Loading tools/releasetools/test_verity_utils.py +155 −11 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ """Unittests for verity_utils.py.""" import copy import math import os.path import random Loading Loading @@ -165,13 +166,152 @@ class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase): self.assertEqual(self.expected_root_hash, info.root_hash) class VerifiedBootVersion1VerityImageBuilderTest(ReleaseToolsTestCase): DEFAULT_PARTITION_SIZE = 4096 * 1024 DEFAULT_PROP_DICT = { 'partition_size': str(DEFAULT_PARTITION_SIZE), 'verity': 'true', 'verity_block_device': '/dev/block/system', 'verity_key': os.path.join(get_testdata_dir(), 'testkey'), 'verity_fec': 'true', 'verity_signer_cmd': 'verity_signer', } def test_init(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) verity_image_builder = CreateVerityImageBuilder(prop_dict) self.assertIsNotNone(verity_image_builder) self.assertEqual(1, verity_image_builder.version) def test_init_MissingProps(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) del prop_dict['verity'] self.assertIsNone(CreateVerityImageBuilder(prop_dict)) prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) del prop_dict['verity_block_device'] self.assertIsNone(CreateVerityImageBuilder(prop_dict)) def test_CalculateMaxImageSize(self): verity_image_builder = CreateVerityImageBuilder(self.DEFAULT_PROP_DICT) size = verity_image_builder.CalculateMaxImageSize() self.assertLess(size, self.DEFAULT_PARTITION_SIZE) # Same result by explicitly passing the partition size. self.assertEqual( verity_image_builder.CalculateMaxImageSize(), verity_image_builder.CalculateMaxImageSize( self.DEFAULT_PARTITION_SIZE)) @staticmethod def _BuildAndVerify(prop, verify_key): verity_image_builder = CreateVerityImageBuilder(prop) image_size = verity_image_builder.CalculateMaxImageSize() # Build the sparse image with verity metadata. input_dir = common.MakeTempDir() image = common.MakeTempFile(suffix='.img') cmd = ['mkuserimg_mke2fs', input_dir, image, 'ext4', '/system', str(image_size), '-j', '0', '-s'] common.RunAndCheckOutput(cmd) verity_image_builder.Build(image) # Verify the verity metadata. cmd = ['verity_verifier', image, '-mincrypt', verify_key] common.RunAndCheckOutput(cmd) def test_Build(self): self._BuildAndVerify( self.DEFAULT_PROP_DICT, os.path.join(get_testdata_dir(), 'testkey_mincrypt')) def test_Build_SanityCheck(self): # A sanity check for the test itself: the image shouldn't be verifiable # with wrong key. self.assertRaises( common.ExternalError, self._BuildAndVerify, self.DEFAULT_PROP_DICT, os.path.join(get_testdata_dir(), 'verity_mincrypt')) def test_Build_FecDisabled(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) del prop_dict['verity_fec'] self._BuildAndVerify( prop_dict, os.path.join(get_testdata_dir(), 'testkey_mincrypt')) def test_Build_SquashFs(self): verity_image_builder = CreateVerityImageBuilder(self.DEFAULT_PROP_DICT) verity_image_builder.CalculateMaxImageSize() # Build the sparse image with verity metadata. input_dir = common.MakeTempDir() image = common.MakeTempFile(suffix='.img') cmd = ['mksquashfsimage.sh', input_dir, image, '-s'] common.RunAndCheckOutput(cmd) verity_image_builder.PadSparseImage(image) verity_image_builder.Build(image) # Verify the verity metadata. cmd = ["verity_verifier", image, '-mincrypt', os.path.join(get_testdata_dir(), 'testkey_mincrypt')] common.RunAndCheckOutput(cmd) class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase): def setUp(self): DEFAULT_PROP_DICT = { 'partition_size': str(4096 * 1024), 'partition_name': 'system', 'avb_avbtool': 'avbtool', 'avb_hashtree_enable': 'true', 'avb_add_hashtree_footer_args': '', } def test_init(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) verity_image_builder = CreateVerityImageBuilder(prop_dict) self.assertIsNotNone(verity_image_builder) self.assertEqual(2, verity_image_builder.version) def test_init_MissingProps(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) del prop_dict['avb_hashtree_enable'] verity_image_builder = CreateVerityImageBuilder(prop_dict) self.assertIsNone(verity_image_builder) def test_Build(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) verity_image_builder = CreateVerityImageBuilder(prop_dict) self.assertIsNotNone(verity_image_builder) self.assertEqual(2, verity_image_builder.version) input_dir = common.MakeTempDir() image_dir = common.MakeTempDir() system_image = os.path.join(image_dir, 'system.img') system_image_size = verity_image_builder.CalculateMaxImageSize() cmd = ['mkuserimg_mke2fs', input_dir, system_image, 'ext4', '/system', str(system_image_size), '-j', '0', '-s'] common.RunAndCheckOutput(cmd) verity_image_builder.Build(system_image) # Additionally make vbmeta image so that we can verify with avbtool. vbmeta_image = os.path.join(image_dir, 'vbmeta.img') cmd = ['avbtool', 'make_vbmeta_image', '--include_descriptors_from_image', system_image, '--output', vbmeta_image] common.RunAndCheckOutput(cmd) # Verify the verity metadata. cmd = ['avbtool', 'verify_image', '--image', vbmeta_image] common.RunAndCheckOutput(cmd) def _test_CalculateMinPartitionSize_SetUp(self): # To test CalculateMinPartitionSize(), by using 200MB to 2GB image size. # - 51200 = 200MB * 1024 * 1024 / 4096 # - 524288 = 2GB * 1024 * 1024 * 1024 / 4096 self._image_sizes = [BLOCK_SIZE * random.randint(51200, 524288) + offset image_sizes = [BLOCK_SIZE * random.randint(51200, 524288) + offset for offset in range(BLOCK_SIZE)] prop_dict = { Loading @@ -181,17 +321,19 @@ class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase): 'avb_hashtree_enable': 'true', 'avb_add_hashtree_footer_args': None, } self.builder = CreateVerityImageBuilder(prop_dict) self.assertEqual(2, self.builder.version) builder = CreateVerityImageBuilder(prop_dict) self.assertEqual(2, builder.version) return image_sizes, builder def test_CalculateMinPartitionSize_LinearFooterSize(self): """Tests with footer size which is linear to partition size.""" for image_size in self._image_sizes: image_sizes, builder = self._test_CalculateMinPartitionSize_SetUp() for image_size in image_sizes: for ratio in 0.95, 0.56, 0.22: expected_size = common.RoundUpTo4K(int(math.ceil(image_size / ratio))) self.assertEqual( expected_size, self.builder.CalculateMinPartitionSize( builder.CalculateMinPartitionSize( image_size, lambda x, ratio=ratio: int(x * ratio))) def test_AVBCalcMinPartitionSize_SlowerGrowthFooterSize(self): Loading @@ -202,8 +344,9 @@ class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase): # Minus footer size to return max image size. return partition_size - int(math.pow(partition_size, 0.95)) for image_size in self._image_sizes: min_partition_size = self.builder.CalculateMinPartitionSize( image_sizes, builder = self._test_CalculateMinPartitionSize_SetUp() for image_size in image_sizes: min_partition_size = builder.CalculateMinPartitionSize( image_size, _SizeCalculator) # Checks min_partition_size can accommodate image_size. self.assertGreaterEqual( Loading @@ -223,8 +366,9 @@ class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase): # footer size grows faster than partition size. return int(math.pow(partition_size, 0.95)) for image_size in self._image_sizes: min_partition_size = self.builder.CalculateMinPartitionSize( image_sizes, builder = self._test_CalculateMinPartitionSize_SetUp() for image_size in image_sizes: min_partition_size = builder.CalculateMinPartitionSize( image_size, _SizeCalculator) # Checks min_partition_size can accommodate image_size. self.assertGreaterEqual( Loading tools/releasetools/testdata/verity_mincrypt 0 → 100644 +524 B File added.No diff preview for this file type. View file tools/releasetools/verity_utils.py +1 −1 Original line number Diff line number Diff line Loading @@ -301,7 +301,7 @@ class Version1VerityImageBuilder(VerityImageBuilder): """Creates an image that is verifiable using dm-verity. Args: out_file: the location to write the verifiable image at out_file: the output image. Returns: AssertionError: On invalid partition sizes. Loading Loading
