[v6,3/3] binman: Add tests for etype encrypted

Message ID	20230717070554.5544-4-christian.taedcke-oss@weidmueller.com
State	Accepted
Delegated to:	Simon Glass
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: christian.taedcke-oss@weidmueller.com To: u-boot@lists.denx.de Cc: Christian Taedcke <christian.taedcke@weidmueller.com>, Alper Nebi Yasak <alpernebiyasak@gmail.com>, Simon Glass <sjg@chromium.org> Subject: [PATCH v6 3/3] binman: Add tests for etype encrypted Date: Mon, 17 Jul 2023 09:05:54 +0200 Message-Id: <20230717070554.5544-4-christian.taedcke-oss@weidmueller.com> In-Reply-To: <20230717070554.5544-1-christian.taedcke-oss@weidmueller.com> References: <20230717070554.5544-1-christian.taedcke-oss@weidmueller.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	binman: Add support for externally encrypted blobs \| expand [v6,0/3] binman: Add support for externally encrypted blobs [v6,1/3] binman: Add support for externally encrypted blobs [v6,2/3] binman: Allow cipher node as special section [v6,3/3] binman: Add tests for etype encrypted

Message ID

20230717070554.5544-4-christian.taedcke-oss@weidmueller.com

State

Accepted

Delegated to:

Simon Glass

Headers

From: christian.taedcke-oss@weidmueller.com
To: u-boot@lists.denx.de
Cc: Christian Taedcke <christian.taedcke@weidmueller.com>,
 Alper Nebi Yasak <alpernebiyasak@gmail.com>, Simon Glass <sjg@chromium.org>
Subject: [PATCH v6 3/3] binman: Add tests for etype encrypted
Date: Mon, 17 Jul 2023 09:05:54 +0200
Message-Id: <20230717070554.5544-4-christian.taedcke-oss@weidmueller.com>
In-Reply-To: <20230717070554.5544-1-christian.taedcke-oss@weidmueller.com>
References: <20230717070554.5544-1-christian.taedcke-oss@weidmueller.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 MK+0vC/C+AbjygE8+b0gYZilNBYzodhGYiSdG1tp61x53DP1yzTMEZf7QaEAqNOZMPOShDcjFeDnJfiJ+IK6Sd1X4k+sdVXqaGA3SDSQ+bE+h9tlSYka8Ob+HbRk/DBlIDhcy+SHjUUliPaQheN2Xc0M8wjVDfDOxfhzBfl0u5zx65WZkW0X0WL19qM0O6yZmqGio8HW61m38pbzr8aNIdihwkmzEZ75oAI8+JLGbExUAWq17UQfDn7yWus/F5FiDaizyL9pK4Es7XJtz3DZ+WPgOiblXKXEx3GPyXXwtOckJr0prmYRSXRf+lAYPbfAwp7c/LwNKm6s3xBgWfjhsV2oTq4FLrH2ZGGmAZyXNqlq7Gtr2RwqizzAbfYSgHXWXluT4FDlRygzzlKTspnqKMfNZqtJCf0+ydAV9e7WaZwdSvNwKNCVLOPos2ypxiFstvSBMLBzvs9xE0R4EsbRX8DNBqSsEh0slUy8kK25qVzND/7E03Kl6b8hoLygNTdmPSE/8L9IR0CyaCm35j4+iXgJjQlrhVpnyGU1KNlDBfvJ9Nuu+VK5y0chhkLpM4olFgUwUpJb3JeAd8KGNZZwag3XKbfWzsNs4bXgcw2+I3tua+n1mSh8a9hwMmvQ505ct2eo9dwVvak6cR2vTqZAEDpbMGowgkTbeEZ95bMYc8ACNIFksZqwxUihe9XYXuOgCu38b4RFOYmBwZF/S922elKI5wJ8VgxuA7B+JPtJ9h58p7w5rTfnw2E2m8iTvZU0jyaOaDD7eZBv65TaI6xneziCVYR/8zFXy5GAyLtR0rgH9nd4sSOiMHf5LiLjAGCgSXnZf6zO4V1vyngb5mN0oQMpdGP2UUzcBz9yS/wWV1ZEVjhYDmrno+zH9CA8tGVT0tyuhL7RE8uA+/aW1x7VD0g7owe/utBCxabJ6e7llZJFUobLJjRXfmQ5dNGmPnWg+HAouWYmwmx1zWTJjOAcmBxqxevh/Re0ZKoS0Bi3VyrenbivwzdoEoTUMOn8lA4QbtxOHZOhblGYHhMEFYGCMre/2hLS5SxQ7S82v0dGpbPESLbPUQUVQ8alwQmgyz91+VL7fATLqAeboemR2r1nkUNsHBMTSu6nYT4AsbHGEy324d8qnrS/dUylG8ZZ0mICkoPH3ik1l2RPk/szq6a1Ds5hDFLbcXCFhlgWzXKiFlzACAT991XxKOI+UyudclkmOHDi32iAbMGp/VIup8VUHv7En/MlK/jxWXrc3vqmcy3sXW0eAv7m7aUOYWmUgmbngRpcCdW+Zmov77fqq1VExWIqOfDAyvUF0H937w4cotKuRHontzSJ+Gebz+hR0EonktQmHafMEENMZuiwwxjjshyiSUxyGrexapNxfy+AJn1QpRavjHxKedV+wdkJ0JRd/hT62W13+3eL2KMCimkJyBMPIuNJXce+4VTYxzME7o9yoI51+nEQ1/F8T+0Kv+ax9b/AySWu5Xx8wYGF273CptqHJwBzKW5eThMhUe3ETzWgLzAvcgpsqlhNhEDW3pnP1XmLs0dsQGTOeg4RRzpX7NOR/lG7+y1jv8NEV/DF0+3Bgqq1Njr2OcKYOkv9AvRIGbm0yGSmZvZqjENjwzCLb6QEMj1d5aj5DsuWnrBUP7g=
X-OriginatorOrg: weidmueller.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 c9c603f2-192e-4772-635f-08db86944b50
X-MS-Exchange-CrossTenant-AuthSource: AM0PR08MB4946.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2023 07:06:08.0775 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: e4289438-1c5f-4c95-a51a-ee553b8b18ec
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 SDFwcn5dl8uIDpJbhHBnvSKKVvJFpg8wl+GHfdy5HL32VOSRPHBNG9AW3WSmg4YTsEyerQzi7/krLWk0han8VsjXICiJjjgFIOsaHv0+WfWytwrzD3MwW4RFYOTGUSIL
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR08MB9121
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

