changeset 637:be30d50bc4f0

Add remaining tests to check binverify functionality
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 24 Jun 2014 15:24:09 +0200 (2014-06-24)
parents 2fd4f9980a2a
children c7a35fa302ec
files common/binverify.c ui/tests/CMakeLists.txt ui/tests/binverifytest.cpp ui/tests/binverifytest.h ui/tests/data/NOTES ui/tests/data/codesign/codesigning-other.key ui/tests/data/codesign/codesigning-other.pem
diffstat 7 files changed, 154 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/common/binverify.c	Mon Jun 23 18:00:45 2014 +0200
+++ b/common/binverify.c	Tue Jun 24 15:24:09 2014 +0200
@@ -200,7 +200,7 @@
   else
     {
       ERRORPRINTF ("Certificate mismatch. \n");
-      retval = VerifyInvalidSignature;
+      retval = VerifyInvalidCertificate;
       syslog_error_printf ("Software update embedded signature "
                            "created with wrong certificate.");
       goto done;
--- a/ui/tests/CMakeLists.txt	Mon Jun 23 18:00:45 2014 +0200
+++ b/ui/tests/CMakeLists.txt	Tue Jun 24 15:24:09 2014 +0200
@@ -81,6 +81,31 @@
          -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe
          -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-signed.exe
          )
+      add_custom_command(
+         TARGET binverifytest
+         POST_BUILD
+         COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem
+         -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.key
+         -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe
+         -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-other-key.exe
+         )
+      add_custom_command(
+         TARGET binverifytest
+         POST_BUILD
+         COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.pem
+         -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.key
+         -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe
+         -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-other-cert.exe
+         )
+      add_custom_command(
+         TARGET binverifytest
+         POST_BUILD
+         COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem
+         -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.key
+         -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe
+         -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-invalid.exe &&
+         ${CMAKE_STRIP} ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-invalid.exe
+         )
     endif()
 else ()
    add_custom_test (binverifytest.cpp "")
--- a/ui/tests/binverifytest.cpp	Mon Jun 23 18:00:45 2014 +0200
+++ b/ui/tests/binverifytest.cpp	Tue Jun 24 15:24:09 2014 +0200
@@ -24,21 +24,41 @@
   QVERIFY (verify_binary ("bar", -1) != VerifyValid);
   /* On windows the next line will check that a valid microsoft
    * signed executable is not valid for us (pinning). On linux
-   * it will just fail with a read error. */
+   * it will just fail with a read error which we tested above */
+#ifdef Q_OS_WIN
   QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe",
-                          strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyValid);
+                          strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyInvalidCertificate);
+#endif
   QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid);
 }
 
+/* Check that a signature with only a different key (of the same size)
+ * is not validated (Invalid signature because key and cert don't match)*/
+void BinVerifyTest::testOtherKey()
+{
+    QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX,
+                strlen("fakeinst-other-key" EXE_SUFFIX)));
+}
+
+/* Check that an invalid signature is not validated */
+void BinVerifyTest::testInvalidSig()
+{
+    QVERIFY(VerifyValid != verify_binary ("fakeinst-invalid" EXE_SUFFIX,
+                strlen("fakeinst-invalid" EXE_SUFFIX)));
+}
+
+/* Check that a signature with a different (valid) certificate is not validated */
+void BinVerifyTest::testOtherCert()
+{
+    QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX,
+                strlen("fakeinst-other-cert" EXE_SUFFIX)));
+}
+
 /* Check that no signature is not validated */
-/* Check that an invalid signature is not validated */
-/* Check that a signature with only a different key (of the same size)
- * is not validated */
-/* Check that a signature with a different certificate is not validated */
 void BinVerifyTest::testNoSignature()
 {
-    QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst" EXE_SUFFIX,
-                                                     strlen("fakeinst" EXE_SUFFIX)));
+    QVERIFY(VerifyValid != verify_binary ("fakeinst" EXE_SUFFIX,
+                strlen("fakeinst" EXE_SUFFIX)));
 }
 
 /* Check that a valid signed executable is verified */
--- a/ui/tests/binverifytest.h	Mon Jun 23 18:00:45 2014 +0200
+++ b/ui/tests/binverifytest.h	Tue Jun 24 15:24:09 2014 +0200
@@ -18,6 +18,9 @@
   void testNoSignature();
   void testMiscErrors();
   void testValidBinary();
+  void testOtherKey();
+  void testOtherCert();
+  void testInvalidSig();
 };
 #endif
 
--- a/ui/tests/data/NOTES	Mon Jun 23 18:00:45 2014 +0200
+++ b/ui/tests/data/NOTES	Tue Jun 24 15:24:09 2014 +0200
@@ -117,3 +117,16 @@
       -h sha256 \
       -in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \
       -out TrustBridge-0.6+21-aee3eb10bbba-signed.exe
+
+# Different test certificates.