tools/releasetools/test_verity_utils.py +155 −11 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ """Unittests for verity_utils.py.""" import copy import math import os.path import random Loading Loading @@ -165,13 +166,152 @@ class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase): self.assertEqual(self.expected_root_hash, info.root_hash) class VerifiedBootVersion1VerityImageBuilderTest(ReleaseToolsTestCase): DEFAULT_PARTITION_SIZE = 4096 * 1024 DEFAULT_PROP_DICT = { 'partition_size': str(DEFAULT_PARTITION_SIZE), 'verity': 'true', 'verity_block_device': '/dev/block/system', 'verity_key': os.path.join(get_testdata_dir(), 'testkey'), 'verity_fec': 'true', 'verity_signer_cmd': 'verity_signer', } def test_init(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) verity_image_builder = CreateVerityImageBuilder(prop_dict) self.assertIsNotNone(verity_image_builder) self.assertEqual(1, verity_image_builder.version) def test_init_MissingProps(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) del prop_dict['verity'] self.assertIsNone(CreateVerityImageBuilder(prop_dict)) prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) del prop_dict['verity_block_device'] self.assertIsNone(CreateVerityImageBuilder(prop_dict)) def test_CalculateMaxImageSize(self): verity_image_builder = CreateVerityImageBuilder(self.DEFAULT_PROP_DICT) size = verity_image_builder.CalculateMaxImageSize() self.assertLess(size, self.DEFAULT_PARTITION_SIZE) # Same result by explicitly passing the partition size. self.assertEqual( verity_image_builder.CalculateMaxImageSize(), verity_image_builder.CalculateMaxImageSize( self.DEFAULT_PARTITION_SIZE)) @staticmethod def _BuildAndVerify(prop, verify_key): verity_image_builder = CreateVerityImageBuilder(prop) image_size = verity_image_builder.CalculateMaxImageSize() # Build the sparse image with verity metadata. input_dir = common.MakeTempDir() image = common.MakeTempFile(suffix='.img') cmd = ['mkuserimg_mke2fs', input_dir, image, 'ext4', '/system', str(image_size), '-j', '0', '-s'] common.RunAndCheckOutput(cmd) verity_image_builder.Build(image) # Verify the verity metadata. cmd = ['verity_verifier', image, '-mincrypt', verify_key] common.RunAndCheckOutput(cmd) def test_Build(self): self._BuildAndVerify( self.DEFAULT_PROP_DICT, os.path.join(get_testdata_dir(), 'testkey_mincrypt')) def test_Build_SanityCheck(self): # A sanity check for the test itself: the image shouldn't be verifiable # with wrong key. self.assertRaises( common.ExternalError, self._BuildAndVerify, self.DEFAULT_PROP_DICT, os.path.join(get_testdata_dir(), 'verity_mincrypt')) def test_Build_FecDisabled(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) del prop_dict['verity_fec'] self._BuildAndVerify( prop_dict, os.path.join(get_testdata_dir(), 'testkey_mincrypt')) def test_Build_SquashFs(self): verity_image_builder = CreateVerityImageBuilder(self.DEFAULT_PROP_DICT) verity_image_builder.CalculateMaxImageSize() # Build the sparse image with verity metadata. input_dir = common.MakeTempDir() image = common.MakeTempFile(suffix='.img') cmd = ['mksquashfsimage.sh', input_dir, image, '-s'] common.RunAndCheckOutput(cmd) verity_image_builder.PadSparseImage(image) verity_image_builder.Build(image) # Verify the verity metadata. cmd = ["verity_verifier", image, '-mincrypt', os.path.join(get_testdata_dir(), 'testkey_mincrypt')] common.RunAndCheckOutput(cmd) class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase): def setUp(self): DEFAULT_PROP_DICT = { 'partition_size': str(4096 * 1024), 'partition_name': 'system', 'avb_avbtool': 'avbtool', 'avb_hashtree_enable': 'true', 'avb_add_hashtree_footer_args': '', } def test_init(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) verity_image_builder = CreateVerityImageBuilder(prop_dict) self.assertIsNotNone(verity_image_builder) self.assertEqual(2, verity_image_builder.version) def test_init_MissingProps(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) del prop_dict['avb_hashtree_enable'] verity_image_builder = CreateVerityImageBuilder(prop_dict) self.assertIsNone(verity_image_builder) def test_Build(self): prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT) verity_image_builder = CreateVerityImageBuilder(prop_dict) self.assertIsNotNone(verity_image_builder) self.assertEqual(2, verity_image_builder.version) input_dir = common.MakeTempDir() image_dir = common.MakeTempDir() system_image = os.path.join(image_dir, 'system.img') system_image_size = verity_image_builder.CalculateMaxImageSize() cmd = ['mkuserimg_mke2fs', input_dir, system_image, 'ext4', '/system', str(system_image_size), '-j', '0', '-s'] common.RunAndCheckOutput(cmd) verity_image_builder.Build(system_image) # Additionally make vbmeta image so that we can verify with avbtool. vbmeta_image = os.path.join(image_dir, 'vbmeta.img') cmd = ['avbtool', 'make_vbmeta_image', '--include_descriptors_from_image', system_image, '--output', vbmeta_image] common.RunAndCheckOutput(cmd) # Verify the verity metadata. cmd = ['avbtool', 'verify_image', '--image', vbmeta_image] common.RunAndCheckOutput(cmd) def _test_CalculateMinPartitionSize_SetUp(self): # To test CalculateMinPartitionSize(), by using 200MB to 2GB image size. # - 51200 = 200MB * 1024 * 1024 / 4096 # - 524288 = 2GB * 1024 * 1024 * 1024 / 4096 self._image_sizes = [BLOCK_SIZE * random.randint(51200, 524288) + offset image_sizes = [BLOCK_SIZE * random.randint(51200, 524288) + offset for offset in range(BLOCK_SIZE)] prop_dict = { Loading @@ -181,17 +321,19 @@ class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase): 'avb_hashtree_enable': 'true', 'avb_add_hashtree_footer_args': None, } self.builder = CreateVerityImageBuilder(prop_dict) self.assertEqual(2, self.builder.version) builder = CreateVerityImageBuilder(prop_dict) self.assertEqual(2, builder.version) return image_sizes, builder def test_CalculateMinPartitionSize_LinearFooterSize(self): """Tests with footer size which is linear to partition size.""" for image_size in self._image_sizes: image_sizes, builder = self._test_CalculateMinPartitionSize_SetUp() for image_size in image_sizes: for ratio in 0.95, 0.56, 0.22: expected_size = common.RoundUpTo4K(int(math.ceil(image_size / ratio))) self.assertEqual( expected_size, self.builder.CalculateMinPartitionSize( builder.CalculateMinPartitionSize( image_size, lambda x, ratio=ratio: int(x * ratio))) def test_AVBCalcMinPartitionSize_SlowerGrowthFooterSize(self): Loading @@ -202,8 +344,9 @@ class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase): # Minus footer size to return max image size. return partition_size - int(math.pow(partition_size, 0.95)) for image_size in self._image_sizes: min_partition_size = self.builder.CalculateMinPartitionSize( image_sizes, builder = self._test_CalculateMinPartitionSize_SetUp() for image_size in image_sizes: min_partition_size = builder.CalculateMinPartitionSize( image_size, _SizeCalculator) # Checks min_partition_size can accommodate image_size. self.assertGreaterEqual( Loading @@ -223,8 +366,9 @@ class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase): # footer size grows faster than partition size. return int(math.pow(partition_size, 0.95)) for image_size in self._image_sizes: min_partition_size = self.builder.CalculateMinPartitionSize( image_sizes, builder = self._test_CalculateMinPartitionSize_SetUp() for image_size in image_sizes: min_partition_size = builder.CalculateMinPartitionSize( image_size, _SizeCalculator) # Checks min_partition_size can accommodate image_size. self.assertGreaterEqual( Loading
tools/releasetools/testdata/verity_mincrypt 0 → 100644 +524 B File added.No diff preview for this file type. View file
tools/releasetools/verity_utils.py +1 −1 Original line number Diff line number Diff line Loading @@ -301,7 +301,7 @@ class Version1VerityImageBuilder(VerityImageBuilder): """Creates an image that is verifiable using dm-verity. Args: out_file: the location to write the verifiable image at out_file: the output image. Returns: AssertionError: On invalid partition sizes. Loading
