[PATCH v6 3/3] binman: Add tests for etype encrypted

christian.taedcke-oss at weidmueller.com christian.taedcke-oss at weidmueller.com
Mon Jul 17 09:05:54 CEST 2023


From: Christian Taedcke <christian.taedcke at weidmueller.com>

Add tests to reach 100% code coverage for the added etype encrypted.

Signed-off-by: Christian Taedcke <christian.taedcke at weidmueller.com>
---

(no changes since v5)

Changes in v5:
- add comments to test functions

Changes in v4:
- fix failing test testEncryptedKeyFile

Changes in v3:
- rebase on u-boot-dm/mkim-working
- remove unnecessary test testEncryptedNoContent
- wrap some lines at 80 cols

Changes in v2:
- adapt tests for changed entry implementation

 tools/binman/ftest.py                         | 58 +++++++++++++++++++
 tools/binman/test/291_encrypted_no_algo.dts   | 15 +++++
 .../test/292_encrypted_invalid_iv_file.dts    | 18 ++++++
 .../binman/test/293_encrypted_missing_key.dts | 23 ++++++++
 .../binman/test/294_encrypted_key_source.dts  | 24 ++++++++
 tools/binman/test/295_encrypted_key_file.dts  | 24 ++++++++
 6 files changed, 162 insertions(+)
 create mode 100644 tools/binman/test/291_encrypted_no_algo.dts
 create mode 100644 tools/binman/test/292_encrypted_invalid_iv_file.dts
 create mode 100644 tools/binman/test/293_encrypted_missing_key.dts
 create mode 100644 tools/binman/test/294_encrypted_key_source.dts
 create mode 100644 tools/binman/test/295_encrypted_key_file.dts

diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index e53181afb7..f1757ec21f 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -94,6 +94,8 @@ ROCKCHIP_TPL_DATA     = b'rockchip-tpl'
 TEST_FDT1_DATA        = b'fdt1'
 TEST_FDT2_DATA        = b'test-fdt2'
 ENV_DATA              = b'var1=1\nvar2="2"'
+ENCRYPTED_IV_DATA     = b'123456'
+ENCRYPTED_KEY_DATA    = b'abcde'
 PRE_LOAD_MAGIC        = b'UBSH'
 PRE_LOAD_VERSION      = 0x11223344.to_bytes(4, 'big')
 PRE_LOAD_HDR_SIZE     = 0x00001000.to_bytes(4, 'big')
@@ -226,6 +228,10 @@ class TestFunctional(unittest.TestCase):
         # Newer OP_TEE file in v1 binary format
         cls.make_tee_bin('tee.bin')
 
+        # test files for encrypted tests
+        TestFunctional._MakeInputFile('encrypted-file.iv', ENCRYPTED_IV_DATA)
+        TestFunctional._MakeInputFile('encrypted-file.key', ENCRYPTED_KEY_DATA)
+
         cls.comp_bintools = {}
         for name in COMP_BINTOOLS:
             cls.comp_bintools[name] = bintool.Bintool.create(name)
@@ -6884,6 +6890,58 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
             # Move to next
             spl_data = content[:0x18]
 
