vboot: add support for HW accel in kernel verification

Add support for using HW hashing acceleration in kernel verification.

BUG=b:162551138
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests

Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: Ia03ff7f49bd18393c0daeab72348414fa059e0cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2639456
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>

1 files changed, 78 insertions, 9 deletions

diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c
index b1666ab6..3f062892 100644
--- a/tests/vb2_common2_tests.c
+++ b/tests/vb2_common2_tests.c
@@ -20,25 +20,52 @@
 static const uint8_t test_data[] = "This is some test data to sign.";
 static const uint32_t test_size = sizeof(test_data);
 
-static enum {
+static enum hwcrypto_state {
 	HWCRYPTO_OK,
 	HWCRYPTO_NOTSUPPORTED,
 	HWCRYPTO_ERROR,
-} hwcrypto_state;
+	HWCRYPTO_ABORT,
+} hwcrypto_state_rsa, hwcrypto_state_digest;
 
-vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
-					     const uint8_t *sig, const uint8_t *digest)
+static vb2_error_t hwcrypto_mock(enum hwcrypto_state *state)
 {
-	switch (hwcrypto_state) {
+	switch (*state) {
 		case HWCRYPTO_OK:
 			return VB2_SUCCESS;
 		case HWCRYPTO_NOTSUPPORTED:
 			return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
 		case HWCRYPTO_ERROR:
-			return VB2_ERROR_RSA_VERIFY_DIGEST;
+			return VB2_ERROR_MOCK;
+		case HWCRYPTO_ABORT:
+			vb2ex_abort();
+			/* shouldn't reach here but added for compiler */
+			return VB2_ERROR_MOCK;
 	}
 }
 
+vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg,
+				       uint32_t data_size)
+{
+	return hwcrypto_mock(&hwcrypto_state_digest);
+}
+
+vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
+{
+	return hwcrypto_mock(&hwcrypto_state_digest);
+}
+
+vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
+					   uint32_t digest_size)
+{
+	return hwcrypto_mock(&hwcrypto_state_digest);
+}
+
+vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
+					     const uint8_t *sig, const uint8_t *digest)
+{
+	return hwcrypto_mock(&hwcrypto_state_rsa);
+}
+
 
 static void test_unpack_key(const struct vb2_packed_key *key1)
 {
@@ -109,6 +136,9 @@ static void test_verify_data(const struct vb2_packed_key *key1,
 	uint32_t sig_total_size = sig->sig_offset + sig->sig_size;
 	struct vb2_signature *sig2;
 
+	hwcrypto_state_rsa = HWCRYPTO_ABORT;
+	hwcrypto_state_digest = HWCRYPTO_ABORT;
+
 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
 
 	/* Allocate signature copy for tests */
@@ -155,18 +185,57 @@ static void test_verify_data(const struct vb2_packed_key *key1,
 
 	pubk.allow_hwcrypto = 1;
 
-	hwcrypto_state = HWCRYPTO_OK;
+	hwcrypto_state_digest = HWCRYPTO_OK;
+	hwcrypto_state_rsa = HWCRYPTO_OK;
+	memcpy(sig2, sig, sig_total_size);
+	vb2_signature_data_mutable(sig2)[0] ^= 0x5A;
+	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto ok");
+
+	hwcrypto_state_rsa = HWCRYPTO_ERROR;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto error");
+
+	hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto fallback ok");
+
+	memcpy(sig2, sig, sig_total_size);
+	sig2->sig_size -= 16;
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto fallback error");
+
+	hwcrypto_state_digest = HWCRYPTO_ERROR;
+	hwcrypto_state_rsa = HWCRYPTO_OK;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto error");
+
+	hwcrypto_state_rsa = HWCRYPTO_ERROR;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto error");
+
+	hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto fallback error");
+
+	hwcrypto_state_digest = HWCRYPTO_NOTSUPPORTED;
+	hwcrypto_state_rsa = HWCRYPTO_OK;
 	memcpy(sig2, sig, sig_total_size);
 	vb2_signature_data_mutable(sig2)[0] ^= 0x5A;
 	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
 		0, "vb2_verify_data() hwcrypto ok");
 
-	hwcrypto_state = HWCRYPTO_ERROR;
+	hwcrypto_state_rsa = HWCRYPTO_ERROR;
 	memcpy(sig2, sig, sig_total_size);
 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
 		0, "vb2_verify_data() hwcrypto error");
 
-	hwcrypto_state = HWCRYPTO_NOTSUPPORTED;
+	hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED;
 	memcpy(sig2, sig, sig_total_size);
 	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
 		0, "vb2_verify_data() hwcrypto fallback ok");