diff options
author | Jayanth Othayoth <ojayanth@in.ibm.com> | 2018-02-27 08:36:38 -0600 |
---|---|---|
committer | Adriana Kobylak <anoo@linux.vnet.ibm.com> | 2018-03-29 15:07:41 +0000 |
commit | 6be275ba1ad1f3d45b2c2bf13dde7b4890f74f47 (patch) | |
tree | 673a8c99c15f67a5c598c78e9b2b70d0c0b416aa | |
parent | 6098b707cee11915ced373c5f7e72108eeb21d8b (diff) | |
download | phosphor-bmc-code-mgmt-6be275ba1ad1f3d45b2c2bf13dde7b4890f74f47.tar.gz phosphor-bmc-code-mgmt-6be275ba1ad1f3d45b2c2bf13dde7b4890f74f47.zip |
Add unit tests for testing Signature verification functionality
Resolves openbmc/openbmc#2838
Change-Id: I60b5ca418551d404d29646fd729311adbe81290c
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
-rwxr-xr-x | test/Makefile.am | 5 | ||||
-rw-r--r--[-rwxr-xr-x] | test/utest.cpp | 145 |
2 files changed, 148 insertions, 2 deletions
diff --git a/test/Makefile.am b/test/Makefile.am index 6923088..0c59399 100755 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -15,4 +15,7 @@ utest_LDFLAGS = -lgtest_main -lgtest $(PTHREAD_LIBS) \ $(PHOSPHOR_LOGGING_LIBS) -lstdc++fs -lssl -lcrypto utest_SOURCES = utest.cpp -utest_LDADD = $(top_builddir)/phosphor_version_software_manager-version.o + +utest_LDADD = \ + $(top_builddir)/image_verify.cpp \ + $(top_builddir)/version.cpp diff --git a/test/utest.cpp b/test/utest.cpp index ac0aa7c..1c0c803 100755..100644 --- a/test/utest.cpp +++ b/test/utest.cpp @@ -7,9 +7,10 @@ #include <sstream> #include <string> #include <openssl/sha.h> +#include "image_verify.hpp" using namespace phosphor::software::manager; -namespace fs = std::experimental::filesystem; +using namespace phosphor::software::image; class VersionTest : public testing::Test { @@ -70,3 +71,145 @@ TEST_F(VersionTest, TestGetId) hexId = hexId.substr(0, 8); EXPECT_EQ(Version::getId(version), hexId); } + +class SignatureTest : public testing::Test +{ + static constexpr auto opensslCmd = "openssl dgst -sha256 -sign "; + static constexpr auto testPath = "/tmp/_testSig"; + + protected: + void command(const std::string& cmd) + { + auto val = std::system(cmd.c_str()); + if (val) + { + std::cout << "COMMAND Error: " << val << std::endl; + } + } + virtual void SetUp() + { + // Create test base directory. + fs::create_directories(testPath); + + // Create unique temporary path for images + std::string tmpDir(testPath); + tmpDir += "/extractXXXXXX"; + std::string imageDir = mkdtemp(const_cast<char*>(tmpDir.c_str())); + + // Create unique temporary configuration path + std::string tmpConfDir(testPath); + tmpConfDir += "/confXXXXXX"; + std::string confDir = mkdtemp(const_cast<char*>(tmpConfDir.c_str())); + + extractPath = imageDir; + extractPath /= "images"; + + signedConfPath = confDir; + signedConfPath /= "conf"; + + signedConfOpenBMCPath = confDir; + signedConfOpenBMCPath /= "conf"; + signedConfOpenBMCPath /= "OpenBMC"; + + std::cout << "SETUP " << std::endl; + + command("mkdir " + extractPath.string()); + command("mkdir " + signedConfPath.string()); + command("mkdir " + signedConfOpenBMCPath.string()); + + std::string hashFile = signedConfOpenBMCPath.string() + "/hashfunc"; + command("echo \"HashType=RSA-SHA256\" > " + hashFile); + + std::string manifestFile = extractPath.string() + "/" + "MANIFEST"; + command("echo \"HashType=RSA-SHA256\" > " + manifestFile); + command("echo \"KeyType=OpenBMC\" >> " + manifestFile); + + std::string kernelFile = extractPath.string() + "/" + "image-kernel"; + command("echo \"image-kernel file \" > " + kernelFile); + + std::string rofsFile = extractPath.string() + "/" + "image-rofs"; + command("echo \"image-rofs file \" > " + rofsFile); + + std::string rwfsFile = extractPath.string() + "/" + "image-rwfs"; + command("echo \"image-rwfs file \" > " + rwfsFile); + + std::string ubootFile = extractPath.string() + "/" + "image-u-boot"; + command("echo \"image-u-boot file \" > " + ubootFile); + + std::string pkeyFile = extractPath.string() + "/" + "private.pem"; + command("openssl genrsa -out " + pkeyFile + " 2048"); + + std::string pubkeyFile = extractPath.string() + "/" + "publickey"; + command("openssl rsa -in " + pkeyFile + " -outform PEM " + + "-pubout -out " + pubkeyFile); + + std::string pubKeyConfFile = + signedConfOpenBMCPath.string() + "/" + "publickey"; + command("cp " + pubkeyFile + " " + signedConfOpenBMCPath.string()); + command(opensslCmd + pkeyFile + " -out " + kernelFile + ".sig " + + kernelFile); + + command(opensslCmd + pkeyFile + " -out " + manifestFile + ".sig " + + manifestFile); + command(opensslCmd + pkeyFile + " -out " + rofsFile + ".sig " + + rofsFile); + command(opensslCmd + pkeyFile + " -out " + rwfsFile + ".sig " + + rwfsFile); + command(opensslCmd + pkeyFile + " -out " + ubootFile + ".sig " + + ubootFile); + command(opensslCmd + pkeyFile + " -out " + pubkeyFile + ".sig " + + pubkeyFile); + + signature = std::make_unique<Signature>(extractPath, signedConfPath); + } + virtual void TearDown() + { + command("rm -rf " + std::string(testPath)); + } + + std::unique_ptr<Signature> signature; + fs::path extractPath; + fs::path signedConfPath; + fs::path signedConfOpenBMCPath; +}; + +/** @brief Test for sucess scenario*/ +TEST_F(SignatureTest, TestSignatureVerify) +{ + EXPECT_TRUE(signature->verify()); +} + +/** @brief Test failure scenario with corrupted signature file*/ +TEST_F(SignatureTest, TestCorruptSignatureFile) +{ + // corrupt the image-kernel.sig file and ensure that verification fails + std::string kernelFile = extractPath.string() + "/" + "image-kernel"; + command("echo \"dummy data\" > " + kernelFile + ".sig "); + EXPECT_FALSE(signature->verify()); +} + +/** @brief Test failure scenario with no public key in the image*/ +TEST_F(SignatureTest, TestNoPublicKeyInImage) +{ + // Remove publickey file from the image and ensure that verify fails + std::string pubkeyFile = extractPath.string() + "/" + "publickey"; + command("rm " + pubkeyFile); + EXPECT_FALSE(signature->verify()); +} + +/** @brief Test failure scenario with invalid hash function value*/ +TEST_F(SignatureTest, TestInvalidHashValue) +{ + // Change the hashfunc value and ensure that verification fails + std::string hashFile = signedConfOpenBMCPath.string() + "/hashfunc"; + command("echo \"HashType=md5\" > " + hashFile); + EXPECT_FALSE(signature->verify()); +} + +/** @brief Test for failure scenario with no config file in system*/ +TEST_F(SignatureTest, TestNoConfigFileInSystem) +{ + // Remove the conf folder in the system and ensure that verify fails + command("rm -rf " + signedConfOpenBMCPath.string()); + EXPECT_FALSE(signature->verify()); +} |