sjg@chromium.org> > > diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py > index e53181afb7..c1ace9a401 100644 > --- a/tools/binman/ftest.py > +++ b/tools/binman/ftest.py > @@ -94,6 +94,8 @@ ROCKCHIP_TPL_DATA = b'rockchip-tpl' > TEST_FDT1_DATA = b'fdt1' > TEST_FDT2_DATA = b'test-fdt2' > ENV_DATA = b'var1=1\nvar2="2"' > +ENCRYPTED_IV_DATA = b'123456' > +ENCRYPTED_KEY_DATA = b'abcde' > PRE_LOAD_MAGIC = b'UBSH' > PRE_LOAD_VERSION = 0x11223344.to_bytes(4, 'big') > PRE_LOAD_HDR_SIZE = 0x00001000.to_bytes(4, 'big') > @@ -226,6 +228,10 @@ class TestFunctional(unittest.TestCase): > # Newer OP_TEE file in v1 binary format > cls.make_tee_bin('tee.bin') > > + # test files for encrypted tests > + TestFunctional._MakeInputFile('encrypted-file.iv', ENCRYPTED_IV_DATA) > + TestFunctional._MakeInputFile('encrypted-file.key', ENCRYPTED_KEY_DATA) > + > cls.comp_bintools = {} > for name in COMP_BINTOOLS: > cls.comp_bintools[name] = bintool.Bintool.create(name) > @@ -6884,6 +6890,53 @@ fdt fdtmap Extract the devicetree blob from the fdtmap > # Move to next > spl_data = content[:0x18] > > + def testEncryptedNoAlgo(self): > + with self.assertRaises(ValueError) as e: > + self._DoReadFileDtb('291_encrypted_no_algo.dts') > + self.assertIn( > + "Node '/binman/fit/images/u-boot/encrypted': 'encrypted' entry is missing properties: algo iv-filename", > + str(e.exception)) > + > + def testEncryptedInvalidIvfile(self): Please can you add a one-line comment to all of these function? > + with self.assertRaises(ValueError) as e: > + self._DoReadFileDtb('292_encrypted_invalid_iv_file.dts') > + self.assertIn("Filename 'invalid-iv-file' not found in input path", > + str(e.exception)) > + > + def testEncryptedMissingKey(self): > + with self.assertRaises(ValueError) as e: > + self._DoReadFileDtb('293_encrypted_missing_key.dts') > + self.assertIn( > + "Node '/binman/fit/images/u-boot/encrypted': Provide either 'key-filename' or 'key-source'", > + str(e.exception)) > + > + def testEncryptedKeySource(self): > + data = self._DoReadFileDtb('294_encrypted_key_source.dts')[0] > + > + dtb = fdt.Fdt.FromData(data) > + dtb.Scan() > + > + node = dtb.GetNode('/images/u-boot/cipher') > + self.assertEqual('algo-name', node.props['algo'].value) > + self.assertEqual('key-source-value', node.props['key-source'].value) > + self.assertEqual(ENCRYPTED_IV_DATA, > + tools.to_bytes(''.join(node.props['iv'].value))) > + self.assertNotIn('key', node.props) > + > + def testEncryptedKeyFile(self): > + data = self._DoReadFileDtb('295_encrypted_key_file.dts')[0] > + > + dtb = fdt.Fdt.FromData(data) > + dtb.Scan() > + > + node = dtb.GetNode('/images/u-boot/cipher') > + self.assertEqual('algo-name', node.props['algo'].value) > + self.assertEqual(ENCRYPTED_IV_DATA, > + tools.to_bytes(''.join(node.props['iv'].value))) > + self.assertEqual(ENCRYPTED_KEY_DATA, > + tools.to_bytes(''.join(node.props['key'].value))) > + self.assertNotIn('key-source', node.props) > + > [..] Regards, Simon
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index e53181afb7..c1ace9a401 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -94,6 +94,8 @@ ROCKCHIP_TPL_DATA = b'rockchip-tpl' TEST_FDT1_DATA = b'fdt1' TEST_FDT2_DATA = b'test-fdt2' ENV_DATA = b'var1=1\nvar2="2"' +ENCRYPTED_IV_DATA = b'123456' +ENCRYPTED_KEY_DATA = b'abcde' PRE_LOAD_MAGIC = b'UBSH' PRE_LOAD_VERSION = 0x11223344.to_bytes(4, 'big') PRE_LOAD_HDR_SIZE = 0x00001000.to_bytes(4, 'big') @@ -226,6 +228,10 @@ class TestFunctional(unittest.TestCase): # Newer OP_TEE file in v1 binary format cls.make_tee_bin('tee.bin') + # test files for encrypted tests + TestFunctional._MakeInputFile('encrypted-file.iv', ENCRYPTED_IV_DATA) + TestFunctional._MakeInputFile('encrypted-file.key', ENCRYPTED_KEY_DATA) + cls.comp_bintools = {} for name in COMP_BINTOOLS: cls.comp_bintools[name] = bintool.Bintool.create(name) @@ -6884,6 +6890,53 @@ fdt fdtmap Extract the devicetree blob from the fdtmap # Move to next spl_data = content[:0x18] + def testEncryptedNoAlgo(self): + with self.assertRaises(ValueError) as e: + self._DoReadFileDtb('291_encrypted_no_algo.dts') + self.assertIn( + "Node '/binman/fit/images/u-boot/encrypted': 