Move common helper code into the test helper library.

chipsalliance · Dec 4, 2024 · cabaa7d · cabaa7d
1 parent 6dc66ed
commit cabaa7d
Show file tree

Hide file tree

Showing 11 changed files with 48 additions and 124 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/rom/dev/tests/rom_integration_tests/test_warm_reset.rs b/rom/dev/tests/rom_integration_tests/test_warm_reset.rs
@@ -9,18 +9,10 @@ use caliptra_common::RomBootStatus::*;
 use caliptra_drivers::CaliptraError;
 use caliptra_hw_model::DeviceLifecycle;
 use caliptra_hw_model::{BootParams, Fuses, HwModel, InitParams, SecurityState};
-use caliptra_test::swap_word_bytes_inplace;
-use openssl::sha::sha384;
-use zerocopy::AsBytes;
+use caliptra_test::image_pk_desc_hash;
 
 use crate::helpers;
 
-fn bytes_to_be_words_48(buf: &[u8; 48]) -> [u32; 12] {
-    let mut result: [u32; 12] = zerocopy::transmute!(*buf);
-    swap_word_bytes_inplace(&mut result);
-    result
-}
-
 #[test]
 fn test_warm_reset_success() {
     let security_state = *SecurityState::default()
@@ -38,13 +30,8 @@ fn test_warm_reset_success() {
         },
     )
     .unwrap();
-    let vendor_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.vendor_pub_key_info.as_bytes(),
-    ));
 
-    let owner_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.owner_pub_key_info.as_bytes(),
-    ));
+    let (vendor_pk_desc_hash, owner_pk_desc_hash) = image_pk_desc_hash(&image.manifest);
 
     let mut hw = caliptra_hw_model::new(
         InitParams {

diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml
@@ -45,6 +45,7 @@ caliptra-image-gen.workspace = true
 caliptra-image-crypto.workspace = true
 caliptra-auth-man-gen.workspace = true
 caliptra-image-serde.workspace = true
+caliptra-test.workspace = true
 caliptra-cfi-lib-git = { workspace = true, features = ["cfi-test"] }
 openssl.workspace = true
 sha2 = { version = "0.10.2", default-features = false, features = ["compress"] }

diff --git a/runtime/tests/runtime_integration_tests/test_warm_reset.rs b/runtime/tests/runtime_integration_tests/test_warm_reset.rs
@@ -8,21 +8,8 @@ use caliptra_builder::{
 use caliptra_error::CaliptraError;
 use caliptra_hw_model::{BootParams, DeviceLifecycle, Fuses, HwModel, InitParams, SecurityState};
 use caliptra_registers::mbox::enums::MboxStatusE;
+use caliptra_test::image_pk_desc_hash;
 use dpe::DPE_PROFILE;
-use openssl::sha::sha384;
-use zerocopy::AsBytes;
-
-fn swap_word_bytes_inplace(words: &mut [u32]) {
-    for word in words.iter_mut() {
-        *word = word.swap_bytes()
-    }
-}
-
-fn bytes_to_be_words_48(buf: &[u8; 48]) -> [u32; 12] {
-    let mut result: [u32; 12] = zerocopy::transmute!(*buf);
-    swap_word_bytes_inplace(&mut result);
-    result
-}
 
 #[test]
 fn test_rt_journey_pcr_validation() {
@@ -40,12 +27,8 @@ fn test_rt_journey_pcr_validation() {
         },
     )
     .unwrap();
-    let vendor_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.vendor_pub_key_info.as_bytes(),
-    ));
-    let owner_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.owner_pub_key_info.as_bytes(),
-    ));
+
+    let (vendor_pk_desc_hash, owner_pk_desc_hash) = image_pk_desc_hash(&image.manifest);
 
     let mut model = caliptra_hw_model::new(
         InitParams {
@@ -107,12 +90,8 @@ fn test_mbox_busy_during_warm_reset() {
         },
     )
     .unwrap();
-    let vendor_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.vendor_pub_key_info.as_bytes(),
-    ));
-    let owner_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.owner_pub_key_info.as_bytes(),
-    ));
+
+    let (vendor_pk_desc_hash, owner_pk_desc_hash) = image_pk_desc_hash(&image.manifest);
 
     let mut model = caliptra_hw_model::new(
         InitParams {

diff --git a/test/src/lib.rs b/test/src/lib.rs
@@ -6,13 +6,16 @@ use caliptra_builder::{
     FwId, ImageOptions,
 };
 use caliptra_hw_model::{BootParams, DefaultHwModel, HwModel, InitParams};
+use zerocopy::AsBytes;
 
 pub mod crypto;
 pub mod derive;
 mod redact;
 mod unwrap_single;
 pub mod x509;
 
