xref: /aosp_15_r20/external/coreboot/tests/lib/cbfs-verification-test.c (revision b9411a12aaaa7e1e6a6fb7c5e057f44ee179a49c) 
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 
3 #include <cbfs.h>
4 #include <commonlib/bsd/cbfs_private.h>
5 #include <commonlib/region.h>
6 #include <string.h>
7 #include <tests/lib/cbfs_util.h>
8 #include <tests/test.h>
9 
10 
11 /* Mocks */
12 
13 static struct cbfs_boot_device cbd;
14 
cbfs_get_boot_device(bool force_ro)15 const struct cbfs_boot_device *cbfs_get_boot_device(bool force_ro)
16 {
17 	check_expected(force_ro);
18 	return &cbd;
19 }
20 
vb2_digest_size(enum vb2_hash_algorithm hash_alg)21 size_t vb2_digest_size(enum vb2_hash_algorithm hash_alg)
22 {
23 	if (hash_alg != VB2_HASH_SHA256) {
24 		fail_msg("Unsupported hash algorithm: %d\n", hash_alg);
25 		return 0;
26 	}
27 
28 	return VB2_SHA256_DIGEST_SIZE;
29 }
30 
vb2_hash_verify(bool allow_hwcrypto,const void * buf,uint32_t size,const struct vb2_hash * hash)31 vb2_error_t vb2_hash_verify(bool allow_hwcrypto, const void *buf, uint32_t size,
32 			    const struct vb2_hash *hash)
33 {
34 	assert_true(allow_hwcrypto);
35 	check_expected_ptr(buf);
36 	check_expected(size);
37 	assert_int_equal(hash->algo, VB2_HASH_SHA256);
38 
39 	if (!memcmp(hash->sha256, good_hash, sizeof(good_hash)))
40 		return VB2_SUCCESS;
41 
42 	if (!memcmp(hash->sha256, bad_hash, sizeof(bad_hash)))
43 		return VB2_ERROR_SHA_MISMATCH;
44 
45 	fail_msg("%s called with bad hash", __func__);
46 	return VB2_ERROR_SHA_MISMATCH;
47 }
48 
ulzman(const void * src,size_t srcn,void * dst,size_t dstn)49 size_t ulzman(const void *src, size_t srcn, void *dst, size_t dstn)
50 {
51 	fail_msg("Unexpected call to %s", __func__);
52 	return 0;
53 }
54 
ulz4fn(const void * src,size_t srcn,void * dst,size_t dstn)55 size_t ulz4fn(const void *src, size_t srcn, void *dst, size_t dstn)
56 {
57 	fail_msg("Unexpected call to %s", __func__);
58 	return 0;
59 }
60 
vb2_digest_init(struct vb2_digest_context * dc,bool allow_hwcrypto,enum vb2_hash_algorithm hash_alg,uint32_t data_size)61 vb2_error_t vb2_digest_init(struct vb2_digest_context *dc, bool allow_hwcrypto,
62 			    enum vb2_hash_algorithm hash_alg, uint32_t data_size)
63 {
64 	if (hash_alg != VB2_HASH_SHA256) {
65 		fail_msg("Unsupported hash algorithm: %d\n", hash_alg);
66 		return VB2_ERROR_SHA_INIT_ALGORITHM;
67 	}
68 
69 	return VB2_SUCCESS;
70 }
71 
vb2_digest_extend(struct vb2_digest_context * dc,const uint8_t * buf,uint32_t size)72 vb2_error_t vb2_digest_extend(struct vb2_digest_context *dc, const uint8_t *buf, uint32_t size)
73 {
74 	check_expected(buf);
75 	check_expected(size);
76 	return VB2_SUCCESS;
77 }
78 
vb2_digest_finalize(struct vb2_digest_context * dc,uint8_t * digest,uint32_t size)79 vb2_error_t vb2_digest_finalize(struct vb2_digest_context *dc, uint8_t *digest, uint32_t size)
80 {
81 	memcpy(digest, mock_ptr_type(void *), size);
82 	return VB2_SUCCESS;
83 }
84 
85 /* Original function alias created by test framework. Used for call wrapping in mock below. */
86 enum cb_err __real_cbfs_lookup(cbfs_dev_t dev, const char *name, union cbfs_mdata *mdata_out,
87 			       size_t *data_offset_out, struct vb2_hash *metadata_hash);
88 
cbfs_lookup(cbfs_dev_t dev,const char * name,union cbfs_mdata * mdata_out,size_t * data_offset_out,struct vb2_hash * metadata_hash)89 enum cb_err cbfs_lookup(cbfs_dev_t dev, const char *name, union cbfs_mdata *mdata_out,
90 			size_t *data_offset_out, struct vb2_hash *metadata_hash)
91 {
92 	const enum cb_err err =
93 		__real_cbfs_lookup(dev, name, mdata_out, data_offset_out, metadata_hash);
94 	assert_int_equal(mock_type(enum cb_err), err);
95 	return err;
96 }
97 
98 /* Tests */
99 
setup_test_cbfs(void ** state)100 static int setup_test_cbfs(void **state)
101 {
102 	memset(&cbd, 0, sizeof(cbd));
103 	return 0;
104 }
105 