Series

binman: Add support for externally encrypted blobs | expand

Commit Message

Taedcke, Christian July 17, 2023, 7:05 a.m. UTC

From: Christian Taedcke <christian.taedcke@weidmueller.com>

Add tests to reach 100% code coverage for the added etype encrypted.

Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
---

(no changes since v5)

Changes in v5:
- add comments to test functions

Changes in v4:
- fix failing test testEncryptedKeyFile

Changes in v3:
- rebase on u-boot-dm/mkim-working
- remove unnecessary test testEncryptedNoContent
- wrap some lines at 80 cols

Changes in v2:
- adapt tests for changed entry implementation

 tools/binman/ftest.py                         | 58 +++++++++++++++++++
 tools/binman/test/291_encrypted_no_algo.dts   | 15 +++++
 .../test/292_encrypted_invalid_iv_file.dts    | 18 ++++++
 .../binman/test/293_encrypted_missing_key.dts | 23 ++++++++
 .../binman/test/294_encrypted_key_source.dts  | 24 ++++++++
 tools/binman/test/295_encrypted_key_file.dts  | 24 ++++++++
 6 files changed, 162 insertions(+)
 create mode 100644 tools/binman/test/291_encrypted_no_algo.dts
 create mode 100644 tools/binman/test/292_encrypted_invalid_iv_file.dts
 create mode 100644 tools/binman/test/293_encrypted_missing_key.dts
 create mode 100644 tools/binman/test/294_encrypted_key_source.dts
 create mode 100644 tools/binman/test/295_encrypted_key_file.dts

Comments

Simon Glass July 19, 2023, 1:08 a.m. UTC | #1

On Mon, 17 Jul 2023 at 01:06, <christian.taedcke-oss@weidmueller.com> wrote:
>
> From: Christian Taedcke <christian.taedcke@weidmueller.com>
>
> Add tests to reach 100% code coverage for the added etype encrypted.
>
> Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
> ---
>
> (no changes since v5)
>
> Changes in v5:
> - add comments to test functions
>
> Changes in v4:
> - fix failing test testEncryptedKeyFile
>
> Changes in v3:
> - rebase on u-boot-dm/mkim-working
> - remove unnecessary test testEncryptedNoContent
> - wrap some lines at 80 cols
>
> Changes in v2:
> - adapt tests for changed entry implementation
>
>  tools/binman/ftest.py                         | 58 +++++++++++++++++++
>  tools/binman/test/291_encrypted_no_algo.dts   | 15 +++++
>  .../test/292_encrypted_invalid_iv_file.dts    | 18 ++++++
>  .../binman/test/293_encrypted_missing_key.dts | 23 ++++++++
>  .../binman/test/294_encrypted_key_source.dts  | 24 ++++++++
>  tools/binman/test/295_encrypted_key_file.dts  | 24 ++++++++
>  6 files changed, 162 insertions(+)
>  create mode 100644 tools/binman/test/291_encrypted_no_algo.dts
>  create mode 100644 tools/binman/test/292_encrypted_invalid_iv_file.dts
>  create mode 100644 tools/binman/test/293_encrypted_missing_key.dts
>  create mode 100644 tools/binman/test/294_encrypted_key_source.dts
>  create mode 100644 tools/binman/test/295_encrypted_key_file.dts