+use caliptra_image_types::ImageManifest;
+use openssl::sha::sha384;
 pub use redact::{redact_cert, RedactOpts};
 pub use unwrap_single::UnwrapSingle;
 
@@ -28,6 +31,23 @@ pub fn swap_word_bytes_inplace(words: &mut [u32]) {
     }
 }
 
+pub fn bytes_to_be_words_48(buf: &[u8; 48]) -> [u32; 12] {
+    let mut result: [u32; 12] = zerocopy::transmute!(*buf);
+    swap_word_bytes_inplace(&mut result);
+    result
+}
+
+// Returns the vendor and owner public key descriptor hashes from the image.
+pub fn image_pk_desc_hash(manifest: &ImageManifest) -> ([u32; 12], [u32; 12]) {
+    let vendor_pk_desc_hash =
+        bytes_to_be_words_48(&sha384(manifest.preamble.vendor_pub_key_info.as_bytes()));
+
+    let owner_pk_desc_hash =
+        bytes_to_be_words_48(&sha384(manifest.preamble.owner_pub_key_info.as_bytes()));
+
+    (vendor_pk_desc_hash, owner_pk_desc_hash)
+}
+
 // Run a test which boots ROM -> FMC -> test_bin. If test_bin_name is None,
 // run the production runtime image.
 pub fn run_test(

diff --git a/test/tests/caliptra_integration_tests/fake_collateral_boot_test.rs b/test/tests/caliptra_integration_tests/fake_collateral_boot_test.rs
@@ -13,7 +13,7 @@ use caliptra_common::mailbox_api::{
 use caliptra_hw_model::{BootParams, HwModel, InitParams};
 use caliptra_test::{
     derive::{DoeInput, DoeOutput, LDevId},
-    swap_word_bytes, swap_word_bytes_inplace,
+    image_pk_desc_hash, swap_word_bytes,
     x509::{DiceFwid, DiceTcbInfo},
 };
 use openssl::sha::sha384;
@@ -42,12 +42,6 @@ fn get_idevid_pubkey() -> openssl::pkey::PKey<openssl::pkey::Public> {
     csr.public_key().unwrap()
 }
 
-fn bytes_to_be_words_48(buf: &[u8; 48]) -> [u32; 12] {
-    let mut result: [u32; 12] = zerocopy::transmute!(*buf);
-    swap_word_bytes_inplace(&mut result);
-    result
-}
-
 // [CAP2][TODO] This test is disabled because it needs to be updated.
 //#[test]
 fn fake_boot_test() {
@@ -64,13 +58,8 @@ fn fake_boot_test() {
         },
     )
     .unwrap();
-    let vendor_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.vendor_pub_key_info.as_bytes(),
-    ));
 
-    let owner_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.owner_pub_key_info.as_bytes(),
-    ));
+    let (vendor_pk_desc_hash, owner_pk_desc_hash) = image_pk_desc_hash(&image.manifest);
 
     let mut hw = caliptra_hw_model::new(
         InitParams {

diff --git a/test/tests/caliptra_integration_tests/jtag_test.rs b/test/tests/caliptra_integration_tests/jtag_test.rs
@@ -4,17 +4,9 @@ use caliptra_builder::{firmware, get_elf_path, ImageOptions};
 
 use caliptra_api_types::DeviceLifecycle;
 use caliptra_hw_model::{BootParams, Fuses, HwModel, InitParams, SecurityState};
-use caliptra_test::swap_word_bytes_inplace;
-use openssl::sha::sha384;
+use caliptra_test::image_pk_desc_hash;
 use std::io::{BufRead, BufReader, Write};
 use std::process::{ChildStdin, Command, Stdio};
-use zerocopy::AsBytes;
-
-fn bytes_to_be_words_48(buf: &[u8; 48]) -> [u32; 12] {
-    let mut result: [u32; 12] = zerocopy::transmute!(*buf);
-    swap_word_bytes_inplace(&mut result);
-    result
-}
 
