From: Christian Taedcke christian.taedcke@weidmueller.com
Add tests to reach 100% code coverage for the added etype encrypted.
Signed-off-by: Christian Taedcke christian.taedcke@weidmueller.com ---
tools/binman/ftest.py | 69 +++++++++++++++++++ .../binman/test/282_encrypted_no_content.dts | 15 ++++ tools/binman/test/283_encrypted_no_algo.dts | 19 +++++ .../test/284_encrypted_invalid_iv_file.dts | 22 ++++++ tools/binman/test/285_encrypted.dts | 29 ++++++++ tools/binman/test/286_encrypted_key_file.dts | 30 ++++++++ .../test/287_encrypted_iv_name_hint.dts | 30 ++++++++ 7 files changed, 214 insertions(+) create mode 100644 tools/binman/test/282_encrypted_no_content.dts create mode 100644 tools/binman/test/283_encrypted_no_algo.dts create mode 100644 tools/binman/test/284_encrypted_invalid_iv_file.dts create mode 100644 tools/binman/test/285_encrypted.dts create mode 100644 tools/binman/test/286_encrypted_key_file.dts create mode 100644 tools/binman/test/287_encrypted_iv_name_hint.dts
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index 43b4f850a6..3fb57e964e 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -94,6 +94,8 @@ ROCKCHIP_TPL_DATA = b'rockchip-tpl' TEST_FDT1_DATA = b'fdt1' TEST_FDT2_DATA = b'test-fdt2' ENV_DATA = b'var1=1\nvar2="2"' +ENCRYPTED_IV_DATA = b'123456' +ENCRYPTED_KEY_DATA = b'1234567890123456' PRE_LOAD_MAGIC = b'UBSH' PRE_LOAD_VERSION = 0x11223344.to_bytes(4, 'big') PRE_LOAD_HDR_SIZE = 0x00001000.to_bytes(4, 'big') @@ -226,6 +228,10 @@ class TestFunctional(unittest.TestCase): # Newer OP_TEE file in v1 binary format cls.make_tee_bin('tee.bin')
+ # test files for encrypted tests + TestFunctional._MakeInputFile('encrypted-file.iv', ENCRYPTED_IV_DATA) + TestFunctional._MakeInputFile('encrypted-file.key', ENCRYPTED_KEY_DATA) + cls.comp_bintools = {} for name in COMP_BINTOOLS: cls.comp_bintools[name] = bintool.Bintool.create(name) @@ -6676,6 +6682,69 @@ fdt fdtmap Extract the devicetree blob from the fdtmap ['fit']) self.assertIn("Node '/fit': Missing tool: 'mkimage'", str(e.exception))
+ def testEncryptedNoContent(self): + with self.assertRaises(ValueError) as e: + self._DoReadFileDtb('282_encrypted_no_content.dts', update_dtb=True) + self.assertIn("Node '/binman/fit/images/u-boot/encrypted': Collection must have a 'content' property", str(e.exception)) + + def testEncryptedNoAlgo(self): + with self.assertRaises(ValueError) as e: + self._DoReadFileDtb('283_encrypted_no_algo.dts', update_dtb=True) + self.assertIn("Node '/binman/fit/images/u-boot/encrypted': 'encrypted' entry is missing properties: algo key-name-hint iv-filename", str(e.exception)) + + def testEncryptedInvalidIvfile(self): + with self.assertRaises(ValueError) as e: + self._DoReadFileDtb('284_encrypted_invalid_iv_file.dts', update_dtb=True) + self.assertIn("Filename 'invalid-iv-file' not found in input path", + str(e.exception)) + + def testEncryptedNoKey(self): + data = self._DoReadFileDtb('285_encrypted.dts')[0] + + dtb = fdt.Fdt.FromData(data) + dtb.Scan() + + node = dtb.GetNode('/images/u-boot/cipher') + self.assertEqual('algo-name', node.props['algo'].value) + self.assertEqual('key-name-hint-value', node.props['key-name-hint'].value) + self.assertEqual(ENCRYPTED_IV_DATA, tools.to_bytes(''.join(node.props['iv'].value))) + self.assertNotIn('iv-name-hint', node.props) + + node = dtb.GetNode('/cipher') + self.assertIsNone(node) + + def testEncryptedKeyFile(self): + data = self._DoReadFileDtb('286_encrypted_key_file.dts')[0] + + dtb = fdt.Fdt.FromData(data) + dtb.Scan() + + node = dtb.GetNode('/images/u-boot/cipher') + self.assertEqual('algo-name', node.props['algo'].value) + self.assertEqual('key-name-hint-value', node.props['key-name-hint'].value) + self.assertEqual(ENCRYPTED_IV_DATA, tools.to_bytes(''.join(node.props['iv'].value))) + self.assertNotIn('iv-name-hint', node.props) + + node = dtb.GetNode('/cipher/key-algo-name-key-name-hint-value') + self.assertEqual(ENCRYPTED_KEY_DATA, b''.join(node.props['key'].value)) + self.assertNotIn('iv', node.props) + + def testEncryptedIvNameHint(self): + data = self._DoReadFileDtb('287_encrypted_iv_name_hint.dts')[0] + + dtb = fdt.Fdt.FromData(data) + dtb.Scan() + + node = dtb.GetNode('/images/u-boot/cipher') + self.assertEqual('algo-name', node.props['algo'].value) + self.assertEqual('iv-name-hint-value', node.props['iv-name-hint'].value) + self.assertEqual('key-name-hint-value', node.props['key-name-hint'].value) + self.assertNotIn('iv', node.props) + + node = dtb.GetNode('/cipher/key-algo-name-key-name-hint-value-iv-name-hint-value') + self.assertEqual(ENCRYPTED_IV_DATA, tools.to_bytes(''.join(node.props['iv'].value))) + self.assertNotIn('key', node.props) +
if __name__ == "__main__": unittest.main() diff --git a/tools/binman/test/282_encrypted_no_content.dts b/tools/binman/test/282_encrypted_no_content.dts new file mode 100644 index 0000000000..03f7ffee90 --- /dev/null +++ b/tools/binman/test/282_encrypted_no_content.dts @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +/dts-v1/; + +/ { + binman { + fit { + images { + u-boot { + encrypted { + }; + }; + }; + }; + }; +}; diff --git a/tools/binman/test/283_encrypted_no_algo.dts b/tools/binman/test/283_encrypted_no_algo.dts new file mode 100644 index 0000000000..71975c0116 --- /dev/null +++ b/tools/binman/test/283_encrypted_no_algo.dts @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: GPL-2.0+ +/dts-v1/; + +/ { + binman { + fit { + images { + u-boot { + encrypted { + content = <&data>; + }; + + data: data { + }; + }; + }; + }; + }; +}; diff --git a/tools/binman/test/284_encrypted_invalid_iv_file.dts b/tools/binman/test/284_encrypted_invalid_iv_file.dts new file mode 100644 index 0000000000..cce307965c --- /dev/null +++ b/tools/binman/test/284_encrypted_invalid_iv_file.dts @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0+ +/dts-v1/; + +/ { + binman { + fit { + images { + u-boot { + encrypted { + content = <&data>; + algo = "some-algo"; + key-name-hint = "key"; + iv-filename = "invalid-iv-file"; + }; + + data: data { + }; + }; + }; + }; + }; +}; diff --git a/tools/binman/test/285_encrypted.dts b/tools/binman/test/285_encrypted.dts new file mode 100644 index 0000000000..ed5babf26e --- /dev/null +++ b/tools/binman/test/285_encrypted.dts @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + fit { + description = "test desc"; + + images { + u-boot { + blob: blob { + filename = "blobfile"; + }; + + encrypted { + content = <&blob>; + algo = "algo-name"; + key-name-hint = "key-name-hint-value"; + iv-filename = "encrypted-file.iv"; + }; + }; + }; + }; + }; +}; diff --git a/tools/binman/test/286_encrypted_key_file.dts b/tools/binman/test/286_encrypted_key_file.dts new file mode 100644 index 0000000000..56fdb24f9f --- /dev/null +++ b/tools/binman/test/286_encrypted_key_file.dts @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + fit { + description = "test desc"; + + images { + u-boot { + blob: blob { + filename = "blobfile"; + }; + + encrypted { + content = <&blob>; + algo = "algo-name"; + key-name-hint = "key-name-hint-value"; + iv-filename = "encrypted-file.iv"; + key-filename = "encrypted-file.key"; + }; + }; + }; + }; + }; +}; diff --git a/tools/binman/test/287_encrypted_iv_name_hint.dts b/tools/binman/test/287_encrypted_iv_name_hint.dts new file mode 100644 index 0000000000..06c0735e61 --- /dev/null +++ b/tools/binman/test/287_encrypted_iv_name_hint.dts @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + fit { + description = "test desc"; + + images { + u-boot { + blob: blob { + filename = "blobfile"; + }; + + encrypted { + content = <&blob>; + algo = "algo-name"; + iv-name-hint = "iv-name-hint-value"; + key-name-hint = "key-name-hint-value"; + iv-filename = "encrypted-file.iv"; + }; + }; + }; + }; + }; +};