Re: [kvm-unit-tests PATCH v3 5/5] s390x: uv-guest: Add attestation tests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 23 Mar 2022 09:39:27 +0100
Janosch Frank <frankja@xxxxxxxxxxxxx> wrote:

> On 2/22/22 15:54, Steffen Eiden wrote:
> > Adds several tests to verify correct error paths of attestation.
> > 
> > Signed-off-by: Steffen Eiden <seiden@xxxxxxxxxxxxx>  
> 
> I think this test deserves its own file: pv-attest.c

sounds like a good idea

> 
> But I'd leave the priv check in uv-guest.c.
> @Claudio: Any opinion about having all priv checks here and doing the 
> actual execution tests in pv-*.c files?

fine for me

maybe put a comment in pv-attest.c to explain that the priv check is
covered somewhere else already

> 
> > ---
> >   lib/s390x/asm/uv.h |   5 +-
> >   s390x/uv-guest.c   | 193 ++++++++++++++++++++++++++++++++++++++++++++-
> >   2 files changed, 196 insertions(+), 2 deletions(-)
> > 
> > diff --git a/lib/s390x/asm/uv.h b/lib/s390x/asm/uv.h
> > index c330c0f8..e5f7aa72 100644
> > --- a/lib/s390x/asm/uv.h
> > +++ b/lib/s390x/asm/uv.h
> > @@ -108,7 +108,10 @@ struct uv_cb_qui {
> >   	u8  reserved88[158 - 136];	/* 0x0088 */
> >   	uint16_t max_guest_cpus;	/* 0x009e */
> >   	u64 uv_feature_indications;	/* 0x00a0 */
> > -	u8  reserveda8[200 - 168];	/* 0x00a8 */
> > +	uint8_t  reserveda8[224 - 168];	/* 0x00a8 */
> > +	uint64_t supp_att_hdr_ver;	/* 0x00e0 */
> > +	uint64_t supp_paf;		/* 0x00e8 */
> > +	uint8_t  reservedf0[256 - 240];	/* 0x00f0 */
> >   }  __attribute__((packed))  __attribute__((aligned(8)));
> >   
> >   struct uv_cb_cgc {
> > diff --git a/s390x/uv-guest.c b/s390x/uv-guest.c
> > index 77057bd2..77edbba2 100644
> > --- a/s390x/uv-guest.c
> > +++ b/s390x/uv-guest.c
> > @@ -2,10 +2,11 @@
> >   /*
> >    * Guest Ultravisor Call tests
> >    *
> > - * Copyright (c) 2020 IBM Corp
> > + * Copyright IBM Corp. 2020, 2022
> >    *
> >    * Authors:
> >    *  Janosch Frank <frankja@xxxxxxxxxxxxx>
> > + *  Steffen Eiden <seiden@xxxxxxxxxxxxx>
> >    */
> >   
> >   #include <libcflat.h>
> > @@ -53,6 +54,15 @@ static void test_priv(void)
> >   	check_pgm_int_code(PGM_INT_CODE_PRIVILEGED_OPERATION);
> >   	report_prefix_pop();
> >   
> > +	report_prefix_push("attest");
> > +	uvcb.cmd = UVC_CMD_ATTESTATION;
> > +	uvcb.len = sizeof(struct uv_cb_attest);
> > +	expect_pgm_int();
> > +	enter_pstate();
> > +	uv_call_once(0, (uint64_t)&uvcb);
> > +	check_pgm_int_code(PGM_INT_CODE_PRIVILEGED_OPERATION);
> > +	report_prefix_pop();
> > +
> >   	report_prefix_pop();
> >   }
> >   
> > @@ -111,7 +121,187 @@ static void test_sharing(void)
> >   	cc = uv_call(0, (u64)&uvcb);
> >   	report(cc == 0 && uvcb.header.rc == UVC_RC_EXECUTED, "unshare");
> >   	report_prefix_pop();
> > +}
> > +
> > +#define ARCB_VERSION_NONE 0
> > +#define ARCB_VERSION_1 0x0100
> > +#define ARCB_MEAS_NONE 0
> > +#define ARCB_MEAS_HMAC_SHA512 1
> > +#define MEASUREMENT_SIZE_HMAC_SHA512 64
> > +#define PAF_PHKH_ATT (1ULL << 61)
> > +#define ADDITIONAL_SIZE_PAF_PHKH_ATT 32
> > +/* arcb with one key slot and no nonce */
> > +struct uv_arcb_v1 {
