Mercurial > trustbridge
changeset 637:be30d50bc4f0
Add remaining tests to check binverify functionality
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 24 Jun 2014 15:24:09 +0200 |
parents | 2fd4f9980a2a |
children | c7a35fa302ec |
files | common/binverify.c ui/tests/CMakeLists.txt ui/tests/binverifytest.cpp ui/tests/binverifytest.h ui/tests/data/NOTES ui/tests/data/codesign/codesigning-other.key ui/tests/data/codesign/codesigning-other.pem |
diffstat | 7 files changed, 154 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/common/binverify.c Mon Jun 23 18:00:45 2014 +0200 +++ b/common/binverify.c Tue Jun 24 15:24:09 2014 +0200 @@ -200,7 +200,7 @@ else { ERRORPRINTF ("Certificate mismatch. \n"); - retval = VerifyInvalidSignature; + retval = VerifyInvalidCertificate; syslog_error_printf ("Software update embedded signature " "created with wrong certificate."); goto done;
--- a/ui/tests/CMakeLists.txt Mon Jun 23 18:00:45 2014 +0200 +++ b/ui/tests/CMakeLists.txt Tue Jun 24 15:24:09 2014 +0200 @@ -81,6 +81,31 @@ -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-signed.exe ) + add_custom_command( + TARGET binverifytest + POST_BUILD + COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem + -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.key + -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe + -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-other-key.exe + ) + add_custom_command( + TARGET binverifytest + POST_BUILD + COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.pem + -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning-other.key + -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe + -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-other-cert.exe + ) + add_custom_command( + TARGET binverifytest + POST_BUILD + COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem + -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.key + -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe + -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-invalid.exe && + ${CMAKE_STRIP} ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-invalid.exe + ) endif() else () add_custom_test (binverifytest.cpp "")
--- a/ui/tests/binverifytest.cpp Mon Jun 23 18:00:45 2014 +0200 +++ b/ui/tests/binverifytest.cpp Tue Jun 24 15:24:09 2014 +0200 @@ -24,21 +24,41 @@ QVERIFY (verify_binary ("bar", -1) != VerifyValid); /* On windows the next line will check that a valid microsoft * signed executable is not valid for us (pinning). On linux - * it will just fail with a read error. */ + * it will just fail with a read error which we tested above */ +#ifdef Q_OS_WIN QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe", - strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyValid); + strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyInvalidCertificate); +#endif QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid); } +/* Check that a signature with only a different key (of the same size) + * is not validated (Invalid signature because key and cert don't match)*/ +void BinVerifyTest::testOtherKey() +{ + QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX, + strlen("fakeinst-other-key" EXE_SUFFIX))); +} + +/* Check that an invalid signature is not validated */ +void BinVerifyTest::testInvalidSig() +{ + QVERIFY(VerifyValid != verify_binary ("fakeinst-invalid" EXE_SUFFIX, + strlen("fakeinst-invalid" EXE_SUFFIX))); +} + +/* Check that a signature with a different (valid) certificate is not validated */ +void BinVerifyTest::testOtherCert() +{ + QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX, + strlen("fakeinst-other-cert" EXE_SUFFIX))); +} + /* Check that no signature is not validated */ -/* Check that an invalid signature is not validated */ -/* Check that a signature with only a different key (of the same size) - * is not validated */ -/* Check that a signature with a different certificate is not validated */ void BinVerifyTest::testNoSignature() { - QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst" EXE_SUFFIX, - strlen("fakeinst" EXE_SUFFIX))); + QVERIFY(VerifyValid != verify_binary ("fakeinst" EXE_SUFFIX, + strlen("fakeinst" EXE_SUFFIX))); } /* Check that a valid signed executable is verified */
--- a/ui/tests/binverifytest.h Mon Jun 23 18:00:45 2014 +0200 +++ b/ui/tests/binverifytest.h Tue Jun 24 15:24:09 2014 +0200 @@ -18,6 +18,9 @@ void testNoSignature(); void testMiscErrors(); void testValidBinary(); + void testOtherKey(); + void testOtherCert(); + void testInvalidSig(); }; #endif
--- a/ui/tests/data/NOTES Mon Jun 23 18:00:45 2014 +0200 +++ b/ui/tests/data/NOTES Tue Jun 24 15:24:09 2014 +0200 @@ -117,3 +117,16 @@ -h sha256 \ -in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \ -out TrustBridge-0.6+21-aee3eb10bbba-signed.exe + +# Different test certificates. +gen_key filename=codesigning-other.key +cert_req filename=codesigning-other.key output_file=codesigning-other.csr \ +subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \ +key_usage=digital_signature \ +ns_cert_type=object_signing + +cert_write request_file=codesigning-other.csr issuer_crt=codesigning_root.pem \ +issuer_key=codesigning_root.key output_file=codesigning-other.pem \ +not_before=20130101000000 not_after=20151231235959 \ +key_usage=digital_signature \ +ns_cert_type=object_signing
