[PATCH v4 3/3] binman: Add tests for etype encrypted

Simon Glass sjg at chromium.org
Mon Jul 10 21:45:57 CEST 2023 

Hi Christian,

On Mon, 10 Jul 2023 at 03:26, <christian.taedcke-oss at weidmueller.com> wrote:
>
> From: Christian Taedcke <christian.taedcke at weidmueller.com>
>
> Add tests to reach 100% code coverage for the added etype encrypted.
>
> Signed-off-by: Christian Taedcke <christian.taedcke at weidmueller.com>
> ---
>
> Changes in v4:
> - fix failing test testEncryptedKeyFile
>
> Changes in v3:
> - rebase on u-boot-dm/mkim-working
> - remove unnecessary test testEncryptedNoContent
> - wrap some lines at 80 cols
>
> Changes in v2:
> - adapt tests for changed entry implementation
>
>  tools/binman/ftest.py                         | 53 +++++++++++++++++++
>  tools/binman/test/291_encrypted_no_algo.dts   | 19 +++++++
>  .../test/292_encrypted_invalid_iv_file.dts    | 23 ++++++++
>  .../binman/test/293_encrypted_missing_key.dts | 28 ++++++++++
>  .../binman/test/294_encrypted_key_source.dts  | 29 ++++++++++
>  tools/binman/test/295_encrypted_key_file.dts  | 29 ++++++++++
>  6 files changed, 181 insertions(+)
>  create mode 100644 tools/binman/test/291_encrypted_no_algo.dts
>  create mode 100644 tools/binman/test/292_encrypted_invalid_iv_file.dts
>  create mode 100644 tools/binman/test/293_encrypted_missing_key.dts
>  create mode 100644 tools/binman/test/294_encrypted_key_source.dts
>  create mode 100644 tools/binman/test/295_encrypted_key_file.dts

nit below:

Reviewed-by: Simon Glass <sjg at chromium.org>
>
> diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
> index e53181afb7..c1ace9a401 100644
> --- a/tools/binman/ftest.py
> +++ b/tools/binman/ftest.py
> @@ -94,6 +94,8 @@ ROCKCHIP_TPL_DATA     = b'rockchip-tpl'
>  TEST_FDT1_DATA        = b'fdt1'
>  TEST_FDT2_DATA        = b'test-fdt2'
>  ENV_DATA              = b'var1=1\nvar2="2"'
> +ENCRYPTED_IV_DATA     = b'123456'
> +ENCRYPTED_KEY_DATA    = b'abcde'
>  PRE_LOAD_MAGIC        = b'UBSH'
>  PRE_LOAD_VERSION      = 0x11223344.to_bytes(4, 'big')
>  PRE_LOAD_HDR_SIZE     = 0x00001000.to_bytes(4, 'big')
> @@ -226,6 +228,10 @@ class TestFunctional(unittest.TestCase):
>          # Newer OP_TEE file in v1 binary format
>          cls.make_tee_bin('tee.bin')
>
> +        # test files for encrypted tests
> +        TestFunctional._MakeInputFile('encrypted-file.iv', ENCRYPTED_IV_DATA)
> +        TestFunctional._MakeInputFile('encrypted-file.key', ENCRYPTED_KEY_DATA)
> +
>          cls.comp_bintools = {}
>          for name in COMP_BINTOOLS:
>              cls.comp_bintools[name] = bintool.Bintool.create(name)
> @@ -6884,6 +6890,53 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
>              # Move to next
>              spl_data = content[:0x18]
>
> +    def testEncryptedNoAlgo(self):
> +        with self.assertRaises(ValueError) as e:
> +            self._DoReadFileDtb('291_encrypted_no_algo.dts')
> +        self.assertIn(
> +            "Node '/binman/fit/images/u-boot/encrypted': 'encrypted' entry is missing properties: algo iv-filename",
> +            str(e.exception))
> +
> +    def testEncryptedInvalidIvfile(self):

Please can you add a one-line comment to all of these function?

> +        with self.assertRaises(ValueError) as e:
> +            self._DoReadFileDtb('292_encrypted_invalid_iv_file.dts')
> +        self.assertIn("Filename 'invalid-iv-file' not found in input path",
> +                      str(e.exception))
> +
> +    def testEncryptedMissingKey(self):
> +        with self.assertRaises(ValueError) as e:
> +            self._DoReadFileDtb('293_encrypted_missing_key.dts')
> +        self.assertIn(
> +            "Node '/binman/fit/images/u-boot/encrypted': Provide either 'key-filename' or 'key-source'",
> +            str(e.exception))
> +
> +    def testEncryptedKeySource(self):
> +        data = self._DoReadFileDtb('294_encrypted_key_source.dts')[0]
> +
> +        dtb = fdt.Fdt.FromData(data)
> +        dtb.Scan()
> +
> +        node = dtb.GetNode('/images/u-boot/cipher')
> +        self.assertEqual('algo-name', node.props['algo'].value)
> +        self.assertEqual('key-source-value', node.props['key-source'].value)
> +        self.assertEqual(ENCRYPTED_IV_DATA,
> +                         tools.to_bytes(''.join(node.props['iv'].value)))
> +        self.assertNotIn('key', node.props)
> +
> +    def testEncryptedKeyFile(self):
> +        data = self._DoReadFileDtb('295_encrypted_key_file.dts')[0]
> +
> +        dtb = fdt.Fdt.FromData(data)
> +        dtb.Scan()
> +
> +        node = dtb.GetNode('/images/u-boot/cipher')
> +        self.assertEqual('algo-name', node.props['algo'].value)
> +        self.assertEqual(ENCRYPTED_IV_DATA,
> +                         tools.to_bytes(''.join(node.props['iv'].value)))
> +        self.assertEqual(ENCRYPTED_KEY_DATA,
> +                         tools.to_bytes(''.join(node.props['key'].value)))
> +        self.assertNotIn('key-source', node.props)
> +
>

[..]

Regards,
Simon

More information about the U-Boot mailing list