> > +	uint64_t reserved0;		/* 0x0000 */
> > +	uint32_t req_ver;		/* 0x0008 */
> > +	uint32_t req_len;		/* 0x000c */
> > +	uint8_t  iv[12];		/* 0x0010 */
> > +	uint32_t reserved1c;		/* 0x001c */
> > +	uint8_t  reserved20[7];		/* 0x0020 */
> > +	uint8_t  nks;			/* 0x0027 */
> > +	uint32_t reserved28;		/* 0x0028 */
> > +	uint32_t sea;			/* 0x002c */
> > +	uint64_t plaint_att_flags;	/* 0x0030 */
> > +	uint32_t meas_alg_id;		/* 0x0038 */
> > +	uint32_t reserved3c;		/* 0x003c */
> > +	uint8_t  cpk[160];		/* 0x0040 */
> > +	uint8_t  key_slot[80];		/* 0x00e0 */
> > +	uint8_t  meas_key[64];		/* 0x0130 */
> > +	uint8_t  tag[16];		/* 0x0170 */
> > +} __attribute__((packed));
> > +
> > +struct attest_request_v1 {
> > +	struct uv_arcb_v1 arcb;
> > +	uint8_t measurement[MEASUREMENT_SIZE_HMAC_SHA512];
> > +	uint8_t additional[ADDITIONAL_SIZE_PAF_PHKH_ATT];
> > +};
> > +
> > +static void test_attest_v1(u64 supported_paf)
> > +{
> > +	struct uv_cb_attest uvcb = {
> > +		.header.cmd = UVC_CMD_ATTESTATION,
> > +		.header.len = sizeof(uvcb),
> > +	};
> > +	struct attest_request_v1 *attest_req = (void *)page;
> > +	struct uv_arcb_v1 *arcb = &attest_req->arcb;
> > +	int cc;
> > +
> > +	memset((void *)page, 0, PAGE_SIZE);
> > +
> > +	/*
> > +	 * Create a minimal arcb/uvcb such that FW has everything to start
> > +	 * unsealing the request. However, this unsealing will fail as the
> > +	 * kvm-unit-test framework provides no cryptography functions that
> > +	 * would be needed to seal such requests.
> > +	 */
> > +	arcb->req_ver = ARCB_VERSION_1;
> > +	arcb->req_len = sizeof(*arcb);
> > +	arcb->nks = 1;
> > +	arcb->sea = sizeof(arcb->meas_key);
> > +	arcb->plaint_att_flags = PAF_PHKH_ATT;
> > +	arcb->meas_alg_id = ARCB_MEAS_HMAC_SHA512;
> > +	uvcb.arcb_addr = (uint64_t)&attest_req->arcb;
> > +	uvcb.measurement_address = (uint64_t)attest_req->measurement;
> > +	uvcb.measurement_length = sizeof(attest_req->measurement);
> > +	uvcb.add_data_address = (uint64_t)attest_req->additional;
> > +	uvcb.add_data_length = sizeof(attest_req->additional);
> > +
> > +	uvcb.continuation_token = 0xff;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0101, "invalid continuation token");
> > +	uvcb.continuation_token = 0;
> > +
> > +	uvcb.user_data_length = sizeof(uvcb.user_data) + 1;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0102, "invalid user data size");
> > +	uvcb.user_data_length = 0;
> > +
> > +	uvcb.arcb_addr = get_ram_size() + PAGE_SIZE;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0103, "invalid address arcb");
> > +	uvcb.arcb_addr = page;
> > +
> > +	/* 0104 - 0105 need an unseal-able request */
> > +
> > +	arcb->req_ver = ARCB_VERSION_NONE;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0106, "unsupported version");
> > +	arcb->req_ver = ARCB_VERSION_1;
> > +
> > +	arcb->req_len += 1;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0107, "invalid arcb size 1");
> > +	arcb->req_len -= 1;
> > +
> > +	/*
> > +	 * The arcb needs to grow as well if number of key slots (nks)
> > +	 * is increased. However, this is not the case and there is no explicit
