diff --git a/services/key_enable/utils/include/key_utils.h b/services/key_enable/utils/include/key_utils.h index 7044124d23ad854bcd0e37e027cb5a7bd11e7b9c..7ba018c14421a0973ae953deb74d7147c48cc781 100644 --- a/services/key_enable/utils/include/key_utils.h +++ b/services/key_enable/utils/include/key_utils.h @@ -41,7 +41,6 @@ KeySerial KeyctlRestrictKeyring( const char *restriction); bool IsRdDevice(); -int32_t CheckEfuseStatus(char *buf, ssize_t bunLen); #ifdef __cplusplus } #endif diff --git a/services/key_enable/utils/src/devices_security.cpp b/services/key_enable/utils/src/devices_security.cpp index a1cd19e2ea5abe38f923829bade885f4b74b5922..3ccca6e9476494ded7fb29143bab18d823e16101 100644 --- a/services/key_enable/utils/src/devices_security.cpp +++ b/services/key_enable/utils/src/devices_security.cpp @@ -48,7 +48,7 @@ static bool CheckDeviceMode(char *buf, ssize_t bunLen) return false; } -int32_t CheckEfuseStatus(char *buf, ssize_t bunLen) +static int32_t CheckEfuseStatus(char *buf, ssize_t bunLen) { if (strstr(buf, "efuse_status=1")) { LOG_DEBUG(LABEL, "device is not efused"); diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 534c79e8d3a5eca5756aa61979cae34f38c9dd7e..5a4f504a3895873decbfd430a354be9a602efb03 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -37,7 +37,21 @@ ohos_source_set("key_enable_src_set") { ohos_unittest("add_cert_path_unittest") { module_out_path = "security/code_signature" - sources = [ "add_cert_path_test.cpp" ] + sources = [ + "${code_signature_root_dir}/services/key_enable/utils/src/cert_path.cpp", + "add_cert_path_test.cpp", + ] + include_dirs = + [ "${code_signature_root_dir}/services/key_enable/utils/include" ] + configs = [ + "${code_signature_root_dir}:common_utils_config", + "${code_signature_root_dir}:common_public_config", + ] + deps = [ "${selinux_dir}:libselinux" ] + external_deps = [ + "hilog:libhilog", + "init:libbegetutil", + ] } ohos_unittest("code_sign_utils_unittest") { diff --git a/test/unittest/add_cert_path_test.cpp b/test/unittest/add_cert_path_test.cpp index f2ee68bea29f7e8ca7a826cec4202c17eaa208a4..c010ecaab47501bfffb3164e25a27fe19cf64014 100644 --- a/test/unittest/add_cert_path_test.cpp +++ b/test/unittest/add_cert_path_test.cpp @@ -19,26 +19,18 @@ #include #include #include +#include #include +#include "cert_path.h" +#include "selinux/selinux.h" + namespace OHOS { namespace Security { namespace CodeSign { using namespace std; using namespace testing::ext; -struct cert_chain_info { - uint32_t signing_length; - uint32_t issuer_length; - uint64_t signing; - uint64_t issuer; - uint32_t max_cert_chain; - uint32_t cert_path_type; - uint8_t reserved[32]; -}; - -#define WRITE_CERT_CHAIN _IOW('k', 1, cert_chain_info) - static const uint32_t MAX_CERT_CHAIN = 3; static const uint32_t CERT_PATH_TYPE = 0x103; static const uint32_t GREATER_THAN_MAX_CERT_CHAIN = 4; @@ -47,6 +39,11 @@ static const uint32_t LESS_THAN_MIN_CERT_CHAIN = -1; static const string DEV_NAME = "/dev/code_sign"; static const string TEST_SUBJECT = "OpenHarmony Application Release"; static const string TEST_ISSUER = "OpenHarmony Application CA"; +static const