1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include <cstring> 17 #include <fcntl.h> 18 #include <gtest/gtest.h> 19 #include <iostream> 20 #include <unistd.h> 21 #include "log.h" 22 #include "pkg_algorithm.h" 23 #include "pkg_manager.h" 24 #include "pkg_manager_impl.h" 25 #include "pkg_test.h" 26 #include "pkg_utils.h" 27 28 #include "package.h" 29 #include "cert_verify.h" 30 #include "hash_data_verifier.h" 31 #include "openssl_util.h" 32 #include "pkg_verify_util.h" 33 #include "zip_pkg_parse.h" 34 #include "pkcs7_signed_data.h" 35 36 using namespace std; 37 using namespace Hpackage; 38 using namespace Updater; 39 using namespace testing::ext; 40 41 namespace UpdaterUt { 42 class PackageVerifyTest : public PkgTest { 43 public: PackageVerifyTest()44 PackageVerifyTest() {} ~PackageVerifyTest()45 ~PackageVerifyTest() override {} 46 public: TestGetFileSize(const std::string & testfileName)47 int TestGetFileSize(const std::string &testfileName) 48 { 49 int32_t ret = GetFileSize(testfileName); 50 return ret; 51 } 52 TestExtraPackageFile()53 int TestExtraPackageFile() 54 { 55 int32_t ret = ExtraPackageFile(nullptr, nullptr, nullptr, nullptr); 56 EXPECT_EQ(ret, PKG_INVALID_PARAM); 57 58 std::string packagePath = "invalid_path"; 59 std::string keyPath = "invalid_key"; 60 std::string file = "invalid_file"; 61 std::string outPath = "invalid_path"; 62 ret = ExtraPackageFile(packagePath.c_str(), keyPath.c_str(), file.c_str(), outPath.c_str()); 63 EXPECT_EQ(ret, PKG_INVALID_FILE); 64 65 packagePath = testPackagePath + "test_package.zip"; 66 keyPath = "/data/updater/src/signing_cert.crt"; 67 file = "updater.bin"; 68 ret = ExtraPackageFile(packagePath.c_str(), keyPath.c_str(), file.c_str(), testPackagePath.c_str()); 69 EXPECT_EQ(ret, PKG_SUCCESS); 70 return 0; 71 } 72 TestExtraPackageDir()73 int TestExtraPackageDir() 74 { 75 int32_t ret = ExtraPackageDir(nullptr, nullptr, nullptr, nullptr); 76 EXPECT_EQ(ret, PKG_INVALID_PARAM); 77 78 std::string packagePath = "invalid_path"; 79 std::string keyPath = "invalid_key"; 80 std::string outPath = "invalid_path"; 81 ret = ExtraPackageDir(packagePath.c_str(), keyPath.c_str(), nullptr, outPath.c_str()); 82 EXPECT_EQ(ret, PKG_INVALID_FILE); 83 84 packagePath = testPackagePath + "test_package.zip"; 85 keyPath = "/data/updater/src/signing_cert.crt"; 86 ret = ExtraPackageDir(packagePath.c_str(), keyPath.c_str(), nullptr, testPackagePath.c_str()); 87 EXPECT_EQ(ret, PKG_SUCCESS); 88 return 0; 89 } 90 TestCertVerifyFailed()91 int TestCertVerifyFailed() 92 { 93 BIO *certbio = BIO_new_file(GetTestPrivateKeyName(0).c_str(), "r"); 94 X509 *rcert = PEM_read_bio_X509(certbio, nullptr, nullptr, nullptr); 95 if (certbio != nullptr) { 96 BIO_free(certbio); 97 } 98 SingleCertHelper singleCert; 99 int32_t ret = singleCert.CertChainCheck(nullptr, nullptr); 100 EXPECT_EQ(ret, -1); 101 