From patchwork Mon Jun 21 20:23:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Jaeckel X-Patchwork-Id: 1495308 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G81Hy3Bzsz9sTD for ; Tue, 22 Jun 2021 06:25:50 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4315982BF2; Mon, 21 Jun 2021 22:25:23 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=eyet-services.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id BDEB582BDF; Mon, 21 Jun 2021 22:25:18 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from toucan.birch.relay.mailchannels.net (toucan.birch.relay.mailchannels.net [23.83.209.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 89A8182BF6 for ; Mon, 21 Jun 2021 22:25:05 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=eyet-services.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jaeckel-floss@eyet-services.de X-Sender-Id: instrampxe0y3a|x-authuser|jaeckel@eyet-services.de Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 8B601342055; Mon, 21 Jun 2021 20:25:01 +0000 (UTC) Received: from cpanel-004-fra.hostingww.com (100-98-55-86.trex.outbound.svc.cluster.local [100.98.55.86]) (Authenticated sender: instrampxe0y3a) by relay.mailchannels.net (Postfix) with ESMTPA id C00D7342478; Mon, 21 Jun 2021 20:24:58 +0000 (UTC) X-Sender-Id: instrampxe0y3a|x-authuser|jaeckel@eyet-services.de Received: from cpanel-004-fra.hostingww.com (ec2-18-198-100-52.eu-central-1.compute.amazonaws.com [18.198.100.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.98.55.86 (trex/6.3.3); Mon, 21 Jun 2021 20:25:01 +0000 X-MC-Relay: Bad X-MailChannels-SenderId: instrampxe0y3a|x-authuser|jaeckel@eyet-services.de X-MailChannels-Auth-Id: instrampxe0y3a X-Soft-Tangy: 62f5cbed0a0a00e1_1624307101217_2685789805 X-MC-Loop-Signature: 1624307101217:2015951699 X-MC-Ingress-Time: 1624307101216 Received: from hsi-kbw-46-223-101-50.hsi.kabel-badenwuerttemberg.de ([46.223.101.50]:39002 helo=draupnir.jaeckel.lan) by cpanel-004-fra.hostingww.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1lvQTU-00066a-T4; Mon, 21 Jun 2021 20:24:57 +0000 From: Steffen Jaeckel To: u-boot@lists.denx.de Cc: Steffen Jaeckel , Alexandru Gagniuc , Andy Shevchenko , Bin Meng , Heinrich Schuchardt , Joel Peshkin , Klaus Heinrich Kiwi , Patrick Delaunay , Priyanka Jain , Siew Chin Lim , Simon Glass Subject: [PATCH v3 8/8] test: add first autoboot unit tests Date: Mon, 21 Jun 2021 22:23:51 +0200 Message-Id: <20210621202352.1250303-9-jaeckel-floss@eyet-services.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210621202352.1250303-1-jaeckel-floss@eyet-services.de> References: <20210621202352.1250303-1-jaeckel-floss@eyet-services.de> MIME-Version: 1.0 X-OutGoing-Spam-Status: No, score=-1.0 X-AuthUser: jaeckel@eyet-services.de X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This adds tests for the crypt-based and plain SHA256-based password hashing algorithms in the autoboot flow. Signed-off-by: Steffen Jaeckel Reviewed-by: Simon Glass --- (no changes since v1) common/Kconfig.boot | 2 +- common/console.c | 5 +++ configs/sandbox_defconfig | 11 +++++ include/console.h | 17 +++++++ include/test/common.h | 15 +++++++ include/test/suites.h | 1 + test/Makefile | 1 + test/cmd_ut.c | 1 + test/common/Makefile | 3 ++ test/common/cmd_ut_common.c | 22 +++++++++ test/common/test_autoboot.c | 90 +++++++++++++++++++++++++++++++++++++ 11 files changed, 167 insertions(+), 1 deletion(-) create mode 100644 include/test/common.h create mode 100644 test/common/Makefile create mode 100644 test/common/cmd_ut_common.c create mode 100644 test/common/test_autoboot.c diff --git a/common/Kconfig.boot b/common/Kconfig.boot index b04a6c98e5..308d952066 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -906,7 +906,7 @@ config AUTOBOOT_STOP_STR_CRYPT and saved in the environment variable "bootstopkeycrypt". config AUTOBOOT_STOP_STR_SHA256 - string "Stop