string KEY_ENABLE_CTX = "u:r:key_enable:s0"; +static const string FAKE_SUBJECT = "Fake subject"; +static const string FAKE_ISSUER = "Fake issuer"; +static const string SUBJECT_AS_SYSTEM_TYPE = "System subject"; +static const string ISSUER_AS_SYSTEM_TYPE = "System issuer"; class AddCertPathTest : public testing::Test { public: @@ -58,58 +55,80 @@ public: void TearDown() {}; }; -static bool CallIoctl(const char *signing, const char *issuer, uint32_t max_cert_chain, uint32_t cert_path_type) +static CertPathInfo MakeCertPathInfo(const char *signing, const char *issuer, + uint32_t max_cert_chain, uint32_t cert_path_type) { - int fd = open(DEV_NAME.c_str(), O_WRONLY); - EXPECT_GE(fd, 0); - - cert_chain_info arg = { 0 }; + CertPathInfo arg = { 0 }; arg.signing = reinterpret_cast(signing); arg.issuer = reinterpret_cast(issuer); - arg.signing_length = strlen(signing) + 1; - arg.issuer_length = strlen(issuer) + 1; - arg.max_cert_chain = max_cert_chain; - arg.cert_path_type = cert_path_type; - int ret = ioctl(fd, WRITE_CERT_CHAIN, &arg); - - close(fd); - return ret; + arg.signing_length = strlen(signing); + arg.issuer_length = strlen(issuer); + arg.path_len = max_cert_chain; + arg.path_type = cert_path_type; + return arg; } /** * @tc.name: AddCertPathTest_0001 - * @tc.desc: successfully called interface + * @tc.desc: calling interface with greater than path len * @tc.type: Func * @tc.require: */ HWTEST_F(AddCertPathTest, AddCertPathTest_0001, TestSize.Level0) { - int ret = CallIoctl(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), MAX_CERT_CHAIN, CERT_PATH_TYPE); - EXPECT_GE(ret, 0); + CertPathInfo certPathInfo = MakeCertPathInfo(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), + GREATER_THAN_MAX_CERT_CHAIN, CERT_PATH_TYPE); + EXPECT_NE(AddCertPath(certPathInfo), 0); } /** * @tc.name: AddCertPathTest_0002 - * @tc.desc: calling interface with greater than path len + * @tc.desc: calling interface with invalid path len * @tc.type: Func * @tc.require: */ HWTEST_F(AddCertPathTest, AddCertPathTest_0002, TestSize.Level0) { - int ret = CallIoctl(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), GREATER_THAN_MAX_CERT_CHAIN, CERT_PATH_TYPE); - EXPECT_NE(ret, 0); + CertPathInfo certPathInfo = MakeCertPathInfo(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), + LESS_THAN_MIN_CERT_CHAIN, CERT_PATH_TYPE); + EXPECT_NE(AddCertPath(certPathInfo), 0); } /** * @tc.name: AddCertPathTest_0003 - * @tc.desc: calling interface with invalid path len + * @tc.desc: add cert path success * @tc.type: Func * @tc.require: */ HWTEST_F(AddCertPathTest, AddCertPathTest_0003, TestSize.Level0) { - int ret = CallIoctl(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), LESS_THAN_MIN_CERT_CHAIN, CERT_PATH_TYPE); - EXPECT_NE(ret, 0); + // type = developer in release + CertPathInfo certPathInfo = MakeCertPathInfo(FAKE_SUBJECT.c_str(), FAKE_ISSUER.c_str(), MAX_CERT_CHAIN, 0x3); + EXPECT_EQ(AddCertPath(certPathInfo), 0); + EXPECT_EQ(RemoveCertPath(certPathInfo), 0); + + // type = developer in debug + certPathInfo = MakeCertPathInfo(FAKE_SUBJECT.c_str(), FAKE_ISSUER.c_str(), MAX_CERT_CHAIN, 