From 238419881a30c6295c99ae7e7ecae09b2054eb89 Mon Sep 17 00:00:00 2001 From: zhenghui Date: Wed, 14 Aug 2024 10:54:01 +0800 Subject: [PATCH 1/2] tdd Signed-off-by: zhenghui --- test/unittest/BUILD.gn | 17 ++++- test/unittest/add_cert_path_test.cpp | 89 +++++++++++++--------- test/unittest/cert_chain_verifier_test.cpp | 4 + utils/src/huks_attest_verifier.cpp | 2 +- 4 files changed, 74 insertions(+), 38 deletions(-) diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 895a493..a8fde5e 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -37,7 +37,22 @@ ohos_source_set("key_enable_src_set") { ohos_unittest("add_cert_path_unittest") { module_out_path = "security/code_signature" - sources = [ "add_cert_path_test.cpp" ] + sources = [ + "add_cert_path_test.cpp", + "${code_signature_root_dir}/services/key_enable/utils/src/cert_path.cpp", + ] + include_dirs = [ "${code_signature_root_dir}/services/key_enable/utils/include" ] + configs = [ + "${code_signature_root_dir}:common_utils_config", + "${code_signature_root_dir}:common_public_config", + ] + deps = [ + "${selinux_dir}:libselinux", + ] + external_deps = [ + "hilog:libhilog", + "init:libbegetutil" + ] } ohos_unittest("code_sign_utils_unittest") { diff --git a/test/unittest/add_cert_path_test.cpp b/test/unittest/add_cert_path_test.cpp index f2ee68b..53fa14e 100644 --- a/test/unittest/add_cert_path_test.cpp +++ b/test/unittest/add_cert_path_test.cpp @@ -19,26 +19,18 @@ #include #include #include +#include #include +#include "cert_path.h" +#include "selinux/selinux.h" + namespace OHOS { namespace Security { namespace CodeSign { using namespace std; using namespace testing::ext; -struct cert_chain_info { - uint32_t signing_length; - uint32_t issuer_length; - uint64_t signing; - uint64_t issuer; - uint32_t max_cert_chain; - uint32_t cert_path_type; - uint8_t reserved[32]; -}; - -#define WRITE_CERT_CHAIN _IOW('k', 1, cert_chain_info) - static const uint32_t MAX_CERT_CHAIN = 3; static const uint32_t CERT_PATH_TYPE = 0x103; static const uint32_t GREATER_THAN_MAX_CERT_CHAIN = 4; @@ -47,6 +39,11 @@ static const uint32_t LESS_THAN_MIN_CERT_CHAIN = -1; static const string DEV_NAME = "/dev/code_sign"; static const string TEST_SUBJECT = "OpenHarmony Application Release"; static const string TEST_ISSUER = "OpenHarmony Application CA"; +static const string KEY_ENABLE_CTX = "u:r:key_enable:s0"; +static const string FAKE_SUBJECT = "Fake subject"; +static const string FAKE_ISSUER = "Fake issuer"; +static const string SUBJECT_AS_SYSTEM_TYPE = "System subject"; +static const string ISSUER_AS_SYSTEM_TYPE = "System issuer"; class AddCertPathTest : public testing::Test { public: @@ -58,58 +55,78 @@ public: void TearDown() {}; }; -static bool CallIoctl(const char *signing, const char *issuer, uint32_t max_cert_chain, uint32_t cert_path_type) +static CertPathInfo MakeCertPathInfo(const char *signing, const char *issuer, + uint32_t max_cert_chain, uint32_t cert_path_type) { - int fd = open(DEV_NAME.c_str(), O_WRONLY); - EXPECT_GE(fd, 0); - - cert_chain_info arg = { 0 }; - arg.signing = reinterpret_cast(signing); - arg.issuer = reinterpret_cast(issuer); - arg.signing_length = strlen(signing) + 1; - arg.issuer_length = strlen(issuer) + 1; - arg.max_cert_chain = max_cert_chain; - arg.cert_path_type = cert_path_type; - int ret = ioctl(fd, WRITE_CERT_CHAIN, &arg); - - close(fd); - return ret; + CertPathInfo arg = { 0 }; + arg.signing_length = strlen(signing); + arg.issuer_length = strlen(issuer); + arg.path_len = max_cert_chain; + arg.path_type = cert_path_type; + return arg; } /** * @tc.name: AddCertPathTest_0001 - * @tc.desc: successfully called interface + * @tc.desc: calling interface with greater than path len * @tc.type: Func * @tc.require: */ HWTEST_F(AddCertPathTest, AddCertPathTest_0001, TestSize.Level0) { - int ret = CallIoctl(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), MAX_CERT_CHAIN, CERT_PATH_TYPE); - EXPECT_GE(ret, 0); + CertPathInfo certPathInfo = MakeCertPathInfo(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), + GREATER_THAN_MAX_CERT_CHAIN, CERT_PATH_TYPE); + EXPECT_NE(AddCertPath(certPathInfo), 0); } /** * @tc.name: AddCertPathTest_0002 - * @tc.desc: calling interface with greater than path len + * @tc.desc: calling interface with invalid path len * @tc.type: Func * @tc.require: */ HWTEST_F(AddCertPathTest, AddCertPathTest_0002, TestSize.Level0) { - int ret = CallIoctl(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), GREATER_THAN_MAX_CERT_CHAIN, CERT_PATH_TYPE); - EXPECT_NE(ret, 0); + CertPathInfo certPathInfo = MakeCertPathInfo(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), + LESS_THAN_MIN_CERT_CHAIN, CERT_PATH_TYPE); + EXPECT_NE(AddCertPath(certPathInfo), 0); } /** * @tc.name: AddCertPathTest_0003 - * @tc.desc: calling interface with invalid path len + * @tc.desc: add cert path success * @tc.type: Func * @tc.require: */ HWTEST_F(AddCertPathTest, AddCertPathTest_0003, TestSize.Level0) { - int ret = CallIoctl(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), LESS_THAN_MIN_CERT_CHAIN, CERT_PATH_TYPE); - EXPECT_NE(ret, 0); + // type = developer in release + CertPathInfo certPathInfo = MakeCertPathInfo(FAKE_SUBJECT.c_str(), FAKE_ISSUER.c_str(), MAX_CERT_CHAIN, 0x3); + EXPECT_EQ(AddCertPath(certPathInfo), 0); + EXPECT_EQ(RemoveCertPath(certPathInfo), 0); + + // type = developer in debug + certPathInfo = MakeCertPathInfo(FAKE_SUBJECT.c_str(), FAKE_ISSUER.c_str(), MAX_CERT_CHAIN, 0x103); + EXPECT_EQ(AddCertPath(certPathInfo), 0); + EXPECT_EQ(RemoveCertPath(certPathInfo), 0); + + // remove unexists + EXPECT_NE(RemoveCertPath(certPathInfo), 0); +} + +/** + * @tc.name: AddCertPathTest_0004 + * @tc.desc: cannot add system cert except key_enable + * @tc.type: Func + * @tc.require: + */ +HWTEST_F(AddCertPathTest, AddCertPathTest_0004, TestSize.Level0) +{ + // release + CertPathInfo certPathInfo = MakeCertPathInfo(SUBJECT_AS_SYSTEM_TYPE.c_str(), + ISSUER_AS_SYSTEM_TYPE.c_str(), MAX_CERT_CHAIN, 1); + // cannot add except key_enable + EXPECT_NE(AddCertPath(certPathInfo), 0); } } // namespace CodeSign } // namespace Security diff --git a/test/unittest/cert_chain_verifier_test.cpp b/test/unittest/cert_chain_verifier_test.cpp index 1d35db7..6d4357b 100644 --- a/test/unittest/cert_chain_verifier_test.cpp +++ b/test/unittest/cert_chain_verifier_test.cpp @@ -359,7 +359,11 @@ HWTEST_F(CertChainVerifierTest, CertChainVerifierTest_008, TestSize.Level0) FormattedCertChain(certs, formattedCert); // verify extension success challenge.CopyFrom(CHALLENGE, sizeof(CHALLENGE)); +#ifdef CODE_SIGNATURE_OH_ROOT_CA EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), true); +#else + EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), false); +#endif } } // namespace CodeSign diff --git a/utils/src/huks_attest_verifier.cpp b/utils/src/huks_attest_verifier.cpp index 57c7ff0..db62ceb 100644 --- a/utils/src/huks_attest_verifier.cpp +++ b/utils/src/huks_attest_verifier.cpp @@ -380,7 +380,7 @@ bool GetVerifiedCert(const ByteBuffer &buffer, const ByteBuffer &challenge, Byte ShowCertInfo(certChainBuffer, issuerBuffer, certBuffer); } #endif - LOG_INFO("verify finished."); + LOG_INFO("verify finished, ret = %{public}d.", ret); return ret; } } -- Gitee From 7f4ed0937f5696f4021cc8936167c3d26f614b46 Mon Sep 17 00:00:00 2001 From: zhenghui Date: Wed, 14 Aug 2024 10:58:02 +0800 Subject: [PATCH 2/2] =?UTF-8?q?tdd=E8=A1=A5=E5=81=BF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhenghui --- test/unittest/BUILD.gn | 11 +++++------ test/unittest/add_cert_path_test.cpp | 4 +++- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index a8fde5e..c8c42dc 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -38,20 +38,19 @@ ohos_source_set("key_enable_src_set") { ohos_unittest("add_cert_path_unittest") { module_out_path = "security/code_signature" sources = [ - "add_cert_path_test.cpp", "${code_signature_root_dir}/services/key_enable/utils/src/cert_path.cpp", + "add_cert_path_test.cpp", ] - include_dirs = [ "${code_signature_root_dir}/services/key_enable/utils/include" ] + include_dirs = + [ "${code_signature_root_dir}/services/key_enable/utils/include" ] configs = [ "${code_signature_root_dir}:common_utils_config", "${code_signature_root_dir}:common_public_config", ] - deps = [ - "${selinux_dir}:libselinux", - ] + deps = [ "${selinux_dir}:libselinux" ] external_deps = [ "hilog:libhilog", - "init:libbegetutil" + "init:libbegetutil", ] } diff --git a/test/unittest/add_cert_path_test.cpp b/test/unittest/add_cert_path_test.cpp index 53fa14e..c010eca 100644 --- a/test/unittest/add_cert_path_test.cpp +++ b/test/unittest/add_cert_path_test.cpp @@ -19,7 +19,7 @@ #include #include #include -#include +#include #include #include "cert_path.h" @@ -59,6 +59,8 @@ static CertPathInfo MakeCertPathInfo(const char *signing, const char *issuer, uint32_t max_cert_chain, uint32_t cert_path_type) { CertPathInfo arg = { 0 }; + arg.signing = reinterpret_cast(signing); + arg.issuer = reinterpret_cast(issuer); arg.signing_length = strlen(signing); arg.issuer_length = strlen(issuer); arg.path_len = max_cert_chain; -- Gitee