autobooting via SHA256 encrypted password" + string "Stop autobooting via SHA256 hashed password" depends on AUTOBOOT_STOP_STR_ENABLE help This option adds the feature to only stop the autobooting, diff --git a/common/console.c b/common/console.c index 561cdf36a7..9d5060d5ce 100644 --- a/common/console.c +++ b/common/console.c @@ -763,6 +763,11 @@ int console_record_avail(void) return membuff_avail((struct membuff *)&gd->console_out); } +int console_in_puts(const char *str) +{ + return membuff_put((struct membuff *)&gd->console_in, str, strlen(str)); +} + #endif /* test if ctrl-c was pressed */ diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index bdbf714e2b..1cd4f491aa 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -284,6 +284,17 @@ CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y CONFIG_EFI_SECURE_BOOT=y CONFIG_TEST_FDTDEC=y +CONFIG_CRYPT_PW=y +CONFIG_CRYPT_PW_SHA256=y +CONFIG_CRYPT_PW_SHA512=y +CONFIG_AUTOBOOT_KEYED=y +CONFIG_AUTOBOOT_PROMPT="Enter password \"a\" in %d seconds to stop autoboot\n" +CONFIG_AUTOBOOT_ENCRYPTION=y +CONFIG_AUTOBOOT_STOP_STR_ENABLE=y +# default password "a" +CONFIG_AUTOBOOT_STOP_STR_CRYPT="$5$rounds=640000$HrpE65IkB8CM5nCL$BKT3QdF98Bo8fJpTr9tjZLZQyzqPASBY20xuK5Rent9" +CONFIG_AUTOBOOT_NEVER_TIMEOUT=y +CONFIG_AUTOBOOT_SHA256_FALLBACK_ENABLE=y CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y diff --git a/include/console.h b/include/console.h index 7e628c0cf8..6be045ddcc 100644 --- a/include/console.h +++ b/include/console.h @@ -82,6 +82,17 @@ int console_record_readline(char *str, int maxlen); * @return available bytes (0 if empty) */ int console_record_avail(void); + +/** + * console_in_puts() - Write a string to the console input buffer + * + * This writes the given string to the console_in buffer which will then be + * returned if a function calls e.g. `getc()` + * + * @str: the string to write + * @return the number of bytes added + */ +int console_in_puts(const char *str); #else static inline int console_record_init(void) { @@ -113,6 +124,12 @@ static inline int console_record_avail(void) return 0; } +static inline int console_in_puts(const char *str) +{ + /* There is never anything written */ + return 0; +} + #endif /* !CONFIG_CONSOLE_RECORD */ /** diff --git a/include/test/common.h b/include/test/common.h new file mode 100644 index 0000000000..81260d06ad --- /dev/null +++ b/include/test/common.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (c) 2019 Heinrich Schuchardt + * Copyright (c) 2021 Steffen Jaeckel + */ + +#ifndef __TEST_COMMON_H__ +#define __TEST_COMMON_H__ + +#include + +/* Declare a new common function test */ +#define COMMON_TEST(_name, _flags) UNIT_TEST(_name, _flags, common_test) + +#endif /* __TEST_COMMON_H__ */ diff --git a/include/test/suites.h b/include/test/suites.h index f5d8e139ce..3765bf9ffd 100644 --- a/include/test/suites.h +++ b/include/test/suites.h @@ -31,6 +31,7 @@ int do_ut_addrmap(struct cmd_tbl *cmdtp, int flag, int argc, int do_ut_bootm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_bloblist(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); +int do_ut_common(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_compression(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_dm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); diff --git a/test/Makefile b/test/Makefile index a26e915e05..afc7864a54 100644 --- a/test/Makefile +++ b/test/Makefile @@ -20,6 +20,7 @@ obj-$(CONFIG_UT_TIME) += time_ut.o obj-y += ut.o ifeq ($(CONFIG_SPL_BUILD),) +obj-$(CONFIG_UNIT_TEST) += common/ obj-$(CONFIG_UNIT_TEST) += lib/ obj-y += log/ obj-$(CONFIG_$(SPL_)UT_UNICODE) += unicode_ut.o diff --git a/test/cmd_ut.c b/test/cmd_ut.c index b9c166045d..cf6c24b509 100644 --- a/test/cmd_ut.c +++ b/test/cmd_ut.c @@ -28,6 +28,7 @@ int cmd_ut_category(const char *name, const char *prefix, static struct cmd_tbl