> > +	 * 'too many/less nks for that arcb size' error code -> expect 0x0107
> > +	 */
> > +	arcb->nks = 2;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0107, "invalid arcb size 2");
> > +	arcb->nks = 1;
> > +
> > +	arcb->nks = 0;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0108, "invalid num key slots");
> > +	arcb->nks = 1;
> > +
> > +	/*
> > +	 * Possible valid size (when using nonce).
> > +	 * However, req_len too small to host a nonce
> > +	 */
> > +	arcb->sea = 80;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0109, "invalid encrypted size 1");
> > +	arcb->sea = 17;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0109, "invalid encrypted size 2");
> > +	arcb->sea = 64;
> > +
> > +	arcb->plaint_att_flags = supported_paf ^ GENMASK_ULL(63, 0);
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x010a, "invalid flag");
> > +	arcb->plaint_att_flags = PAF_PHKH_ATT;
> > +
> > +	arcb->meas_alg_id = ARCB_MEAS_NONE;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x010b, "invalid measurement algorithm");
> > +	arcb->meas_alg_id = ARCB_MEAS_HMAC_SHA512;
> >   
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x010c, "unable unseal");
> > +
> > +	uvcb.measurement_length = 0;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x010d, "invalid measurement size");
> > +	uvcb.measurement_length = sizeof(attest_req->measurement);
> > +
> > +	uvcb.add_data_length = 0;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x010e, "invalid additional size");
> > +	uvcb.add_data_length = sizeof(attest_req->additional);
> > +}
> > +
> > +static void test_attest(void)
> > +{
> > +	struct uv_cb_attest uvcb = {
> > +		.header.cmd = UVC_CMD_ATTESTATION,
> > +		.header.len = sizeof(uvcb),
> > +	};
> > +	const struct uv_cb_qui *uvcb_qui = uv_get_query_data();
> > +	int cc;
> > +
> > +	report_prefix_push("attest");
> > +
> > +	if (!uv_query_test_call(BIT_UVC_CMD_ATTESTATION)) {
> > +		report_skip("Attestation not supported.");
> > +		goto done;
> > +	}
> > +
> > +	/* Verify that the UV supports at least one header version */
> > +	report(uvcb_qui->supp_att_hdr_ver, "has hdr support");
> > +
> > +	memset((void *)page, 0, PAGE_SIZE);
> > +
> > +	uvcb.header.len -= 1;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc && uvcb.header.rc == UVC_RC_INV_LEN, "invalid uvcb size 1");
> > +	uvcb.header.len += 1;
> > +
> > +	uvcb.header.len += 1;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc && uvcb.header.rc == UVC_RC_INV_LEN, "invalid uvcb size 2");
> > +	uvcb.header.len -= 1;
> > +
> > +	report_prefix_push("v1");
> > +	if (test_bit_inv(0, &uvcb_qui->supp_att_hdr_ver))
> > +		test_attest_v1(uvcb_qui->supp_paf);
> > +	else
> > +		report_skip("Attestation version 1 not supported");
> > +	report_prefix_pop();
> > +done:
> >   	report_prefix_pop();
> >   }
> >   
> > @@ -193,6 +383,7 @@ int main(void)
> >   	test_invalid();
> >   	test_query();
> >   	test_sharing();
> > +	test_attest();
> >   	free_page((void *)page);
> >   done:
> >   	report_prefix_pop();  
>
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux