/* Copyright 2019 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * Tests for vb2_hash_(calculate|verify) functions, and hwcrypto handling * of vb2_digest_*. */ #include "2api.h" #include "2return_codes.h" #include "2sha.h" #include "2sysincludes.h" #include "common/tests.h" uint8_t mock_sha1[] = {0x1, 0x3, 0x5, 0x2, 0x4, 0x6, 0xa, 0xb, 0xc, 0xd, 0xd, 0xe, 0xa, 0xd, 0xb, 0xe, 0xe, 0xf, 0x0, 0xf0}; _Static_assert(sizeof(mock_sha1) == VB2_SHA1_DIGEST_SIZE, ""); struct vb2_hash mock_hash; uint8_t mock_buffer[] = "Mock Buffer"; static enum hwcrypto_state { HWCRYPTO_OK, HWCRYPTO_NOTSUPPORTED, HWCRYPTO_ERROR, HWCRYPTO_ABORT, } hwcrypto_state; static vb2_error_t hwcrypto_mock(enum hwcrypto_state *state) { switch (*state) { case HWCRYPTO_OK: return VB2_SUCCESS; case HWCRYPTO_NOTSUPPORTED: return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; case HWCRYPTO_ERROR: return VB2_ERROR_MOCK; case HWCRYPTO_ABORT: vb2ex_abort(); /* shouldn't reach here but added for compiler */ return VB2_ERROR_MOCK; } return VB2_ERROR_MOCK; } static void reset_common_data(enum hwcrypto_state state) { hwcrypto_state = state; memset(&mock_hash, 0xaa, sizeof(mock_hash)); } void vb2_sha1_init(struct vb2_sha1_context *ctx) { TEST_TRUE(hwcrypto_state == HWCRYPTO_NOTSUPPORTED || hwcrypto_state == HWCRYPTO_ABORT, " hwcrypto_state in SW init"); } void vb2_sha1_update(struct vb2_sha1_context *ctx, const uint8_t *data, uint32_t size) { TEST_TRUE(hwcrypto_state == HWCRYPTO_NOTSUPPORTED || hwcrypto_state == HWCRYPTO_ABORT, " hwcrypto_state in SW extend"); TEST_PTR_EQ(data, mock_buffer, " digest_extend buf"); TEST_EQ(size, sizeof(mock_buffer), " digest_extend size"); } void vb2_sha1_finalize(struct vb2_sha1_context *ctx, uint8_t *digest) { TEST_TRUE(hwcrypto_state == HWCRYPTO_NOTSUPPORTED || hwcrypto_state == HWCRYPTO_ABORT, " hwcrypto_state in SW finalize"); memcpy(digest, mock_sha1, sizeof(mock_sha1)); } vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_t data_size) { if (data_size) TEST_EQ(data_size, sizeof(mock_buffer), " hwcrypto_digest_init size"); return hwcrypto_mock(&hwcrypto_state); } vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) { TEST_PTR_EQ(buf, mock_buffer, " hwcrypto_digest_extend buf"); TEST_EQ(size, sizeof(mock_buffer), " hwcrypto_digest_extend size"); return hwcrypto_mock(&hwcrypto_state); } vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size) { memcpy(digest, mock_sha1, sizeof(mock_sha1)); return hwcrypto_mock(&hwcrypto_state); } static void vb2_hash_cbfs_compatibility_test(void) { /* 'algo' used to be represented as a 4-byte big-endian in CBFS. Confirm that the new representation is binary compatible for small values. */ union { struct vb2_hash hash; struct { uint32_t be32; uint8_t bytes[0]; }; } test = {0}; test.be32 = htobe32(0xa5); TEST_EQ(test.hash.algo, 0xa5, "vb2_hash algo compatible to CBFS attr"); TEST_PTR_EQ(&test.hash.raw, &test.bytes, " digest offset matches"); } static void vb2_hash_calculate_tests(void) { reset_common_data(HWCRYPTO_ABORT); TEST_SUCC(vb2_hash_calculate(false, &mock_buffer, sizeof(mock_buffer), VB2_HASH_SHA1, &mock_hash), "hash_calculate