Update BaseCryptLib tests to reference the PCDs before running (#1034)

## Description The BaseCryptLibUnitTestApp tests the linked BaseCryptLib instance's crypto to make sure all functions are performing as expected. With the move to the Crypto binary and the BaseCryptLibOnProtocol instances we disable certain crypto functionality on purpose which causes the test to fail (and also the BaseCryptLibOnProtocol lib to assert). The changes made here use the already existing crypto PCDs to check if the tested cryptography is enabled with the current Crypto binary and if not to skip the test. This will allow the test to show if the enabled crypto is working correctly instead of failing for crypto we don't care about. - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [x] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested Tested on Qemu and intel physical platforms with various crypto binary layouts. The relevant tests pass and disabled crypto skips their tests. Furthermore when the PCDs are configured to run tests for crypto we don't support with the selected crypto binary, the test fails as expected. ## Integration Instructions N/A. Using the crypto binaries should automatically configure the correct PCDs and BaseCryptLib library for the test to work correctly.
microsoft · Jul 26, 2024 · 856d8a4 · 856d8a4
1 parent cf915a5
commit 856d8a4
Show file tree

Hide file tree

Showing 10 changed files with 375 additions and 91 deletions.
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/AeadAesGcmTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/AeadAesGcmTests.c
@@ -52,6 +52,13 @@ TestVerifyAeadAesGcm (
   UINT8    OutTag[1024];
   UINTN    OutTagSize;
 
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceAeadAesGcmEncrypt) || !PcdGetBool (PcdCryptoServiceAeadAesGcmDecrypt)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   OutBufferSize = sizeof (OutBuffer);
   OutTagSize    = sizeof (gcm_tag);
   ZeroMem (OutBuffer, sizeof (OutBuffer));

diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTestApp.inf
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BlockCipherTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BlockCipherTests.c
@@ -200,6 +200,13 @@ TestVerifyBLockCiperPreReq (
   BLOCK_CIPHER_TEST_CONTEXT  *TestContext;
   UINTN                      CtxSize;
 
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceAesGetContextSize)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   TestContext      = Context;
   CtxSize          = TestContext->GetContextSize ();
   TestContext->Ctx = AllocatePool (CtxSize);

diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BnTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BnTests.c
@@ -152,6 +152,13 @@ TestVerifyBnPreReq (
 {
   BN_TEST_CONTEXT  *BnContext;
 
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceBigNumInit) || !PcdGetBool (PcdCryptoServiceBigNumNewContext)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   BnContext        = Context;
   BnContext->BnCTX = BigNumNewContext ();
   BnContext->BnA   = BigNumInit ();
@@ -195,10 +202,18 @@ TestVerifyBn (
 {
   BN_TEST_CONTEXT  *BnContext;
   UINTN            Num;
-  CONST VOID       *BnOne;
+
+  // CONST VOID       *BnOne;  // MU_CHANGE
 
   BnContext = Context;
 
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceBigNumFromBin) || !PcdGetBool (PcdCryptoServiceBigNumIsWord) || !PcdGetBool (PcdCryptoServiceBigNumIsOdd) || !PcdGetBool (PcdCryptoServiceBigNumConstTime) || !PcdGetBool (PcdCryptoServiceBigNumBytes)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   // Calculation tests
   BnContext->BnA = BigNumFromBin (BnOperationA, sizeof (BnOperationA));
   BnContext->BnB = BigNumFromBin (BnOperationB, sizeof (BnOperationB));
@@ -246,12 +261,15 @@ TestVerifyBn (
   UT_ASSERT_EQUAL (Num, BYTES_OF_OPERATION_A);
   Num = BigNumBits (BnContext->BnA);
   UT_ASSERT_EQUAL (Num, BITS_OF_OPERATION_A);
-  BnOne = BigNumValueOne ();
+  // MU_CHANGE [START] - Remove test for unused function
+
+  /*BnOne = BigNumValueOne ();
   if (BnOne == NULL) {
     return UNIT_TEST_ERROR_TEST_FAILED;
-  }
+  }*/
 
-  UT_ASSERT_TRUE (BigNumIsWord (BnOne, 0x1));
+  // UT_ASSERT_TRUE (BigNumIsWord (BnOne, 0x1));
+  // MU_CHANGE [END]
 
   return UNIT_TEST_PASSED;
 }

diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/DhTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/DhTests.c
@@ -17,6 +17,13 @@ TestVerifyDhPreReq (
   UNIT_TEST_CONTEXT  Context
   )
 {
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceDhNew)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   mDh1 = DhNew ();
   if (mDh1 == NULL) {
     return UNIT_TEST_ERROR_TEST_FAILED;

diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c
@@ -160,6 +160,13 @@ TestVerifyEcPreReq (
   UNIT_TEST_CONTEXT  Context
   )
 {
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceBigNumInit) || !PcdGetBool (PcdCryptoServiceBigNumFromBin)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   Ec1      = NULL;
   Ec2      = NULL;
   Group    = NULL;
@@ -204,6 +211,13 @@ TestVerifyEcBasic (
   UINTN    CurveCount;
   BOOLEAN  Status;
 
