From patchwork Sun Jul 28 17:49:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: 'Darko Komljenovic' via swupdate X-Patchwork-Id: 1138045 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::23b; helo=mail-lj1-x23b.google.com; envelope-from=swupdate+bncbcj4pko5sipbbhwa67uqkgqe62tie3q@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=googlegroups.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="jH+A97Bl"; dkim-atps=neutral Received: from mail-lj1-x23b.google.com (mail-lj1-x23b.google.com [IPv6:2a00:1450:4864:20::23b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45xVgn0xCvz9s4Y for ; Mon, 29 Jul 2019 03:49:23 +1000 (AEST) Received: by mail-lj1-x23b.google.com with SMTP id 9sf12706112ljp.7 for ; Sun, 28 Jul 2019 10:49:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1564336159; cv=pass; d=google.com; s=arc-20160816; b=VOvvWGaHIa0QgQb8Lb8J3MEZ1R+8zC2k3rnvX588NR/CZgb9+fDrQ41Y3ONNMBhON1 4n+xq7Y/EgdHyBoS0uUqKBYkoOoQ8hmWD99XqDsP9oI1pOkRRKH8fEy38uXMYBMzc17u UP+kD+ggXYJmtSebi9pjOJo2IvtP+cddnkEtg/AL70Ald4JX/ARBQFWSpGm5ZUKoPHO1 p88d0FEyxGDVxhtDpi/HsuZ65qaNxpQvHq1yVGAfaclrIZfqmDWfev7kQLT7iCQ0jylx PWCX6AK3cFjruz9RoCOl8lpgckwWQmk598UMWelqKgGGg+ZjRzdkyp6+OIxdv6p5zLmr nz8g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:message-id :date:subject:cc:to:from:dkim-signature; bh=kJmIqnXja7JmNYCNjn5DTGcbDhGUZlS1D9kpHNs9neM=; b=hPjAZHK01MDik8krzj0vPRpD+NzcIba8V2ic/vVcG71oeAY8vIZlq2BKMYtNo+1ClC Ab0qAsP2LOhX7vnWV00ejW1hX06OC+OI1TsthwEZ95mn8kJGBywjhl9TZupAOQWSLgW8 kPWIixcMYAbZMrTkrlmNjAknRSHU+8YFmA7msSPfQsWyIvmF4ALb3ug3/DVtUaruT9MG Zv0B+gaAM0SkuEiwuJa112Y217Fmwgc0v8yuaB58mQBpgu1GLTBtjnKXXn1sQfP7NrpX eJNbFYHdI0pnhGHOB3bRVlJwrhlfDPOxecAnniivHMx9K6r5CxpSryXrvbofxOU10M4o TuYQ== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@ashin.hu header.s=mail header.b=WGq54as6; spf=pass (google.com: domain of laszlo@ashin.hu designates 45.32.159.235 as permitted sender) smtp.mailfrom=laszlo@ashin.hu; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ashin.hu DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:list-post:list-help:list-archive:list-subscribe :list-unsubscribe; bh=kJmIqnXja7JmNYCNjn5DTGcbDhGUZlS1D9kpHNs9neM=; b=jH+A97Blfpj8D6+7iiJJOUoiMYD237MRpaDOthe3FGtmBAAK5AtV/Wv9XvQeOwfvmT tf+scGWA4XAtmntQjJOmRYTjzcmhCs4rRLvvwAF6oBIDmyKdMm1zamymm/TBeEQ8pIDS DWYMTWYpQB2kZCBeL4X043UoyrLE2hegWEFY1cZPUmBJ/bga+MrStybtTPU0kDqBR3S5 Z3Lo89tLVVcHBZfiW68jDdsVr8c1bufuKLhAuzqPtzSwGjUJofy5NtOp3GyR/tYQjkrs TZFggP8esSOLruEIT9/Dy9gK35InOnd7NxvmEsVj36wdykzmwK33tHaQoq0imSA4kFeV O6PQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :x-original-sender:x-original-authentication-results:reply-to :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=kJmIqnXja7JmNYCNjn5DTGcbDhGUZlS1D9kpHNs9neM=; b=ei15mWZHAZb8+x1SiiGNeI5YTepoWyAfisyms6g+vcC0oO+3Eo0GGNQkgnpXjs836i 1Yt/d0F0EoBwIe5gLTUDuqYG9CjVHxN6arg40XKqSbMJAaVOf83fEgVv4NH1RKNGg+cN 6TobZjIeDmHHsDgVp5Y6lOpKzFJn157F5nFEUTdJrHgxOdW6JDvGtbzH88MNhGpAR6a/ yOr5pC65u1lJLlnO4dAyl+U6ZzKN/EbCyG6h27JJhhGX4by8wAL7Z/NlT9yOv7DgXvNa tq6vj+LkUcOwrYm/zN4hzHi3Fi80nXlw3Dr0ZcQVqpBiYJI62vPfLsMbwJLRcM0xW0vs h7Aw== X-Gm-Message-State: APjAAAW1VsbX7Al4usejYx07fs5tn6/uK/v1U1jedfVBXswzllE9knZi QW35nEJOfjcC5udX55RmZJ8= X-Google-Smtp-Source: APXvYqyVWEv8fUdOEvKmN4rWvV3AH4zeX0Qoy05qHK5IqJ0r0PwKfJ+SFlFm3tYJ6yglmwS2Tebbcg== X-Received: by 2002:a2e:94cb:: with SMTP id r11mr12812020ljh.212.1564336159167; Sun, 28 Jul 2019 10:49:19 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a2e:9643:: with