+gen_key filename=codesigning-other.key
+cert_req filename=codesigning-other.key output_file=codesigning-other.csr \
+subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \
+key_usage=digital_signature \
+ns_cert_type=object_signing
+
+cert_write request_file=codesigning-other.csr issuer_crt=codesigning_root.pem \
+issuer_key=codesigning_root.key output_file=codesigning-other.pem \
+not_before=20130101000000 not_after=20151231235959 \
+key_usage=digital_signature \
+ns_cert_type=object_signing
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/tests/data/codesign/codesigning-other.key	Tue Jun 24 15:24:09 2014 +0200
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAqt/YYva86uZLj26KkNrJb6imHFbvPoxX7QBAIkhM+50GKZuO
+P/QZKcdAeNZG7Oepqkc46DM1JgTPFsnWuZPm0xThx7Y8LTGhuAtwczdQDbadc8NP
+G3uKvn2VmlQaN2yJmxVglNWWJu5tkC13fzPkDBN3+Wm7q+v0tY8FrA9iAPO6dRsr
+BlGY0XOcBxR20ha7UEjV2ftsVKYgwKW9wnwF+kZU0w7OaTzLS8JIgoYPtJx2k5TB
+Y6WgGQRrFdr/1SHV9ezALKlge9/vuJNM/OaSPLfgmOcxnl+Z2jiQoS7oiJIagIGH
+quV1ScaAvsaCc7uQeneD3K1M03I2o/qZcXCBg5AdbtqtWZK2IiV/4cSYHm5g9mME
+nSdSljwD/MHOjbdNG1mv+UHB958R0wMddiMTTq558lyiDuoeh54rxpc51bT+iMhl
+jhkM7hqx0PEXwwDZ8ohO6JxCRz8k1HHTswV9g6315oEZJbMIbVOLbWUiHcJw+JD9
+t1+jJuxNdY1z3cs95lqlb+x+wIVP3OwdkecFmVm5PRWCR4d36xGCEe/pn3kV3KtV
+xmFTO1Azr38iGGsMhdKoK3dsW4PVnhNoEV4ya5Up3WKgXc0RGrVMjpE02bWRE2Wv
+1N8d4uGRNRJ9tsM7krx37bcxDSGL5iToWMapxkiGn76hxs2sRvzuq91p+M8CAwEA
+AQKCAgEAiKip6Mwo3zz75WSlEaDJRbH91+B3SvD3SSbQJBrq5rj4usIcDG3uygj/
+OSU2aDYG7ZY0nxCFSzjBXxphzt3I17x1rkHC8uokyorrjloIfk80sebcF8DAgAT0
+Zw8oQHdfvlZkfeQsSEqb+ZlDXspjcn0HkMPNQnxdo+8UvD05RkWnNA1cZZtQuwLZ
+IJhvRyrC+DyoO8PnKfQLcceccjS6myUwpfPLhUMH3DkvwKPzX6Fa/EEWQdmupxNv
+iXUy8oQzGJIWSCHWdnvsvxOfmQvWnRT6XY9Zka4n3+0pTp+zfbZL18bAeB83pJ9L
+TEh7AJBbxnZbUVyQevN3W8IKgj1WdkuIWHHsc+lMHSbB0U+7gTPIFgap53OEEg5q
+fdxZdk7mEj4lnH3nVfojL4nQ6wfKL9vOVCFEGcBUOYsg3QHGQ1j2avItfnJ6Q04k
+jvRwPmJoaewdIm2Q0bI9DDo1TPWtPKIMlIYSLVCQAO+u4E0vWfw0fzTWcoMVvg1L
+eAQz0fuwFLxTkczJgI67qLxSjGjGiyDJ+2f+XaJlM4S/59SrqlMDTLOnSXAmmo6M
+yIoB5PZ9uGxSYzZWJUuRbVAaos97fc3dxKp83G8iKLo1PzLLdaVmYgabSPXBDXYX