 #[derive(PartialEq, Debug)]
 enum RegAccess {
@@ -95,14 +87,12 @@ fn gdb_test() {
         },
     )
     .unwrap();
-    let vendor_pk_desc_hash = sha384(image.manifest.preamble.vendor_pub_key_info.as_bytes());
-    let owner_pk_desc_hash = sha384(image.manifest.preamble.owner_pub_key_info.as_bytes());
-    let vendor_pk_desc_hash_words = bytes_to_be_words_48(&vendor_pk_desc_hash);
-    let owner_pk_desc_hash_words = bytes_to_be_words_48(&owner_pk_desc_hash);
+
+    let (vendor_pk_desc_hash, owner_pk_desc_hash) = image_pk_desc_hash(&image.manifest);
 
     let fuses = Fuses {
-        key_manifest_pk_hash: vendor_pk_desc_hash_words,
-        owner_pk_hash: owner_pk_desc_hash_words,
+        key_manifest_pk_hash: vendor_pk_desc_hash,
+        owner_pk_hash: owner_pk_desc_hash,
         fmc_key_manifest_svn: 0b1111111,
         lms_verify: true,
         ..Default::default()

diff --git a/test/tests/caliptra_integration_tests/smoke_test.rs b/test/tests/caliptra_integration_tests/smoke_test.rs
@@ -11,12 +11,13 @@ use caliptra_drivers::CaliptraError;
 use caliptra_hw_model::{BootParams, HwModel, InitParams, SecurityState};
 use caliptra_hw_model_types::{RandomEtrngResponses, RandomNibbles};
 use caliptra_test::derive::{PcrRtCurrentInput, RtAliasKey};
-use caliptra_test::{derive, redact_cert, run_test, RedactOpts, UnwrapSingle};
 use caliptra_test::{
+    bytes_to_be_words_48,
     derive::{DoeInput, DoeOutput, FmcAliasKey, IDevId, LDevId, Pcr0, Pcr0Input},
-    swap_word_bytes, swap_word_bytes_inplace,
+    swap_word_bytes,
     x509::{DiceFwid, DiceTcbInfo},
 };
+use caliptra_test::{derive, redact_cert, run_test, RedactOpts, UnwrapSingle};
 use openssl::nid::Nid;
 use openssl::sha::{sha384, Sha384};
 use rand::rngs::StdRng;
@@ -134,12 +135,6 @@ fn test_golden_ldevid_pubkey_matches_generated() {
         .public_eq(&ldevid_pubkey));
 }
 
-fn bytes_to_be_words_48(buf: &[u8; 48]) -> [u32; 12] {
-    let mut result: [u32; 12] = zerocopy::transmute!(*buf);
-    swap_word_bytes_inplace(&mut result);
-    result
-}
-
 #[test]
 fn smoke_test() {
     let security_state = *SecurityState::default()

diff --git a/test/tests/caliptra_integration_tests/warm_reset.rs b/test/tests/caliptra_integration_tests/warm_reset.rs
@@ -8,15 +8,7 @@ use caliptra_builder::{
 };
 use caliptra_common::mailbox_api::CommandId;
 use caliptra_hw_model::{mbox_write_fifo, BootParams, HwModel, InitParams, SecurityState};
-use caliptra_test::swap_word_bytes_inplace;
-use openssl::sha::sha384;
-use zerocopy::AsBytes;
-
-fn bytes_to_be_words_48(buf: &[u8; 48]) -> [u32; 12] {
-    let mut result: [u32; 12] = zerocopy::transmute!(*buf);
-    swap_word_bytes_inplace(&mut result);
-    result
-}
+use caliptra_test::image_pk_desc_hash;
 