SMTP id z3ls6638219ljh.7.gmail; Sun, 28 Jul 2019 10:49:18 -0700 (PDT) X-Received: by 2002:a2e:3604:: with SMTP id d4mr4782136lja.85.1564336158294; Sun, 28 Jul 2019 10:49:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564336158; cv=none; d=google.com; s=arc-20160816; b=PSs8cuCqd8sKST/xfuRcV4MGBdl9dvhsice/B+ZVNPBN6YnAWg6OcHzDBM3mS7Hldg HptKjHU+mbrBzymVjgphuw5Bv9UsXFLZZYlS4cTKLJx9LHSYL/+M1JA6G2WZ2jMJ0S9T gNApD8Q8SGm6n3oGU5nz/dkyzHhFc6DD5Fk03KqiyOYHmgjKFQEgXtrT8EoJiZYQzrXm pNXkC4saphsrctl9ByC4gbKe03PI/H/9+UcyJnFgXsipsrPiM7IglTXV7saJ7JQj2Tnx pnUuQARxxLiHBe0qkMlxsRa90INnG0JMOvO1HzNnyn3wPDhjy0/T51TjbZ7CzB6M3B5I RFKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=hryk9Vb9wAlsq44qACEK/QDgZKhUWSyX50G5ux7phWc=; b=bXsT9xEDa0ieZrCF+m7Lw9VXtHsghHA7q10M7wT0FG1mohy2OxkN26OsshwwZ0/eRG gWQiFIwu3NuB/76C56+M3rq5LXtOzAJN0F4VachR+AxkiIEcZtehh9FsGyqy1dqJCsuA rC10QtDwU8Si5dGBrR48WXIxPMs0ZquNpU5cZPZO2amDUgVsfZuZfv8dHBGEd6OGUaa+ v2enX/e215duEH4XzUW6YDSufNDnw/lf0e4+QCStflYu00L2Ji78p4jDoQrGILTOimE7 rPa5VBFEqEqWNMxl6AFMNYybAt1x/HZxVPWzJir4Rzq320dQFMwYROS4iGkBKpupX+RB hUKg== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@ashin.hu header.s=mail header.b=WGq54as6; spf=pass (google.com: domain of laszlo@ashin.hu designates 45.32.159.235 as permitted sender) smtp.mailfrom=laszlo@ashin.hu; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ashin.hu Received: from box.ashin.hu (box.ashin.hu. [45.32.159.235]) by gmr-mx.google.com with ESMTPS id h11si3076041lja.0.2019.07.28.10.49.17 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 28 Jul 2019 10:49:17 -0700 (PDT) Received-SPF: pass (google.com: domain of laszlo@ashin.hu designates 45.32.159.235 as permitted sender) client-ip=45.32.159.235; Received: from authenticated-user (box.ashin.hu [45.32.159.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by box.ashin.hu (Postfix) with ESMTPSA id DD9C83E934; Sun, 28 Jul 2019 19:49:16 +0200 (CEST) X-Patchwork-Original-From: "'Laszlo Ashin' via swupdate" From: 'Darko Komljenovic' via swupdate To: swupdate@googlegroups.com Cc: Laszlo Ashin Subject: [swupdate] [PATCH] Add tests for the TLS code Date: Sun, 28 Jul 2019 19:49:06 +0200 Message-Id: <20190728174906.15255-1-laszlo@ashin.hu> MIME-Version: 1.0 X-Original-Sender: laszlo@ashin.hu X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@ashin.hu header.s=mail header.b=WGq54as6; spf=pass (google.com: domain of laszlo@ashin.hu designates 45.32.159.235 as permitted sender) smtp.mailfrom=laszlo@ashin.hu; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ashin.hu X-Original-From: Laszlo Ashin Reply-To: Laszlo Ashin Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , --- .travis.yml | 4 +- Makefile | 6 +- {corelib/test => test}/Makefile | 27 +++++- test/data/to-be-signed | 1 + {corelib/test => test}/test_crypt.c | 0 test/test_hash.c | 124 ++++++++++++++++++++++++++++ test/test_verify.c | 57 +++++++++++++ 7 files changed, 213 insertions(+), 6 deletions(-) rename {corelib/test => test}/Makefile (70%) create mode 100644 test/data/to-be-signed rename {corelib/test => test}/test_crypt.c (100%) create mode 100644 test/test_hash.c create mode 100644 test/test_verify.c diff --git a/.travis.yml b/.travis.yml index 89f4fd7..3566d51 100644 --- a/.travis.yml +++ b/.travis.yml @@ -29,6 +29,7 @@ before_install: - sudo apt-get install -y autoconf-archive - sudo apt-get install -y linux-headers-$(uname -r) - sudo apt-get install -y libmbedtls-dev + - sudo apt-get install -y