util/broadcom/secimage: Add HMAC test
One of responsibilities of the `secimage` tool is signing the image using the HMAC-SHA256 algorithm. The test being added verifies that secimage's internal call yields same result as the according openssl tool does. Change-Id: I8de4328f435af56901a861e3d5e733657c3c7f78 Signed-off-by: Alex Thiessen <alex.thiessen.de+coreboot@gmail.com> Reviewed-on: https://review.coreboot.org/23474 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
This commit is contained in:
parent
f300f36210
commit
457d1c8fa2
|
@ -31,6 +31,11 @@ install:
|
|||
install -d $(DESTDIR)/usr/bin
|
||||
install $(TARGET) $(DESTDIR)/usr/bin
|
||||
|
||||
.PHONY: test
|
||||
test: $(TARGET)
|
||||
@find test -maxdepth 1 -type f -executable \
|
||||
| xargs -I "{}" sh -c "{} $$(realpath $<)"
|
||||
|
||||
.PHONY: clean
|
||||
|
||||
clean:
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,41 @@
|
|||
00000000: 2f2f 2055 6e61 7574 6820 4865 6164 6572 // Unauth Header |
|
||||
00000010: 0a2f 2f0a 2f2f 2073 7472 7563 7420 556e .//.// struct Un |
|
||||
00000020: 4175 7468 656e 7469 6361 7465 6448 6561 AuthenticatedHea |
|
||||
00000030: 6465 725f 7420 7b0a 2f2f 0975 696e 7433 der_t {.//.uint3 |
|
||||
00000040: 325f 7420 5461 673b 0909 2f2a 2054 6167 2_t Tag;../* Tag |
|
||||
00000050: 2075 7365 6420 746f 206c 6f63 6174 6520 used to locate |
|
||||
00000060: 626f 6f74 2062 696e 6172 7920 696e 206d boot binary in m |
|
||||
00000070: 656d 6f72 7920 2a2f 0a2f 2f09 7569 6e74 emory */.//.uint |
|
||||
00000080: 3332 5f74 204c 656e 6774 683b 092f 2a20 32_t Length;./* |
|
||||
00000090: 4c65 6e67 7468 206f 6620 7468 6520 626f Length of the bo |
|
||||
000000a0: 6f74 2062 696e 6172 7920 2a2f 0a2f 2f09 ot binary */.//. |
|
||||
000000b0: 7569 6e74 3332 5f74 2052 6573 6572 7665 uint32_t Reserve |
|
||||
000000c0: 643b 092f 2a20 4164 6472 6573 7320 666f d;./* Address fo |
|
||||
000000d0: 7220 7468 6520 6e6f 6e2d 6175 7468 656e r the non-authen |
|
||||
000000e0: 7469 6361 7465 6420 626f 6f74 2e0a 2f2f ticated boot..// |
|
||||
000000f0: 0909 0909 2020 2054 6865 2061 6464 7265 .... The addre |
|
||||
00000100: 7373 2069 7320 616c 6967 6e65 6420 746f ss is aligned to |
|
||||
00000110: 2031 3620 6279 7465 7320 626f 756e 6461 16 bytes bounda |
|
||||
00000120: 7279 2e0a 2f2f 0909 0909 2020 2054 6865 ry..//.... The |
|
||||
00000130: 206c 6f77 6572 2034 2062 6974 7320 6172 lower 4 bits ar |
|
||||
00000140: 6520 7573 6564 2066 6f72 2043 6c6b 436f e used for ClkCo |
|
||||
00000150: 6e66 6967 3a0a 2f2f 0909 0909 2020 2056 nfig:.//.... V |
|
||||
00000160: 616c 7565 2020 2046 7265 710a 2f2f 0909 alue Freq.//.. |
|
||||
00000170: 0909 2020 2031 2020 2020 2020 2034 3030 .. 1 400 |
|
||||
00000180: 0a2f 2f09 0909 0920 2020 3220 2020 2020 .//.... 2 |
|
||||
00000190: 2020 3147 487a 0a2f 2f09 0909 0920 2020 1GHz.//.... |
|
||||
000001a0: 3320 2020 2020 2020 4d61 7820 2831 2e32 3 Max (1.2 |
|
||||
000001b0: 4748 7a29 0a2f 2f09 0909 0920 2020 3420 GHz).//.... 4 |
|
||||
000001c0: 2020 2020 2020 6e6f 2050 4c4c 206c 6f63 no PLL loc |
|
||||
000001d0: 6b3a 2032 3030 4d48 7a0a 2f2f 0909 0909 k: 200MHz.//.... |
|
||||
000001e0: 202a 2f0a 2f2f 0975 696e 7433 325f 7420 */.//.uint32_t |
|
||||
000001f0: 6372 633b 0909 2f2a 2043 5243 2063 6f6d crc;../* CRC com |
|
||||
00000200: 7075 7465 6420 6f6e 2061 6c6c 206f 7468 puted on all oth |
|
||||
00000210: 6572 2066 6965 6c64 7320 696e 2074 6869 er fields in thi |
|
||||
00000220: 730a 2f2f 0909 0909 2020 2073 7472 7563 s.//.... struc |
|
||||
00000230: 7475 7265 2065 7863 6c75 6469 6e67 2063 ture excluding c |
|
||||
00000240: 7263 2066 6965 6c64 202a 2f0a 2f2f 207d rc field */.// } |
|
||||
00000250: 3b0a 5461 673d 0909 3078 4135 4135 4135 ;.Tag=..0xA5A5A5 |
|
||||
