[PATCH] Add remaining tests to check binverify functionality
Wald Commits
scm-commit at wald.intevation.org
Tue Jun 24 15:36:59 CEST 2014
# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1403616249 -7200
# Node ID be30d50bc4f06c51a368d244ea25afba6b633dc6
# Parent 2fd4f9980a2a757b1e76a56c4f363ada29e6b0f9
Add remaining tests to check binverify functionality
diff -r 2fd4f9980a2a -r be30d50bc4f0 common/binverify.c
--- a/common/binverify.c Mon Jun 23 18:00:45 2014 +0200
+++ b/common/binverify.c Tue Jun 24 15:24:09 2014 +0200
@@ -200,7 +200,7 @@
else
{
ERRORPRINTF ("Certificate mismatch. \n");
- retval = VerifyInvalidSignature;
+ retval = VerifyInvalidCertificate;
syslog_error_printf ("Software update embedded signature "
"created with wrong certificate.");
goto done;
diff -r 2fd4f9980a2a -r be30d50bc4f0 ui/tests/CMakeLists.txt
--- a/ui/tests/CMakeLists.txt Mon Jun 23 18:00:45 2014 +0200
+++ b/ui/tests/CMakeLists.txt Tue Jun 24 15:24:09 2014 +0200
@@ -81,6 +81,31 @@
-h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe
-out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-signed.exe
)
+ add_custom_command(
+ TARGET binverifytest
+ POST_BUILD
+ COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem
+ -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.key
+ -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe
+ -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-other-key.exe
+ )
+ add_custom_command(
+ TARGET binverifytest
+ POST_BUILD
+ COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.pem
+ -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.key
+ -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe
+ -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-other-cert.exe
+ )
+ add_custom_command(
+ TARGET binverifytest
+ POST_BUILD
+ COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem
+ -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.key
+ -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe
+ -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-invalid.exe &&
+ ${CMAKE_STRIP} ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-invalid.exe
+ )
endif()
else ()
add_custom_test (binverifytest.cpp "")
diff -r 2fd4f9980a2a -r be30d50bc4f0 ui/tests/binverifytest.cpp
--- a/ui/tests/binverifytest.cpp Mon Jun 23 18:00:45 2014 +0200
+++ b/ui/tests/binverifytest.cpp Tue Jun 24 15:24:09 2014 +0200
@@ -24,21 +24,41 @@
QVERIFY (verify_binary ("bar", -1) != VerifyValid);
/* On windows the next line will check that a valid microsoft
* signed executable is not valid for us (pinning). On linux
- * it will just fail with a read error. */
+ * it will just fail with a read error which we tested above */
+#ifdef Q_OS_WIN
QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe",
- strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyValid);
+ strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyInvalidCertificate);
+#endif
QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid);
}
+/* Check that a signature with only a different key (of the same size)
+ * is not validated (Invalid signature because key and cert don't match)*/
+void BinVerifyTest::testOtherKey()
+{
+ QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX,
+ strlen("fakeinst-other-key" EXE_SUFFIX)));
+}
+
+/* Check that an invalid signature is not validated */
+void BinVerifyTest::testInvalidSig()
+{
+ QVERIFY(VerifyValid != verify_binary ("fakeinst-invalid" EXE_SUFFIX,
+ strlen("fakeinst-invalid" EXE_SUFFIX)));
+}
+
+/* Check that a signature with a different (valid) certificate is not validated */
+void BinVerifyTest::testOtherCert()
+{
+ QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX,
+ strlen("fakeinst-other-cert" EXE_SUFFIX)));
+}
+
/* Check that no signature is not validated */
-/* Check that an invalid signature is not validated */
-/* Check that a signature with only a different key (of the same size)
- * is not validated */
-/* Check that a signature with a different certificate is not validated */
void BinVerifyTest::testNoSignature()
{
- QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst" EXE_SUFFIX,
- strlen("fakeinst" EXE_SUFFIX)));
+ QVERIFY(VerifyValid != verify_binary ("fakeinst" EXE_SUFFIX,
+ strlen("fakeinst" EXE_SUFFIX)));
}
/* Check that a valid signed executable is verified */
diff -r 2fd4f9980a2a -r be30d50bc4f0 ui/tests/binverifytest.h
--- a/ui/tests/binverifytest.h Mon Jun 23 18:00:45 2014 +0200
+++ b/ui/tests/binverifytest.h Tue Jun 24 15:24:09 2014 +0200
@@ -18,6 +18,9 @@
void testNoSignature();
void testMiscErrors();
void testValidBinary();
+ void testOtherKey();
+ void testOtherCert();
+ void testInvalidSig();
};
#endif
diff -r 2fd4f9980a2a -r be30d50bc4f0 ui/tests/data/NOTES
--- a/ui/tests/data/NOTES Mon Jun 23 18:00:45 2014 +0200
+++ b/ui/tests/data/NOTES Tue Jun 24 15:24:09 2014 +0200
@@ -117,3 +117,16 @@
-h sha256 \
-in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \
-out TrustBridge-0.6+21-aee3eb10bbba-signed.exe
+
+# Different test certificates.
