[PATCH 3/3] binman: Add tests for etype encrypted
christian.taedcke-oss at weidmueller.com
christian.taedcke-oss at weidmueller.com
Tue Jun 27 09:39:31 CEST 2023
From: Christian Taedcke <christian.taedcke at weidmueller.com>
Add tests to reach 100% code coverage for the added etype encrypted.
Signed-off-by: Christian Taedcke <christian.taedcke at weidmueller.com>
---
tools/binman/ftest.py | 69 +++++++++++++++++++
.../binman/test/282_encrypted_no_content.dts | 15 ++++
tools/binman/test/283_encrypted_no_algo.dts | 19 +++++
.../test/284_encrypted_invalid_iv_file.dts | 22 ++++++
tools/binman/test/285_encrypted.dts | 29 ++++++++
tools/binman/test/286_encrypted_key_file.dts | 30 ++++++++
.../test/287_encrypted_iv_name_hint.dts | 30 ++++++++
7 files changed, 214 insertions(+)
create mode 100644 tools/binman/test/282_encrypted_no_content.dts
create mode 100644 tools/binman/test/283_encrypted_no_algo.dts
create mode 100644 tools/binman/test/284_encrypted_invalid_iv_file.dts
create mode 100644 tools/binman/test/285_encrypted.dts
create mode 100644 tools/binman/test/286_encrypted_key_file.dts
create mode 100644 tools/binman/test/287_encrypted_iv_name_hint.dts
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index 43b4f850a6..3fb57e964e 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -94,6 +94,8 @@ ROCKCHIP_TPL_DATA = b'rockchip-tpl'
TEST_FDT1_DATA = b'fdt1'
TEST_FDT2_DATA = b'test-fdt2'
ENV_DATA = b'var1=1\nvar2="2"'
+ENCRYPTED_IV_DATA = b'123456'
+ENCRYPTED_KEY_DATA = b'1234567890123456'
PRE_LOAD_MAGIC = b'UBSH'
PRE_LOAD_VERSION = 0x11223344.to_bytes(4, 'big')
PRE_LOAD_HDR_SIZE = 0x00001000.to_bytes(4, 'big')
@@ -226,6 +228,10 @@ class TestFunctional(unittest.TestCase):
# Newer OP_TEE file in v1 binary format
cls.make_tee_bin('tee.bin')
+ # test files for encrypted tests
+ TestFunctional._MakeInputFile('encrypted-file.iv', ENCRYPTED_IV_DATA)
+ TestFunctional._MakeInputFile('encrypted-file.key', ENCRYPTED_KEY_DATA)
+
cls.comp_bintools = {}
for name in COMP_BINTOOLS:
cls.comp_bintools[name] = bintool.Bintool.create(name)
@@ -6676,6 +6682,69 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
['fit'])
self.assertIn("Node '/fit': Missing tool: 'mkimage'", str(e.exception))
+ def testEncryptedNoContent(self):
+ with self.assertRaises(ValueError) as e:
+ self._DoReadFileDtb('282_encrypted_no_content.dts', update_dtb=True)
+ self.assertIn("Node \'/binman/fit/images/u-boot/encrypted\': Collection must have a 'content' property", str(e.exception))
+
+ def testEncryptedNoAlgo(self):
+ with self.assertRaises(ValueError) as e:
+ self._DoReadFileDtb('283_encrypted_no_algo.dts', update_dtb=True)
+ self.assertIn("Node \'/binman/fit/images/u-boot/encrypted\': 'encrypted' entry is missing properties: algo key-name-hint iv-filename", str(e.exception))
+
+ def testEncryptedInvalidIvfile(self):
+ with self.assertRaises(ValueError) as e:
+ self._DoReadFileDtb('284_encrypted_invalid_iv_file.dts', update_dtb=True)
+ self.assertIn("Filename 'invalid-iv-file' not found in input path",
+ str(e.exception))
+
+ def testEncryptedNoKey(self):
+ data = self._DoReadFileDtb('285_encrypted.dts')[0]
+
+ dtb = fdt.Fdt.FromData(data)
+ dtb.Scan()
+
+ node = dtb.GetNode('/images/u-boot/cipher')
+ self.assertEqual('algo-name', node.props['algo'].value)
+ self.assertEqual('key-name-hint-value', node.props['key-name-hint'].value)
+ self.assertEqual(ENCRYPTED_IV_DATA, tools.to_bytes(''.join(node.props['iv'].value)))
+ self.assertNotIn('iv-name-hint', node.props)
+
+ node = dtb.GetNode('/cipher')
+ self.assertIsNone(node)
+
+ def testEncryptedKeyFile(self):
+ data = self._DoReadFileDtb('286_encrypted_key_file.dts')[0]
+
+ dtb = fdt.Fdt.FromData(data)
+ dtb.Scan()
+
+ node = dtb.GetNode('/images/u-boot/cipher')
+ self.assertEqual('algo-name', node.props['algo'].value)
+ self.assertEqual('key-name-hint-value', node.props['key-name-hint'].value)
+ self.assertEqual(ENCRYPTED_IV_DATA, tools.to_bytes(''.join(node.props['iv'].value)))
+ self.assertNotIn('iv-name-hint', node.props)
