Re: [PATCH 3/3] binman: Add tests for etype encrypted

2023-06-29 Thread Simon Glass 
On Tue, 27 Jun 2023 at 08:39,  wrote:
>
> From: Christian Taedcke 
>
> Add tests to reach 100% code coverage for the added etype encrypted.
>
> Signed-off-by: Christian Taedcke 
> ---
>
>  tools/binman/ftest.py | 69 +++
>  .../binman/test/282_encrypted_no_content.dts  | 15 
>  tools/binman/test/283_encrypted_no_algo.dts   | 19 +
>  .../test/284_encrypted_invalid_iv_file.dts| 22 ++
>  tools/binman/test/285_encrypted.dts   | 29 
>  tools/binman/test/286_encrypted_key_file.dts  | 30 
>  .../test/287_encrypted_iv_name_hint.dts   | 30 
>  7 files changed, 214 insertions(+)
>  create mode 100644 tools/binman/test/282_encrypted_no_content.dts
>  create mode 100644 tools/binman/test/283_encrypted_no_algo.dts
>  create mode 100644 tools/binman/test/284_encrypted_invalid_iv_file.dts
>  create mode 100644 tools/binman/test/285_encrypted.dts
>  create mode 100644 tools/binman/test/286_encrypted_key_file.dts
>  create mode 100644 tools/binman/test/287_encrypted_iv_name_hint.dts

Reviewed-by: Simon Glass

[PATCH 3/3] binman: Add tests for etype encrypted

2023-06-27 Thread christian . taedcke-oss 
From: Christian Taedcke 

Add tests to reach 100% code coverage for the added etype encrypted.

Signed-off-by: Christian Taedcke 
---

 tools/binman/ftest.py | 69 +++
 .../binman/test/282_encrypted_no_content.dts  | 15 
 tools/binman/test/283_encrypted_no_algo.dts   | 19 +
 .../test/284_encrypted_invalid_iv_file.dts| 22 ++
 tools/binman/test/285_encrypted.dts   | 29 
 tools/binman/test/286_encrypted_key_file.dts  | 30 
 .../test/287_encrypted_iv_name_hint.dts   | 30 
 7 files changed, 214 insertions(+)
 create mode 100644 tools/binman/test/282_encrypted_no_content.dts
 create mode 100644 tools/binman/test/283_encrypted_no_algo.dts
 create mode 100644 tools/binman/test/284_encrypted_invalid_iv_file.dts
 create mode 100644 tools/binman/test/285_encrypted.dts
 create mode 100644 tools/binman/test/286_encrypted_key_file.dts
 create mode 100644 tools/binman/test/287_encrypted_iv_name_hint.dts

diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index 43b4f850a6..3fb57e964e 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -94,6 +94,8 @@ ROCKCHIP_TPL_DATA = b'rockchip-tpl'
 TEST_FDT1_DATA= b'fdt1'
 TEST_FDT2_DATA= b'test-fdt2'
 ENV_DATA  = b'var1=1\nvar2="2"'
+ENCRYPTED_IV_DATA = b'123456'
+ENCRYPTED_KEY_DATA= b'1234567890123456'
 PRE_LOAD_MAGIC= b'UBSH'
 PRE_LOAD_VERSION  = 0x11223344.to_bytes(4, 'big')
 PRE_LOAD_HDR_SIZE = 0x1000.to_bytes(4, 'big')
@@ -226,6 +228,10 @@ class TestFunctional(unittest.TestCase):
 # Newer OP_TEE file in v1 binary format
 cls.make_tee_bin('tee.bin')
 
+# test files for encrypted tests
+TestFunctional._MakeInputFile('encrypted-file.iv', ENCRYPTED_IV_DATA)
+TestFunctional._MakeInputFile('encrypted-file.key', ENCRYPTED_KEY_DATA)
+
 cls.comp_bintools = {}
 for name in COMP_BINTOOLS:
 cls.comp_bintools[name] = bintool.Bintool.create(name)
@@ -6676,6 +6682,69 @@ fdt fdtmapExtract the devicetree 
blob from the fdtmap
 ['fit'])
 self.assertIn("Node '/fit': Missing tool: 'mkimage'", str(e.exception))
 
+def testEncryptedNoContent(self):
+with self.assertRaises(ValueError) as e:
+self._DoReadFileDtb('282_encrypted_no_content.dts', 
update_dtb=True)
+self.assertIn("Node \'/binman/fit/images/u-boot/encrypted\': 
Collection must have a 'content' property", str(e.exception))
+
+def testEncryptedNoAlgo(self):
+with self.assertRaises(ValueError) as e:
+self._DoReadFileDtb('283_encrypted_no_algo.dts', update_dtb=True)
+self.assertIn("Node \'/binman/fit/images/u-boot/encrypted\': 
'encrypted' entry is missing properties: algo key-name-hint iv-filename", 
str(e.exception))
+
+def testEncryptedInvalidIvfile(self):
+with self.assertRaises(ValueError) as e:
+self._DoReadFileDtb('284_encrypted_invalid_iv_file.dts', 
update_dtb=True)
+self.assertIn("Filename 'invalid-iv-file' not found in input path",
+  str(e.exception))
+
+def testEncryptedNoKey(self):
+data = self._DoReadFileDtb('285_encrypted.dts')[0]
+
+dtb = fdt.Fdt.FromData(data)
+dtb.Scan()
+
+node = dtb.GetNode('/images/u-boot/cipher')
+self.assertEqual('algo-name', node.props['algo'].value)
+self.assertEqual('key-name-hint-value', 
node.props['key-name-hint'].value)
+self.assertEqual(ENCRYPTED_IV_DATA, 
tools.to_bytes(''.join(node.props['iv'].value)))
+self.assertNotIn('iv-name-hint', node.props)
+
+node = dtb.GetNode('/cipher')
+self.assertIsNone(node)
+
+def testEncryptedKeyFile(self):
+data = self._DoReadFileDtb('286_encrypted_key_file.dts')[0]
+
+dtb = fdt.Fdt.FromData(data)
+dtb.Scan()
+
+node = dtb.GetNode('/images/u-boot/cipher')
+self.assertEqual('algo-name', node.props['algo'].value)
+self.assertEqual('key-name-hint-value', 
node.props['key-name-hint'].value)
+self.assertEqual(ENCRYPTED_IV_DATA, 
tools.to_bytes(''.join(node.props['iv'].value)))
+self.assertNotIn('iv-name-hint', node.props)
+
+node = dtb.GetNode('/cipher/key-algo-name-key-name-hint-value')
+self.assertEqual(ENCRYPTED_KEY_DATA, b''.join(node.props['key'].value))
+self.assertNotIn('iv', node.props)
+
+def testEncryptedIvNameHint(self):
+data = self._DoReadFileDtb('287_encrypted_iv_name_hint.dts')[0]
+
+dtb = fdt.Fdt.FromData(data)
+dtb.Scan()
+
+node = dtb.GetNode('/images/u-boot/cipher')
+self.assertEqual('algo-name', node.props['algo'].value)
+self.assertEqual('iv-name-hint-value', 
node.props['iv-name-hint'].value)
+self.assertEqual('key-name-hint-value', 
node.props['key-name-hint'].value)
+self.assertNotIn('iv',