0x103); + EXPECT_EQ(AddCertPath(certPathInfo), 0); + EXPECT_EQ(RemoveCertPath(certPathInfo), 0); + + // remove unexists + EXPECT_NE(RemoveCertPath(certPathInfo), 0); +} + +/** + * @tc.name: AddCertPathTest_0004 + * @tc.desc: cannot add system cert except key_enable + * @tc.type: Func + * @tc.require: + */ +HWTEST_F(AddCertPathTest, AddCertPathTest_0004, TestSize.Level0) +{ + // release + CertPathInfo certPathInfo = MakeCertPathInfo(SUBJECT_AS_SYSTEM_TYPE.c_str(), + ISSUER_AS_SYSTEM_TYPE.c_str(), MAX_CERT_CHAIN, 1); + // cannot add except key_enable + EXPECT_NE(AddCertPath(certPathInfo), 0); } } // namespace CodeSign } // namespace Security diff --git a/test/unittest/cert_chain_verifier_test.cpp b/test/unittest/cert_chain_verifier_test.cpp index 1d35db714d55401569395784339b06a08ac0d842..6d4357b77b5a9c6c8c4ea95e85ac6310c5485b1d 100644 --- a/test/unittest/cert_chain_verifier_test.cpp +++ b/test/unittest/cert_chain_verifier_test.cpp @@ -359,7 +359,11 @@ HWTEST_F(CertChainVerifierTest, CertChainVerifierTest_008, TestSize.Level0) FormattedCertChain(certs, formattedCert); // verify extension success challenge.CopyFrom(CHALLENGE, sizeof(CHALLENGE)); +#ifdef CODE_SIGNATURE_OH_ROOT_CA EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), true); +#else + EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), false); +#endif } } // namespace CodeSign diff --git a/test/unittest/key_enable_utils_test.cpp b/test/unittest/key_enable_utils_test.cpp index 356c9345bba1a69b61dd7b73452f5025e35b1ddb..656863ebd9a53c8468b446a1e6ba7f3ea0b19824 100644 --- a/test/unittest/key_enable_utils_test.cpp +++ b/test/unittest/key_enable_utils_test.cpp @@ -46,36 +46,6 @@ HWTEST_F(KeyEnableUtilsTest, KeyEnableUtilsTest_0001, TestSize.Level0) { EXPECT_EQ(IsRdDevice(), true); } - -/** - * @tc.name: KeyEnableUtilsTest_0002 - * @tc.desc: check efuse status - * @tc.type: Func - * @tc.require: issueI8FCGF - */ -HWTEST_F(KeyEnableUtilsTest, KeyEnableUtilsTest_0002, TestSize.Level0) -{ - std::string str = "efuse_status=0"; - char *buf = const_cast(str.c_str()); - ssize_t bunLen = 0; - int32_t ret = CheckEfuseStatus(buf, bunLen); - EXPECT_EQ(ret, false); -} - -/** - * @tc.name: KeyEnableUtilsTest_0002 - * @tc.desc: check efuse status - * @tc.type: Func - * @tc.require: issueI8FCGF - */ -HWTEST_F(KeyEnableUtilsTest, KeyEnableUtilsTest_0002, TestSize.Level0) -{ - std::string str = "efuse_status=1"; - char *buf = const_cast(str.c_str()); - ssize_t bunLen = 0; - int32_t ret = CheckEfuseStatus(buf, bunLen); - EXPECT_EQ(ret, true); -} } // namespace CodeSign } // namespace Security } // namespace OHOS diff --git a/utils/src/huks_attest_verifier.cpp b/utils/src/huks_attest_verifier.cpp index 1ce9808d427e2c4b576fe189344e5de5231f3250..0966a584ae0e8e767fb8bd4334c59327410bc326 100644 --- a/utils/src/huks_attest_verifier.cpp +++ b/utils/src/huks_attest_verifier.cpp @@ -379,7 +379,7 @@ bool GetVerifiedCert(const ByteBuffer &buffer, const ByteBuffer &challenge, Byte ShowCertInfo(certChainBuffer, issuerBuffer, certBuffer); } #endif - LOG_INFO("verify finished."); + LOG_INFO("verify finished, ret = %{public}d.", ret); return ret; } }