Reviewed-by: Simon Glass <sjg@chromium.org>

Simon Glass July 24, 2023, 6:46 p.m. UTC | #2

On Mon, 17 Jul 2023 at 01:06, <christian.taedcke-oss@weidmueller.com> wrote:
>
> From: Christian Taedcke <christian.taedcke@weidmueller.com>
>
> Add tests to reach 100% code coverage for the added etype encrypted.
>
> Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
> ---
>
> (no changes since v5)
>
> Changes in v5:
> - add comments to test functions
>
> Changes in v4:
> - fix failing test testEncryptedKeyFile
>
> Changes in v3:
> - rebase on u-boot-dm/mkim-working
> - remove unnecessary test testEncryptedNoContent
> - wrap some lines at 80 cols
>
> Changes in v2:
> - adapt tests for changed entry implementation
>
>  tools/binman/ftest.py                         | 58 +++++++++++++++++++
>  tools/binman/test/291_encrypted_no_algo.dts   | 15 +++++
>  .../test/292_encrypted_invalid_iv_file.dts    | 18 ++++++
>  .../binman/test/293_encrypted_missing_key.dts | 23 ++++++++
>  .../binman/test/294_encrypted_key_source.dts  | 24 ++++++++
>  tools/binman/test/295_encrypted_key_file.dts  | 24 ++++++++
>  6 files changed, 162 insertions(+)
>  create mode 100644 tools/binman/test/291_encrypted_no_algo.dts
>  create mode 100644 tools/binman/test/292_encrypted_invalid_iv_file.dts
>  create mode 100644 tools/binman/test/293_encrypted_missing_key.dts
>  create mode 100644 tools/binman/test/294_encrypted_key_source.dts
>  create mode 100644 tools/binman/test/295_encrypted_key_file.dts

Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot-dm, thanks!

diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index e53181afb7..f1757ec21f 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -94,6 +94,8 @@  ROCKCHIP_TPL_DATA     = b'rockchip-tpl'
 TEST_FDT1_DATA        = b'fdt1'
 TEST_FDT2_DATA        = b'test-fdt2'
 ENV_DATA              = b'var1=1\nvar2="2"'
+ENCRYPTED_IV_DATA     = b'123456'
+ENCRYPTED_KEY_DATA    = b'abcde'
 PRE_LOAD_MAGIC        = b'UBSH'
 PRE_LOAD_VERSION      = 0x11223344.to_bytes(4, 'big')
 PRE_LOAD_HDR_SIZE     = 0x00001000.to_bytes(4, 'big')
@@ -226,6 +228,10 @@  class TestFunctional(unittest.TestCase):
         # Newer OP_TEE file in v1 binary format
         cls.make_tee_bin('tee.bin')
 
+        # test files for encrypted tests
+        TestFunctional._MakeInputFile('encrypted-file.iv', ENCRYPTED_IV_DATA)
+        TestFunctional._MakeInputFile('encrypted-file.key', ENCRYPTED_KEY_DATA)
+
         cls.comp_bintools = {}
         for name in COMP_BINTOOLS:
             cls.comp_bintools[name] = bintool.Bintool.create(name)
@@ -6884,6 +6890,58 @@  fdt         fdtmap                Extract the devicetree blob from the fdtmap
             # Move to next
             spl_data = content[:0x18]
 
