diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2021-11-29 17:03:39 +0100 |
---|---|---|
committer | Jeff Vander Stoep <jeffv@google.com> | 2021-11-30 19:24:47 +0100 |
commit | c4028e69b1d5a859f36a6ae539eb3a8f9b33fcb8 (patch) | |
tree | 252a44756d992029d035dff5db564e2c8d00496a /ondevice-signing/tests | |
parent | 42417183af08c2677054d3b46f1fc145dcfdb593 (diff) | |
download | security-c4028e69b1d5a859f36a6ae539eb3a8f9b33fcb8.tar.gz |
odsign: Refactor into binary + library
Create libsigningutils library which contains functionality for
signing, signature verification, and fsverity. The goal is to allow
init to use some of this functionality during early boot.
Add a unit test to verify extractPublicKeyFromX509() and
verifySignature().
Bug: 199914227
Test: atest
Change-Id: Iea46539302df240cd2c92b1c4f313da773d8d180
Diffstat (limited to 'ondevice-signing/tests')
-rw-r--r-- | ondevice-signing/tests/Android.bp | 35 | ||||
-rw-r--r-- | ondevice-signing/tests/SigningUtils.cert.der | bin | 0 -> 1551 bytes | |||
-rw-r--r-- | ondevice-signing/tests/SigningUtils.pem | 51 | ||||
-rw-r--r-- | ondevice-signing/tests/SigningUtilsTest.cpp | 48 | ||||
-rw-r--r-- | ondevice-signing/tests/test_file | bin | 0 -> 4096 bytes | |||
-rw-r--r-- | ondevice-signing/tests/test_file.sig | bin | 0 -> 512 bytes |
6 files changed, 134 insertions, 0 deletions
diff --git a/ondevice-signing/tests/Android.bp b/ondevice-signing/tests/Android.bp new file mode 100644 index 00000000..9769ca87 --- /dev/null +++ b/ondevice-signing/tests/Android.bp @@ -0,0 +1,35 @@ +// Copyright (C) 2021 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +cc_test { + name: "libsigningutils_test", + srcs: ["SigningUtilsTest.cpp"], + test_suites: ["device-tests"], + compile_multilib: "both", + defaults: [ + "odsign_flags_defaults", + ], + static_libs: [ + "libsigningutils", + ], + shared_libs: [ + "libbase", + "libcrypto", + ], + data: [ + "test_file", + "test_file.sig", + "SigningUtils.cert.der", + ], +} diff --git a/ondevice-signing/tests/SigningUtils.cert.der b/ondevice-signing/tests/SigningUtils.cert.der Binary files differnew file mode 100644 index 00000000..0703d596 --- /dev/null +++ b/ondevice-signing/tests/SigningUtils.cert.der diff --git a/ondevice-signing/tests/SigningUtils.pem b/ondevice-signing/tests/SigningUtils.pem new file mode 100644 index 00000000..01dfa5ed --- /dev/null +++ b/ondevice-signing/tests/SigningUtils.