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceEcPointInit) || !PcdGetBool (PcdCryptoServiceEcGroupGetCurve) || !PcdGetBool (PcdCryptoServiceEcGroupGetOrder) || !PcdGetBool (PcdCryptoServiceEcPointSetAffineCoordinates) || !PcdGetBool (PcdCryptoServiceEcPointEqual) || !PcdGetBool (PcdCryptoServiceEcPointIsOnCurve) || !PcdGetBool (PcdCryptoServiceEcPointIsAtInfinity) || !PcdGetBool (PcdCryptoServiceEcPointInvert) || !PcdGetBool (PcdCryptoServiceEcPointAdd) || !PcdGetBool (PcdCryptoServiceEcPointMul)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   //
   // Initialize BigNumbers
   //
@@ -311,6 +325,13 @@ TestVerifyEcDh (
   UINTN    CurveCount;
   BOOLEAN  Status;
 
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceEcNewByNid) || !PcdGetBool (PcdCryptoServiceEcGenerateKey) || !PcdGetBool (PcdCryptoServiceEcDhComputeKey) || !PcdGetBool (PcdCryptoServiceEcGetPubKey)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   for (CurveCount = 0; CurveCount < EC_CURVE_NUM_SUPPORTED; CurveCount++) {
     //
     // Initial key length
@@ -376,6 +397,13 @@ TestVerifyEcKey (
   UINT8    Signature[66 * 2];
   UINTN    SigSize;
 
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceEcGetPrivateKeyFromPem) || !PcdGetBool (PcdCryptoServiceEcGetPublicKeyFromX509) || !PcdGetBool (PcdCryptoServiceEcDsaSign) || !PcdGetBool (PcdCryptoServiceEcDsaVerify) || !PcdGetBool (PcdCryptoServiceEcGroupFree)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   //
   // Retrieve EC private key from PEM data.
   //

diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HkdfTests.c
@@ -90,6 +90,13 @@ TestVerifyHkdfSha256 (
   UINT8    Out[42];
   BOOLEAN  Status;
 
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceHkdfSha256ExtractAndExpand) || !PcdGetBool (PcdCryptoServiceHkdfSha256Extract) || !PcdGetBool (PcdCryptoServiceHkdfSha256Expand)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   /* HKDF-SHA-256 digest Validation*/
 
   ZeroMem (PrkOut, sizeof (PrkOut));
@@ -146,6 +153,13 @@ TestVerifyHkdfSha384 (
   UINT8    Out[64];
   BOOLEAN  Status;
 
+  // MU_CHANGE [START]
+  if (!PcdGetBool (PcdCryptoServiceHkdfSha384ExtractAndExpand) || !PcdGetBool (PcdCryptoServiceHkdfSha384Extract) || !PcdGetBool (PcdCryptoServiceHkdfSha384Expand)) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   /* HKDF-SHA-384 digest Validation*/
   ZeroMem (PrkOut, sizeof (PrkOut));
   Status = HkdfSha384Extract (

diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
@@ -159,7 +159,15 @@ TestVerifyHmacPreReq (
 {
   HMAC_TEST_CONTEXT  *HmacTestContext;
 
-  HmacTestContext          = Context;
+  HmacTestContext = Context;
+
+  // MU_CHANGE [START]
+  if ((!PcdGetBool (PcdCryptoServiceHmacSha256New) && (SHA256_DIGEST_SIZE == HmacTestContext->DigestSize)) || (!PcdGetBool (PcdCryptoServiceHmacSha384New) && (SHA384_DIGEST_SIZE == HmacTestContext->DigestSize))) {
+    return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
+  }
+
+  // MU_CHANGE [END]
+
   HmacTestContext->HmacCtx = HmacTestContext->HmacNew ();
   if (HmacTestContext->HmacCtx == NULL) {
     return UNIT_TEST_ERROR_TEST_FAILED;
@@ -195,13 +203,17 @@ TestVerifyHmac (
   BOOLEAN            Status;
   HMAC_TEST_CONTEXT  *HmacTestContext;
 
-  if (  !PcdGetBool (PcdCryptoServiceHmacSha256SetKey) || !PcdGetBool (PcdCryptoServiceHmacSha256Update)
-     || !PcdGetBool (PcdCryptoServiceHmacSha256Final))
+  // MU_CHANGE [START]
+  HmacTestContext = Context;
+
+  if (((  !PcdGetBool (PcdCryptoServiceHmacSha256SetKey)  || !PcdGetBool (PcdCryptoServiceHmacSha256Update)
+       || !PcdGetBool (PcdCryptoServiceHmacSha256Final)) && (SHA256_DIGEST_SIZE == HmacTestContext->DigestSize)) || ((  !PcdGetBool (PcdCryptoServiceHmacSha384SetKey)  || !PcdGetBool (PcdCryptoServiceHmacSha384Update)
+                                                                                                                     || !PcdGetBool (PcdCryptoServiceHmacSha384Final)) && (SHA384_DIGEST_SIZE == HmacTestContext->DigestSize)))
   {
     return UNIT_TEST_ERROR_PREREQUISITE_NOT_MET;
   }
 
-  HmacTestContext = Context;
+  // MU_CHANGE [END]
 
   ZeroMem (Digest, MAX_DIGEST_SIZE);
   ZeroMem (DigestCopy, MAX_DIGEST_SIZE);