From patchwork Thu Dec 19 22:04:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213771 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="OI+JwMGe"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5ZH1mbYz9sPJ for ; Fri, 20 Dec 2019 09:06:47 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=wiuAkkGoUv96/Tua0+YmpUNjh0K6EDn7pf7csGxo8yk=; b=OI+JwMGe8tlSi2 gcKCTuFknsEsMDTKq1YakJGM015SVj/E3YWLIotXrWKfI/4EGhRwt1Zi3lr1k9OIQXx6t3oZ/lIej Tk+5slv4Bly766pXMhczuy5z5spSwGqrUCokaL4cWI1nErGa6siu26pVqAH8NYJi30l8z0V/U1VDB oLghke9dlPEIVdGWY01VYo+Pscli/2GgczpPwu9OVFbpDJwNYgR/SIxJg9gmWolzcisA6Z/NzkZWv R96+YjCzNrVnQ5LRE1Ssi2txID/+zWInscpYJk7StvE4Xdy+JM6ilP5Q2raX4Ln3yV3Qz6vK7ZwZ2 iFCvxLrxmnRdB0NMyajw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3wP-0000iR-Of; Thu, 19 Dec 2019 22:06:41 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uL-0003gc-KF for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:43 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id B48B14B96; Thu, 19 Dec 2019 23:04:30 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id e3ab126f; Thu, 19 Dec 2019 23:04:20 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:18 +0100 Message-Id: <20191219220421.22206-7-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140433_973618_6DEF3B93 X-CRM114-Status: UNSURE ( 9.41 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH ucert 6/9] add cram based unit tests X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org For improved QA etc. for the start with initial test case for dump command. Signed-off-by: Petr Štetiar --- CMakeLists.txt | 14 +++++++ tests/CMakeLists.txt | 14 +++++++ tests/cram/CMakeLists.txt | 21 ++++++++++ tests/cram/inputs/invalid.ucert | Bin 0 -> 362 bytes tests/cram/inputs/key-build.ucert | Bin 0 -> 356 bytes tests/cram/test_ucert.t | 65 ++++++++++++++++++++++++++++++ 6 files changed, 114 insertions(+) create mode 100644 tests/CMakeLists.txt create mode 100644 tests/cram/CMakeLists.txt create mode 100644 tests/cram/inputs/invalid.ucert create mode 100644 tests/cram/inputs/key-build.ucert create mode 100644 tests/cram/test_ucert.t diff --git a/CMakeLists.txt b/CMakeLists.txt index 443d79bd4e8b..71c005990335 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -19,6 +19,14 @@ FIND_LIBRARY(ubox NAMES ubox) FIND_LIBRARY(blobmsg_json NAMES blobmsg_json) FIND_LIBRARY(json NAMES json-c json) +MACRO(ADD_UNIT_TEST_SAN name) + ADD_EXECUTABLE(${name}-san ${name}.c) + TARGET_COMPILE_OPTIONS(${name}-san PRIVATE -g -fno-omit-frame-pointer -fsanitize=undefined,address,leak -fno-sanitize-recover=all) + TARGET_LINK_OPTIONS(${name}-san PRIVATE -fsanitize=undefined,address,leak) + TARGET_LINK_LIBRARIES(${name}-san ucert_lib ${ubox} ${blobmsg_json} ${json}) + TARGET_INCLUDE_DIRECTORIES(${name}-san PRIVATE ${PROJECT_SOURCE_DIR}) +ENDMACRO(ADD_UNIT_TEST_SAN) + IF(UCERT_HOST_BUILD) ADD_DEFINITIONS(-DUCERT_HOST_BUILD) ENDIF() @@ -39,4 +47,10 @@ ELSE() TARGET_LINK_LIBRARIES(ucert ucert_lib ${ubox}) ENDIF() +IF(UNIT_TESTING) + ENABLE_TESTING() + ADD_SUBDIRECTORY(tests) + ADD_UNIT_TEST_SAN(ucert) +ENDIF() + INSTALL(TARGETS ucert RUNTIME DESTINATION bin) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt new file mode 100644 index 000000000000..efefc2e6cde7 --- /dev/null +++ b/tests/CMakeLists.txt @@ -0,0 +1,14 @@ +ADD_SUBDIRECTORY(cram) + +MACRO(ADD_UNIT_TEST name) + ADD_EXECUTABLE(${name} ${name}.c) + TARGET_LINK_LIBRARIES(${name} ubox blobmsg_json ${json}) + TARGET_INCLUDE_DIRECTORIES(${name} PRIVATE ${PROJECT_SOURCE_DIR}) +ENDMACRO(ADD_UNIT_TEST) + +FILE(GLOB test_cases "test-*.c") +FOREACH(test_case ${test_cases}) + GET_FILENAME_COMPONENT(test_case ${test_case} NAME_WE) + ADD_UNIT_TEST(${test_case}) + ADD_UNIT_TEST_SAN(${test_case}) +ENDFOREACH(test_case) diff --git a/tests/cram/CMakeLists.txt b/tests/cram/CMakeLists.txt new file mode 100644 index 000000000000..47247aa026a6 --- /dev/null +++ b/tests/cram/CMakeLists.txt @@ -0,0 +1,21 @@ +FIND_PACKAGE(PythonInterp 3 REQUIRED) +FILE(GLOB test_cases "test_*.t") + +SET(PYTHON_VENV_DIR "${CMAKE_CURRENT_BINARY_DIR}/.venv") +SET(PYTHON_VENV_PIP "${PYTHON_VENV_DIR}/bin/pip") +SET(PYTHON_VENV_CRAM "${PYTHON_VENV_DIR}/bin/cram") + +ADD_CUSTOM_COMMAND( + OUTPUT ${PYTHON_VENV_CRAM} + COMMAND ${PYTHON_EXECUTABLE} -m venv ${PYTHON_VENV_DIR} + COMMAND ${PYTHON_VENV_PIP} install cram +) +ADD_CUSTOM_TARGET(prepare-cram-venv ALL DEPENDS ${PYTHON_VENV_CRAM}) + +ADD_TEST( + NAME cram + COMMAND ${PYTHON_VENV_CRAM} ${test_cases} + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} +) + +SET_PROPERTY(TEST cram APPEND PROPERTY ENVIRONMENT "TEST_BIN_DIR=$") diff --git a/tests/cram/inputs/invalid.ucert b/tests/cram/inputs/invalid.ucert new file mode 100644 index 0000000000000000000000000000000000000000..dbdeb725d490b51fb442ae3c5a5b90a32376f108 GIT binary patch literal 362 zcmZwDyHbNt5P;!Lp`+9mmXtaa8pj0Uj74IIQG^6@K{AdraLxfvJmkVPPw-31Uf?$C_TsUrr8PYjbt&|wj_P)<(Qp~$*0OhO zXW{fp_l6esQJNUkNV+UjQQEv4(A7!H#E$FbN4eLYChq8*g9^aM6Tmxc#fStEyaMdO z&U%cp1t~8t0WSdiu$x$nVkemUn|OclmH&3KTF`)mRcW& zjx5I8F=cqI|BJ0B6vY_z0WNxQ Amp~XIs#+bmp7r6D(2X7dCdj<@`gJN|wF2w-=WI2*4D{^NeTL^k7{gfd*& r|CMc|6e)FzOyAO7W!fBSQm3h@6O{>;uBdHch+F1Ww + Commands: + -A:\t\t\tappend signature (needs -c and -x) (esc) + -D:\t\t\tdump (needs -c) (esc) + -I:\t\t\tissue cert and revoker (needs -c and -p and -s) (esc) + -R:\t\t\tprocess revoker certificate (needs -c and -P) (esc) + -V:\t\t\tverify (needs -c and -p|-P, may have -m) (esc) + Options: + -c :\t\tcertificate file (esc) + -m :\t\tmessage file (verify only) (esc) + -p :\t\tpublic key file (esc) + -P :\t\tpublic key directory (verify only) (esc) + -q:\t\t\tquiet (do not print verification result, use return code only) (esc) + -s :\t\tsecret key file (issue only) (esc) + -x :\t\tsignature file (append only) (esc) + + [1] + + $ ucert -D -c $TEST_INPUTS/key-build.ucert + === CHAIN ELEMENT 01 === + signature: + --- + untrusted comment: signed by key 84bfc88a17166577 + RWSEv8iKFxZld+bQ+NTqCdDlHOuVYNw5Qw7Q8shjfMgFJcTqrzaqO0bysjIQhTadmcwvWiWvHlyMcwAXSix2BYdfghz/zhDjvgU= + --- + payload: + --- + "ucert": { + \t"certtype": 1, (esc) + \t"validfrom": 1546188410, (esc) + \t"expiresat": 1577724410, (esc) + \t"pubkey": "untrusted comment: Local build key\\nRWSEv8iKFxZld6vicE1icWhYNfEV9PM7C9MKUKl+YNEKB+PdAWGDF5Z9\\n" (esc) + } + --- + $ ucert-san -D -c $TEST_INPUTS/key-build.ucert + === CHAIN ELEMENT 01 === + signature: + --- + untrusted comment: signed by key 84bfc88a17166577 + RWSEv8iKFxZld+bQ+NTqCdDlHOuVYNw5Qw7Q8shjfMgFJcTqrzaqO0bysjIQhTadmcwvWiWvHlyMcwAXSix2BYdfghz/zhDjvgU= + --- + payload: + --- + "ucert": { + \t"certtype": 1, (esc) + \t"validfrom": 1546188410, (esc) + \t"expiresat": 1577724410, (esc) + \t"pubkey": "untrusted comment: Local build key\\nRWSEv8iKFxZld6vicE1icWhYNfEV9PM7C9MKUKl+YNEKB+PdAWGDF5Z9\\n" (esc) + } + --- + + $ ucert -D -c $TEST_INPUTS/invalid.ucert + cert_dump(406): cannot parse cert + [1] + + $ ucert-san -D -c $TEST_INPUTS/invalid.ucert + cert_dump(406): cannot parse cert + [1]