cmd_ut_sub[] = { U_BOOT_CMD_MKENT(all, CONFIG_SYS_MAXARGS, 1, do_ut_all, "", ""), + U_BOOT_CMD_MKENT(common, CONFIG_SYS_MAXARGS, 1, do_ut_common, "", ""), #if defined(CONFIG_UT_DM) U_BOOT_CMD_MKENT(dm, CONFIG_SYS_MAXARGS, 1, do_ut_dm, "", ""), #endif diff --git a/test/common/Makefile b/test/common/Makefile new file mode 100644 index 0000000000..24c9145dcc --- /dev/null +++ b/test/common/Makefile @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: GPL-2.0+ +obj-y += cmd_ut_common.o +obj-$(CONFIG_AUTOBOOT) += test_autoboot.o diff --git a/test/common/cmd_ut_common.c b/test/common/cmd_ut_common.c new file mode 100644 index 0000000000..2c0267801b --- /dev/null +++ b/test/common/cmd_ut_common.c @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (c) 2019 Heinrich Schuchardt + * Copyright (c) 2021 Steffen Jaeckel + * + * Unit tests for common functions + */ + +#include +#include +#include +#include +#include + +int do_ut_common(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) +{ + struct unit_test *tests = UNIT_TEST_SUITE_START(common_test); + const int n_ents = UNIT_TEST_SUITE_COUNT(common_test); + + return cmd_ut_category("common", "common_test_", tests, n_ents, argc, + argv); +} diff --git a/test/common/test_autoboot.c b/test/common/test_autoboot.c new file mode 100644 index 0000000000..8dc555f760 --- /dev/null +++ b/test/common/test_autoboot.c @@ -0,0 +1,90 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2021 Steffen Jaeckel + * + * Unit tests for autoboot functionality + */ + +#include +#include +#include +#include +#include + +#include + +static int check_for_input(struct unit_test_state *uts, const char *in, + bool correct) +{ + /* The bootdelay is set to 1 second in test_autoboot() */ + const char *autoboot_prompt = + "Enter password \"a\" in 1 seconds to stop autoboot"; + + console_record_reset_enable(); + console_in_puts(in); + autoboot_command("echo Autoboot password unlock not successful"); + ut_assert_nextline(autoboot_prompt); + if (!correct) { + ut_assert_nextline("Autoboot password unlock not successful"); + } + ut_assert_console_end(); + return 0; +} + +/** + * test_autoboot() - unit test for autoboot + * + * @uts: unit test state + * Return: 0 = success, 1 = failure + */ +static int test_autoboot(struct unit_test_state *uts) +{ + /* make sure that the bootdelay is set to something, + * otherwise the called functions will time out + */ + ut_assertok(env_set("bootdelay", "1")); + bootdelay_process(); + + /* unset all relevant environment variables */ + env_set("bootstopusesha256", NULL); + env_set("bootstopkeycrypt", NULL); + env_set("bootstopkeysha256", NULL); + + if (IS_ENABLED(CONFIG_CRYPT_PW_SHA256)) { + /* test the default password from CONFIG_AUTOBOOT_STOP_STR_CRYPT */ + ut_assertok(check_for_input(uts, "a\n", true)); + + /* verify that the `bootstopusesha256` variable is treated correctly */ + ut_assertok(env_set("bootstopusesha256", "false")); + /* test a password from the `bootstopkeycrypt` environment variable */ + ut_assertok(env_set( + "bootstopkeycrypt", + "$5$rounds=640000$ycgRgpnRq4lmu.eb$aZ6YJWdklvyLML13w7mEHMHJnJOux6aptnp6VlsR5a9")); + + ut_assertok(check_for_input(uts, "test\n", true)); + } + + if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) { + /* test the `bootstopusesha256` and `bootstopkeysha256` features */ + ut_assertok(env_set("bootstopusesha256", "true")); + ut_assertok(env_set( + "bootstopkeysha256", + "edeaaff3f1774ad2888673770c6d64097e391bc362d7d6fb34982ddf0efd18cb")); + + ut_assertok(check_for_input(uts, "abc\n", true)); + + ut_assertok(env_set( + "bootstopkeysha256", + "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad")); + + ut_assertok(check_for_input(uts, "abc", true)); + + ut_assertok(check_for_input(uts, "abc\n", true)); + + ut_assertok(check_for_input(uts, "abd", false)); + } + + return CMD_RET_SUCCESS; +} + +COMMON_TEST(test_autoboot, 0);