diff options
| author | Randall Spangler <rspangler@chromium.org> | 2013-01-02 16:49:38 -0800 |
|---|---|---|
| committer | ChromeBot <chrome-bot@google.com> | 2013-01-03 11:14:51 -0800 |
| commit | e8cfa31d548c069d73c304fea522b527fe7c7dd6 (patch) | |
| tree | 49dc0bbe28b0798cf22feeaeefe883df881804d3 | |
| parent | ef2a02fe7d31e6416cdbb56d75f8c57e6aed3c5a (diff) | |
| download | vboot-e8cfa31d548c069d73c304fea522b527fe7c7dd6.tar.gz | |
Move lengthy tests from 'make runtests' to 'make runlongtests'
This reduces 'make runtests' from ~90 sec on a z620 to ~8 sec, which
is short enough we can run it as part of the continuous build.
BUG=chromium-os:26317
BRANCH=none
TEST=make && time make runtests && time make runlongtests
Change-Id: I8165efaf8b8290ca3c8f8da73e3f8a54c2bc19f9
Reviewed-on: https://gerrit.chromium.org/gerrit/40374
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
| -rw-r--r-- | Makefile | 5 | ||||
| -rw-r--r-- | tests/Makefile | 19 | ||||
| -rwxr-xr-x | tests/run_preamble_tests.sh | 9 | ||||
| -rwxr-xr-x | tests/run_vboot_common_tests.sh | 126 | ||||
| -rwxr-xr-x | tests/run_vbutil_tests.sh | 158 |
5 files changed, 211 insertions, 106 deletions
@@ -1,4 +1,4 @@ -# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +# Copyright (c) 2013 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. @@ -137,6 +137,9 @@ install: runtests: $(Q)$(MAKE) -C tests runtests +runlongtests: + $(MAKE) -C tests runlongtests + runcgptmanagertests: $(Q)$(MAKE) -C tests runcgptmanagertests diff --git a/tests/Makefile b/tests/Makefile index 240753e2..0731e3b9 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,4 +1,4 @@ -# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +# Copyright (c) 2013 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. @@ -151,7 +151,6 @@ runcryptotests: ${BUILD_ROOT}/rsa_utility_tests ${BUILD_ROOT}/sha_tests ./run_vboot_common_tests.sh - ./run_vboot_ec_tests.sh # Run other misc tests runmisctests: @@ -165,9 +164,12 @@ runmisctests: ${BUILD_ROOT}/vboot_api_firmware_tests ${BUILD_ROOT}/vboot_firmware_tests -#This will exercise vbutil_kernel and vbutil_firmware -runfuzztests: +# Generate test cases for fuzzing +genfuzztestcases: ./gen_fuzz_test_cases.sh + +# This will exercise vbutil_kernel and vbutil_firmware +runfuzztests: genfuzztestcases ./run_preamble_tests.sh ./run_vbutil_kernel_arg_tests.sh @@ -182,8 +184,17 @@ runsoundtests: ALLTESTS=runcgpttests runcryptotests runmisctests runfuzztests \ runbmptests runsoundtests +# Run a subset of tests runtests: genkeys ${ALLTESTS} +# Run long tests, including all permutations of encryption keys (instead of +# just the ones we use) and tests of currently-unused code (e.g. vboot_ec) +runlongtests: genkeys genfuzztestcases + ./run_vboot_common_tests.sh --all + ./run_vbutil_tests.sh --all + ./run_preamble_tests.sh --all + ./run_vboot_ec_tests.sh + # TODO: tests to run when ported to new API # ./run_image_verification_tests.sh # # Splicing tests diff --git a/tests/run_preamble_tests.sh b/tests/run_preamble_tests.sh index ffbd9afc..2ca86ad6 100755 --- a/tests/run_preamble_tests.sh +++ b/tests/run_preamble_tests.sh @@ -12,8 +12,13 @@ # Load common constants and variables for tests. . "$(dirname "$0")/common.sh" -# all algs -algs="0 1 2 3 4 5 6 7 8 9 10 11" +if [ "${1:---some}" == "--all" ] ; then + # all algs + algs="0 1 2 3 4 5 6 7 8 9 10 11" +else + # just the algs we use + algs="4 7 11" +fi # output directories PREAMBLE_DIR="${SCRIPT_DIR}/preamble_tests" diff --git a/tests/run_vboot_common_tests.sh b/tests/run_vboot_common_tests.sh index 9d4373f7..658f8dd5 100755 --- a/tests/run_vboot_common_tests.sh +++ b/tests/run_vboot_common_tests.