+gen_key filename=codesigning-other.key
+cert_req filename=codesigning-other.key output_file=codesigning-other.csr \
+subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \
+key_usage=digital_signature \
+ns_cert_type=object_signing
+
+cert_write request_file=codesigning-other.csr issuer_crt=codesigning_root.pem \
+issuer_key=codesigning_root.key output_file=codesigning-other.pem \
+not_before=20130101000000 not_after=20151231235959 \
+key_usage=digital_signature \
+ns_cert_type=object_signing
diff -r 2fd4f9980a2a -r be30d50bc4f0 ui/tests/data/codesign/codesigning-other.key
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/tests/data/codesign/codesigning-other.key Tue Jun 24 15:24:09 2014 +0200
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAqt/YYva86uZLj26KkNrJb6imHFbvPoxX7QBAIkhM+50GKZuO
+P/QZKcdAeNZG7Oepqkc46DM1JgTPFsnWuZPm0xThx7Y8LTGhuAtwczdQDbadc8NP
+G3uKvn2VmlQaN2yJmxVglNWWJu5tkC13fzPkDBN3+Wm7q+v0tY8FrA9iAPO6dRsr
+BlGY0XOcBxR20ha7UEjV2ftsVKYgwKW9wnwF+kZU0w7OaTzLS8JIgoYPtJx2k5TB
+Y6WgGQRrFdr/1SHV9ezALKlge9/vuJNM/OaSPLfgmOcxnl+Z2jiQoS7oiJIagIGH
+quV1ScaAvsaCc7uQeneD3K1M03I2o/qZcXCBg5AdbtqtWZK2IiV/4cSYHm5g9mME
+nSdSljwD/MHOjbdNG1mv+UHB958R0wMddiMTTq558lyiDuoeh54rxpc51bT+iMhl
+jhkM7hqx0PEXwwDZ8ohO6JxCRz8k1HHTswV9g6315oEZJbMIbVOLbWUiHcJw+JD9
+t1+jJuxNdY1z3cs95lqlb+x+wIVP3OwdkecFmVm5PRWCR4d36xGCEe/pn3kV3KtV
+xmFTO1Azr38iGGsMhdKoK3dsW4PVnhNoEV4ya5Up3WKgXc0RGrVMjpE02bWRE2Wv
+1N8d4uGRNRJ9tsM7krx37bcxDSGL5iToWMapxkiGn76hxs2sRvzuq91p+M8CAwEA
+AQKCAgEAiKip6Mwo3zz75WSlEaDJRbH91+B3SvD3SSbQJBrq5rj4usIcDG3uygj/
+OSU2aDYG7ZY0nxCFSzjBXxphzt3I17x1rkHC8uokyorrjloIfk80sebcF8DAgAT0
+Zw8oQHdfvlZkfeQsSEqb+ZlDXspjcn0HkMPNQnxdo+8UvD05RkWnNA1cZZtQuwLZ
+IJhvRyrC+DyoO8PnKfQLcceccjS6myUwpfPLhUMH3DkvwKPzX6Fa/EEWQdmupxNv
+iXUy8oQzGJIWSCHWdnvsvxOfmQvWnRT6XY9Zka4n3+0pTp+zfbZL18bAeB83pJ9L
+TEh7AJBbxnZbUVyQevN3W8IKgj1WdkuIWHHsc+lMHSbB0U+7gTPIFgap53OEEg5q
+fdxZdk7mEj4lnH3nVfojL4nQ6wfKL9vOVCFEGcBUOYsg3QHGQ1j2avItfnJ6Q04k
+jvRwPmJoaewdIm2Q0bI9DDo1TPWtPKIMlIYSLVCQAO+u4E0vWfw0fzTWcoMVvg1L
+eAQz0fuwFLxTkczJgI67qLxSjGjGiyDJ+2f+XaJlM4S/59SrqlMDTLOnSXAmmo6M
+yIoB5PZ9uGxSYzZWJUuRbVAaos97fc3dxKp83G8iKLo1PzLLdaVmYgabSPXBDXYX
