[PATCH] Add test for authenticode verificate (binverify)

Wald Commits scm-commit at wald.intevation.org
Mon Jun 23 18:00:51 CEST 2014 

# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1403539245 -7200
# Node ID 2fd4f9980a2a757b1e76a56c4f363ada29e6b0f9
# Parent  ed1887be5170d746ed4be0918629bc85101f4ae9
Add test for authenticode verificate (binverify)

    Still incomplete

diff -r ed1887be5170 -r 2fd4f9980a2a ui/tests/CMakeLists.txt
--- a/ui/tests/CMakeLists.txt	Mon Jun 23 17:24:00 2014 +0200
+++ b/ui/tests/CMakeLists.txt	Mon Jun 23 18:00:45 2014 +0200
@@ -15,13 +15,18 @@
 find_package(Qt5Test)
 include_directories(${Qt5Test_INCLUDE_DIRS})
 find_program(HIAWATHA_EXECUTABLE hiawatha)
+find_program(OSSLSIGNCODE_EXECUTABLE osslsigncode)
 
 if (NOT HIAWATHA_EXECUTABLE)
-   message (STATUS "WARNING: hiawatha webserver not found. Downloader tests will fail.")
+   message (STATUS "WARNING: hiawatha webserver not found. Downloader will not be run.")
 else()
   add_definitions(-DHIAWATHA_EXECUTABLE="${HIAWATHA_EXECUTABLE}")
 endif()
 
+if (WIN32 AND NOT OSSLSIGNCODE_EXECUTABLE)
+   message (STATUS "WARNING: osslsigncode not found. Authenticode tests will not be run.")
+endif()
+
 macro(add_custom_test _source _additional_sources)
   set(_test ${_source})
   get_filename_component(_name ${_source} NAME_WE)
@@ -65,7 +70,21 @@
 
 if (WIN32)
    add_custom_test(windowsstoretest.cpp "${CMAKE_SOURCE_DIR}/cinst/windowsstore.c")
-endif (WIN32)
+
+   if (OSSLSIGNCODE_EXECUTABLE)
+      add_custom_test (binverifytest.cpp "")
+      add_custom_command(
+         TARGET binverifytest
+         POST_BUILD
+         COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem
+         -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.key
+         -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe
+         -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-signed.exe
+         )
+    endif()
+else ()
+   add_custom_test (binverifytest.cpp "")
+endif ()
 
 if (NSS_FOUND)
    include_directories(${NSS_INCLUDE_DIRS})
diff -r ed1887be5170 -r 2fd4f9980a2a ui/tests/binverifytest.cpp
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/tests/binverifytest.cpp	Mon Jun 23 18:00:45 2014 +0200
@@ -0,0 +1,51 @@
+/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
+ * Software engineering by Intevation GmbH
+ *
+ * This file is Free Software under the GNU GPL (v>=2)
+ * and comes with ABSOLUTELY NO WARRANTY!
+ * See LICENSE.txt for details.
+ */
+#include "binverify.h"
+#include "binverifytest.h"
+
+#include <QTest>
+
+#ifdef Q_OS_WIN
+# define EXE_SUFFIX ".exe"
+#else
+# define EXE_SUFFIX ""
+#endif
+
+/* Some general robustness checks */
+void BinVerifyTest::testMiscErrors()
+{
+  QVERIFY (verify_binary (NULL, 10) != VerifyValid);
+  QVERIFY (verify_binary ("foo", 10) != VerifyValid);
+  QVERIFY (verify_binary ("bar", -1) != VerifyValid);
+  /* On windows the next line will check that a valid microsoft
+   * signed executable is not valid for us (pinning). On linux
+   * it will just fail with a read error. */
+  QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe",
+                          strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyValid);
+  QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid);
+}
+
+/* Check that no signature is not validated */
+/* Check that an invalid signature is not validated */
+/* Check that a signature with only a different key (of the same size)
+ * is not validated */
+/* Check that a signature with a different certificate is not validated */
+void BinVerifyTest::testNoSignature()
+{
+    QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst" EXE_SUFFIX,
+                                                     strlen("fakeinst" EXE_SUFFIX)));
+}
+
+/* Check that a valid signed executable is verified */
+void BinVerifyTest::testValidBinary()
+{
+  QVERIFY (VerifyValid == verify_binary ("fakeinst-signed" EXE_SUFFIX,
+                                         strlen("fakeinst-signed" EXE_SUFFIX)));
+}
+
+QTEST_GUILESS_MAIN (BinVerifyTest);
diff -r ed1887be5170 -r 2fd4f9980a2a ui/tests/binverifytest.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/tests/binverifytest.h	Mon Jun 23 18:00:45 2014 +0200
@@ -0,0 +1,23 @@
+/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
+ * Software engineering by Intevation GmbH
+ *
+ * This file is Free Software under the GNU GPL (v>=2)
+ * and comes with ABSOLUTELY NO WARRANTY!
+ * See LICENSE.txt for details.
+ */
+#ifndef COMMONTEST_H
+#define COMMONTEST_H
+
+#include <QObject>
+
+class BinVerifyTest: public QObject
+{
+  Q_OBJECT
+
+private Q_SLOTS:
+  void testNoSignature();
+  void testMiscErrors();
+  void testValidBinary();
+};
+#endif
+
diff -r ed1887be5170 -r 2fd4f9980a2a ui/tests/mainwindowtest.cpp
--- a/ui/tests/mainwindowtest.cpp	Mon Jun 23 17:24:00 2014 +0200
+++ b/ui/tests/mainwindowtest.cpp	Mon Jun 23 18:00:45 2014 +0200
@@ -23,10 +23,6 @@
     emit closeCalled();
 }
 
-void MainWindowTest::testInvalidUpdate() {
-    // TODO
-}
-
 void MainWindowTest::testValidUpdate() {
     QSignalSpy closed(this, SIGNAL(closeCalled()));
 #ifdef Q_OS_WIN
diff -r ed1887be5170 -r 2fd4f9980a2a ui/tests/mainwindowtest.h
--- a/ui/tests/mainwindowtest.h	Mon Jun 23 17:24:00 2014 +0200
+++ b/ui/tests/mainwindowtest.h	Mon Jun 23 18:00:45 2014 +0200
@@ -23,7 +23,6 @@
     void closeApp();
 
 private Q_SLOTS:
-    void testInvalidUpdate();
     void testValidUpdate();
 
 Q_SIGNALS:

More information about the Trustbridge-commits mailing list