libcmocka-dev script: - sudo ln -sf /usr/lib/x86_64-linux-gnu/pkgconfig/lua5.2.pc /usr/lib/x86_64-linux-gnu/pkgconfig/lua.pc @@ -75,4 +76,5 @@ script: - make - sudo make install - cd .. - - for i in configs/*;do echo $i;make `basename $i` && make || exit 1;done + - sudo ldconfig + - for i in configs/*;do echo $i;make `basename $i` && make || exit 1;make test || exit 1;done diff --git a/Makefile b/Makefile index 8060ff9..d60c58e 100644 --- a/Makefile +++ b/Makefile @@ -476,9 +476,9 @@ PHONY += suricatta-tests suricatta-tests: FORCE $(Q)$(MAKE) $(build)=suricatta/test SWOBJS="$(swupdate-objs)" SWLIBS="$(swupdate-libs)" LDLIBS="$(LDLIBS)" tests -PHONY += corelib-tests -corelib-tests: FORCE - $(Q)$(MAKE) $(build)=corelib/test SWOBJS="$(swupdate-objs)" SWLIBS="$(swupdate-libs)" LDLIBS="$(LDLIBS)" tests +PHONY += test +test: + $(Q)$(MAKE) $(build)=test SWOBJS="$(swupdate-objs)" SWLIBS="$(swupdate-libs)" LDLIBS="$(LDLIBS)" tests # The actual objects are generated when descending, # make sure no implicit rule kicks in diff --git a/corelib/test/Makefile b/test/Makefile similarity index 70% rename from corelib/test/Makefile rename to test/Makefile index b071177..81f8cf7 100644 --- a/corelib/test/Makefile +++ b/test/Makefile @@ -16,6 +16,10 @@ ## Foundation, Inc. tests-$(CONFIG_ENCRYPTED_IMAGES) += test_crypt +tests-$(CONFIG_HASH_VERIFY) += test_hash +ifeq ($(CONFIG_SIGALG_RAWRSA),y) +tests-$(CONFIG_SIGNED_IMAGES) += test_verify +endif ccflags-y += -I$(src)/../ @@ -45,7 +49,7 @@ EXECUTE_TEST = echo "RUN $(subst $(obj)/,,$(var))"; CMOCKA_MESSAGE_OUTPUT=TAP $( PHONY += default default: - $(info please run 'make corelib-tests' in swupdate main directory) + $(info please run 'make test' in swupdate main directory) PHONY += tests ifneq "$(tests-y)" "" @@ -57,8 +61,27 @@ tests: @: endif -$(obj)/%.lnk: $(objtree)/core/built-in.o +$(obj)/%.lnk: $(obj)/%.o $(objtree)/core/built-in.o $(Q)strip -N main -o $(objtree)/core/built-in.o.tmp $(objtree)/core/built-in.o $(Q)$(call cmd,linktestexe) +DATADIR := test/data + +$(obj)/test_verify.o: $(DATADIR)/signature $(DATADIR)/signing-pubkey.pem + +.INTERMEDIATE: $(DATADIR)/signature +$(DATADIR)/signature: $(DATADIR)/to-be-signed $(DATADIR)/signing-secret.pem + $(if $(Q),@echo " SIGN $@") + $(Q)openssl dgst -sha256 -sign $(DATADIR)/signing-secret.pem $(DATADIR)/to-be-signed > $@ + +.INTERMEDIATE: $(DATADIR)/signing-pubkey.pem +$(DATADIR)/signing-pubkey.pem: $(DATADIR)/signing-secret.pem + $(if $(Q),@echo " EXPORT $@") + $(Q)openssl rsa -in $< -out $@ -outform PEM -pubout 2>/dev/null + +.INTERMEDIATE: $(DATADIR)/signing-secret.pem +$(DATADIR)/signing-secret.pem: + $(if $(Q),@echo " GEN $@") + $(Q)openssl genrsa -out $@ 2>/dev/null + .PHONY: $(PHONY) diff --git a/test/data/to-be-signed b/test/data/to-be-signed new file mode 100644 index 0000000..8baef1b --- /dev/null +++ b/test/data/to-be-signed @@ -0,0 +1 @@ +abc diff --git a/corelib/test/test_crypt.c b/test/test_crypt.c similarity index 100% rename from corelib/test/test_crypt.c rename to test/test_crypt.c diff --git a/test/test_hash.c b/test/test_hash.c new file mode 100644 index 0000000..06475fd --- /dev/null +++ b/test/test_hash.c @@ -0,0 +1,124 @@ +/* + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc. + */ + +#include +#include +#include +#include +#include + +#include "sslapi.h" +#include "util.h" + +struct testvector { + const char *input; + const char *sha1; + const char *sha256; +}; + +// https://www.di-mgt.com.au/sha_testvectors.html +static const struct testvector testvectors[] = { + { + .input = "abc", + .sha1 = "a9993e364706816aba3e25717850c26c9cd0d89d", + .sha256 = "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", + }, + { + .input = "", + .sha1 = "da39a3ee5e6b4b0d3255bfef95601890afd80709", + .sha256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + }, + { + .input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + .sha1 = "84983e441c3bd26ebaae4aa1f95129e5e54670f1", + .sha256 = "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1", + }, + { + .input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", + .sha1 = "a49b2446a02c645bf419f995b67091253a04a259", + .sha256 = "cf5b16a778af8380036ce59e7b0492370b249b11e8f07a51afac45037afee9d1", + }, +}; + +static void hex2bin(unsigned char *dest, const unsigned char *source) +{ + unsigned int val; + for (unsigned int i = 0; i < strlen((const char *)source); i += 2) { + val = from_ascii((const char *)&source[i], 2, LG_16); + dest[i / 2] = val; + } +} + +static void do_concrete_hash(const char* algo, const char* input, const char* expected_hex) +{ + int error; + uint8_t result[32] = {0}; + unsigned len = 0; + uint8_t expected_bin[32] = {0}; + struct swupdate_digest *dgst; + + dgst = swupdate_HASH_init(algo); + assert_non_null(dgst); + error = swupdate_HASH_update(dgst, (uint8_t *)input, strlen(input)); + assert_true(!error); + + error = swupdate_HASH_final(dgst, result, &len); + assert_int_equal(error, 1); + assert_int_equal(len, strlen(expected_hex) / 2); + + swupdate_HASH_cleanup(dgst); + + hex2bin(expected_bin, (uint8_t *)expected_hex); + error = swupdate_HASH_compare(expected_bin, result); + assert_true(!error); +} + +static void do_hash(const struct testvector *vector) +{ + do_concrete_hash("sha1", vector->input, vector->sha1); + do_concrete_hash("sha256", vector->input, vector->sha256); +} + +static void test_hash_vectors(void **state) +{ + unsigned i; + + (void)state; + + for (i = 0; i < sizeof(testvectors) / sizeof(testvectors[0]); ++i) { + do_hash(testvectors + i); + } +} + +static void test_hash_compare(void **state) +{ + (void)state; + + static const uint8_t a[32] = {0}; + static const uint8_t b[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1}; + + assert_int_equal(swupdate_HASH_compare(a, a), 0); + assert_int_equal(swupdate_HASH_compare(a, b), -1); +} + +int main(void) +{ + static const struct CMUnitTest hash_tests[] = { + cmocka_unit_test(test_hash_compare), + cmocka_unit_test(test_hash_vectors), + }; + return cmocka_run_group_tests_name("hash", hash_tests, NULL, NULL); +} diff --git a/test/test_verify.c b/test/test_verify.c new file mode 100644 index 0000000..4bc3bd1 --- /dev/null +++ b/test/test_verify.c @@ -0,0 +1,57 @@ +/* + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "sslapi.h" +#include "util.h" + +#define DATADIR "test/data/" + +static void test_verify_pkcs15(void **state) +{ + int error; + struct swupdate_cfg config; + + (void)state; + + config.dgst = NULL; + error = swupdate_dgst_init(&config, DATADIR "signing-pubkey.pem"); + assert_int_equal(error, 0); + + error = swupdate_verify_file(config.dgst, DATADIR "signature", + DATADIR "to-be-signed", NULL); + assert_int_equal(error, 0); +} + +int main(void) +{ + swupdate_crypto_init(); + static const struct CMUnitTest verify_tests[] = { + cmocka_unit_test(test_verify_pkcs15), + }; + return cmocka_run_group_tests_name("verify", verify_tests, NULL, NULL); +}