+f3SmOJd6dcmKHNWJdOdFRzxhhzsUQTwWxkRYXEM4MW7BZ417cpECggEBAPx486Zg
+ayFHK3P35lJGZ4lHOj697mYMnEQ4LtJwV0nro1UbfX3W6lBQeMz4MZxJloJpEA3Z
+djGE+KxBPDa6hvQoICylEPfMvOC4cjtSf/pEOGcJ2H8UqVbuL+yXIcJmHGjAmZ5y
+6cReu4hHFkbJeHRYvZRYleML6TwSuWREq8tEsJh5xGLHZlXgMFsfEuqh3l3Onbk8
+Zdl0b7Q0f/NP7qVpy4gwsAJUnzxYOVTIjUCUVwV4TZhBdIe36b8ey5GnPT52hgZp
+SpjSZp5z2b1Nb28A2fis/5I4I01fnaYq3o/bXMC2M+OUvH4JO7FPwVt2KtDX1A4a
+TRcPBeUzvaXWLqsCggEBAK1DCDCnC6lbeTlgFnpVxgUV75uO49RVc576s3pnm0i3
+2FVEfy/Fj79XCO8FDqQCTzN9L7biVM8nt+CuyWPA9JhKRZh6M8T8IxRx1AsA7E8A
+9nd4eKbbgeVeAchoAvEVu0MroviOcPsScX2C9KmnpY0qr45mmMfL25HXo1xNl/b0
++mxflqHCdk6sqSNE9inY0xD9wf/OfAQ3KrUJIVC85qC2WrzFtB0Yy5XZLiOoBJ/D
+zh+lz/pCKaBKKnDoZ6fXpsG0m8lXDVzUZRStlPQMamX/da6g78SC4Goi2mx7QpHw
+Os8bH9HrVExdpCSQ7Nmdur6DZxvccpgf+zl+0v0ATm0CggEAQW+v5t1ypstlbcdA
+wO5Sg3gclopvsa9vCRduu0g2t4gFa1eWrPj4/hv9U1K4uQMxqVdFu/Ey+x61vR+j
+VaP+umV0AV4/CZrdEXl80fdOCDWKUNpybG2Ufl15ul5pd5MzpcrVhgXOpQDQpj+W
+fH5XZABkEoDrSE+cAd/wgRZzWFnTU5Gr3tZDpdpXbiadpoaRtcqJgqsu0q+lDBXX
+W97JwcGr6P6Ff/Ui2GcdZOYeBjDsZRSLN/0vEMYQJWL77CJmczwQ/LRpizZtNoBc
+XP4m9aRI2nUsQF+gdrtjht/xk2ONpL0UsdWpDRmjiQ9c1DHKYxqtcYJLnMBeDMve
+SY87xQKCAQAi5a1wnzSqF9KCy+e7HCuWOqTYIB+jVNLE4pnjvZp5Ow5HnlQ/uvsI
+/u69tbcNManiJQTHQS7zynwutQW7IdIiGlOKMpLayi4GoCalULpH71m1Fn62nN+8
+4wJY6xoslMPy84cPqSD4cO6K6SV+RlYB6OcTN3buRxEiftxYawiApTcLPPWJ/zD1
+B7HJeMpcA1//vBym+V/hOXtQm1YqfOG23QPJoch1U9kthWDVrbHAvB94IF2TemAH
++OgzdZvrInRj74yxMOdwGxeA4rVtslJ72MhLM/8XBYVN21dDIlB2NHyj2kK+dTe1
+aeb1tnr+GdbTKIRMCErMeSSQoAq/CqDBAoIBAGI603m4VyoBxpWqB5p11LW9tP5S
+Rt79NBUUdB9onXfwn/bVkgRIOM7GzKmp8lFnz5q0wtqDwHd4AAKs76HsVnge9T/1
+TRrWX07bZ14EcIYS7ZjeVZfH+ZaoJ89l2v14cbf+MHA5f9IMb8Z5ei/+Ob1JFeHf
+YPBShDgzP77W/yuw2XpwFvy1p6atby1HP/iaJ5gunhrCxFsL8pA57X9Fj8aDeidq
+2MsXqzT8TLdzsNEPR5g3qq43fIGPjNnfwm+uRW1yvvaaschACCpodsSAIDJe4vuj
+ckL2bH+SUw71GVzsXreEf+Ryv71Bt4wJzLpoZbMCbEjuTfDvr+hWEBAU9EU=
+-----END RSA PRIVATE KEY-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ui/tests/data/codesign/codesigning-other.pem	Tue Jun 24 15:24:09 2014 +0200
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFqTCCA5GgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMSAwHgYDVQQDExdQdWJs
+aWMgVHJ1c3RCcmlkZ2UgVGVzdDEoMCYGA1UEChMfUHVibGljIHNlY3JldCBkbyBu
+b3QgdHJ1c3QgdGhpczELMAkGA1UEBhMCREUwHhcNMTMwMTAxMDAwMDAwWhcNMTUx
+MjMxMjM1OTU5WjBlMSwwKgYDVQQDEyNQdWJsaWMgVHJ1c3RCcmlkZ2UgY29kZXNp
+Z25pbmcgdGVzdDEoMCYGA1UEChMfUHVibGljIHNlY3JldCBkbyBub3QgdHJ1c3Qg
+dGhpczELMAkGA1UEBhMCREUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCq39hi9rzq5kuPboqQ2slvqKYcVu8+jFftAEAiSEz7nQYpm44/9Bkpx0B41kbs
+56mqRzjoMzUmBM8Wyda5k+bTFOHHtjwtMaG4C3BzN1ANtp1zw08be4q+fZWaVBo3
+bImbFWCU1ZYm7m2QLXd/M+QME3f5abur6/S1jwWsD2IA87p1GysGUZjRc5wHFHbS
+FrtQSNXZ+2xUpiDApb3CfAX6RlTTDs5pPMtLwkiChg+0nHaTlMFjpaAZBGsV2v/V
+IdX17MAsqWB73++4k0z85pI8t+CY5zGeX5naOJChLuiIkhqAgYeq5XVJxoC+xoJz
+u5B6d4PcrUzTcjaj+plxcIGDkB1u2q1ZkrYiJX/hxJgebmD2YwSdJ1KWPAP8wc6N
+t00bWa/5QcH3nxHTAx12IxNOrnnyXKIO6h6HnivGlznVtP6IyGWOGQzuGrHQ8RfD
+ANnyiE7onEJHPyTUcdOzBX2DrfXmgRklswhtU4ttZSIdwnD4kP23X6Mm7E11jXPd
+yz3mWqVv7H7AhU/c7B2R5wWZWbk9FYJHh3frEYIR7+mfeRXcq1XGYVM7UDOvfyIY
+awyF0qgrd2xbg9WeE2gRXjJrlSndYqBdzREatUyOkTTZtZETZa/U3x3i4ZE1En22
+wzuSvHfttzENIYvmJOhYxqnGSIafvqHGzaxG/O6r3Wn4zwIDAQABo3AwbjAJBgNV
+HRMEAjAAMB0GA1UdDgQWBBS0lOBu/DAejrDytCTEGB+6rDLVizAfBgNVHSMEGDAW
+gBTl/kZGRoa0cm82zW7CPn3yqk4MeTAOBgNVHQ8BAQEEBAMCAYAwEQYJYIZIAYb4
+QgEBBAQDAgAQMA0GCSqGSIb3DQEBBQUAA4ICAQA2ublxGKfS6s5iAz8OAuMdGKg0
+oxacGX378xBctl7s+PORwx7kOo1X96d8KuQyWf9LXSZv1uPPRnEO+atMF2hswqcS
+gFx/Y32vEz8dGeqye6qOGfQOBD7M4wZ7ww/CiTJJBVbQ54WrU3zoy5Fga/ijXOtY
+i0AaZaoFfureK6+fCua9h+SRE7OljDCpSHigWTIY9MQ6fe7T8wXTnxhopdgT8k0R
+NXL/UNEUm/y79xIFfBpsVQbqMwhvtu4j6qGEmT6DhDcbnlQU8kwTkf5dYopC2kBT
+4atKKvWrfyoF2jDPSbwB0/ZztmRQtvE+Ve4+bGZREEy/0cviGmuGkzRXdfA/Ckl8
+4em9A01C8PzQ49psN+YGnl0OSiVXweHJzYnEy7/jep8ImHp8uXr2fT3sdreiUh9v
+tv9j12Yy0AlgJp6TsgVPIpbS1CtZqF9vqojKAef3NxNZLjGKOdwlvlP+c0/A3xne
+kubVCuGaVCrBvvZ3lOoqiDrkYjhaDADJoyQwNhU75Ah7fziJ1pjIyPUePYwJaOoc
+b3ntUNAtLNy8EXTI0jhlJH4uo8aMi3eO52kNrRUScBtySATSCyB7k2gkdSfCnF03
+LUbDV2nTFK5NJ7+8rz/LNStu60nO5j1poVAPflbfz9mMNgb0wmncIyMr6w+Ixwpd
+qSaFDC+2vJwwzhGmlg==
+-----END CERTIFICATE-----

http://wald.intevation.org/projects/trustbridge/