test_cbfs_map_no_hash(void ** state)106 static void test_cbfs_map_no_hash(void **state)
107 {
108 	void *mapping = NULL;
109 	assert_int_equal(0, rdev_chain_mem(&cbd.rdev, &file_no_hash, sizeof(file_no_hash)));
110 
111 	if (CONFIG(CBFS_VERIFICATION)) {
112 		/* File with no hash. No hash causes hash mismatch by default,
113 		   so mapping will not be completed successfully. */
114 		expect_value(cbfs_get_boot_device, force_ro, false);
115 		will_return(cbfs_lookup, CB_SUCCESS);
116 		mapping = cbfs_map(TEST_DATA_1_FILENAME, NULL);
117 		assert_null(mapping);
118 	} else {
119 		expect_value(cbfs_get_boot_device, force_ro, false);
120 		will_return(cbfs_lookup, CB_SUCCESS);
121 		mapping = cbfs_map(TEST_DATA_1_FILENAME, NULL);
122 		assert_ptr_equal(mapping, file_no_hash.attrs_and_data);
123 	}
124 }
125 
test_cbfs_map_valid_hash(void ** state)126 static void test_cbfs_map_valid_hash(void **state)
127 {
128 	void *mapping = NULL;
129 	assert_int_equal(0,
130 			 rdev_chain_mem(&cbd.rdev, &file_valid_hash, sizeof(file_valid_hash)));
131 
132 	if (CONFIG(CBFS_VERIFICATION)) {
133 		expect_value(cbfs_get_boot_device, force_ro, false);
134 		expect_value(vb2_hash_verify, buf,
135 			     &file_valid_hash.attrs_and_data[HASH_ATTR_SIZE]);
136 		expect_value(vb2_hash_verify, size, TEST_DATA_1_SIZE);
137 		will_return(cbfs_lookup, CB_SUCCESS);
138 		mapping = cbfs_map(TEST_DATA_1_FILENAME, NULL);
139 		assert_ptr_equal(mapping, &file_valid_hash.attrs_and_data[HASH_ATTR_SIZE]);
140 	} else {
141 		expect_value(cbfs_get_boot_device, force_ro, false);
142 		will_return(cbfs_lookup, CB_SUCCESS);
143 		mapping = cbfs_map(TEST_DATA_1_FILENAME, NULL);
144 		assert_ptr_equal(mapping, &file_valid_hash.attrs_and_data[HASH_ATTR_SIZE]);
145 	}
146 }
147 
test_cbfs_map_invalid_hash(void ** state)148 static void test_cbfs_map_invalid_hash(void **state)
149 {
150 	void *mapping = NULL;
151 	assert_int_equal(
152 		0, rdev_chain_mem(&cbd.rdev, &file_broken_hash, sizeof(file_broken_hash)));
153 
154 	if (CONFIG(CBFS_VERIFICATION)) {
155 		expect_value(cbfs_get_boot_device, force_ro, false);
156 		expect_value(vb2_hash_verify, buf,
157 			     &file_broken_hash.attrs_and_data[HASH_ATTR_SIZE]);
158 		expect_value(vb2_hash_verify, size, TEST_DATA_1_SIZE);
159 		will_return(cbfs_lookup, CB_SUCCESS);
160 		mapping = cbfs_map(TEST_DATA_1_FILENAME, NULL);
161 		assert_null(mapping);
162 	} else {
163 		expect_value(cbfs_get_boot_device, force_ro, false);
164 		will_return(cbfs_lookup, CB_SUCCESS);
165 		mapping = cbfs_map(TEST_DATA_1_FILENAME, NULL);
166 		assert_ptr_equal(mapping, &file_broken_hash.attrs_and_data[HASH_ATTR_SIZE]);
167 	}
168 }
169 
test_init_boot_device_verify(void ** state)170 void test_init_boot_device_verify(void **state)
171 {
172 	struct vb2_hash hash = {.algo = VB2_HASH_SHA256};
173 	const uint8_t hash_value[VB2_SHA256_DIGEST_SIZE] = {0};
174 	memset(&cbd, 0, sizeof(cbd));
175 	assert_int_equal(0,
176 			 rdev_chain_mem(&cbd.rdev, &file_valid_hash, sizeof(file_valid_hash)));
177 
178 	if (CONFIG(CBFS_VERIFICATION)) {
179 		expect_memory(vb2_digest_extend, buf, &file_valid_hash,
180 			      be32_to_cpu(file_valid_hash.header.offset));
181 		expect_value(vb2_digest_extend, size,
182 			     be32_to_cpu(file_valid_hash.header.offset));
183 		will_return(vb2_digest_finalize, hash_value);
184 	}
185 
186 	assert_int_equal(CB_SUCCESS, cbfs_init_boot_device(&cbd, &hash));
187 }
188 
main(void)189 int main(void)
190 {
191 	const struct CMUnitTest tests[] = {
192 		cmocka_unit_test_setup(test_cbfs_map_no_hash, setup_test_cbfs),
193 		cmocka_unit_test_setup(test_cbfs_map_valid_hash, setup_test_cbfs),
194 		cmocka_unit_test_setup(test_cbfs_map_invalid_hash, setup_test_cbfs),
195 
196 		cmocka_unit_test(test_init_boot_device_verify),
197 	};
198 
199 	return cb_run_group_tests(tests, NULL, NULL);
200 }
201