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. +# Copyright (c) 2013 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. @@ -19,61 +19,102 @@ function test_vboot_common { fi } -function test_vboot_common2 { +# Test a single key+hash algorithm +function test_vboot_common2_single { + local algonum=$1 + local keylen=$2 + local hashalgo=$3 + echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" + echo ${TEST_DIR}/vboot_common2_tests $algonum \ + ${TESTKEY_DIR}/key_rsa${keylen}.pem \ + ${TESTKEY_DIR}/key_rsa${keylen}.keyb + ${TEST_DIR}/vboot_common2_tests $algonum \ + ${TESTKEY_DIR}/key_rsa${keylen}.pem \ + ${TESTKEY_DIR}/key_rsa${keylen}.keyb + if [ $? -ne 0 ] + then + return_code=255 + fi +} + +# Test all key+hash algorithms +function test_vboot_common2_all { algorithmcounter=0 for keylen in ${key_lengths[@]} do for hashalgo in ${hash_algos[@]} do - echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" - ${TEST_DIR}/vboot_common2_tests $algorithmcounter \ - ${TESTKEY_DIR}/key_rsa${keylen}.pem \ - ${TESTKEY_DIR}/key_rsa${keylen}.keyb - if [ $? -ne 0 ] - then - return_code=255 - fi + test_vboot_common2_single $algorithmcounter $keylen $hashalgo let algorithmcounter=algorithmcounter+1 done done } -function test_vboot_common3 { -# Test for various combinations of firmware signing algorithm and -# kernel signing algorithm - firmware_algorithmcounter=0 - kernel_algorithmcounter=0 - for firmware_keylen in ${key_lengths[@]} +# Test only the algorithms we actually use +function test_vboot_common2 { + test_vboot_common2_single 4 2048 sha256 + test_vboot_common2_single 7 4096 sha256 + test_vboot_common2_single 11 8192 sha512 +} + +# Test a single block algorithm + data algorithm +function test_vboot_common3_single { + local signing_algonum=$1 + local signing_keylen=$2 + local signing_hashalgo=$3 + local data_algonum=$4 + local data_keylen=$5 + local data_hashalgo=$6 + + echo -e "For ${COL_YELLOW}signing algorithm \ +RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \ +and ${COL_YELLOW}data signing algorithm RSA-${data_keylen}/\ +${data_hashalgo}${COL_STOP}" + ${TEST_DIR}/vboot_common3_tests \ + $signing_algonum $data_algonum \ + ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ + ${TESTKEY_DIR}/key_rsa${signing_keylen}.keyb \ + ${TESTKEY_DIR}/key_rsa${data_keylen}.pem \ + ${TESTKEY_DIR}/key_rsa${data_keylen}.keyb + if [ $? -ne 0 ] + then + return_code=255 + fi +} + +# Test all combinations of key block signing algorithm and data signing +# algorithm +function test_vboot_common3_all { + signing_algorithmcounter=0 + data_algorithmcounter=0 + for signing_keylen in ${key_lengths[@]} do - for firmware_hashalgo in ${hash_algos[@]} + for signing_hashalgo in ${hash_algos[@]} do - let kernel_algorithmcounter=0 - for kernel_keylen in ${key_lengths[@]} + let data_algorithmcounter=0 + for data_keylen in ${key_lengths[@]} do - for kernel_hashalgo in ${hash_algos[@]} + for data_hashalgo in ${hash_algos[@]} do - echo -e "For ${COL_YELLOW}signing algorithm \ -RSA-${firmware_keylen}/${firmware_hashalgo}${COL_STOP} \ -and ${COL_YELLOW}data signing algorithm RSA-${kernel_keylen}/\ -${kernel_hashalgo}${COL_STOP}" - ${TEST_DIR}/vboot_common3_tests \ - $firmware_algorithmcounter $kernel_algorithmcounter \ - ${TESTKEY_DIR}/key_rsa${firmware_keylen}.pem \ - ${TESTKEY_DIR}/key_rsa${firmware_keylen}.keyb \ - ${TESTKEY_DIR}/key_rsa${kernel_keylen}.pem \ - ${TESTKEY_DIR}/key_rsa${kernel_keylen}.keyb - if [ $? -ne 0 ] - then - return_code=255 - fi - let kernel_algorithmcounter=kernel_algorithmcounter+1 + test_vboot_common3_single \ + $signing_algorithmcounter $signing_keylen $signing_hashalgo \ + $data_algorithmcounter $data_keylen $data_hashalgo + let data_algorithmcounter=data_algorithmcounter+1 done done - let firmware_algorithmcounter=firmware_algorithmcounter+1 + let signing_algorithmcounter=signing_algorithmcounter+1 done done } +# Test only the combinations of key block signing algorithm and data signing +# algorithm that we actually use +function test_vboot_common3 { + test_vboot_common3_single 7 4096 sha256 4 2048 sha256 + test_vboot_common3_single 11 8192 sha512 4 2048 sha256 + test_vboot_common3_single 11 8192 sha512 7 4096 sha256 +} + check_test_keys echo echo "Testing vboot_common tests which don't depend on keys..." @@ -81,11 +122,18 @@ test_vboot_common echo echo "Testing vboot_common tests which depend on one key..." -test_vboot_common2 +if [ "$1" == "--all" ] ; then + test_vboot_common2_all +else + test_vboot_common2 +fi echo echo "Testing vboot_common tests which depend on two keys..." -test_vboot_common3 - +if [ "$1" == "--all" ] ; then + test_vboot_common3_all +else + test_vboot_common3 +fi exit $return_code diff --git a/tests/run_vbutil_tests.sh b/tests/run_vbutil_tests.sh index b56f4c12..2b15d53f 100755 --- a/tests/run_vbutil_tests.sh +++ b/tests/run_vbutil_tests.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. +# Copyright (c) 2013 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. @@ -11,68 +11,74 @@ return_code=0 -function test_vbutil_key { - algorithmcounter=0 - for keylen in ${key_lengths[@]} - do - for hashalgo in ${hash_algos[@]} - do - echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" - # Pack the key - ${UTIL_DIR}/vbutil_key \ - --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk \ +function test_vbutil_key_single { + local algonum=$1 + local keylen=$2 + local hashalgo=$3 + + echo -e "For signing key ${COL_YELLOW}RSA-$keylen/$hashalgo${COL_STOP}:" + # Pack the key + ${UTIL_DIR}/vbutil_key \ + --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk \ --key ${TESTKEY_DIR}/key_rsa${keylen}.keyb \ --version 1 \ - --algorithm $algorithmcounter - if [ $? -ne 0 ] - then + --algorithm $algonum + if [ $? -ne 0 ] + then return_code=255 - fi - - # Unpack the key - # TODO: should verify we get the same key back out? - ${UTIL_DIR}/vbutil_key \ - --unpack ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk - if [ $? -ne 0 ] - then + fi + + # Unpack the key + # TODO: should verify we get the same key back out? + ${UTIL_DIR}/vbutil_key \ + --unpack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk + if [ $? -ne 0 ] + then return_code=255 - fi + fi +} - let algorithmcounter=algorithmcounter+1 - done +function test_vbutil_key_all { + algorithmcounter=0 + for keylen in ${key_lengths[@]} + do + for hashalgo in ${hash_algos[@]} + do + test_vbutil_key_single $algorithmcounter $keylen $hashalgo + let algorithmcounter=algorithmcounter+1 + done done } +function test_vbutil_key { + test_vbutil_key_single 4 2048 sha256 + test_vbutil_key_single 7 4096 sha256 + test_vbutil_key_single 11 8192 sha512 +} + +function test_vbutil_keyblock_single { + local signing_algonum=$1 + local signing_keylen=$2 + local signing_hashalgo=$3 + local data_algonum=$4 + local data_keylen=$5 + local data_hashalgo=$6 -function test_vbutil_keyblock { -# Test for various combinations of firmware signing algorithm and -# kernel signing algorithm - signing_algorithmcounter=0 - data_algorithmcounter=0 - for signing_keylen in ${key_lengths[@]} - do - for signing_hashalgo in ${hash_algos[@]} - do - let data_algorithmcounter=0 - for datakeylen in ${key_lengths[@]} - do - for datahashalgo in ${hash_algos[@]} - do echo -e "For ${COL_YELLOW}signing algorithm \ RSA-${signing_keylen}/${signing_hashalgo}${COL_STOP} \ and ${COL_YELLOW}data key algorithm RSA-${datakeylen}/\ ${datahashalgo}${COL_STOP}" # Remove old file keyblockfile="${TESTKEY_SCRATCH_DIR}/" - keyblockfile+="sign${signing_algorithmcounter}_data" - keyblockfile+="${data_algorithmcounter}.keyblock" + keyblockfile+="sign${signing_algonum}_data" + keyblockfile+="${data_algonum}.keyblock" rm -f ${keyblockfile} # Wrap private key ${UTIL_DIR}/vbutil_key \ - --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbprivk \ + --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbprivk \ --key ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ - --algorithm $signing_algorithmcounter + --algorithm $signing_algonum if [ $? -ne 0 ] then echo -e "${COL_RED}Wrap vbprivk${COL_STOP}" @@ -81,9 +87,9 @@ ${datahashalgo}${COL_STOP}" # Wrap public key ${UTIL_DIR}/vbutil_key \ - --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk \ + --pack ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk \ --key ${TESTKEY_DIR}/key_rsa${signing_keylen}.keyb \ - --algorithm $signing_algorithmcounter + --algorithm $signing_algonum if [ $? -ne 0 ] then echo -e "${COL_RED}Wrap vbpubk${COL_STOP}" @@ -93,9 +99,9 @@ ${datahashalgo}${COL_STOP}" # Pack ${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \ --datapubkey \ - ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \ --signprivate \ - ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbprivk + ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbprivk if [ $? -ne 0 ] then echo -e "${COL_RED}Pack${COL_STOP}" @@ -105,9 +111,9 @@ ${datahashalgo}${COL_STOP}" # Unpack ${UTIL_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ --datapubkey \ - ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk2 \ + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2 \ --signpubkey \ - ${TESTKEY_SCRATCH_DIR}/key_alg${algorithmcounter}.vbpubk + ${TESTKEY_SCRATCH_DIR}/key_alg${algonum}.vbpubk if [ $? -ne 0 ] then echo -e "${COL_RED}Unpack${COL_STOP}" @@ -116,8 +122,8 @@ ${datahashalgo}${COL_STOP}" # Check if ! cmp -s \ - ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ - ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk2 + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \ + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2 then echo -e "${COL_RED}Check${COL_STOP}" return_code=255 @@ -130,10 +136,10 @@ external signer.${COL_STOP}" # Pack ${UTIL_DIR}/vbutil_keyblock --pack ${keyblockfile} \ --datapubkey \ - ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \ --signprivate_pem \ ${TESTKEY_DIR}/key_rsa${signing_keylen}.pem \ - --pem_algorithm "${signing_algorithmcounter}" \ + --pem_algorithm "${signing_algonum}" \ --externalsigner "${SCRIPT_DIR}/external_rsa_signer.sh" if [ $? -ne 0 ] @@ -145,9 +151,9 @@ external signer.${COL_STOP}" # Unpack ${UTIL_DIR}/vbutil_keyblock --unpack ${keyblockfile} \ --datapubkey \ - ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk2 \ + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2 \ --signpubkey \ - ${TESTKEY_SCRATCH_DIR}/key_alg${signing_algorithmcounter}.vbpubk + ${TESTKEY_SCRATCH_DIR}/key_alg${signing_algonum}.vbpubk if [ $? -ne 0 ] then echo -e "${COL_RED}Unpack${COL_STOP}" @@ -156,14 +162,33 @@ external signer.${COL_STOP}" # Check if ! cmp -s \ - ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk \ - ${TESTKEY_SCRATCH_DIR}/key_alg${data_algorithmcounter}.vbpubk2 + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk \ + ${TESTKEY_SCRATCH_DIR}/key_alg${data_algonum}.vbpubk2 then echo -e "${COL_RED}Check${COL_STOP}" return_code=255 exit 1 fi +} + +function test_vbutil_keyblock_all { +# Test for various combinations of firmware signing algorithm and +# kernel signing algorithm + signing_algorithmcounter=0 + data_algorithmcounter=0 + for signing_keylen in ${key_lengths[@]} + do + for signing_hashalgo in ${hash_algos[@]} + do + let data_algorithmcounter=0 + for datakeylen in ${key_lengths[@]} + do + for datahashalgo in ${hash_algos[@]} + do + test_vbutil_keyblock_single \ + $signing_algorithmcounter $signing_keylen $signing_hashalgo \ + $data_algorithmcounter $data_keylen $data_hashalgo let data_algorithmcounter=data_algorithmcounter+1 done done @@ -172,17 +197,30 @@ external signer.${COL_STOP}" done } +function test_vbutil_keyblock { + test_vbutil_keyblock_single 7 4096 sha256 4 2048 sha256 + test_vbutil_keyblock_single 11 8192 sha512 4 2048 sha256 + test_vbutil_keyblock_single 11 8192 sha512 7 4096 sha256 +} + check_test_keys echo echo "Testing vbutil_key..." -test_vbutil_key +if [ "$1" == "--all" ] ; then + test_vbutil_key_all +else + test_vbutil_key +fi echo echo "Testing vbutil_keyblock..." -test_vbutil_keyblock - +if [ "$1" == "--all" ] ; then + test_vbutil_keyblock_all +else + test_vbutil_keyblock +fi exit $return_code |