+f3SmOJd6dcmKHNWJdOdFRzxhhzsUQTwWxkRYXEM4MW7BZ417cpECggEBAPx486Zg
+ayFHK3P35lJGZ4lHOj697mYMnEQ4LtJwV0nro1UbfX3W6lBQeMz4MZxJloJpEA3Z
+djGE+KxBPDa6hvQoICylEPfMvOC4cjtSf/pEOGcJ2H8UqVbuL+yXIcJmHGjAmZ5y
+6cReu4hHFkbJeHRYvZRYleML6TwSuWREq8tEsJh5xGLHZlXgMFsfEuqh3l3Onbk8
+Zdl0b7Q0f/NP7qVpy4gwsAJUnzxYOVTIjUCUVwV4TZhBdIe36b8ey5GnPT52hgZp
+SpjSZp5z2b1Nb28A2fis/5I4I01fnaYq3o/bXMC2M+OUvH4JO7FPwVt2KtDX1A4a
+TRcPBeUzvaXWLqsCggEBAK1DCDCnC6lbeTlgFnpVxgUV75uO49RVc576s3pnm0i3
+2FVEfy/Fj79XCO8FDqQCTzN9L7biVM8nt+CuyWPA9JhKRZh6M8T8IxRx1AsA7E8A
+9nd4eKbbgeVeAchoAvEVu0MroviOcPsScX2C9KmnpY0qr45mmMfL25HXo1xNl/b0
++mxflqHCdk6sqSNE9inY0xD9wf/OfAQ3KrUJIVC85qC2WrzFtB0Yy5XZLiOoBJ/D
+zh+lz/pCKaBKKnDoZ6fXpsG0m8lXDVzUZRStlPQMamX/da6g78SC4Goi2mx7QpHw
+Os8bH9HrVExdpCSQ7Nmdur6DZxvccpgf+zl+0v0ATm0CggEAQW+v5t1ypstlbcdA
+wO5Sg3gclopvsa9vCRduu0g2t4gFa1eWrPj4/hv9U1K4uQMxqVdFu/Ey+x61vR+j
+VaP+umV0AV4/CZrdEXl80fdOCDWKUNpybG2Ufl15ul5pd5MzpcrVhgXOpQDQpj+W
+fH5XZABkEoDrSE+cAd/wgRZzWFnTU5Gr3tZDpdpXbiadpoaRtcqJgqsu0q+lDBXX
+W97JwcGr6P6Ff/Ui2GcdZOYeBjDsZRSLN/0vEMYQJWL77CJmczwQ/LRpizZtNoBc
+XP4m9aRI2nUsQF+gdrtjht/xk2ONpL0UsdWpDRmjiQ9c1DHKYxqtcYJLnMBeDMve
+SY87xQKCAQAi5a1wnzSqF9KCy+e7HCuWOqTYIB+jVNLE4pnjvZp5Ow5HnlQ/uvsI
+/u69tbcNManiJQTHQS7zynwutQW7IdIiGlOKMpLayi4GoCalULpH71m1Fn62nN+8
+4wJY6xoslMPy84cPqSD4cO6K6SV+RlYB6OcTN3buRxEiftxYawiApTcLPPWJ/zD1
+B7HJeMpcA1//vBym+V/hOXtQm1YqfOG23QPJoch1U9kthWDVrbHAvB94IF2TemAH
++OgzdZvrInRj74yxMOdwGxeA4rVtslJ72MhLM/8XBYVN21dDIlB2NHyj2kK+dTe1
+aeb1tnr+GdbTKIRMCErMeSSQoAq/CqDBAoIBAGI603m4VyoBxpWqB5p11LW9tP5S
+Rt79NBUUdB9onXfwn/bVkgRIOM7GzKmp8lFnz5q0wtqDwHd4AAKs76HsVnge9T/1
+TRrWX07bZ14EcIYS7ZjeVZfH+ZaoJ89l2v14cbf+MHA5f9IMb8Z5ei/+Ob1JFeHf
+YPBShDgzP77W/yuw2XpwFvy1p6atby1HP/iaJ5gunhrCxFsL8pA57X9Fj8aDeidq
+2MsXqzT8TLdzsNEPR5g3qq43fIGPjNnfwm+uRW1yvvaaschACCpodsSAIDJe4vuj
+ckL2bH+SUw71GVzsXreEf+Ryv71Bt4wJzLpoZbMCbEjuTfDvr+hWEBAU9EU=
+-----END RSA PRIVATE KEY-----
diff -r 2fd4f9980a2a -r be30d50bc4f0 ui/tests/data/codesign/codesigning-other.pem
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/tests/data/codesign/codesigning-other.pem Tue Jun 24 15:24:09 2014 +0200