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAwyOUvcTpPuPxw2I9E28uhXT9pbJAgNE0dc1emOWRfapZ5iow +6PC7am47DfHyyZ/dwtw0vvi3QWCLIpsyFQbspO5XfmJH7mHBTvG8SkV40rFjptf8 +iwMl5i1ZUc5LChxuRh6DIS1fT2tFiXQ8iX3FUNNqjj/tOOtp45JEsgFK7WDW8YU3 +UseUn2BpkccUHMbe78EkEb4F6/AJWISk2INMOMPzRPUwdE3eUPVrufkp6jVJs69I +c6skRvAAqpiOx4rYpVzs3V5PuzhmCr7jt8hTQ0DA6q501UT06og6gIKPdqLjugKK +jt88XNXhhofckSbIH7edwa20LhvE4vtM/x7E0u+sCJozr0uyNgRXWs6imsVrC7Hb +cclecBUFqETVzP6RG49cCXVkuOkSNBm3HLt4291+O821gn3yygTE9bpf9uuDHSb1 +l13MOMbVeT3ipaRGMwD1bp7kBW3cEZ2zrQ4WSwwtADeWI6Z0k5SpcHfLxp+6dhPN +JtqBmgUTHuycmvoAPZK6XMnV0wCo2gUYS2q3Vc9yqsJRG0q2CKhOtKnuEmSqcjcC +52OnP06M5pLfvms+qoOLVUHMhidMtYs3yRPZ1ZPzScQhjg64QDsRiG+PC0lL/NFz +XPFcgzSsoIJ8UNZNjw7l5hh9NehJam2pqMizIcECl3gwrqGtq7Qo/AIXc4sCAwEA +AQKCAgBqkCqw+zBYvMgQ57vsugGQtdOyQcaB0j0wu6cWHf+2vWl8jLvK6XOfanTr +Z54rRxcmS3SueUox9JPmoRPXccGXS+URyn/3iQC0qMQnVwrlHCQMP9TU4TI4Ibmu +N9a4vc/mkNERNCLhTvZZWtWYS8uOGPYOmpBkTgK0WPMUtioBuamHmTUeCol6A3+D +MVElaeDi0vlsivXW421nHoCbEBB2y2M03CTKzp9CXNOoao3eLZ2C94y8RdB4wKXM +g6UtCQDIRRfAx7kIx4LKCXZ3rXjyuBDh18VLle2diilQdnv70HZF5Q9feD8Rf2c6 +PUVRKvmMgIww8Tf9GgMJ5SwmAdp/VblgcKsdjr8tnT7V9ljkYCL4K3H4FT5LKXjI +FiGyqBie8jvLYCLx6DlVTIi+Q/kvxaFT9twazVlz9jfgufQ4ICBKlNp4A6kpwrzb +9QnMrHI+gTOrCCEeklg90M+xk5UERueLPnXYbvAG8cv1FeVpi9ldSQds5VHN1ZJ4 +hWWeWfGgIDiNeZuKL141NLS/sX9rCGEsQyVLTKkSDIgh5ncepVcXhB40GZFfggml +A3HfNRN5lHLwH5+JKWlVx7PfUGPOTgx62i7HF+qcV3bQJfqnAMLPA7hh1bo8xIPp +hiAbaZkwCGlNCwadzOq6U99Dx7eorwfAgGDKWnAr/rMaK9n+OQKCAQEA8UItzBLq +yyJ+Xj7n/M3x/+v2E6dcDYH64oeMpVEEdH6cSSNcdUm0vgX4p25W0uY5kgj1RsXV +gOk+9W6cM84p+2+DIGI8fydnuIv8q6TFiouDCY+T3FVdj4MasNZuAeHR7c6Coc5N +Eckv3F1sfoGlH4z2AzppY0T3VX5TkKkh719X7A/cpIirZBRLfddDA3Hr6pm/vgSo +mX1X5BhjrujasRoZhU2RsXnAflXp18aP67zvlRlzGrpMGeueRjp2NXF3pItiMAjN +EOSoY3elEi6Um+WomFGLsY5SAuId+TJy8SqsGKWNHN+UPx4tGYQmEPA1e76Nu5Ex +xDxpHIWyZ4Hz/wKCAQEAzw/9bPFgihzSnrBbJiFZVGPhFxw39aeuB5/3ZMPjknfK +fyWonbhrJF14/86JSd16Xime6J4a3OsXKzTo36sLBDsYfYXof7bwfKk/GUryMFOG +0aZqiZbiRQ8uCfzd+MtnNxO0WxiyZvj8i7hMjK50yBhRs/5YAHSoLxFOfVVSLNAi +nhIDqtzeLA2W05PGusgz/0w8FHI6J64jZY4EQLgr43K6DXoFLQjtsl8JZfMO9fEc +0j5vRytXtYlTSlQEtKeQ8cvpcqbY0gmrEasZ4v1jEzemXzvFkx+ck+Ayl/vHx60A +AZCom66BudFArAnuVdrMAWUH+78Xf2l5en7kz40QdQKCAQBWxkran+M7dQimtVGT +qC9msWQs5YFCioHGgKKhw2Yq0G8+Dy3uMbiEsHkjH5iy+oOydu5hqj6Ew2AVvtcH ++xs2iIFNYIgJ5A52XkNfKUCz+EIFalLwaPPh7nHnMPkYTDTJqAFsWVt3DjnctO2V +AuR1WKoTtyq4vdGIOour+GlwQ4bILVxbAZ1Dvdj5RjegQZVtKCfDHMHXkzHNpMgV +3ULreEu9mozQnM4ToqsdJRoW3DoAEstHzcIZgJnJALYLuughktCaHlBDxzqZrCr/ +QynIeO4O+yWXk20EBHhrbS3SeFq18rWysOgNW7k0+EcIyJ00CPHJiQuxXVkhHSVx +/VfZAoIBAGA1isg642No/wgS41c1OZ93hRfK2cl/ruIGFtowFqZwmJs5cT5PeSD9 +eYJKggnbKcdkyVxGUi8B4NMHk4iRnd3KY5e3R49H/je+H/5tj1ibBtKU432oqNvz +sK2dW7oFMKEru6p0MDieSiHVcWQQj1yFyDi83kDf82FjRjgAE92Um/EcZ63VUDnh +2onWaQlSiq59ypCpfpH/XJ0MPrefm2zkWsR2RL9nHaK6e9Bt/i6SaJTbw7Kq1ecY +tqWbolAaZ8OhvoeyNJ5rNZxRBwcsOwOr4NbxG90/W+5txrRNnccOgCk6AM3NaKNh +Mg590sr7jby8J9h2MsHVzUb4fPJfFh0CggEBANS+aqEzWflHMOR4knhM7QHHaTfS +4wwR3zL3/tSaV/cxNGehtjyEg85/aKklt/ude3/sm/Z0m6jQEMWgAt5iwuBovPA+ +1/rGkWTHL+dQr0i81C3b/Ymx7izL7BobaYV0o00EoKotC0NP5qR0fBKSkTfFqAYG +SxnHtw/vduxu2H6TyIrdtvNNqc1PbHdzDI/FwzcWZFNyHBzSWwZxB5w+21uRUayv +Iz3zcytrZZbAuOjCnhxNL/6XgcttqWSVFB4Ul1xiXrXDx2Xq+FfM40UF7oKGd+Kt +B0wMqoZJj+0CdFfRZxHA6/n8v1Al+8lYo8smp+R9fR6qZKcugEFgdVkIl7E= +-----END RSA PRIVATE KEY----- diff --git a/ondevice-signing/tests/SigningUtilsTest.cpp b/ondevice-signing/tests/SigningUtilsTest.cpp new file mode 100644 index 00000000..10f7629e --- /dev/null +++ b/ondevice-signing/tests/SigningUtilsTest.cpp @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <android-base/file.h> +#include <gtest/gtest.h> + +#include "CertUtils.h" +#include "VerityUtils.h" + +// These files were created using the following commands: +// openssl genrsa -out SigningUtils.pem 4096 +// openssl req -new -x509 -key SigningUtils.pem -out SigningUtils.cert.pem +// openssl x509 -in SigningUtils.cert.pem -out SigningUtils.cert.der -outform DER +// head -c 4096 </dev/urandom >test_file +// openssl dgst -sign SigningUtils.pem -keyform PEM -sha256 -out test_file.sig -binary test_file +const std::string kTestCert = "SigningUtils.cert.der"; +const std::string kTestFile = "test_file"; +const std::string kTestFileSignature = "test_file.sig"; + +TEST(SigningUtilsTest, CheckVerifySignature) { + std::string signature; + std::string sigFile = android::base::GetExecutableDirectory() + "/" + kTestFileSignature; + ASSERT_TRUE(android::base::ReadFileToString(sigFile, &signature)); + + std::string data; + std::string testFile = android::base::GetExecutableDirectory() + "/" + kTestFile; + ASSERT_TRUE(android::base::ReadFileToString(testFile, &data)); + + std::string testCert = android::base::GetExecutableDirectory() + "/" + kTestCert; + auto trustedKey = extractPublicKeyFromX509(testCert.c_str()); + ASSERT_TRUE(trustedKey.ok()); + + auto result = verifySignature(data, signature, *trustedKey); + ASSERT_TRUE(result.ok()); +} diff --git a/ondevice-signing/tests/test_file b/ondevice-signing/tests/test_file Binary files differnew file mode 100644 index 00000000..8a121bea --- /dev/null +++ b/ondevice-signing/tests/test_file diff --git a/ondevice-signing/tests/test_file.sig b/ondevice-signing/tests/test_file.sig Binary files differnew file mode 100644 index 00000000..ffd95dcd --- /dev/null +++ b/ondevice-signing/tests/test_file.sig |