diff options
| -rw-r--r-- | firmware/2lib/2api.c | 5 | ||||
| -rw-r--r-- | firmware/2lib/2sha_utility.c | 1 | ||||
| -rw-r--r-- | firmware/2lib/2stub.c | 23 | ||||
| -rw-r--r-- | firmware/2lib/include/2api.h | 30 | ||||
| -rw-r--r-- | firmware/2lib/include/2crypto.h | 31 | ||||
| -rw-r--r-- | firmware/2lib/include/2return_codes.h | 3 | ||||
| -rw-r--r-- | firmware/2lib/include/2sha.h | 3 | ||||
| -rw-r--r-- | firmware/2lib/include/2struct.h | 32 | ||||
| -rw-r--r-- | firmware/lib20/api.c | 23 | ||||
| -rw-r--r-- | firmware/lib20/include/vb2_struct.h | 2 | ||||
| -rw-r--r-- | firmware/lib21/api.c | 24 | ||||
| -rw-r--r-- | firmware/lib21/include/vb2_struct.h | 6 | ||||
| -rw-r--r-- | tests/vb20_api_tests.c | 81 | ||||
| -rw-r--r-- | tests/vb21_api_tests.c | 117 |
14 files changed, 328 insertions, 53 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index 5d2775f0..1a616d5b 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -118,5 +118,8 @@ int vb2api_extend_hash(struct vb2_context *ctx, sd->hash_remaining_size -= size; - return vb2_digest_extend(dc, buf, size); + if (dc->using_hwcrypto) + return vb2ex_hwcrypto_digest_extend(buf, size); + else + return vb2_digest_extend(dc, buf, size); } diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c index 47581ea4..6f76b4e7 100644 --- a/firmware/2lib/2sha_utility.c +++ b/firmware/2lib/2sha_utility.c @@ -84,6 +84,7 @@ int vb2_digest_init(struct vb2_digest_context *dc, enum vb2_hash_algorithm hash_alg) { dc->hash_alg = hash_alg; + dc->using_hwcrypto = 0; switch (dc->hash_alg) { #if VB2_SUPPORT_SHA1 diff --git a/firmware/2lib/2stub.c b/firmware/2lib/2stub.c index 7c9e5b17..375d4faf 100644 --- a/firmware/2lib/2stub.c +++ b/firmware/2lib/2stub.c @@ -8,11 +8,13 @@ #include "2sysincludes.h" #include "2api.h" +__attribute__((weak)) int vb2ex_tpm_clear_owner(struct vb2_context *ctx) { return VB2_ERROR_EX_TPM_CLEAR_OWNER_UNIMPLEMENTED; } +__attribute__((weak)) int vb2ex_read_resource(struct vb2_context *ctx, enum vb2_resource_index index, uint32_t offset, @@ -21,3 +23,24 @@ int vb2ex_read_resource(struct vb2_context *ctx, { return VB2_ERROR_EX_READ_RESOURCE_UNIMPLEMENTED; } + +__attribute__((weak)) +int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, + uint32_t data_size) +{ + return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; +} + +__attribute__((weak)) +int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, + uint32_t size) +{ + return VB2_ERROR_SHA_EXTEND_ALGORITHM; /* Should not be called. */ +} + +__attribute__((weak)) +int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, + uint32_t digest_size) +{ + return VB2_ERROR_SHA_FINALIZE_ALGORITHM; /* Should not be called. */ +} diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 1ce6a09f..0c5792d8 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -21,6 +21,7 @@ #define VBOOT_2_API_H_ #include <stdint.h> +#include "2crypto.h" #include "2fw_hash_tags.h" #include "2guid.h" #include "2recovery_reasons.h" @@ -364,4 +365,33 @@ int vb2ex_read_resource(struct vb2_context *ctx, uint32_t size); void vb2ex_printf(const char *func, const char *fmt, ...); + +/** + * Initialize the hardware crypto engine to calculate a block-style digest. + * + * @param hash_alg Hash algorithm to use + * @param data_size Expected total size of data to hash + * @return VB2_SUCCESS, or non-zero error code (HWCRYPTO_UNSUPPORTED not fatal). + */ +int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, + uint32_t data_size); + +/** + * Extend the hash in the hardware crypto engine with another block of data. + * + * @param buf Next data block to hash + * @param size Length of data block in bytes + * @return VB2_SUCCESS, or non-zero error code. + */ +int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size); + +/** + * Finalize the digest in the hardware crypto engine and extract the result. + * + * @param digest Destination buffer for resulting digest + * @param digest_size Length of digest buffer in bytes + * @return VB2_SUCCESS, or non-zero error code. + */ +int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size); + #endif /* VBOOT_2_API_H_ */ diff --git a/firmware/2lib/include/2crypto.h b/firmware/2lib/include/2crypto.h index e930de84..559a8ed1 100644 --- a/firmware/2lib/include/2crypto.h +++ b/firmware/2lib/include/2crypto.h @@ -28,4 +28,35 @@ enum vb2_crypto_algorithm { VB2_ALG_COUNT }; +/* Algorithm types for signatures */ +enum vb2_signature_algorithm { + /* Invalid or unsupported signature type */ + VB2_SIG_INVALID = 0, + + /* + * No signature algorithm. The digest is unsigned. See + * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm. + */ + VB2_SIG_NONE = 1, + + /* RSA algorithms of the given length in bits (1024-8192) */ + VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */ + VB2_SIG_RSA2048 = 3, + VB2_SIG_RSA4096 = 4, + VB2_SIG_RSA8192 = 5, +}; + +/* Algorithm types for hash digests */ +enum vb2_hash_algorithm { + /* Invalid or unsupported digest type */ + VB2_HASH_INVALID = 0, + + /* SHA-1. Warning: This is likely to be deprecated soon! */ + VB2_HASH_SHA1 = 1, + + /* SHA-256 and SHA-512 */ + VB2_HASH_SHA256 = 2, + VB2_HASH_SHA512 = 3, +}; + #endif /* VBOOT_REFERENCE_VBOOT_2CRYPTO_H_ */ diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 2cffc56f..53e0102b 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -446,6 +446,9 @@ enum vb2_return_code { /* TPM clear owner not implemented */ VB2_ERROR_EX_TPM_CLEAR_OWNER_UNIMPLEMENTED, + /* Hardware crypto engine doesn't support this algorithm (non-fatal) */ + VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED, + /********************************************************************** * Errors generated by host library (non-firmware) start here. diff --git a/firmware/2lib/include/2sha.h b/firmware/2lib/include/2sha.h index 58792369..221d1856 100644 --- a/firmware/2lib/include/2sha.h +++ b/firmware/2lib/include/2sha.h @@ -78,6 +78,9 @@ struct vb2_digest_context { /* Current hash algorithm */ enum vb2_hash_algorithm hash_alg; + + /* 1 if digest is computed with vb2ex_hwcrypto routines, else 0 */ + int using_hwcrypto; }; /** diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index c0cd9071..5e2757b6 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -9,37 +9,7 @@ #ifndef VBOOT_REFERENCE_VBOOT_2STRUCT_H_ #define VBOOT_REFERENCE_VBOOT_2STRUCT_H_ #include <stdint.h> - -/* Algorithm types for signatures */ -enum vb2_signature_algorithm { - /* Invalid or unsupported signature type */ - VB2_SIG_INVALID = 0, - - /* - * No signature algorithm. The digest is unsigned. See - * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm. - */ - VB2_SIG_NONE = 1, - - /* RSA algorithms of the given length in bits (1024-8192) */ - VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */ - VB2_SIG_RSA2048 = 3, - VB2_SIG_RSA4096 = 4, - VB2_SIG_RSA8192 = 5, -}; - -/* Algorithm types for hash digests */ -enum vb2_hash_algorithm { - /* Invalid or unsupported digest type */ - VB2_HASH_INVALID = 0, - - /* SHA-1. Warning: This is likely to be deprecated soon! */ - VB2_HASH_SHA1 = 1, - - /* SHA-256 and SHA-512 */ - VB2_HASH_SHA256 = 2, - VB2_HASH_SHA512 = 3, -}; +#include "2crypto.h" /* * Key block flags. diff --git a/firmware/lib20/api.c b/firmware/lib20/api.c index 16ad6dc1..3fa492ee 100644 --- a/firmware/lib20/api.c +++ b/firmware/lib20/api.c @@ -100,6 +100,24 @@ int vb2api_init_hash(struct vb2_context *ctx, uint32_t tag, uint32_t *size) if (size) *size = pre->body_signature.data_size; + if (!(pre->flags & VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) { + rv = vb2ex_hwcrypto_digest_init(key.hash_alg, + pre->body_signature.data_size); + if (!rv) { + VB2_DEBUG("Using HW crypto engine for hash_alg %d\n", + key.hash_alg); + dc->hash_alg = key.hash_alg; + dc->using_hwcrypto = 1; + return VB2_SUCCESS; + } + if (rv != VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED) + return rv; + VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n", + key.hash_alg); + } else { + VB2_DEBUG("HW crypto forbidden by preamble, using SW\n"); + } + return vb2_digest_init(dc, key.hash_alg); } @@ -139,7 +157,10 @@ int vb2api_check_hash(struct vb2_context *ctx) return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST; /* Finalize the digest */ - rv = vb2_digest_finalize(dc, digest, digest_size); + if (dc->using_hwcrypto) + rv = vb2ex_hwcrypto_digest_finalize(digest, digest_size); + else + rv = vb2_digest_finalize(dc, digest, digest_size); if (rv) return rv; diff --git a/firmware/lib20/include/vb2_struct.h b/firmware/lib20/include/vb2_struct.h index 136ce91a..ec28e719 100644 --- a/firmware/lib20/include/vb2_struct.h +++ b/firmware/lib20/include/vb2_struct.h @@ -124,6 +124,8 @@ struct vb2_keyblock { /* Flags for VbFirmwarePreambleHeader.flags */ /* Reserved; do not use */ #define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001 +/* Do not allow use of any hardware crypto accelerators. */ +#define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002 /* Premable block for rewritable firmware, vboot1 version 2.1. * diff --git a/firmware/lib21/api.c b/firmware/lib21/api.c index beed98bc..7c1aa014 100644 --- a/firmware/lib21/api.c +++ b/firmware/lib21/api.c @@ -47,7 +47,7 @@ int vb2api_init_hash2(struct vb2_context *ctx, struct vb2_digest_context *dc; struct vb2_workbuf wb; uint32_t hash_offset; - int i; + int i, rv; vb2_workbuf_from_ctx(ctx, &wb); @@ -93,6 +93,23 @@ int vb2api_init_hash2(struct vb2_context *ctx, if (size) *size = sig->data_size; + if (!(pre->flags & VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) { + rv = vb2ex_hwcrypto_digest_init(sig->hash_alg, sig->data_size); + if (!rv) { + VB2_DEBUG("Using HW crypto engine for hash_alg %d\n", + sig->hash_alg); + dc->hash_alg = sig->hash_alg; + dc->using_hwcrypto = 1; + return VB2_SUCCESS; + } + if (rv != VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED) + return rv; + VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n", + sig->hash_alg); + } else { + VB2_DEBUG("HW crypto forbidden by preamble, using SW\n"); + } + return vb2_digest_init(dc, sig->hash_alg); } @@ -131,7 +148,10 @@ int vb2api_check_hash(struct vb2_context *ctx) return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST; /* Finalize the digest */ - rv = vb2_digest_finalize(dc, digest, digest_size); + if (dc->using_hwcrypto) + rv = vb2ex_hwcrypto_digest_finalize(digest, digest_size); + else + rv = vb2_digest_finalize(dc, digest, digest_size); if (rv) return rv; diff --git a/firmware/lib21/include/vb2_struct.h b/firmware/lib21/include/vb2_struct.h index d9921d94..62e1a080 100644 --- a/firmware/lib21/include/vb2_struct.h +++ b/firmware/lib21/include/vb2_struct.h @@ -291,6 +291,12 @@ struct vb2_keyblock { #define VB2_FW_PREAMBLE_VERSION_MAJOR 3 #define VB2_FW_PREAMBLE_VERSION_MINOR 0 +/* Flags for vb2_fw_preamble.flags */ +/* Reserved; do not use */ +#define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001 +/* Do not allow use of any hardware crypto accelerators. */ +#define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002 + /* * Firmware preamble * diff --git a/tests/vb20_api_tests.c b/tests/vb20_api_tests.c index a7be957f..fbde39d2 100644 --- a/tests/vb20_api_tests.c +++ b/tests/vb20_api_tests.c @@ -30,6 +30,12 @@ const int mock_sig_size = 64; /* Mocked function data */ +static enum { + HWCRYPTO_DISABLED, + HWCRYPTO_ENABLED, + HWCRYPTO_FORBIDDEN, +} hwcrypto_state; + static int retval_vb2_load_fw_keyblock; static int retval_vb2_load_fw_preamble; static int retval_vb2_digest_finalize; @@ -74,6 +80,10 @@ static void reset_common_data(enum reset_type t) (cc.workbuf + sd->workbuf_preamble_offset); pre->body_signature.data_size = mock_body_size; pre->body_signature.sig_size = mock_sig_size; + if (hwcrypto_state == HWCRYPTO_FORBIDDEN) + pre->flags = VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO; + else + pre->flags = 0; sd->workbuf_data_key_offset = cc.workbuf_used; sd->workbuf_data_key_size = sizeof(*k) + 8; @@ -117,13 +127,51 @@ int vb2_unpack_key(struct vb2_public_key *key, return VB2_SUCCESS; } +int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, + uint32_t data_size) +{ + switch (hwcrypto_state) { + case HWCRYPTO_DISABLED: + return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; + case HWCRYPTO_ENABLED: + if (hash_alg != mock_hash_alg) + return VB2_ERROR_SHA_INIT_ALGORITHM; + else + return VB2_SUCCESS; + case HWCRYPTO_FORBIDDEN: + default: + return VB2_ERROR_UNKNOWN; + } +} + +int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, + uint32_t size) +{ + if (hwcrypto_state != HWCRYPTO_ENABLED) + return VB2_ERROR_UNKNOWN; + + return VB2_SUCCESS; +} + +int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, + uint32_t digest_size) +{ + if (hwcrypto_state != HWCRYPTO_ENABLED) + return VB2_ERROR_UNKNOWN; + + return retval_vb2_digest_finalize; +} + int vb2_digest_init(struct vb2_digest_context *dc, enum vb2_hash_algorithm hash_alg) { + if (hwcrypto_state == HWCRYPTO_ENABLED) + return VB2_ERROR_UNKNOWN; if (hash_alg != mock_hash_alg) return VB2_ERROR_SHA_INIT_ALGORITHM; dc->hash_alg = hash_alg; + dc->using_hwcrypto = 0; return VB2_SUCCESS; } @@ -132,6 +180,8 @@ int vb2_digest_extend(struct vb2_digest_context *dc, const uint8_t *buf, uint32_t size) { + if (hwcrypto_state == HWCRYPTO_ENABLED) + return VB2_ERROR_UNKNOWN; if (dc->hash_alg != mock_hash_alg) return VB2_ERROR_SHA_EXTEND_ALGORITHM; @@ -142,6 +192,8 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, uint8_t *digest, uint32_t digest_size) { + if (hwcrypto_state == HWCRYPTO_ENABLED) + return