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ui/tests/data/codesign/codesigning-other.key Tue Jun 24 15:24:09 2014 +0200 @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAqt/YYva86uZLj26KkNrJb6imHFbvPoxX7QBAIkhM+50GKZuO +P/QZKcdAeNZG7Oepqkc46DM1JgTPFsnWuZPm0xThx7Y8LTGhuAtwczdQDbadc8NP +G3uKvn2VmlQaN2yJmxVglNWWJu5tkC13fzPkDBN3+Wm7q+v0tY8FrA9iAPO6dRsr +BlGY0XOcBxR20ha7UEjV2ftsVKYgwKW9wnwF+kZU0w7OaTzLS8JIgoYPtJx2k5TB +Y6WgGQRrFdr/1SHV9ezALKlge9/vuJNM/OaSPLfgmOcxnl+Z2jiQoS7oiJIagIGH +quV1ScaAvsaCc7uQeneD3K1M03I2o/qZcXCBg5AdbtqtWZK2IiV/4cSYHm5g9mME +nSdSljwD/MHOjbdNG1mv+UHB958R0wMddiMTTq558lyiDuoeh54rxpc51bT+iMhl +jhkM7hqx0PEXwwDZ8ohO6JxCRz8k1HHTswV9g6315oEZJbMIbVOLbWUiHcJw+JD9 +t1+jJuxNdY1z3cs95lqlb+x+wIVP3OwdkecFmVm5PRWCR4d36xGCEe/pn3kV3KtV +xmFTO1Azr38iGGsMhdKoK3dsW4PVnhNoEV4ya5Up3WKgXc0RGrVMjpE02bWRE2Wv +1N8d4uGRNRJ9tsM7krx37bcxDSGL5iToWMapxkiGn76hxs2sRvzuq91p+M8CAwEA +AQKCAgEAiKip6Mwo3zz75WSlEaDJRbH91+B3SvD3SSbQJBrq5rj4usIcDG3uygj/ +OSU2aDYG7ZY0nxCFSzjBXxphzt3I17x1rkHC8uokyorrjloIfk80sebcF8DAgAT0 +Zw8oQHdfvlZkfeQsSEqb+ZlDXspjcn0HkMPNQnxdo+8UvD05RkWnNA1cZZtQuwLZ +IJhvRyrC+DyoO8PnKfQLcceccjS6myUwpfPLhUMH3DkvwKPzX6Fa/EEWQdmupxNv +iXUy8oQzGJIWSCHWdnvsvxOfmQvWnRT6XY9Zka4n3+0pTp+zfbZL18bAeB83pJ9L +TEh7AJBbxnZbUVyQevN3W8IKgj1WdkuIWHHsc+lMHSbB0U+7gTPIFgap53OEEg5q +fdxZdk7mEj4lnH3nVfojL4nQ6wfKL9vOVCFEGcBUOYsg3QHGQ1j2avItfnJ6Q04k +jvRwPmJoaewdIm2Q0bI9DDo1TPWtPKIMlIYSLVCQAO+u4E0vWfw0fzTWcoMVvg1L +eAQz0fuwFLxTkczJgI67qLxSjGjGiyDJ+2f+XaJlM4S/59SrqlMDTLOnSXAmmo6M +yIoB5PZ9uGxSYzZWJUuRbVAaos97fc3dxKp83G8iKLo1PzLLdaVmYgabSPXBDXYX +f3SmOJd6dcmKHNWJdOdFRzxhhzsUQTwWxkRYXEM4MW7BZ417cpECggEBAPx486Zg +ayFHK3P35lJGZ4lHOj697mYMnEQ4LtJwV0nro1UbfX3W6lBQeMz4MZxJloJpEA3Z +djGE+KxBPDa6hvQoICylEPfMvOC4cjtSf/pEOGcJ2H8UqVbuL+yXIcJmHGjAmZ5y +6cReu4hHFkbJeHRYvZRYleML6TwSuWREq8tEsJh5xGLHZlXgMFsfEuqh3l3Onbk8 +Zdl0b7Q0f/NP7qVpy4gwsAJUnzxYOVTIjUCUVwV4TZhBdIe36b8ey5GnPT52hgZp +SpjSZp5z2b1Nb28A2fis/5I4I01fnaYq3o/bXMC2M+OUvH4JO7FPwVt2KtDX1A4a +TRcPBeUzvaXWLqsCggEBAK1DCDCnC6lbeTlgFnpVxgUV75uO49RVc576s3pnm0i3 +2FVEfy/Fj79XCO8FDqQCTzN9L7biVM8nt+CuyWPA9JhKRZh6M8T8IxRx1AsA7E8A +9nd4eKbbgeVeAchoAvEVu0MroviOcPsScX2C9KmnpY0qr45mmMfL25HXo1xNl/b0 ++mxflqHCdk6sqSNE9inY0xD9wf/OfAQ3KrUJIVC85qC2WrzFtB0Yy5XZLiOoBJ/D +zh+lz/pCKaBKKnDoZ6fXpsG0m8lXDVzUZRStlPQMamX/da6g78SC4Goi2mx7QpHw +Os8bH9HrVExdpCSQ7Nmdur6DZxvccpgf+zl+0v0ATm0CggEAQW+v5t1ypstlbcdA +wO5Sg3gclopvsa9vCRduu0g2t4gFa1eWrPj4/hv9U1K4uQMxqVdFu/Ey+x61vR+j +VaP+umV0AV4/CZrdEXl80fdOCDWKUNpybG2Ufl15ul5pd5MzpcrVhgXOpQDQpj+W +fH5XZABkEoDrSE+cAd/wgRZzWFnTU5Gr3tZDpdpXbiadpoaRtcqJgqsu0q+lDBXX +W97JwcGr6P6Ff/Ui2GcdZOYeBjDsZRSLN/0vEMYQJWL77CJmczwQ/LRpizZtNoBc +XP4m9aRI2nUsQF+gdrtjht/xk2ONpL0UsdWpDRmjiQ9c1DHKYxqtcYJLnMBeDMve +SY87xQKCAQAi5a1wnzSqF9KCy+e7HCuWOqTYIB+jVNLE4pnjvZp5Ow5HnlQ/uvsI +/u69tbcNManiJQTHQS7zynwutQW7IdIiGlOKMpLayi4GoCalULpH71m1Fn62nN+8 +4wJY6xoslMPy84cPqSD4cO6K6SV+RlYB6OcTN3buRxEiftxYawiApTcLPPWJ/zD1 +B7HJeMpcA1//vBym+V/hOXtQm1YqfOG23QPJoch1U9kthWDVrbHAvB94IF2TemAH ++OgzdZvrInRj74yxMOdwGxeA4rVtslJ72MhLM/8XBYVN21dDIlB2NHyj2kK+dTe1 +aeb1tnr+GdbTKIRMCErMeSSQoAq/CqDBAoIBAGI603m4VyoBxpWqB5p11LW9tP5S +Rt79NBUUdB9onXfwn/bVkgRIOM7GzKmp8lFnz5q0wtqDwHd4AAKs76HsVnge9T/1 +TRrWX07bZ14EcIYS7ZjeVZfH+ZaoJ89l2v14cbf+MHA5f9IMb8Z5ei/+Ob1JFeHf +YPBShDgzP77W/yuw2XpwFvy1p6atby1HP/iaJ5gunhrCxFsL8pA57X9Fj8aDeidq +2MsXqzT8TLdzsNEPR5g3qq43fIGPjNnfwm+uRW1yvvaaschACCpodsSAIDJe4vuj +ckL2bH+SUw71GVzsXreEf+Ryv71Bt4wJzLpoZbMCbEjuTfDvr+hWEBAU9EU= +-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ui/tests/data/codesign/codesigning-other.pem Tue Jun 24 15:24:09 2014 +0200 @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFqTCCA5GgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMSAwHgYDVQQDExdQdWJs +aWMgVHJ1c3RCcmlkZ2UgVGVzdDEoMCYGA1UEChMfUHVibGljIHNlY3JldCBkbyBu +b3QgdHJ1c3QgdGhpczELMAkGA1UEBhMCREUwHhcNMTMwMTAxMDAwMDAwWhcNMTUx +MjMxMjM1OTU5WjBlMSwwKgYDVQQDEyNQdWJsaWMgVHJ1c3RCcmlkZ2UgY29kZXNp +Z25pbmcgdGVzdDEoMCYGA1UEChMfUHVibGljIHNlY3JldCBkbyBub3QgdHJ1c3Qg +dGhpczELMAkGA1UEBhMCREUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCq39hi9rzq5kuPboqQ2slvqKYcVu8+jFftAEAiSEz7nQYpm44/9Bkpx0B41kbs +56mqRzjoMzUmBM8Wyda5k+bTFOHHtjwtMaG4C3BzN1ANtp1zw08be4q+fZWaVBo3 +bImbFWCU1ZYm7m2QLXd/M+QME3f5abur6/S1jwWsD2IA87p1GysGUZjRc5wHFHbS +FrtQSNXZ+2xUpiDApb3CfAX6RlTTDs5pPMtLwkiChg+0nHaTlMFjpaAZBGsV2v/V +IdX17MAsqWB73++4k0z85pI8t+CY5zGeX5naOJChLuiIkhqAgYeq5XVJxoC+xoJz +u5B6d4PcrUzTcjaj+plxcIGDkB1u2q1ZkrYiJX/hxJgebmD2YwSdJ1KWPAP8wc6N +t00bWa/5QcH3nxHTAx12IxNOrnnyXKIO6h6HnivGlznVtP6IyGWOGQzuGrHQ8RfD +ANnyiE7onEJHPyTUcdOzBX2DrfXmgRklswhtU4ttZSIdwnD4kP23X6Mm7E11jXPd +yz3mWqVv7H7AhU/c7B2R5wWZWbk9FYJHh3frEYIR7+mfeRXcq1XGYVM7UDOvfyIY +awyF0qgrd2xbg9WeE2gRXjJrlSndYqBdzREatUyOkTTZtZETZa/U3x3i4ZE1En22 +wzuSvHfttzENIYvmJOhYxqnGSIafvqHGzaxG/O6r3Wn4zwIDAQABo3AwbjAJBgNV +HRMEAjAAMB0GA1UdDgQWBBS0lOBu/DAejrDytCTEGB+6rDLVizAfBgNVHSMEGDAW +gBTl/kZGRoa0cm82zW7CPn3yqk4MeTAOBgNVHQ8BAQEEBAMCAYAwEQYJYIZIAYb4 +QgEBBAQDAgAQMA0GCSqGSIb3DQEBBQUAA4ICAQA2ublxGKfS6s5iAz8OAuMdGKg0 +oxacGX378xBctl7s+PORwx7kOo1X96d8KuQyWf9LXSZv1uPPRnEO+atMF2hswqcS +gFx/Y32vEz8dGeqye6qOGfQOBD7M4wZ7ww/CiTJJBVbQ54WrU3zoy5Fga/ijXOtY +i0AaZaoFfureK6+fCua9h+SRE7OljDCpSHigWTIY9MQ6fe7T8wXTnxhopdgT8k0R +NXL/UNEUm/y79xIFfBpsVQbqMwhvtu4j6qGEmT6DhDcbnlQU8kwTkf5dYopC2kBT +4atKKvWrfyoF2jDPSbwB0/ZztmRQtvE+Ve4+bGZREEy/0cviGmuGkzRXdfA/Ckl8 +4em9A01C8PzQ49psN+YGnl0OSiVXweHJzYnEy7/jep8ImHp8uXr2fT3sdreiUh9v +tv9j12Yy0AlgJp6TsgVPIpbS1CtZqF9vqojKAef3NxNZLjGKOdwlvlP+c0/A3xne +kubVCuGaVCrBvvZ3lOoqiDrkYjhaDADJoyQwNhU75Ah7fziJ1pjIyPUePYwJaOoc +b3ntUNAtLNy8EXTI0jhlJH4uo8aMi3eO52kNrRUScBtySATSCyB7k2gkdSfCnF03 +LUbDV2nTFK5NJ7+8rz/LNStu60nO5j1poVAPflbfz9mMNgb0wmncIyMr6w+Ixwpd +qSaFDC+2vJwwzhGmlg== +-----END CERTIFICATE-----