'encrypted' entry is missing properties: algo iv-filename", + str(e.exception)) + + def testEncryptedInvalidIvfile(self): + with self.assertRaises(ValueError) as e: + self._DoReadFileDtb('292_encrypted_invalid_iv_file.dts') + self.assertIn("Filename 'invalid-iv-file' not found in input path", + str(e.exception)) + + def testEncryptedMissingKey(self): + with self.assertRaises(ValueError) as e: + self._DoReadFileDtb('293_encrypted_missing_key.dts') + self.assertIn( + "Node '/binman/fit/images/u-boot/encrypted': Provide either 'key-filename' or 'key-source'", + str(e.exception)) + + def testEncryptedKeySource(self): + data = self._DoReadFileDtb('294_encrypted_key_source.dts')[0] + + dtb = fdt.Fdt.FromData(data) + dtb.Scan() + + node = dtb.GetNode('/images/u-boot/cipher') + self.assertEqual('algo-name', node.props['algo'].value) + self.assertEqual('key-source-value', node.props['key-source'].value) + self.assertEqual(ENCRYPTED_IV_DATA, + tools.to_bytes(''.join(node.props['iv'].value))) + self.assertNotIn('key', node.props) + + def testEncryptedKeyFile(self): + data = self._DoReadFileDtb('295_encrypted_key_file.dts')[0] + + dtb = fdt.Fdt.FromData(data) + dtb.Scan() + + node = dtb.GetNode('/images/u-boot/cipher') + self.assertEqual('algo-name', node.props['algo'].value) + self.assertEqual(ENCRYPTED_IV_DATA, + tools.to_bytes(''.join(node.props['iv'].value))) + self.assertEqual(ENCRYPTED_KEY_DATA, + tools.to_bytes(''.join(node.props['key'].value))) + self.assertNotIn('key-source', node.props) + if __name__ == "__main__": unittest.main() diff --git a/tools/binman/test/291_encrypted_no_algo.dts b/tools/binman/test/291_encrypted_no_algo.dts new file mode 100644 index 0000000000..71975c0116 --- /dev/null +++ b/tools/binman/test/291_encrypted_no_algo.dts @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: GPL-2.0+ +/dts-v1/; + +/ { + binman { + fit { + images { + u-boot { + encrypted { + content = <&data>; + }; + + data: data { + }; + }; + }; + }; + }; +}; diff --git a/tools/binman/test/292_encrypted_invalid_iv_file.dts b/tools/binman/test/292_encrypted_invalid_iv_file.dts new file mode 100644 index 0000000000..1764d5e503 --- /dev/null +++ b/tools/binman/test/292_encrypted_invalid_iv_file.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ +/dts-v1/; + +/ { + binman { + fit { + images { + u-boot { + blob: blob { + filename = "blobfile"; + }; + + encrypted { + content = <&blob>; + algo = "some-algo"; + key-source = "key"; + iv-filename = "invalid-iv-file"; + }; + }; + }; + }; + }; +}; diff --git a/tools/binman/test/293_encrypted_missing_key.dts b/tools/binman/test/293_encrypted_missing_key.dts new file mode 100644 index 0000000000..9d342d6f45 --- /dev/null +++ b/tools/binman/test/293_encrypted_missing_key.dts @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + fit { + description = "test desc"; + + images { + u-boot { + blob: blob { + filename = "blobfile"; + }; + + encrypted { + content = <&blob>; + algo = "algo-name"; + iv-filename = "encrypted-file.iv"; + }; + }; + }; + }; + }; +}; diff --git a/tools/binman/test/294_encrypted_key_source.dts b/tools/binman/test/294_encrypted_key_source.dts new file mode 100644 index 0000000000..d2529b9c3a --- /dev/null +++ b/tools/binman/test/294_encrypted_key_source.dts @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + fit { + description = "test desc"; + + images { + u-boot { + blob: blob { + filename = "blobfile"; + }; + + encrypted { + content = <&blob>; + algo = "algo-name"; + key-source = "key-source-value"; + iv-filename = "encrypted-file.iv"; + }; + }; + }; + }; + }; +}; diff --git a/tools/binman/test/295_encrypted_key_file.dts b/tools/binman/test/295_encrypted_key_file.dts new file mode 100644 index 0000000000..71f1ab47b1 --- /dev/null +++ b/tools/binman/test/295_encrypted_key_file.dts @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + fit { + description = "test desc"; + + images { + u-boot { + blob: blob { + filename = "blobfile"; + }; + + encrypted { + content = <&blob>; + algo = "algo-name"; + iv-filename = "encrypted-file.iv"; + key-filename = "encrypted-file.key"; + }; + }; + }; + }; + }; +};