releasetools: Add tests for VerityImageBuilder.

`testdata/verity_mincrypt` is generated with the following command. $ generate_verity_key \ -convert testdata/verity.x509.pem \ testdata/verity_mincrypt Test: python -m unittest test_verity_utils Change-Id: I3f2f0cd89da0fd5d2420e0e2b09761cc77f893c5
2018-10-17 22:53:54 -07:00 · 2018-10-17 22:53:54 -07:00 · 4a0d5134e1
parent 7549e5e919
commit 4a0d5134e1
3 changed files with 156 additions and 12 deletions
--- a/tools/releasetools/test_verity_utils.py
+++ b/tools/releasetools/test_verity_utils.py
@ -16,6 +16,7 @@

 """Unittests for verity_utils.py."""

+import copy
 import math
 import os.path
 import random
@ -165,14 +166,153 @@ class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase):
    self.assertEqual(self.expected_root_hash, info.root_hash)


+class VerifiedBootVersion1VerityImageBuilderTest(ReleaseToolsTestCase):
+
+  DEFAULT_PARTITION_SIZE = 4096 * 1024
+  DEFAULT_PROP_DICT = {
+      'partition_size': str(DEFAULT_PARTITION_SIZE),
+      'verity': 'true',
+      'verity_block_device': '/dev/block/system',
+      'verity_key': os.path.join(get_testdata_dir(), 'testkey'),
+      'verity_fec': 'true',
+      'verity_signer_cmd': 'verity_signer',
+  }
+
+  def test_init(self):
+    prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
+    verity_image_builder = CreateVerityImageBuilder(prop_dict)
+    self.assertIsNotNone(verity_image_builder)
+    self.assertEqual(1, verity_image_builder.version)
+
+  def test_init_MissingProps(self):
+    prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
+    del prop_dict['verity']
+    self.assertIsNone(CreateVerityImageBuilder(prop_dict))
+
+    prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
+    del prop_dict['verity_block_device']
+    self.assertIsNone(CreateVerityImageBuilder(prop_dict))
+
+  def test_CalculateMaxImageSize(self):
+    verity_image_builder = CreateVerityImageBuilder(self.DEFAULT_PROP_DICT)
+    size = verity_image_builder.CalculateMaxImageSize()
+    self.assertLess(size, self.DEFAULT_PARTITION_SIZE)
+
+    # Same result by explicitly passing the partition size.
+    self.assertEqual(
+        verity_image_builder.CalculateMaxImageSize(),
+        verity_image_builder.CalculateMaxImageSize(
+            self.DEFAULT_PARTITION_SIZE))
+
+  @staticmethod
+  def _BuildAndVerify(prop, verify_key):
+    verity_image_builder = CreateVerityImageBuilder(prop)
+    image_size = verity_image_builder.CalculateMaxImageSize()
+
+    # Build the sparse image with verity metadata.
+    input_dir = common.MakeTempDir()
+    image = common.MakeTempFile(suffix='.img')
+    cmd = ['mkuserimg_mke2fs', input_dir, image, 'ext4', '/system',
+           str(image_size), '-j', '0', '-s']
+    common.RunAndCheckOutput(cmd)
+    verity_image_builder.Build(image)
+
+    # Verify the verity metadata.
+    cmd = ['verity_verifier', image, '-mincrypt', verify_key]
+    common.RunAndCheckOutput(cmd)
+
+  def test_Build(self):
+    self._BuildAndVerify(
+        self.DEFAULT_PROP_DICT,
+        os.path.join(get_testdata_dir(), 'testkey_mincrypt'))
+
+  def test_Build_SanityCheck(self):
+    # A sanity check for the test itself: the image shouldn't be verifiable
+    # with wrong key.
+    self.assertRaises(
+        common.ExternalError,
+        self._BuildAndVerify,
+        self.DEFAULT_PROP_DICT,
+        os.path.join(get_testdata_dir(), 'verity_mincrypt'))
+
+  def test_Build_FecDisabled(self):
+    prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
+    del prop_dict['verity_fec']
+    self._BuildAndVerify(
+        prop_dict,
+        os.path.join(get_testdata_dir(), 'testkey_mincrypt'))
+
+  def test_Build_SquashFs(self):
+    verity_image_builder = CreateVerityImageBuilder(self.DEFAULT_PROP_DICT)
+    verity_image_builder.CalculateMaxImageSize()
+
+    # Build the sparse image with verity metadata.
+    input_dir = common.MakeTempDir()
+    image = common.MakeTempFile(suffix='.img')
+    cmd = ['mksquashfsimage.sh', input_dir, image, '-s']
+    common.RunAndCheckOutput(cmd)
+    verity_image_builder.PadSparseImage(image)
+    verity_image_builder.Build(image)
+
+    # Verify the verity metadata.
+    cmd = ["verity_verifier", image, '-mincrypt',
+           os.path.join(get_testdata_dir(), 'testkey_mincrypt')]
+    common.RunAndCheckOutput(cmd)
+
+
 class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase):

-  def setUp(self):
+  DEFAULT_PROP_DICT = {
+      'partition_size': str(4096 * 1024),
+      'partition_name': 'system',
+      'avb_avbtool': 'avbtool',
+      'avb_hashtree_enable': 'true',
+      'avb_add_hashtree_footer_args': '',
+  }
+
+  def test_init(self):
+    prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
+    verity_image_builder = CreateVerityImageBuilder(prop_dict)
+    self.assertIsNotNone(verity_image_builder)
+    self.assertEqual(2, verity_image_builder.version)
+
+  def test_init_MissingProps(self):
+    prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
+    del prop_dict['avb_hashtree_enable']
+    verity_image_builder = CreateVerityImageBuilder(prop_dict)
+    self.assertIsNone(verity_image_builder)
+
+  def test_Build(self):
+    prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
+    verity_image_builder = CreateVerityImageBuilder(prop_dict)
+    self.assertIsNotNone(verity_image_builder)
+    self.assertEqual(2, verity_image_builder.version)
+
+    input_dir = common.MakeTempDir()
+    image_dir = common.MakeTempDir()
+    system_image = os.path.join(image_dir, 'system.img')
+    system_image_size = verity_image_builder.CalculateMaxImageSize()
+    cmd = ['mkuserimg_mke2fs', input_dir, system_image, 'ext4', '/system',
+           str(system_image_size), '-j', '0', '-s']
+    common.RunAndCheckOutput(cmd)
+    verity_image_builder.Build(system_image)
+
+    # Additionally make vbmeta image so that we can verify with avbtool.
+    vbmeta_image = os.path.join(image_dir, 'vbmeta.img')
+    cmd = ['avbtool', 'make_vbmeta_image', '--include_descriptors_from_image',
+           system_image, '--output', vbmeta_image]
+    common.RunAndCheckOutput(cmd)
+
+    # Verify the verity metadata.
+    cmd = ['avbtool', 'verify_image', '--image', vbmeta_image]
+    common.RunAndCheckOutput(cmd)
+
+  def _test_CalculateMinPartitionSize_SetUp(self):
    # To test CalculateMinPartitionSize(), by using 200MB to 2GB image size.
    #   -  51200 = 200MB * 1024 * 1024 / 4096
    #   - 524288 = 2GB * 1024 * 1024 * 1024 / 4096
-    self._image_sizes = [BLOCK_SIZE * random.randint(51200, 524288) + offset
-                         for offset in range(BLOCK_SIZE)]
+    image_sizes = [BLOCK_SIZE * random.randint(51200, 524288) + offset
+                   for offset in range(BLOCK_SIZE)]

    prop_dict = {
        'partition_size': None,
@ -181,17 +321,19 @@ class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase):
        'avb_hashtree_enable': 'true',
        'avb_add_hashtree_footer_args': None,
    }
-    self.builder = CreateVerityImageBuilder(prop_dict)
-    self.assertEqual(2, self.builder.version)
+    builder = CreateVerityImageBuilder(prop_dict)
+    self.assertEqual(2, builder.version)
+    return image_sizes, builder

  def test_CalculateMinPartitionSize_LinearFooterSize(self):
    """Tests with footer size which is linear to partition size."""
-    for image_size in self._image_sizes:
+    image_sizes, builder = self._test_CalculateMinPartitionSize_SetUp()
+    for image_size in image_sizes:
      for ratio in 0.95, 0.56, 0.22:
        expected_size = common.RoundUpTo4K(int(math.ceil(image_size / ratio)))
        self.assertEqual(
            expected_size,
-            self.builder.CalculateMinPartitionSize(
+            builder.CalculateMinPartitionSize(
                image_size, lambda x, ratio=ratio: int(x * ratio)))

  def test_AVBCalcMinPartitionSize_SlowerGrowthFooterSize(self):
@ -202,8 +344,9 @@ class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase):
      # Minus footer size to return max image size.
      return partition_size - int(math.pow(partition_size, 0.95))

-    for image_size in self._image_sizes:
-      min_partition_size = self.builder.CalculateMinPartitionSize(
+    image_sizes, builder = self._test_CalculateMinPartitionSize_SetUp()
+    for image_size in image_sizes:
+      min_partition_size = builder.CalculateMinPartitionSize(
          image_size, _SizeCalculator)
      # Checks min_partition_size can accommodate image_size.
      self.assertGreaterEqual(
@ -223,8 +366,9 @@ class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase):
      # footer size grows faster than partition size.
      return int(math.pow(partition_size, 0.95))

-    for image_size in self._image_sizes:
-      min_partition_size = self.builder.CalculateMinPartitionSize(
+    image_sizes, builder = self._test_CalculateMinPartitionSize_SetUp()
+    for image_size in image_sizes:
+      min_partition_size = builder.CalculateMinPartitionSize(
          image_size, _SizeCalculator)
      # Checks min_partition_size can accommodate image_size.
      self.assertGreaterEqual(
--- a/tools/releasetools/testdata/verity_mincrypt
+++ b/tools/releasetools/testdata/verity_mincrypt
--- a/tools/releasetools/verity_utils.py
+++ b/tools/releasetools/verity_utils.py
@ -299,7 +299,7 @@ class Version1VerityImageBuilder(VerityImageBuilder):
    """Creates an image that is verifiable using dm-verity.

    Args:
-      out_file: the location to write the verifiable image at
+      out_file: the output image.

    Returns:
      AssertionError: On invalid partition sizes.