Message ID | 20210415200509.2335046-7-mr.nuke.me@gmail.com |
---|---|
State | Superseded |
Delegated to: | Patrice Chotard |
Headers | show |
Series | nable ECDSA FIT verification for stm32mp | expand |
On Fri, 16 Apr 2021 at 08:07, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote: > > This test verifies that ECDSA_UCLASS is implemented, and that > ecdsa_verify() works as expected. The definition of "expected" is > "does not find a device, and returns -ENODEV". > > The lack of a hardware-independent ECDSA implementation prevents us > from having one in the sandbox, for now. > > Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> > --- > configs/sandbox_defconfig | 2 ++ > test/dm/Makefile | 1 + > test/dm/ecdsa.c | 38 ++++++++++++++++++++++++++++++++++++++ > 3 files changed, 41 insertions(+) > create mode 100644 test/dm/ecdsa.c Reviewed-by: Simon Glass <sjg@chromium.org> > > diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig > index c9318d4af5..4681a8c7a2 100644 > --- a/configs/sandbox_defconfig > +++ b/configs/sandbox_defconfig > @@ -285,3 +285,5 @@ CONFIG_TEST_FDTDEC=y > CONFIG_UNIT_TEST=y > CONFIG_UT_TIME=y > CONFIG_UT_DM=y > +CONFIG_ECDSA=y > +CONFIG_ECDSA_VERIFY=y > diff --git a/test/dm/Makefile b/test/dm/Makefile > index d54abb7341..65821d9db4 100644 > --- a/test/dm/Makefile > +++ b/test/dm/Makefile > @@ -29,6 +29,7 @@ obj-$(CONFIG_CLK) += clk.o clk_ccf.o > obj-$(CONFIG_CROS_EC) += cros_ec.o > obj-$(CONFIG_DEVRES) += devres.o > obj-$(CONFIG_VIDEO_MIPI_DSI) += dsi_host.o > +obj-$(CONFIG_ECDSA_VERIFY) += ecdsa.o > obj-$(CONFIG_DM_ETH) += eth.o > obj-$(CONFIG_FIRMWARE) += firmware.o > obj-$(CONFIG_DM_GPIO) += gpio.o > diff --git a/test/dm/ecdsa.c b/test/dm/ecdsa.c > new file mode 100644 > index 0000000000..23d57dd47f > --- /dev/null > +++ b/test/dm/ecdsa.c > @@ -0,0 +1,38 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > + > +#include <crypto/ecdsa-uclass.h> > +#include <dm.h> > +#include <dm/test.h> > +#include <test/ut.h> > +#include <u-boot/ecdsa.h> > + > +/* > + * Basic test of the ECDSA uclass and ecdsa_verify() > + * > + * ECDSA implementations in u-boot are hardware-dependent. Until we have a > + * software implementation that can be compiled into the sandbox, all we can > + * test is the uclass support. > + * > + * The uclass_get() test is redundant since ecdsa_verify() would also fail. We > + * run both functions in order to isolate the cause more clearly. i.e. is > + * ecdsa_verify() failing because the UCLASS is absent/broken? > + */ > +static int dm_test_ecdsa_verify(struct unit_test_state *uts) > +{ > + const struct ecdsa_ops *ops; > + struct uclass *ucp; > + > + const struct checksum_algo algo = { > + .checksum_len = 256, > + }; > + > + struct image_sign_info info = { > + .checksum = &algo, > + }; > + > + ut_assertok(uclass_get(UCLASS_ECDSA, &ucp)); > + ut_assertnonnull(ucp); > + ut_assert(ecdsa_verify(&info, NULL, 0, NULL, 0) == -ENODEV); ut_asserteq(-ENODEV, ...) blank line before final return > + return 0; > +} > +DM_TEST(dm_test_ecdsa_verify, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT); > -- > 2.26.3 > Regards, SImon
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index c9318d4af5..4681a8c7a2 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -285,3 +285,5 @@ CONFIG_TEST_FDTDEC=y CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y +CONFIG_ECDSA=y +CONFIG_ECDSA_VERIFY=y diff --git a/test/dm/Makefile b/test/dm/Makefile index d54abb7341..65821d9db4 100644 --- a/test/dm/Makefile +++ b/test/dm/Makefile @@ -29,6 +29,7 @@ obj-$(CONFIG_CLK) += clk.o clk_ccf.o obj-$(CONFIG_CROS_EC) += cros_ec.o obj-$(CONFIG_DEVRES) += devres.o obj-$(CONFIG_VIDEO_MIPI_DSI) += dsi_host.o +obj-$(CONFIG_ECDSA_VERIFY) += ecdsa.o obj-$(CONFIG_DM_ETH) += eth.o obj-$(CONFIG_FIRMWARE) += firmware.o obj-$(CONFIG_DM_GPIO) += gpio.o diff --git a/test/dm/ecdsa.c b/test/dm/ecdsa.c new file mode 100644 index 0000000000..23d57dd47f --- /dev/null +++ b/test/dm/ecdsa.c @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-2.0-or-later + +#include <crypto/ecdsa-uclass.h> +#include <dm.h> +#include <dm/test.h> +#include <test/ut.h> +#include <u-boot/ecdsa.h> + +/* + * Basic test of the ECDSA uclass and ecdsa_verify() + * + * ECDSA implementations in u-boot are hardware-dependent. Until we have a + * software implementation that can be compiled into the sandbox, all we can + * test is the uclass support. + * + * The uclass_get() test is redundant since ecdsa_verify() would also fail. We + * run both functions in order to isolate the cause more clearly. i.e. is + * ecdsa_verify() failing because the UCLASS is absent/broken? + */ +static int dm_test_ecdsa_verify(struct unit_test_state *uts) +{ + const struct ecdsa_ops *ops; + struct uclass *ucp; + + const struct checksum_algo algo = { + .checksum_len = 256, + }; + + struct image_sign_info info = { + .checksum = &algo, + }; + + ut_assertok(uclass_get(UCLASS_ECDSA, &ucp)); + ut_assertnonnull(ucp); + ut_assert(ecdsa_verify(&info, NULL, 0, NULL, 0) == -ENODEV); + return 0; +} +DM_TEST(dm_test_ecdsa_verify, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT);
This test verifies that ECDSA_UCLASS is implemented, and that ecdsa_verify() works as expected. The definition of "expected" is "does not find a device, and returns -ENODEV". The lack of a hardware-independent ECDSA implementation prevents us from having one in the sandbox, for now. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> --- configs/sandbox_defconfig | 2 ++ test/dm/Makefile | 1 + test/dm/ecdsa.c | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 test/dm/ecdsa.c