From 10d5ae2a63b0b90c326852637c9e0e15fbed2663 Mon Sep 17 00:00:00 2001 From: fundavid Date: Thu, 31 Oct 2024 16:29:06 +0800 Subject: [PATCH] code sync missing Signed-off-by: fundavid --- services/key_enable/utils/include/key_utils.h | 1 - .../key_enable/utils/src/devices_security.cpp | 2 +- test/unittest/BUILD.gn | 16 +++- test/unittest/add_cert_path_test.cpp | 87 +++++++++++-------- test/unittest/cert_chain_verifier_test.cpp | 4 + test/unittest/key_enable_utils_test.cpp | 30 ------- utils/src/huks_attest_verifier.cpp | 2 +- 7 files changed, 74 insertions(+), 68 deletions(-) diff --git a/services/key_enable/utils/include/key_utils.h b/services/key_enable/utils/include/key_utils.h index 7044124..7ba018c 100644 --- a/services/key_enable/utils/include/key_utils.h +++ b/services/key_enable/utils/include/key_utils.h @@ -41,7 +41,6 @@ KeySerial KeyctlRestrictKeyring( const char *restriction); bool IsRdDevice(); -int32_t CheckEfuseStatus(char *buf, ssize_t bunLen); #ifdef __cplusplus } #endif diff --git a/services/key_enable/utils/src/devices_security.cpp b/services/key_enable/utils/src/devices_security.cpp index a1cd19e..3ccca6e 100644 --- a/services/key_enable/utils/src/devices_security.cpp +++ b/services/key_enable/utils/src/devices_security.cpp @@ -48,7 +48,7 @@ static bool CheckDeviceMode(char *buf, ssize_t bunLen) return false; } -int32_t CheckEfuseStatus(char *buf, ssize_t bunLen) +static int32_t CheckEfuseStatus(char *buf, ssize_t bunLen) { if (strstr(buf, "efuse_status=1")) { LOG_DEBUG(LABEL, "device is not efused"); diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 534c79e..5a4f504 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -37,7 +37,21 @@ ohos_source_set("key_enable_src_set") { ohos_unittest("add_cert_path_unittest") { module_out_path = "security/code_signature" - sources = [ "add_cert_path_test.cpp" ] + sources = [ + "${code_signature_root_dir}/services/key_enable/utils/src/cert_path.cpp", + "add_cert_path_test.cpp", + ] + include_dirs = + [ "${code_signature_root_dir}/services/key_enable/utils/include" ] + configs = [ + "${code_signature_root_dir}:common_utils_config", + "${code_signature_root_dir}:common_public_config", + ] + deps = [ "${selinux_dir}:libselinux" ] + external_deps = [ + "hilog:libhilog", + "init:libbegetutil", + ] } ohos_unittest("code_sign_utils_unittest") { diff --git a/test/unittest/add_cert_path_test.cpp b/test/unittest/add_cert_path_test.cpp index f2ee68b..c010eca 100644 --- a/test/unittest/add_cert_path_test.cpp +++ b/test/unittest/add_cert_path_test.cpp @@ -19,26 +19,18 @@ #include #include #include +#include #include +#include "cert_path.h" +#include "selinux/selinux.h" + namespace OHOS { namespace Security { namespace CodeSign { using namespace std; using namespace testing::ext; -struct cert_chain_info { - uint32_t signing_length; - uint32_t issuer_length; - uint64_t signing; - uint64_t issuer; - uint32_t max_cert_chain; - uint32_t cert_path_type; - uint8_t reserved[32]; -}; - -#define WRITE_CERT_CHAIN _IOW('k', 1, cert_chain_info) - static const uint32_t MAX_CERT_CHAIN = 3; static const uint32_t CERT_PATH_TYPE = 0x103; static const uint32_t GREATER_THAN_MAX_CERT_CHAIN = 4; @@ -47,6 +39,11 @@ static const uint32_t LESS_THAN_MIN_CERT_CHAIN = -1; static const string DEV_NAME = "/dev/code_sign"; static const string TEST_SUBJECT = "OpenHarmony Application Release"; static const string TEST_ISSUER = "OpenHarmony Application CA"; +static const string KEY_ENABLE_CTX = "u:r:key_enable:s0"; +static const string FAKE_SUBJECT = "Fake subject"; +static const string FAKE_ISSUER = "Fake issuer"; +static const string SUBJECT_AS_SYSTEM_TYPE = "System subject"; +static const string ISSUER_AS_SYSTEM_TYPE = "System issuer"; class AddCertPathTest : public testing::Test { public: @@ -58,58 +55,80 @@ public: void TearDown() {}; }; -static bool CallIoctl(const char *signing, const char *issuer, uint32_t max_cert_chain, uint32_t cert_path_type) +static CertPathInfo MakeCertPathInfo(const char *signing, const char *issuer, + uint32_t max_cert_chain, uint32_t cert_path_type) { - int fd = open(DEV_NAME.c_str(), O_WRONLY); - EXPECT_GE(fd, 0); - - cert_chain_info arg = { 0 }; + CertPathInfo arg = { 0 }; arg.signing = reinterpret_cast(signing); arg.issuer = reinterpret_cast(issuer); - arg.signing_length = strlen(signing) + 1; - arg.issuer_length = strlen(issuer) + 1; - arg.max_cert_chain = max_cert_chain; - arg.cert_path_type = cert_path_type; - int ret = ioctl(fd, WRITE_CERT_CHAIN, &arg); - - close(fd); - return ret; + arg.signing_length = strlen(signing); + arg.issuer_length = strlen(issuer); + arg.path_len = max_cert_chain; + arg.path_type = cert_path_type; + return arg; } /** * @tc.name: AddCertPathTest_0001 - * @tc.desc: successfully called interface + * @tc.desc: calling interface with greater than path len * @tc.type: Func * @tc.require: */ HWTEST_F(AddCertPathTest, AddCertPathTest_0001, TestSize.Level0) { - int ret = CallIoctl(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), MAX_CERT_CHAIN, CERT_PATH_TYPE); - EXPECT_GE(ret, 0); + CertPathInfo certPathInfo = MakeCertPathInfo(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), + GREATER_THAN_MAX_CERT_CHAIN, CERT_PATH_TYPE); + EXPECT_NE(AddCertPath(certPathInfo), 0); } /** * @tc.name: AddCertPathTest_0002 - * @tc.desc: calling interface with greater than path len + * @tc.desc: calling interface with invalid path len * @tc.type: Func * @tc.require: */ HWTEST_F(AddCertPathTest, AddCertPathTest_0002, TestSize.Level0) { - int ret = CallIoctl(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), GREATER_THAN_MAX_CERT_CHAIN, CERT_PATH_TYPE); - EXPECT_NE(ret, 0); + CertPathInfo certPathInfo = MakeCertPathInfo(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), + LESS_THAN_MIN_CERT_CHAIN, CERT_PATH_TYPE); + EXPECT_NE(AddCertPath(certPathInfo), 0); } /** * @tc.name: AddCertPathTest_0003 - * @tc.desc: calling interface with invalid path len + * @tc.desc: add cert path success * @tc.type: Func * @tc.require: */ HWTEST_F(AddCertPathTest, AddCertPathTest_0003, TestSize.Level0) { - int ret = CallIoctl(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str(), LESS_THAN_MIN_CERT_CHAIN, CERT_PATH_TYPE); - EXPECT_NE(ret, 0); + // type = developer in release + CertPathInfo certPathInfo = MakeCertPathInfo(FAKE_SUBJECT.c_str(), FAKE_ISSUER.c_str(), MAX_CERT_CHAIN, 