+    def testEncryptedNoAlgo(self):
+        """Test encrypted node with missing required properties"""
+        with self.assertRaises(ValueError) as e:
+            self._DoReadFileDtb('291_encrypted_no_algo.dts')
+        self.assertIn(
+            "Node '/binman/fit/images/u-boot/encrypted': 'encrypted' entry is missing properties: algo iv-filename",
+            str(e.exception))
+
+    def testEncryptedInvalidIvfile(self):
+        """Test encrypted node with invalid iv file"""
+        with self.assertRaises(ValueError) as e:
+            self._DoReadFileDtb('292_encrypted_invalid_iv_file.dts')
+        self.assertIn("Filename 'invalid-iv-file' not found in input path",
+                      str(e.exception))
+
+    def testEncryptedMissingKey(self):
+        """Test encrypted node with missing key properties"""
+        with self.assertRaises(ValueError) as e:
+            self._DoReadFileDtb('293_encrypted_missing_key.dts')
+        self.assertIn(
+            "Node '/binman/fit/images/u-boot/encrypted': Provide either 'key-filename' or 'key-source'",
+            str(e.exception))
+
+    def testEncryptedKeySource(self):
+        """Test encrypted node with key-source property"""
+        data = self._DoReadFileDtb('294_encrypted_key_source.dts')[0]
+
+        dtb = fdt.Fdt.FromData(data)
+        dtb.Scan()
+
+        node = dtb.GetNode('/images/u-boot/cipher')
+        self.assertEqual('algo-name', node.props['algo'].value)
+        self.assertEqual('key-source-value', node.props['key-source'].value)
+        self.assertEqual(ENCRYPTED_IV_DATA,
+                         tools.to_bytes(''.join(node.props['iv'].value)))
+        self.assertNotIn('key', node.props)
+
+    def testEncryptedKeyFile(self):
+        """Test encrypted node with key-filename property"""
+        data = self._DoReadFileDtb('295_encrypted_key_file.dts')[0]
+
+        dtb = fdt.Fdt.FromData(data)
+        dtb.Scan()
+
+        node = dtb.GetNode('/images/u-boot/cipher')
+        self.assertEqual('algo-name', node.props['algo'].value)
+        self.assertEqual(ENCRYPTED_IV_DATA,
+                         tools.to_bytes(''.join(node.props['iv'].value)))
+        self.assertEqual(ENCRYPTED_KEY_DATA,
+                         tools.to_bytes(''.join(node.props['key'].value)))
+        self.assertNotIn('key-source', node.props)
+
 
 if __name__ == "__main__":
     unittest.main()
diff --git a/tools/binman/test/291_encrypted_no_algo.dts b/tools/binman/test/291_encrypted_no_algo.dts
new file mode 100644
index 0000000000..03f7ffee90
--- /dev/null
+++ b/tools/binman/test/291_encrypted_no_algo.dts
@@ -0,0 +1,15 @@ 
+// SPDX-License-Identifier: GPL-2.0+
+/dts-v1/;
+
+/ {
+	binman {
+		fit {
+			images {
+				u-boot {
+					encrypted {
+					};
+				};
+			};
+		};
+	};
+};
diff --git a/tools/binman/test/292_encrypted_invalid_iv_file.dts b/tools/binman/test/292_encrypted_invalid_iv_file.dts
new file mode 100644
index 0000000000..388a0a6ad9
--- /dev/null
+++ b/tools/binman/test/292_encrypted_invalid_iv_file.dts
@@ -0,0 +1,18 @@ 
+// SPDX-License-Identifier: GPL-2.0+
+/dts-v1/;
+
+/ {
+	binman {
+		fit {
+			images {
+				u-boot {
+					encrypted {
+						algo = "some-algo";
+						key-source = "key";
+						iv-filename = "invalid-iv-file";
+					};
+				};
+			};
+		};
+	};
+};
diff --git a/tools/binman/test/293_encrypted_missing_key.dts b/tools/binman/test/293_encrypted_missing_key.dts
new file mode 100644
index 0000000000..d1daaa0885
--- /dev/null
+++ b/tools/binman/test/293_encrypted_missing_key.dts
@@ -0,0 +1,23 @@ 
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+	#address-cells = <1>;
+	#size-cells = <1>;
+
+	binman {
+		fit {
+			description = "test desc";
+
+			images {
+				u-boot {
+					encrypted {
+						algo = "algo-name";
+						iv-filename = "encrypted-file.iv";
+					};
+				};
+			};
+		};
+	};
+};
diff --git a/tools/binman/test/294_encrypted_key_source.dts b/tools/binman/test/294_encrypted_key_source.dts
new file mode 100644
index 0000000000..884ec508db
--- /dev/null
+++ b/tools/binman/test/294_encrypted_key_source.dts
@@ -0,0 +1,24 @@ 
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+	#address-cells = <1>;
+	#size-cells = <1>;
+
+	binman {
+		fit {
+			description = "test desc";
+
+			images {
+				u-boot {
+					encrypted {
+						algo = "algo-name";
+						key-source = "key-source-value";
+						iv-filename = "encrypted-file.iv";
+					};
+				};
+			};
+		};
+	};
+};
diff --git a/tools/binman/test/295_encrypted_key_file.dts b/tools/binman/test/295_encrypted_key_file.dts
new file mode 100644
index 0000000000..efd7ee5f35
--- /dev/null
+++ b/tools/binman/test/295_encrypted_key_file.dts
@@ -0,0 +1,24 @@ 
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+	#address-cells = <1>;
+	#size-cells = <1>;
+
+	binman {
+		fit {
+			description = "test desc";
+
+			images {
+				u-boot {
+					encrypted {
+						algo = "algo-name";
+						iv-filename = "encrypted-file.iv";
+						key-filename = "encrypted-file.key";
+					};
+				};
+			};
+		};
+	};
+};

[v6,3/3] binman: Add tests for etype encrypted

Commit Message

Comments

Patch