00000260: 4135 0a4c 656e 6774 683d 0909 3078 3030 A5.Length=..0x00 |
|
||||
00000270: 3030 3030 3030 0a52 6573 6572 7665 643d 000000.Reserved= |
|
||||
00000280: 2020 0930 7830 3030 3030 3030 320a .0x00000002. |
|
|
@ -0,0 +1,2 @@
|
|||
00000000: d1ef bcba d798 d871 003d ee3b f7b8 461c .......q.=.;..F. |
|
||||
00000010: 53a8 b9c5 b6dc 57dc 1280 631d aea3 e003 S.....W...c..... |
|
|
@ -0,0 +1,78 @@
|
|||
#!/bin/bash
|
||||
|
||||
##
|
||||
## This file is part of the coreboot project.
|
||||
##
|
||||
## Copyright (C) 2003-2018 Alex Thiessen <alex.thiessen.de+coreboot@gmail.com>
|
||||
##
|
||||
## This program is free software; you can redistribute it and/or modify
|
||||
## it under the terms of the GNU General Public License as published by
|
||||
## the Free Software Foundation; version 3 or later of the License.
|
||||
##
|
||||
## This program is distributed in the hope that it will be useful,
|
||||
## but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
## GNU General Public License for more details.
|
||||
##
|
||||
## SPDX-License-Identifier: GPL-3.0-or-later
|
||||
## <https://spdx.org/licenses/GPL-3.0-or-later.html>
|
||||
##
|
||||
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
# static analysis
|
||||
if command -v shellcheck 1>/dev/null; then
|
||||
shellcheck "${BASH_SOURCE[0]}"
|
||||
else
|
||||
echo "shellcheck not found, running unchecked" >&2
|
||||
fi
|
||||
|
||||
# dependency check
|
||||
dependencies=(basename diff dirname head mkdir mktemp openssl rm tail xxd)
|
||||
for dependency in "${dependencies[@]}"; do
|
||||
if ! command -v "${dependency}" 1>/dev/null; then
|
||||
echo "missing ${dependency}, test skipped" >&2
|
||||
exit 0
|
||||
fi
|
||||
done
|
||||
|
||||
# parameters
|
||||
if [ ${#} -ne 1 ]; then
|
||||
echo "usage: '${0}' <testee>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# setup
|
||||
testee="${1}"
|
||||
declare -i header_len=16 signature_len=32
|
||||
tmp_dir="$(mktemp --directory --tmpdir secimage-test-XXXXXXXX)"
|
||||
shopt -s globstar nullglob
|
||||
for dump_file in test/data/**/*.xxdump; do
|
||||
bin_file_dir="${tmp_dir}/$(dirname "${dump_file#test/data/}")"
|
||||
mkdir --parents "${bin_file_dir}"
|
||||
xxd -r "${dump_file}" \
|
||||
"${bin_file_dir}/$(basename "${dump_file}" .xxdump)"
|
||||
done
|
||||
tail --bytes=+$((header_len + 1)) "${tmp_dir}/expected/binary" \
|
||||
| head --bytes=-${signature_len} \
|
||||
| openssl dgst -sha256 -mac hmac \
|
||||
-macopt hexkey:"$(xxd -c$((signature_len * 2)) -ps \
|
||||
"${tmp_dir}/input/hmac_binary_key")" \
|
||||
-binary \
|
||||
> "${tmp_dir}/expected/signature"
|
||||
mkdir "${tmp_dir}/actual"
|
||||
|
||||
# test
|
||||
"${testee}" \
|
||||
-out "${tmp_dir}/actual/binary" \
|
||||
-config "${tmp_dir}/input/configfile" \
|
||||
-hmac "${tmp_dir}/input/hmac_binary_key" \
|
||||
-bl "${tmp_dir}/input/binary"
|
||||
tail --bytes=${signature_len} "${tmp_dir}/actual/binary" \
|
||||
> "${tmp_dir}/actual/signature"
|
||||
diff --recursive "${tmp_dir}/actual" "${tmp_dir}/expected" 1>/dev/null
|
||||
|
||||
# teardown
|
||||
rm --force --recursive "${tmp_dir}"
|
|
@ -50,6 +50,7 @@ junit.xml:
|
|||
echo
|
||||
|
||||
TOOLLIST= \
|
||||
broadcom/secimage \
|
||||
cbmem \
|
||||
ectool \
|
||||
futility \
|
||||
|
@ -110,6 +111,8 @@ test-tools:
|
|||
$(foreach tool, $(TOOLLIST), echo "Building $(tool)";export MFLAGS= ;export MAKEFLAGS= ;$(MAKE) -C util/$(tool) all V=$(V) Q=$(Q) || exit 1; )
|
||||
echo "Building romcc"
|
||||
$(MAKE) -C util/romcc all test -j $(CPUS) V=$(V) Q=$(Q)
|
||||
echo "Testing broadcom/secimage"
|
||||
$(MAKE) -C util/broadcom/secimage test
|
||||
|
||||
test-cleanup:
|
||||
rm -rf coreboot-builds coreboot-builds-chromeos
|
||||
|
|
Loading…
Reference in New Issue