VB2_ERROR_UNKNOWN; return retval_vb2_digest_finalize; } @@ -268,12 +320,14 @@ static void extend_hash_tests(void) TEST_EQ(vb2api_extend_hash(&cc, mock_body, 0), VB2_ERROR_API_EXTEND_HASH_SIZE, "hash extend empty"); - reset_common_data(FOR_EXTEND_HASH); - dc = (struct vb2_digest_context *) - (cc.workbuf + sd->workbuf_hash_offset); - dc->hash_alg = mock_hash_alg + 1; - TEST_EQ(vb2api_extend_hash(&cc, mock_body, mock_body_size), - VB2_ERROR_SHA_EXTEND_ALGORITHM, "hash extend fail"); + if (hwcrypto_state != HWCRYPTO_ENABLED) { + reset_common_data(FOR_EXTEND_HASH); + dc = (struct vb2_digest_context *) + (cc.workbuf + sd->workbuf_hash_offset); + dc->hash_alg = mock_hash_alg + 1; + TEST_EQ(vb2api_extend_hash(&cc, mock_body, mock_body_size), + VB2_ERROR_SHA_EXTEND_ALGORITHM, "hash extend fail"); + } } static void check_hash_tests(void) @@ -338,6 +392,21 @@ static void check_hash_tests(void) int main(int argc, char* argv[]) { phase3_tests(); + + fprintf(stderr, "Running hash API tests without hwcrypto support...\n"); + hwcrypto_state = HWCRYPTO_DISABLED; + init_hash_tests(); + extend_hash_tests(); + check_hash_tests(); + + fprintf(stderr, "Running hash API tests with hwcrypto support...\n"); + hwcrypto_state = HWCRYPTO_ENABLED; + init_hash_tests(); + extend_hash_tests(); + check_hash_tests(); + + fprintf(stderr, "Running hash API tests with forbidden hwcrypto...\n"); + hwcrypto_state = HWCRYPTO_FORBIDDEN; init_hash_tests(); extend_hash_tests(); check_hash_tests(); diff --git a/tests/vb21_api_tests.c b/tests/vb21_api_tests.c index 6c4e48df..c825bdbf 100644 --- a/tests/vb21_api_tests.c +++ b/tests/vb21_api_tests.c @@ -41,6 +41,16 @@ static const struct vb2_guid test_guid[4] = { }; /* Mocked function data */ + +static enum { + HWCRYPTO_DISABLED, + HWCRYPTO_ENABLED, + HWCRYPTO_FORBIDDEN, +} hwcrypto_state; + +static struct vb2_digest_context hwcrypto_emulation_dc; + +static int retval_hwcrypto; static int retval_vb2_load_fw_keyblock; static int retval_vb2_load_fw_preamble; @@ -74,6 +84,8 @@ static void reset_common_data(enum reset_type t) vb2_secdata_create(&ctx); vb2_secdata_init(&ctx); + memset(&hwcrypto_emulation_dc, 0, sizeof(hwcrypto_emulation_dc)); + retval_hwcrypto = VB2_SUCCESS; retval_vb2_load_fw_keyblock = VB2_SUCCESS; retval_vb2_load_fw_preamble = VB2_SUCCESS; @@ -84,6 +96,10 @@ static void reset_common_data(enum reset_type t) (ctx.workbuf + sd->workbuf_preamble_offset); pre->hash_count = 3; pre->hash_offset = sig_offset = sizeof(*pre); + if (hwcrypto_state == HWCRYPTO_FORBIDDEN) + pre->flags = VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO; + else + pre->flags = 0; for (i = 0; i < 3; i++) { vb2_sign_data(&sig, mock_body, mock_body_size - 16 * i, @@ -118,6 +134,47 @@ int vb2_load_fw_preamble(struct vb2_context *ctx) return retval_vb2_load_fw_preamble; } +int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, + uint32_t data_size) +{ + vb2_digest_init(&hwcrypto_emulation_dc, hash_alg); + + switch (hwcrypto_state) { + case HWCRYPTO_DISABLED: + return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; + case HWCRYPTO_ENABLED: + if (hash_alg != mock_hash_alg) + return VB2_ERROR_SHA_INIT_ALGORITHM; + else + return retval_hwcrypto; + case HWCRYPTO_FORBIDDEN: + default: + return VB2_ERROR_UNKNOWN; + } +} + +int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, + uint32_t size) +{ + vb2_digest_extend(&hwcrypto_emulation_dc, buf, size); + + if (hwcrypto_state != HWCRYPTO_ENABLED) + return VB2_ERROR_UNKNOWN; + + return retval_hwcrypto; +} + +int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, + uint32_t digest_size) +{ + vb2_digest_finalize(&hwcrypto_emulation_dc, digest, digest_size); + + if (hwcrypto_state != HWCRYPTO_ENABLED) + return VB2_ERROR_UNKNOWN; + + return retval_hwcrypto; +} + /* Tests */ static void phase3_tests(void) @@ -195,6 +252,13 @@ static void init_hash_tests(void) sig->hash_alg = VB2_HASH_INVALID; TEST_EQ(vb2api_init_hash2(&ctx, test_guid, &size), VB2_ERROR_SHA_INIT_ALGORITHM, "init hash algorithm"); + + if (hwcrypto_state == HWCRYPTO_ENABLED) { + reset_common_data(FOR_MISC); + retval_hwcrypto = VB2_ERROR_MOCK; + TEST_EQ(vb2api_init_hash2(&ctx, test_guid, &size), + VB2_ERROR_MOCK, "init hash use hwcrypto"); + } } static void extend_hash_tests(void) @@ -223,12 +287,19 @@ static void extend_hash_tests(void) TEST_EQ(vb2api_extend_hash(&ctx, mock_body, 0), VB2_ERROR_API_EXTEND_HASH_SIZE, "hash extend empty"); - reset_common_data(FOR_EXTEND_HASH); - dc = (struct vb2_digest_context *) - (ctx.workbuf + sd->workbuf_hash_offset); - dc->hash_alg = VB2_HASH_INVALID; - TEST_EQ(vb2api_extend_hash(&ctx, mock_body, mock_body_size), - VB2_ERROR_SHA_EXTEND_ALGORITHM, "hash extend fail"); + if (hwcrypto_state == HWCRYPTO_ENABLED) { + reset_common_data(FOR_EXTEND_HASH); + retval_hwcrypto = VB2_ERROR_MOCK; + TEST_EQ(vb2api_extend_hash(&ctx, mock_body, mock_body_size), + VB2_ERROR_MOCK, "hash extend use hwcrypto"); + } else { + reset_common_data(FOR_EXTEND_HASH); + dc = (struct vb2_digest_context *) + (ctx.workbuf + sd->workbuf_hash_offset); + dc->hash_alg = VB2_HASH_INVALID; + TEST_EQ(vb2api_extend_hash(&ctx, mock_body, mock_body_size), + VB2_ERROR_SHA_EXTEND_ALGORITHM, "hash extend fail"); + } } static void check_hash_tests(void) @@ -267,20 +338,42 @@ static void check_hash_tests(void) VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST, "check hash workbuf"); reset_common_data(FOR_CHECK_HASH); - dc->hash_alg = VB2_HASH_INVALID; - *((uint8_t *)sig + sig->sig_offset) ^= 0x55; - TEST_EQ(vb2api_check_hash(&ctx), - VB2_ERROR_SHA_FINALIZE_ALGORITHM, "check hash finalize"); - - reset_common_data(FOR_CHECK_HASH); *((uint8_t *)sig + sig->sig_offset) ^= 0x55; TEST_EQ(vb2api_check_hash(&ctx), VB2_ERROR_API_CHECK_HASH_SIG, "check hash sig"); + + if (hwcrypto_state == HWCRYPTO_ENABLED) { + reset_common_data(FOR_CHECK_HASH); + retval_hwcrypto = VB2_ERROR_MOCK; + TEST_EQ(vb2api_check_hash(&ctx), + VB2_ERROR_MOCK, "check hash use hwcrypto"); + } else { + reset_common_data(FOR_CHECK_HASH); + dc->hash_alg = VB2_HASH_INVALID; + *((uint8_t *)sig + sig->sig_offset) ^= 0x55; + TEST_EQ(vb2api_check_hash(&ctx), + VB2_ERROR_SHA_FINALIZE_ALGORITHM, "check hash finaliz"); + } } int main(int argc, char* argv[]) { phase3_tests(); + + fprintf(stderr, "Running hash API tests without hwcrypto support...\n"); + hwcrypto_state = HWCRYPTO_DISABLED; + init_hash_tests(); + extend_hash_tests(); + check_hash_tests(); + + fprintf(stderr, "Running hash API tests with hwcrypto support...\n"); + hwcrypto_state = HWCRYPTO_ENABLED; + init_hash_tests(); + extend_hash_tests(); + check_hash_tests(); + + fprintf(stderr, "Running hash API tests with forbidden hwcrypto...\n"); + hwcrypto_state = HWCRYPTO_FORBIDDEN; init_hash_tests(); extend_hash_tests(); check_hash_tests(); |