+
+ node = dtb.GetNode('/cipher/key-algo-name-key-name-hint-value')
+ self.assertEqual(ENCRYPTED_KEY_DATA, b''.join(node.props['key'].value))
+ self.assertNotIn('iv', node.props)
+
+ def testEncryptedIvNameHint(self):
+ data = self._DoReadFileDtb('287_encrypted_iv_name_hint.dts')[0]
+
+ dtb = fdt.Fdt.FromData(data)
+ dtb.Scan()
+
+ node = dtb.GetNode('/images/u-boot/cipher')
+ self.assertEqual('algo-name', node.props['algo'].value)
+ self.assertEqual('iv-name-hint-value', node.props['iv-name-hint'].value)
+ self.assertEqual('key-name-hint-value', node.props['key-name-hint'].value)
+ self.assertNotIn('iv', node.props)
+
+ node = dtb.GetNode('/cipher/key-algo-name-key-name-hint-value-iv-name-hint-value')
+ self.assertEqual(ENCRYPTED_IV_DATA, tools.to_bytes(''.join(node.props['iv'].value)))
+ self.assertNotIn('key', node.props)
+
if __name__ == "__main__":
unittest.main()
diff --git a/tools/binman/test/282_encrypted_no_content.dts b/tools/binman/test/282_encrypted_no_content.dts
new file mode 100644
index 0000000000..03f7ffee90
--- /dev/null
+++ b/tools/binman/test/282_encrypted_no_content.dts
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: GPL-2.0+
+/dts-v1/;
+
+/ {
+ binman {
+ fit {
+ images {
+ u-boot {
+ encrypted {
+ };
+ };
+ };
+ };
+ };
+};
diff --git a/tools/binman/test/283_encrypted_no_algo.dts b/tools/binman/test/283_encrypted_no_algo.dts
new file mode 100644
index 0000000000..71975c0116
--- /dev/null
+++ b/tools/binman/test/283_encrypted_no_algo.dts
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0+
+/dts-v1/;
+
+/ {
+ binman {
+ fit {
+ images {
+ u-boot {
+ encrypted {
+ content = <&data>;
+ };
+
+ data: data {
+ };
+ };
+ };
+ };
+ };
+};
diff --git a/tools/binman/test/284_encrypted_invalid_iv_file.dts b/tools/binman/test/284_encrypted_invalid_iv_file.dts
new file mode 100644
index 0000000000..cce307965c
--- /dev/null
+++ b/tools/binman/test/284_encrypted_invalid_iv_file.dts
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: GPL-2.0+
+/dts-v1/;
+
+/ {
+ binman {
+ fit {
+ images {
+ u-boot {
+ encrypted {
+ content = <&data>;
+ algo = "some-algo";
+ key-name-hint = "key";
+ iv-filename = "invalid-iv-file";
+ };
+
+ data: data {
+ };
+ };
+ };
+ };
+ };
+};
diff --git a/tools/binman/test/285_encrypted.dts b/tools/binman/test/285_encrypted.dts
new file mode 100644
index 0000000000..ed5babf26e
--- /dev/null
+++ b/tools/binman/test/285_encrypted.dts
@@ -0,0 +1,29 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ fit {
+ description = "test desc";
+
+ images {
+ u-boot {
+ blob: blob {
+ filename = "blobfile";
+ };
+
+ encrypted {
+ content = <&blob>;
+ algo = "algo-name";
+ key-name-hint = "key-name-hint-value";
+ iv-filename = "encrypted-file.iv";
+ };
+ };
+ };
+ };
+ };
+};
diff --git a/tools/binman/test/286_encrypted_key_file.dts b/tools/binman/test/286_encrypted_key_file.dts
new file mode 100644
index 0000000000..56fdb24f9f
--- /dev/null
+++ b/tools/binman/test/286_encrypted_key_file.dts
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ fit {
+ description = "test desc";
+
+ images {
+ u-boot {
+ blob: blob {
+ filename = "blobfile";
+ };
+
+ encrypted {
+ content = <&blob>;
+ algo = "algo-name";
+ key-name-hint = "key-name-hint-value";
+ iv-filename = "encrypted-file.iv";
+ key-filename = "encrypted-file.key";
+ };
+ };
+ };
+ };
+ };
+};
diff --git a/tools/binman/test/287_encrypted_iv_name_hint.dts b/tools/binman/test/287_encrypted_iv_name_hint.dts
new file mode 100644
index 0000000000..06c0735e61
--- /dev/null
+++ b/tools/binman/test/287_encrypted_iv_name_hint.dts
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ fit {
+ description = "test desc";
+
+ images {
+ u-boot {
+ blob: blob {
+ filename = "blobfile";
+ };
+
+ encrypted {
+ content = <&blob>;
+ algo = "algo-name";
+ iv-name-hint = "iv-name-hint-value";
+ key-name-hint = "key-name-hint-value";
+ iv-filename = "encrypted-file.iv";
+ };
+ };
+ };
+ };
+ };
+};
--
2.34.1
More information about the U-Boot
mailing list