success"); TEST_SUCC(memcmp(mock_hash.sha1, mock_sha1, sizeof(mock_sha1)), " got the right hash"); TEST_EQ(mock_hash.algo, VB2_HASH_SHA1, " set algo correctly"); reset_common_data(HWCRYPTO_ABORT); TEST_EQ(vb2_hash_calculate(false, mock_buffer, sizeof(mock_buffer), -1, &mock_hash), VB2_ERROR_SHA_INIT_ALGORITHM, "hash_calculate wrong algo"); } static void vb2_hash_verify_tests(void) { reset_common_data(HWCRYPTO_ABORT); memcpy(mock_hash.sha1, mock_sha1, sizeof(mock_sha1)); mock_hash.algo = VB2_HASH_SHA1; TEST_SUCC(vb2_hash_verify(false, mock_buffer, sizeof(mock_buffer), &mock_hash), "hash_verify success"); memcpy(mock_hash.sha1, mock_sha1, sizeof(mock_sha1)); mock_hash.algo = -1; TEST_EQ(vb2_hash_verify(false, mock_buffer, sizeof(mock_buffer), &mock_hash), VB2_ERROR_SHA_INIT_ALGORITHM, "hash_verify wrong algo"); memcpy(mock_hash.sha1, mock_sha1, sizeof(mock_sha1)); mock_hash.sha1[5] = 0xfe; mock_hash.algo = VB2_HASH_SHA1; TEST_EQ(vb2_hash_verify(false, mock_buffer, sizeof(mock_buffer), &mock_hash), VB2_ERROR_SHA_MISMATCH, "hash_verify mismatch"); } static void vb2_hash_hwcrypto_tests(void) { struct vb2_digest_context dc; reset_common_data(HWCRYPTO_OK); TEST_SUCC(vb2_digest_init(&dc, true, VB2_HASH_SHA1, sizeof(mock_buffer)), "digest_init, HW enabled"); TEST_EQ(dc.using_hwcrypto, 1, " using_hwcrypto set"); TEST_SUCC(vb2_digest_extend(&dc, mock_buffer, sizeof(mock_buffer)), "digest_extend, HW enabled"); TEST_SUCC(vb2_digest_finalize(&dc, mock_hash.raw, VB2_SHA1_DIGEST_SIZE), "digest_finalize, HW enabled "); TEST_SUCC(memcmp(mock_hash.sha1, mock_sha1, sizeof(mock_sha1)), " got the right hash"); reset_common_data(HWCRYPTO_OK); TEST_SUCC(vb2_hash_calculate(true, mock_buffer, sizeof(mock_buffer), VB2_HASH_SHA1, &mock_hash), "hash_calculate, HW enabled"); TEST_SUCC(memcmp(mock_hash.sha1, mock_sha1, sizeof(mock_sha1)), " got the right hash"); TEST_EQ(mock_hash.algo, VB2_HASH_SHA1, " algo set"); reset_common_data(HWCRYPTO_ERROR); TEST_EQ(vb2_hash_calculate(true, mock_buffer, sizeof(mock_buffer), VB2_HASH_SHA1, &mock_hash), VB2_ERROR_MOCK, "hash_calculate, HW error"); reset_common_data(HWCRYPTO_NOTSUPPORTED); TEST_SUCC(vb2_hash_calculate(true, mock_buffer, sizeof(mock_buffer), VB2_HASH_SHA1, &mock_hash), "hash_calculate, HW unsupported"); TEST_SUCC(memcmp(mock_hash.sha1, mock_sha1, sizeof(mock_sha1)), " got the right hash"); reset_common_data(HWCRYPTO_OK); memcpy(mock_hash.sha1, mock_sha1, sizeof(mock_sha1)); mock_hash.algo = VB2_HASH_SHA1; TEST_SUCC(vb2_hash_verify(true, mock_buffer, sizeof(mock_buffer), &mock_hash), "hash_verify, HW enabled"); memcpy(mock_hash.sha1, mock_sha1, sizeof(mock_sha1)); mock_hash.sha1[5] = 0xfe; mock_hash.algo = VB2_HASH_SHA1; TEST_EQ(vb2_hash_verify(true, mock_buffer, sizeof(mock_buffer), &mock_hash), VB2_ERROR_SHA_MISMATCH, "hash_verify HW mismatch"); } int main(int argc, char *argv[]) { TEST_EQ(sizeof(mock_hash), offsetof(struct vb2_hash, raw) + VB2_SHA512_DIGEST_SIZE, "tests run with all SHA algorithms enabled"); vb2_hash_cbfs_compatibility_test(); vb2_hash_calculate_tests(); vb2_hash_verify_tests(); vb2_hash_hwcrypto_tests(); return gTestSuccess ? 0 : 255; }