From b3e07ca7931b4326e00b9ab256e9f4356f3aabab Mon Sep 17 00:00:00 2001 From: Zdenek Behan Date: Tue, 7 Sep 2010 12:53:17 -0700 Subject: [PATCH] vboot_reference: add in the VbootCrypto tests into vboot_reference git repo Change-Id: I7a46dc2ea475c72703ff5bc1f88fbb021cb24c92 Review URL: http://codereview.chromium.org/3143029 --- autotest/firmware_VbootCrypto/control | 42 ++++ .../firmware_VbootCrypto.py | 190 ++++++++++++++++++ autotest/firmware_VbootCrypto/src/Makefile | 55 +++++ 3 files changed, 287 insertions(+) create mode 100644 autotest/firmware_VbootCrypto/control create mode 100644 autotest/firmware_VbootCrypto/firmware_VbootCrypto.py create mode 100644 autotest/firmware_VbootCrypto/src/Makefile diff --git a/autotest/firmware_VbootCrypto/control b/autotest/firmware_VbootCrypto/control new file mode 100644 index 0000000000..6542ea8b70 --- /dev/null +++ b/autotest/firmware_VbootCrypto/control @@ -0,0 +1,42 @@ +# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +AUTHOR = "ChromeOS Team" +NAME = "firmware_VbootCrypto" +PURPOSE = """ +Verifies Firmware Verified Boot Reference Implementation, its components, and +crypto performance. +""" +CRITERIA = """ +This test is a benchmark. + +Errors in any of the following tests will cause a failure: + - _sha_test() + - _rsa_test() + - _image_verification_test() + - _rollback_tests() + - _splicing_tests() +""" +TIME = "LONG" +TEST_CATEGORY = "Functional" +TEST_CLASS = "firmware" +TEST_TYPE = "client" + +DOC = """ +This test implements various RSA and SHA by creating and verifying various +keys and hashes. It will generate public key signatures using sha1, sha256, +and sha512 algorithms with key lengths of 1024, 2048, 4096, and 8192. RSA +padding tests will then be run to verify them. Tests are also run to verify +the correctness of firmware and kernel image verification. +""" + +test_suites = [ + 'crypto', # RSA Signature Verification and SHA* Correctness. + 'verification', # Firmware and Kernel Image Verification. + 'benchmarks', # Crypto and Image Verification benchmarks. + 'rollback', # Firmware/Kernel Rollback Prevention. + 'splicing', # Image Splicing Attack. +] +for suite in test_suites: + job.run_test('firmware_VbootCrypto', suite=suite, tag=suite) diff --git a/autotest/firmware_VbootCrypto/firmware_VbootCrypto.py b/autotest/firmware_VbootCrypto/firmware_VbootCrypto.py new file mode 100644 index 0000000000..ff8b8e412f --- /dev/null +++ b/autotest/firmware_VbootCrypto/firmware_VbootCrypto.py @@ -0,0 +1,190 @@ +# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import os + +from autotest_lib.client.bin import test, utils +from autotest_lib.client.common_lib import error + +class firmware_VbootCrypto(test.test): + """ + Tests for correctness of verified boot reference crypto implementation. + """ + version = 1 + preserve_srcdir = True + + # TODO(gauravsh): Disable this autotest until we have a way + # of running these in a 64-bit environment (since for x86, this + # code is run in 64-bit mode. + # + # This issue is tracked as Issue 3792 on the Chromium OS Bug Tracker. + # http://code.google.com/p/chromium-os/issues/detail?id=3792 + def setup_Disabled(self): + os.chdir(self.srcdir) + utils.make('clean all') + + + # Parses the [result] and output the key-value pairs. + def __output_result_keyvals(self, results): + for keyval in results.splitlines(): + if keyval.strip().startswith('#'): + continue + key, val = keyval.split(':') + self.keyvals[key.strip()] = float(val) + + + def __generate_test_cases(self): + gen_test_case_cmd = os.path.join(self.srcdir, "tests", + "gen_test_cases.sh") + return_code = utils.system(gen_test_case_cmd, ignore_status = True) + if return_code == 255: + return False + if return_code == 1: + raise error.TestError("Couldn't generate test cases") + return True + + + def __sha_test(self): + sha_test_cmd = os.path.join(self.srcdir, "tests", "sha_tests") + return_code = utils.system(sha_test_cmd, ignore_status=True) + if return_code == 255: + return False + if return_code == 1: + raise error.TestError("SHA Test Error") + return True + + + def __rsa_test(self): + os.chdir(self.srcdir) + rsa_test_cmd = os.path.join(self.srcdir, "tests", + "run_rsa_tests.sh") + return_code = utils.system(rsa_test_cmd, ignore_status=True) + if return_code == 255: + return False + if return_code == 1: + raise error.TestError("RSA Test Error") + return True + + + def __image_verification_test(self): + image_verification_cmd = "cd %s && ./run_image_verification_tests.sh" \ + % os.path.join(self.srcdir, "tests") + return_code = utils.system(image_verification_cmd, + ignore_status=True) + if return_code == 255: + return False + if return_code == 1: + raise error.TestError("Image Verification Test Error") + return True + + + def __sha_benchmark(self): + sha_benchmark_cmd = os.path.join(self.srcdir, "tests", + "sha_benchmark") + self.results = utils.system_output(sha_benchmark_cmd, + retain_output=True) + self.