+    def testEncryptedNoAlgo(self):
+        """Test encrypted node with missing required properties"""
+        with self.assertRaises(ValueError) as e:
+            self._DoReadFileDtb('291_encrypted_no_algo.dts')
+        self.assertIn(
+            "Node '/binman/fit/images/u-boot/encrypted': 'encrypted' entry is missing properties: algo iv-filename",
+            str(e.exception))
+
+    def testEncryptedInvalidIvfile(self):
+        """Test encrypted node with invalid iv file"""
+        with self.assertRaises(ValueError) as e:
+            self._DoReadFileDtb('292_encrypted_invalid_iv_file.dts')
+        self.assertIn("Filename 'invalid-iv-file' not found in input path",
+                      str(e.exception))
+
+    def testEncryptedMissingKey(self):
+        """Test encrypted node with missing key properties"""
+        with self.assertRaises(ValueError) as e:
+            self._DoReadFileDtb('293_encrypted_missing_key.dts')
+        self.assertIn(
+            "Node '/binman/fit/images/u-boot/encrypted': Provide either 'key-filename' or 'key-source'",
+            str(e.exception))
+
+    def testEncryptedKeySource(self):
+        """Test encrypted node with key-source property"""
+        data = self._DoReadFileDtb('294_encrypted_key_source.dts')[0]
+
+        dtb = fdt.Fdt.FromData(data)
+        dtb.Scan()
+
+        node = dtb.GetNode('/images/u-boot/cipher')
+        self.assertEqual('algo-name', node.props['algo'].value)
+        self.assertEqual('key-source-value', node.props['key-source'].value)
+        self.assertEqual(ENCRYPTED_IV_DATA,
+                         tools.to_bytes(''.join(node.props['iv'].value)))
+        self.assertNotIn('key', node.props)
+
+    def testEncryptedKeyFile(self):
+        """Test encrypted node with key-filename property"""
+        data = self._DoReadFileDtb('295_encrypted_key_file.dts')[0]
+
+        dtb = fdt.Fdt.FromData(data)
+        dtb.Scan()
+
+        node = dtb.GetNode('/images/u-boot/cipher')
+        self.assertEqual('algo-name', node.props['algo'].value)
+        self.assertEqual(ENCRYPTED_IV_DATA,
+                         tools.to_bytes(''.join(node.props['iv'].value)))
+        self.assertEqual(ENCRYPTED_KEY_DATA,
+                         tools.to_bytes(''.join(node.props['key'].value)))
+        self.assertNotIn('key-source', node.props)
+
 
 if __name__ == "__main__":
     unittest.main()
diff --git a/tools/binman/test/291_encrypted_no_algo.dts b/tools/binman/test/291_encrypted_no_algo.dts
new file mode 100644
index 0000000000..03f7ffee90
--- /dev/null
+++ b/tools/binman/test/291_encrypted_no_algo.dts
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: GPL-2.0+
+/dts-v1/;
+
+/ {
+	binman {
+		fit {
+			images {
+				u-boot {
+					encrypted {
+					};
+				};
+			};
+		};
+	};
+};
diff --git a/tools/binman/test/292_encrypted_invalid_iv_file.dts b/tools/binman/test/292_encrypted_invalid_iv_file.dts
new file mode 100644
index 0000000000..388a0a6ad9
--- /dev/null
+++ b/tools/binman/test/292_encrypted_invalid_iv_file.dts
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: GPL-2.0+
+/dts-v1/;
+
+/ {
+	binman {
+		fit {
+			images {
+				u-boot {
+					encrypted {
+						algo = "some-algo";
+						key-source = "key";
+						iv-filename = "invalid-iv-file";
+					};
+				};
+			};
+		};
+	};
+};
diff --git a/tools/binman/test/293_encrypted_missing_key.dts b/tools/binman/test/293_encrypted_missing_key.dts
new file mode 100644
index 0000000000..d1daaa0885
--- /dev/null
+++ b/tools/binman/test/293_encrypted_missing_key.dts
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+	#address-cells = <1>;
+	#size-cells = <1>;
+
+	binman {
+		fit {
+			description = "test desc";
+
+			images {
+				u-boot {
+					encrypted {
+						algo = "algo-name";
+						iv-filename = "encrypted-file.iv";
+					};
+				};
+			};
+		};
+	};
+};
diff --git a/tools/binman/test/294_encrypted_key_source.dts b/tools/binman/test/294_encrypted_key_source.dts
new file mode 100644
index 0000000000..884ec508db
--- /dev/null
+++ b/tools/binman/test/294_encrypted_key_source.dts
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+	#address-cells = <1>;
+	#size-cells = <1>;
+
+	binman {
+		fit {
+			description = "test desc";
+
+			images {
+				u-boot {
+					encrypted {
+						algo = "algo-name";
+						key-source = "key-source-value";
+						iv-filename = "encrypted-file.iv";
+					};
+				};
+			};
+		};
+	};
+};
diff --git a/tools/binman/test/295_encrypted_key_file.dts b/tools/binman/test/295_encrypted_key_file.dts
new file mode 100644
index 0000000000..efd7ee5f35
--- /dev/null
+++ b/tools/binman/test/295_encrypted_key_file.dts
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+	#address-cells = <1>;
+	#size-cells = <1>;
+
+	binman {
+		fit {
+			description = "test desc";
+
+			images {
+				u-boot {
+					encrypted {
+						algo = "algo-name";
+						iv-filename = "encrypted-file.iv";
+						key-filename = "encrypted-file.key";
+					};
+				};
+			};
+		};
+	};
+};
-- 
2.34.1



More information about the U-Boot mailing list