ret = singleCert.CertChainCheck(nullptr, rcert); 102 EXPECT_EQ(ret, -1); 103 104 ret = CertVerify::GetInstance().CheckCertChain(nullptr, nullptr); 105 EXPECT_EQ(ret, -1); 106 107 bool result = VerifyX509CertByIssuerCert(nullptr, nullptr); 108 EXPECT_EQ(result, false); 109 result = VerifyX509CertByIssuerCert(rcert, rcert); 110 EXPECT_EQ(result, false); 111 return 0; 112 } 113 TestOpensslUtilFailed()114 int TestOpensslUtilFailed() 115 { 116 std::vector<uint8_t> asn1Data; 117 int32_t ret = GetASN1OctetStringData(nullptr, asn1Data); 118 EXPECT_EQ(ret, -1); 119 120 int32_t algoNid {}; 121 ret = GetX509AlgorithmNid(nullptr, algoNid); 122 EXPECT_EQ(ret, -1); 123 124 X509 *result = GetX509CertFromPemString(" "); 125 EXPECT_EQ(result, nullptr); 126 result = GetX509CertFromPemFile("invalid_file"); 127 EXPECT_EQ(result, nullptr); 128 129 BIO *certbio = BIO_new_file(GetTestPrivateKeyName(0).c_str(), "r"); 130 X509 *cert = PEM_read_bio_X509(certbio, nullptr, nullptr, nullptr); 131 if (certbio != nullptr) { 132 BIO_free(certbio); 133 } 134 bool boolResult = VerifyX509CertByIssuerCert(nullptr, nullptr); 135 EXPECT_EQ(boolResult, false); 136 boolResult = VerifyX509CertByIssuerCert(cert, cert); 137 EXPECT_EQ(boolResult, false); 138 139 ret = VerifyDigestByPubKey(nullptr, 0, asn1Data, asn1Data); 140 EXPECT_EQ(ret, -1); 141 ret = CalcSha256Digest(nullptr, 0, asn1Data); 142 EXPECT_EQ(ret, -1); 143 144 std::string stringResult = GetStringFromX509Name(nullptr); 145 EXPECT_EQ(stringResult, ""); 146 stringResult = GetX509CertSubjectName(nullptr); 147 EXPECT_EQ(stringResult, ""); 148 stringResult = GetX509CertSubjectName(cert); 149 EXPECT_EQ(stringResult, ""); 150 stringResult = GetX509CertIssuerName(nullptr); 151 EXPECT_EQ(stringResult, ""); 152 stringResult = GetX509CertIssuerName(cert); 153 EXPECT_EQ(stringResult, ""); 154 return 0; 155 } 156 TestPkcs7SignedDataFailed()157 int TestPkcs7SignedDataFailed() 158 { 159 Pkcs7SignedData signedData; 160 uint8_t *srcData {}; 161 std::vector<uint8_t> hash; 162 163 int32_t ret = signedData.Verify(); 164 EXPECT_EQ(ret, -1); 165 ret = signedData.GetHashFromSignBlock(nullptr, 0, hash); 166 EXPECT_EQ(ret, -1); 167 ret = signedData.GetHashFromSignBlock(srcData, 0, hash); 168 EXPECT_EQ(ret, -1); 169 ret = signedData.GetHashFromSignBlock(srcData, 1, hash); 170 EXPECT_EQ(ret, -1); 171 return 0; 172 } 173 TestPkgVerifyFailed()174 int TestPkgVerifyFailed() 175 { 176 PkgVerifyUtil pkgVerify; 177 std::vector<uint8_t> data; 178 size_t testData = 0; 179 uint16_t commentTotalLenAll = 0; 180 int32_t ret = pkgVerify.VerifyPackageSign(nullptr); 181 EXPECT_EQ(ret, PKG_INVALID_PARAM); 182 ret = pkgVerify.GetSignature(nullptr, testData, data, commentTotalLenAll); 183 EXPECT_NE(ret, PKG_SUCCESS); 184 ret = pkgVerify.HashCheck(nullptr, testData, data); 185 EXPECT_EQ(ret, PKG_INVALID_PARAM); 186 ret = pkgVerify.ParsePackage(nullptr, testData, testData, commentTotalLenAll); 187 EXPECT_NE(ret, PKG_SUCCESS); 188 ret = pkgVerify.Pkcs7verify(data, data); 189 EXPECT_NE(ret, PKG_SUCCESS); 190 return 0; 191 } 192 TestHashDataVerifierFailed01()193 int TestHashDataVerifierFailed01() 194 { 195 // verifier with null pkg manager 196 HashDataVerifier verifier {nullptr}; 197 EXPECT_FALSE(verifier.LoadHashDataAndPkcs7("")); 198 EXPECT_FALSE(verifier.VerifyHashData("updater_binary", nullptr)); 199 FileStream filestream(nullptr, "", nullptr, PkgStream::PkgStreamType_Read); 200 EXPECT_FALSE(verifier.VerifyHashData("updater_binary", &filestream)); 201 return 0; 202 } 203 TestHashDataVerifierFailed02()204 int TestHashDataVerifierFailed02() 205 { 206 // no hash signed data in pkg 207 std::string invalidPkgPath = "updater_full_without_hsd.zip"; 208 HashDataVerifier verifier {pkgManager_}; 209 EXPECT_FALSE(verifier.LoadHashDataAndPkcs7(testPackagePath + invalidPkgPath)); 210 211 // invalid package path 212 EXPECT_FALSE(verifier.LoadHashDataAndPkcs7("invalid package path")); 213 return 0; 214 } 215 TestHashDataVerifierFailed03()216 int TestHashDataVerifierFailed03() 217 { 218 // invalid hash signed data format 219 std::string invalidPkgPath = "updater_full_with_invalid_hsd.zip"; 220 std::vector<std::string> fileIds {}; 221 EXPECT_EQ(PKG_SUCCESS, pkgManager_->LoadPackage(testPackagePath + invalidPkgPath, 222 Utils::GetCertName(), fileIds)); 223 HashDataVerifier verifier {pkgManager_}; 224 EXPECT_FALSE(verifier.LoadHashDataAndPkcs7(testPackagePath + invalidPkgPath)); 225 return 0; 226 } 227 TestHashDataVerifierFailed04()228 int TestHashDataVerifierFailed04() 229 { 230 // invalid pkg footer 231 std::string invalidPkgPath = "updater_full_with_invalid_footer.zip"; 232 HashDataVerifier verifier {pkgManager_}; 233 EXPECT_FALSE(verifier.LoadHashDataAndPkcs7(testPackagePath + invalidPkgPath)); 234 return 0; 235 } 236 VerifyFileByVerifier(const HashDataVerifier & verifier,const std::string & fileName)237 int VerifyFileByVerifier(const HashDataVerifier &verifier, const std::string &fileName) 238 { 239 const FileInfo *info = pkgManager_->GetFileInfo(fileName); 240 EXPECT_NE(info, nullptr) << "info is null " << fileName; 241 if (info == nullptr) { 242 return -1; 243 } 244 PkgManager::StreamPtr outStream = nullptr; 245 PkgBuffer buffer{info->unpackedSize}; 246 EXPECT_EQ(PKG_SUCCESS, pkgManager_->CreatePkgStream(outStream, fileName, buffer)) << fileName; 247 EXPECT_EQ(PKG_SUCCESS, pkgManager_->ExtractFile(fileName, outStream)) << fileName; 248 EXPECT_TRUE(verifier.VerifyHashData(fileName, outStream)); 249 EXPECT_FALSE(verifier.VerifyHashData("invalid", outStream)); 250 pkgManager_->ClosePkgStream(outStream); 251 return 0; 252 } 253 TestHashDataVerifierSuccess()254 int TestHashDataVerifierSuccess() 255 { 256 std::vector<std::string> fileIds {}; 257 EXPECT_EQ(PKG_SUCCESS, pkgManager_->LoadPackage(testPackagePath + "updater_full_with_hsd.zip", 258 Utils::GetCertName(), fileIds)); 259 HashDataVerifier verifier {pkgManager_}; 260 EXPECT_TRUE(verifier.LoadHashDataAndPkcs7(testPackagePath + testZipPackageName)); 261 262 // secondary load directly return true 263 EXPECT_TRUE(verifier.LoadHashDataAndPkcs7(testPackagePath + testZipPackageName)); 264 std::vector<std::string> fileList { "updater_binary", "loadScript.us", "Verse-script.us" }; 265 for (const auto &fileName : fileList) { 266 EXPECT_EQ(VerifyFileByVerifier(verifier, fileName), 0); 267 } 268 return 0; 269 } 270 }; 271 272 HWTEST_F(PackageVerifyTest, TestPkgVerifyFailed, TestSize.Level1) 273 { 274 PackageVerifyTest test; 275 EXPECT_EQ(0, test.TestPkgVerifyFailed()); 276 } 277 278 HWTEST_F(PackageVerifyTest, TestPkcs7SignedDataFailed, TestSize.Level1) 279 { 280 PackageVerifyTest test; 281 EXPECT_EQ(0, test.TestPkcs7SignedDataFailed()); 282 } 283 284 HWTEST_F(PackageVerifyTest, TestOpensslUtilFailed, TestSize.Level1) 285 { 286 PackageVerifyTest test; 287 EXPECT_EQ(0, test.TestOpensslUtilFailed()); 288 } 289 290 HWTEST_F(PackageVerifyTest, TestCertVerifyFailed, TestSize.Level1) 291 { 292 PackageVerifyTest test; 293 EXPECT_EQ(0, test.TestCertVerifyFailed()); 294 } 295 296 HWTEST_F(PackageVerifyTest, TestExtraPackageDir, TestSize.Level1) 297 { 298 PackageVerifyTest test; 299 EXPECT_EQ(0, test.TestExtraPackageDir()); 300 } 301 302 HWTEST_F(PackageVerifyTest, TestExtraPackageFile, TestSize.Level1) 303 { 304 PackageVerifyTest test; 305 EXPECT_EQ(0, test.TestExtraPackageFile()); 306 } 307 308 HWTEST_F(PackageVerifyTest, TestGetFileSize, TestSize.Level1) 309 { 310 PackageVerifyTest test; 311 std::string testFileName = "invalid_path"; 312 EXPECT_EQ(0, test.TestGetFileSize(testFileName)); 313 testFileName = testPackagePath + "test_package.zip"; 314 EXPECT_EQ(1368949, test.TestGetFileSize(testFileName)); 315 } 316 317 HWTEST_F(PackageVerifyTest, TestHashDataVerifierFailed01, TestSize.Level1) 318 { 319 PackageVerifyTest test; 320 EXPECT_EQ(0, test.TestHashDataVerifierFailed01()); 321 } 322 323 HWTEST_F(PackageVerifyTest, TestHashDataVerifierFailed02, TestSize.Level1) 324 { 325 PackageVerifyTest test; 326 EXPECT_EQ(0, test.TestHashDataVerifierFailed02()); 327 } 328 329 HWTEST_F(PackageVerifyTest, TestHashDataVerifierFailed03, TestSize.Level1) 330 { 331 PackageVerifyTest test; 332 EXPECT_EQ(0, test.TestHashDataVerifierFailed03()); 333 } 334 335 HWTEST_F(PackageVerifyTest, TestHashDataVerifierFailed04, TestSize.Level1) 336 { 337 PackageVerifyTest test; 338 EXPECT_EQ(0, test.TestHashDataVerifierFailed04()); 339 } 340 341 HWTEST_F(PackageVerifyTest, TestHashDataVerifierSuccess, TestSize.Level1) 342 { 343 PackageVerifyTest test; 344 EXPECT_EQ(0, test.TestHashDataVerifierSuccess()); 345 } 346 } 347