0x3); + EXPECT_EQ(AddCertPath(certPathInfo), 0); + EXPECT_EQ(RemoveCertPath(certPathInfo), 0); + + // type = developer in debug + certPathInfo = MakeCertPathInfo(FAKE_SUBJECT.c_str(), FAKE_ISSUER.c_str(), MAX_CERT_CHAIN, 0x103); + EXPECT_EQ(AddCertPath(certPathInfo), 0); + EXPECT_EQ(RemoveCertPath(certPathInfo), 0); + + // remove unexists + EXPECT_NE(RemoveCertPath(certPathInfo), 0); +} + +/** + * @tc.name: AddCertPathTest_0004 + * @tc.desc: cannot add system cert except key_enable + * @tc.type: Func + * @tc.require: + */ +HWTEST_F(AddCertPathTest, AddCertPathTest_0004, TestSize.Level0) +{ + // release + CertPathInfo certPathInfo = MakeCertPathInfo(SUBJECT_AS_SYSTEM_TYPE.c_str(), + ISSUER_AS_SYSTEM_TYPE.c_str(), MAX_CERT_CHAIN, 1); + // cannot add except key_enable + EXPECT_NE(AddCertPath(certPathInfo), 0); } } // namespace CodeSign } // namespace Security diff --git a/test/unittest/cert_chain_verifier_test.cpp b/test/unittest/cert_chain_verifier_test.cpp index 1d35db7..6d4357b 100644 --- a/test/unittest/cert_chain_verifier_test.cpp +++ b/test/unittest/cert_chain_verifier_test.cpp @@ -359,7 +359,11 @@ HWTEST_F(CertChainVerifierTest, CertChainVerifierTest_008, TestSize.Level0) FormattedCertChain(certs, formattedCert); // verify extension success challenge.CopyFrom(CHALLENGE, sizeof(CHALLENGE)); +#ifdef CODE_SIGNATURE_OH_ROOT_CA EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), true); +#else + EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), false); +#endif } } // namespace CodeSign diff --git a/test/unittest/key_enable_utils_test.cpp b/test/unittest/key_enable_utils_test.cpp index 356c934..656863e 100644 --- a/test/unittest/key_enable_utils_test.cpp +++ b/test/unittest/key_enable_utils_test.cpp @@ -46,36 +46,6 @@ HWTEST_F(KeyEnableUtilsTest, KeyEnableUtilsTest_0001, TestSize.Level0) { EXPECT_EQ(IsRdDevice(), true); } - -/** - * @tc.name: KeyEnableUtilsTest_0002 - * @tc.desc: check efuse status - * @tc.type: Func - * @tc.require: issueI8FCGF - */ -HWTEST_F(KeyEnableUtilsTest, KeyEnableUtilsTest_0002, TestSize.Level0) -{ - std::string str = "efuse_status=0"; - char *buf = const_cast(str.c_str()); - ssize_t bunLen = 0; - int32_t ret = CheckEfuseStatus(buf, bunLen); - EXPECT_EQ(ret, false); -} - -/** - * @tc.name: KeyEnableUtilsTest_0002 - * @tc.desc: check efuse status - * @tc.type: Func - * @tc.require: issueI8FCGF - */ -HWTEST_F(KeyEnableUtilsTest, KeyEnableUtilsTest_0002, TestSize.Level0) -{ - std::string str = "efuse_status=1"; - char *buf = const_cast(str.c_str()); - ssize_t bunLen = 0; - int32_t ret = CheckEfuseStatus(buf, bunLen); - EXPECT_EQ(ret, true); -} } // namespace CodeSign } // namespace Security } // namespace OHOS diff --git a/utils/src/huks_attest_verifier.cpp b/utils/src/huks_attest_verifier.cpp index 1ce9808..0966a58 100644 --- a/utils/src/huks_attest_verifier.cpp +++ b/utils/src/huks_attest_verifier.cpp @@ -379,7 +379,7 @@ bool GetVerifiedCert(const ByteBuffer &buffer, const ByteBuffer &challenge, Byte ShowCertInfo(certChainBuffer, issuerBuffer, certBuffer); } #endif - LOG_INFO("verify finished."); + LOG_INFO("verify finished, ret = %{public}d.", ret); return ret; } } -- Gitee