 #[test]
 fn warm_reset_basic() {
@@ -35,12 +27,8 @@ fn warm_reset_basic() {
         },
     )
     .unwrap();
-    let vendor_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.vendor_pub_key_info.as_bytes(),
-    ));
-    let owner_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.owner_pub_key_info.as_bytes(),
-    ));
+
+    let (vendor_pk_desc_hash, owner_pk_desc_hash) = image_pk_desc_hash(&image.manifest);
 
     let mut hw = caliptra_hw_model::new(
         InitParams {
@@ -99,12 +87,8 @@ fn warm_reset_during_fw_load() {
         },
     )
     .unwrap();
-    let vendor_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.vendor_pub_key_info.as_bytes(),
-    ));
-    let owner_pk_desc_hash = bytes_to_be_words_48(&sha384(
-        image.manifest.preamble.owner_pub_key_info.as_bytes(),
-    ));
+
+    let (vendor_pk_desc_hash, owner_pk_desc_hash) = image_pk_desc_hash(&image.manifest);
 
     let mut hw = caliptra_hw_model::new(
         InitParams {

diff --git a/test/tests/fips_test_suite/common.rs b/test/tests/fips_test_suite/common.rs
@@ -6,7 +6,6 @@ use caliptra_builder::{version, ImageOptions};
 use caliptra_common::mailbox_api::*;
 use caliptra_drivers::FipsTestHook;
 use caliptra_hw_model::{BootParams, DefaultHwModel, HwModel, InitParams, ModelError, ShaAccMode};
-use caliptra_test::swap_word_bytes_inplace;
 use dpe::{
     commands::*,
     response::{
@@ -423,12 +422,6 @@ pub fn verify_output_inhibited<T: HwModel>(hw: &mut T) {
     verify_sha_engine_output_inhibited(hw);
 }
 
-pub fn bytes_to_be_words_48(buf: &[u8; 48]) -> [u32; 12] {
-    let mut result: [u32; 12] = zerocopy::transmute!(*buf);
-    swap_word_bytes_inplace(&mut result);
-    result
-}
-
 pub fn hook_code_read<T: HwModel>(hw: &mut T) -> u8 {
     ((hw.soc_ifc().cptra_dbg_manuf_service_reg().read() & HOOK_CODE_MASK) >> HOOK_CODE_OFFSET) as u8
 }

diff --git a/test/tests/fips_test_suite/fw_load.rs b/test/tests/fips_test_suite/fw_load.rs
@@ -19,7 +19,7 @@ use caliptra_image_types::SHA384_DIGEST_WORD_SIZE;
 use caliptra_image_types::{
     FwImageType, ImageBundle, VENDOR_ECC_MAX_KEY_COUNT, VENDOR_LMS_MAX_KEY_COUNT,
 };
-use openssl::sha::sha384;
+use caliptra_test::image_pk_desc_hash;
 
 use common::*;
 use zerocopy::AsBytes;
@@ -1195,27 +1195,12 @@ fn fw_load_bad_pub_key_flow(fw_image: ImageBundle, exp_error_code: u32) {
     // Generate pub key hashes and set fuses
     // Use a fresh image (will NOT be loaded)
     let pk_hash_src_image = build_fw_image(ImageOptions::default());
-    let vendor_pk_desc_hash = sha384(
-        pk_hash_src_image
-            .manifest
-            .preamble
-            .vendor_pub_key_info
-            .as_bytes(),
-    );
-    let owner_pk_desc_hash = sha384(
-        pk_hash_src_image
-            .manifest
-            .preamble
-            .owner_pub_key_info
-            .as_bytes(),
-    );
-    let vendor_pk_desc_hash_words = bytes_to_be_words_48(&vendor_pk_desc_hash);
-    let owner_pk_desc_hash_words = bytes_to_be_words_48(&owner_pk_desc_hash);
+    let (vendor_pk_desc_hash, owner_pk_desc_hash) = image_pk_desc_hash(&pk_hash_src_image.manifest);
 
     let fuses = Fuses {
         life_cycle: DeviceLifecycle::Production,
-        key_manifest_pk_hash: vendor_pk_desc_hash_words,
-        owner_pk_hash: owner_pk_desc_hash_words,
+        key_manifest_pk_hash: vendor_pk_desc_hash,
+        owner_pk_hash: owner_pk_desc_hash,
         lms_verify: true,
         ..Default::default()
     };