__output_result_keyvals(self.results) + + + def __rsa_benchmark(self): + rsa_benchmark_cmd = "cd %s && ./rsa_verify_benchmark" % \ + os.path.join(self.srcdir, "tests") + self.results = utils.system_output(rsa_benchmark_cmd, + retain_output=True) + self.__output_result_keyvals(self.results) + + + def __verify_image_benchmark(self): + firmware_benchmark_cmd = "cd %s && ./firmware_verify_benchmark" % \ + os.path.join(self.srcdir, "tests") + kernel_benchmark_cmd = "cd %s && ./kernel_verify_benchmark" % \ + os.path.join(self.srcdir, "tests") + self.results = utils.system_output(firmware_benchmark_cmd, + retain_output=True) + self.__output_result_keyvals(self.results) + self.results = utils.system_output(kernel_benchmark_cmd, + retain_output=True) + self.__output_result_keyvals(self.results) + + + def __rollback_tests(self): + firmware_rollback_test_cmd = "cd %s && ./firmware_rollback_tests" % \ + os.path.join(self.srcdir, "tests") + kernel_rollback_test_cmd = "cd %s && ./kernel_rollback_tests" % \ + os.path.join(self.srcdir, "tests") + return_code = utils.system(firmware_rollback_test_cmd, + ignore_status=True) + if return_code == 255: + return False + if return_code == 1: + raise error.TestError("Firmware Rollback Test Error") + + return_code = utils.system(kernel_rollback_test_cmd, + ignore_status=True) + if return_code == 255: + return False + if return_code == 1: + raise error.TestError("KernelRollback Test Error") + return True + + + def __splicing_tests(self): + firmware_splicing_test_cmd = "cd %s && ./firmware_splicing_tests" % \ + os.path.join(self.srcdir, "tests") + kernel_splicing_test_cmd = "cd %s && ./kernel_splicing_tests" % \ + os.path.join(self.srcdir, "tests") + return_code = utils.system(firmware_splicing_test_cmd, + ignore_status=True) + if return_code == 255: + return False + if return_code == 1: + raise error.TestError("Firmware Splicing Test Error") + + return_code = utils.system(kernel_splicing_test_cmd, + ignore_status=True) + if return_code == 255: + return False + if return_code == 1: + raise error.TestError("Kernel Splicing Test Error") + return True + + + def run_crypto(self): + success = self.__sha_test() + if not success: + raise error.TestFail("SHA Test Failed") + success = self.__rsa_test() + if not success: + raise error.TestFail("RSA Test Failed") + + + def run_verification(self): + success = self.__image_verification_test() + if not success: + raise error.TestFail("Image Verification Test Failed") + + + def run_benchmarks(self): + self.keyvals = {} + self.__sha_benchmark() + self.__rsa_benchmark() + self.__verify_image_benchmark() + self.write_perf_keyval(self.keyvals) + + + def run_rollback(self): + success = self.__rollback_tests() + if not success: + raise error.TestFail("Rollback Tests Failed") + + + def run_splicing(self): + success = self.__splicing_tests() + if not success: + raise error.TestFail("Splicing Tests Failed") + + + def run_once(self, suite='crypto'): + self.__generate_test_cases() + getattr(self, 'run_' + suite)() diff --git a/autotest/firmware_VbootCrypto/src/Makefile b/autotest/firmware_VbootCrypto/src/Makefile new file mode 100644 index 0000000000..ae0e3147b1 --- /dev/null +++ b/autotest/firmware_VbootCrypto/src/Makefile @@ -0,0 +1,55 @@ +# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +VBOOT_REFERENCE_DIR = ../../.. +BUILD_TEST_DIR = vboot_reference +# Test Binaries. +TEST_BINS = \ + common.sh \ + firmware_image_tests \ + firmware_rollback_tests \ + firmware_splicing_tests \ + firmware_verify_benchmark \ + gen_test_cases.sh \ + kernel_image_tests \ + kernel_rollback_tests \ + kernel_splicing_tests \ + kernel_verify_benchmark \ + rsa_padding_test \ + rsa_verify_benchmark \ + run_image_verification_tests.sh \ + run_rsa_tests.sh \ + sha_benchmark \ + sha_tests \ + testcases \ + testkeys + +# Utility Binaries. +UTIL_BINS = verify_data signature_digest_utility + +all: + # Copy test sources into a temporary directory for building. + rm -rf $(BUILD_TEST_DIR) + # only copy stuff that's not us + sh -c \ + 'for dir in $(VBOOT_REFERENCE_DIR)/*; do \ + [ "$${dir}" != "$(VBOOT_REFERENCE_DIR)/autotest" ] && cp -r $${dir} .; \ + done' + # Always build from scratch. + $(MAKE) -C $(BUILD_TEST_DIR) clean all + # Move test binaries for use by the tests. + mkdir -p tests + set -e; for i in $(TEST_BINS); do \ + mv $(BUILD_TEST_DIR)/tests/$$i tests/ ;\ + done + # Move utility binaries used by the tests. + mkdir -p utility + set -e; for i in $(UTIL_BINS); do \ + mv $(BUILD_TEST_DIR)/utility/$$i utility/ ;\ + done + # Delete sources. + rm -rf $(BUILD_TEST_DIR) + +clean: + rm -rf utility/ tests/