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFqTCCA5GgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMSAwHgYDVQQDExdQdWJs
+aWMgVHJ1c3RCcmlkZ2UgVGVzdDEoMCYGA1UEChMfUHVibGljIHNlY3JldCBkbyBu
+b3QgdHJ1c3QgdGhpczELMAkGA1UEBhMCREUwHhcNMTMwMTAxMDAwMDAwWhcNMTUx
+MjMxMjM1OTU5WjBlMSwwKgYDVQQDEyNQdWJsaWMgVHJ1c3RCcmlkZ2UgY29kZXNp
+Z25pbmcgdGVzdDEoMCYGA1UEChMfUHVibGljIHNlY3JldCBkbyBub3QgdHJ1c3Qg
+dGhpczELMAkGA1UEBhMCREUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCq39hi9rzq5kuPboqQ2slvqKYcVu8+jFftAEAiSEz7nQYpm44/9Bkpx0B41kbs
+56mqRzjoMzUmBM8Wyda5k+bTFOHHtjwtMaG4C3BzN1ANtp1zw08be4q+fZWaVBo3
+bImbFWCU1ZYm7m2QLXd/M+QME3f5abur6/S1jwWsD2IA87p1GysGUZjRc5wHFHbS
+FrtQSNXZ+2xUpiDApb3CfAX6RlTTDs5pPMtLwkiChg+0nHaTlMFjpaAZBGsV2v/V
+IdX17MAsqWB73++4k0z85pI8t+CY5zGeX5naOJChLuiIkhqAgYeq5XVJxoC+xoJz
+u5B6d4PcrUzTcjaj+plxcIGDkB1u2q1ZkrYiJX/hxJgebmD2YwSdJ1KWPAP8wc6N
+t00bWa/5QcH3nxHTAx12IxNOrnnyXKIO6h6HnivGlznVtP6IyGWOGQzuGrHQ8RfD
+ANnyiE7onEJHPyTUcdOzBX2DrfXmgRklswhtU4ttZSIdwnD4kP23X6Mm7E11jXPd
+yz3mWqVv7H7AhU/c7B2R5wWZWbk9FYJHh3frEYIR7+mfeRXcq1XGYVM7UDOvfyIY
+awyF0qgrd2xbg9WeE2gRXjJrlSndYqBdzREatUyOkTTZtZETZa/U3x3i4ZE1En22
+wzuSvHfttzENIYvmJOhYxqnGSIafvqHGzaxG/O6r3Wn4zwIDAQABo3AwbjAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBS0lOBu/DAejrDytCTEGB+6rDLVizAfBgNVHSMEGDAW
+gBTl/kZGRoa0cm82zW7CPn3yqk4MeTAOBgNVHQ8BAQEEBAMCAYAwEQYJYIZIAYb4
+QgEBBAQDAgAQMA0GCSqGSIb3DQEBBQUAA4ICAQA2ublxGKfS6s5iAz8OAuMdGKg0
+oxacGX378xBctl7s+PORwx7kOo1X96d8KuQyWf9LXSZv1uPPRnEO+atMF2hswqcS
+gFx/Y32vEz8dGeqye6qOGfQOBD7M4wZ7ww/CiTJJBVbQ54WrU3zoy5Fga/ijXOtY
+i0AaZaoFfureK6+fCua9h+SRE7OljDCpSHigWTIY9MQ6fe7T8wXTnxhopdgT8k0R
+NXL/UNEUm/y79xIFfBpsVQbqMwhvtu4j6qGEmT6DhDcbnlQU8kwTkf5dYopC2kBT
+4atKKvWrfyoF2jDPSbwB0/ZztmRQtvE+Ve4+bGZREEy/0cviGmuGkzRXdfA/Ckl8
+4em9A01C8PzQ49psN+YGnl0OSiVXweHJzYnEy7/jep8ImHp8uXr2fT3sdreiUh9v
+tv9j12Yy0AlgJp6TsgVPIpbS1CtZqF9vqojKAef3NxNZLjGKOdwlvlP+c0/A3xne
+kubVCuGaVCrBvvZ3lOoqiDrkYjhaDADJoyQwNhU75Ah7fziJ1pjIyPUePYwJaOoc
+b3ntUNAtLNy8EXTI0jhlJH4uo8aMi3eO52kNrRUScBtySATSCyB7k2gkdSfCnF03
+LUbDV2nTFK5NJ7+8rz/LNStu60nO5j1poVAPflbfz9mMNgb0wmncIyMr6w+Ixwpd
+qSaFDC+2vJwwzhGmlg==
+-----END CERTIFICATE-----
More information about the Trustbridge-commits
mailing list