diff options
author | Kangheui Won <khwon@chromium.org> | 2021-02-02 17:32:06 +1100 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-03-09 09:52:23 +0000 |
commit | a2b582f6e1915f061bd89214560736ed34cceef7 (patch) | |
tree | a1fa6cf7eacd203ed6c0db6705b958846d8560cd /tests | |
parent | 810195426623690a476c15e7ac0fadb4d17418d2 (diff) | |
download | vboot-a2b582f6e1915f061bd89214560736ed34cceef7.tar.gz |
vboot: add support for HW accel in kernel verification
Add support for using HW hashing acceleration in kernel verification.
BUG=b:162551138
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: Ia03ff7f49bd18393c0daeab72348414fa059e0cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2639456
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/vb2_common2_tests.c | 87 | ||||
-rw-r--r-- | tests/vboot_kernel_tests.c | 7 | ||||
-rw-r--r-- | tests/verify_kernel.c | 6 |
3 files changed, 90 insertions, 10 deletions
diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c index b1666ab6..3f062892 100644 --- a/tests/vb2_common2_tests.c +++ b/tests/vb2_common2_tests.c @@ -20,25 +20,52 @@ static const uint8_t test_data[] = "This is some test data to sign."; static const uint32_t test_size = sizeof(test_data); -static enum { +static enum hwcrypto_state { HWCRYPTO_OK, HWCRYPTO_NOTSUPPORTED, HWCRYPTO_ERROR, -} hwcrypto_state; + HWCRYPTO_ABORT, +} hwcrypto_state_rsa, hwcrypto_state_digest; -vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key, - const uint8_t *sig, const uint8_t *digest) +static vb2_error_t hwcrypto_mock(enum hwcrypto_state *state) { - switch (hwcrypto_state) { + switch (*state) { case HWCRYPTO_OK: return VB2_SUCCESS; case HWCRYPTO_NOTSUPPORTED: return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; case HWCRYPTO_ERROR: - return VB2_ERROR_RSA_VERIFY_DIGEST; + return VB2_ERROR_MOCK; + case HWCRYPTO_ABORT: + vb2ex_abort(); + /* shouldn't reach here but added for compiler */ + return VB2_ERROR_MOCK; } } +vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, + uint32_t data_size) +{ + return hwcrypto_mock(&hwcrypto_state_digest); +} + +vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) +{ + return hwcrypto_mock(&hwcrypto_state_digest); +} + +vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, + uint32_t digest_size) +{ + return hwcrypto_mock(&hwcrypto_state_digest); +} + +vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key, + const uint8_t *sig, const uint8_t *digest) +{ + return hwcrypto_mock(&hwcrypto_state_rsa); +} + static void test_unpack_key(const struct vb2_packed_key *key1) { @@ -109,6 +136,9 @@ static void test_verify_data(const struct vb2_packed_key *key1, uint32_t sig_total_size = sig->sig_offset + sig->sig_size; struct vb2_signature *sig2; + hwcrypto_state_rsa = HWCRYPTO_ABORT; + hwcrypto_state_digest = HWCRYPTO_ABORT; + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); /* Allocate signature copy for tests */ @@ -155,18 +185,57 @@ static void test_verify_data(const struct vb2_packed_key *key1, pubk.allow_hwcrypto = 1; - hwcrypto_state = HWCRYPTO_OK; + hwcrypto_state_digest = HWCRYPTO_OK; + hwcrypto_state_rsa = HWCRYPTO_OK; + memcpy(sig2, sig, sig_total_size); + vb2_signature_data_mutable(sig2)[0] ^= 0x5A; + TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto ok"); + + hwcrypto_state_rsa = HWCRYPTO_ERROR; + memcpy(sig2, sig, sig_total_size); + TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto error"); + + hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED; + memcpy(sig2, sig, sig_total_size); + TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto fallback ok"); + + memcpy(sig2, sig, sig_total_size); + sig2->sig_size -= 16; + TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto fallback error"); + + hwcrypto_state_digest = HWCRYPTO_ERROR; + hwcrypto_state_rsa = HWCRYPTO_OK; + memcpy(sig2, sig, sig_total_size); + TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto error"); + + hwcrypto_state_rsa = HWCRYPTO_ERROR; + memcpy(sig2, sig, sig_total_size); + TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto error"); + + hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED; + memcpy(sig2, sig, sig_total_size); + TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb2_verify_data() hwcrypto fallback error"); + + hwcrypto_state_digest = HWCRYPTO_NOTSUPPORTED; + hwcrypto_state_rsa = HWCRYPTO_OK; memcpy(sig2, sig, sig_total_size); vb2_signature_data_mutable(sig2)[0] ^= 0x5A; TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), 0, "vb2_verify_data() hwcrypto ok"); - hwcrypto_state = HWCRYPTO_ERROR; + hwcrypto_state_rsa = HWCRYPTO_ERROR; memcpy(sig2, sig, sig_total_size); TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), 0, "vb2_verify_data() hwcrypto error"); - hwcrypto_state = HWCRYPTO_NOTSUPPORTED; + hwcrypto_state_rsa = HWCRYPTO_NOTSUPPORTED; memcpy(sig2, sig, sig_total_size); TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb), 0, "vb2_verify_data() hwcrypto fallback ok"); diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c index 87056ad2..e86837bc 100644 --- a/tests/vboot_kernel_tests.c +++ b/tests/vboot_kernel_tests.c @@ -175,7 +175,12 @@ static void ResetMocks(void) fwmp = (struct vb2_secdata_fwmp *)ctx->secdata_fwmp; memcpy(&fwmp->dev_key_hash, mock_digest, sizeof(fwmp->dev_key_hash)); - // TODO: more workbuf fields - flags, secdata_firmware, secdata_kernel + // TODO: more workbuf fields - flags, secdata_firmware + + vb2api_secdata_kernel_create(ctx); + vb2_secdata_kernel_init(ctx); + vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, + VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED); } /* Mocks */ diff --git a/tests/verify_kernel.c b/tests/verify_kernel.c index 9aaad723..fe68a1b4 100644 --- a/tests/verify_kernel.c +++ b/tests/verify_kernel.c @@ -10,6 +10,7 @@ #include "2common.h" #include "2misc.h" #include "2nvstorage.h" +#include "2secdata.h" #include "host_common.h" #include "util_misc.h" #include "vboot_api.h" @@ -124,6 +125,11 @@ int main(int argc, char *argv[]) * dev mode. So just use defaults for nv storage. */ vb2_nv_init(ctx); + /* We need to init kernel secdata for + * VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED. + */ + vb2api_secdata_kernel_create(ctx); + vb2_secdata_kernel_init(ctx); /* Try loading kernel */ rv = LoadKernel(ctx, ¶ms); |