summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDoug Zongker <dougz@android.com>2009-12-11 00:52:09 +0100
committerAndroid Git Automerger <android-git-automerger@android.com>2009-12-11 00:52:09 +0100
commit25215285c4afb686eab90fa48f0965dcdea3564c (patch)
treef9d624ae37090834c91218b1827e190d8d14bdd9
parentMerge change I117fdea9 (diff)
parentam 73ae31ce: add a simple unit test for the OTA package verifier (diff)
downloadandroid_bootable_recovery-25215285c4afb686eab90fa48f0965dcdea3564c.tar
android_bootable_recovery-25215285c4afb686eab90fa48f0965dcdea3564c.tar.gz
android_bootable_recovery-25215285c4afb686eab90fa48f0965dcdea3564c.tar.bz2
android_bootable_recovery-25215285c4afb686eab90fa48f0965dcdea3564c.tar.lz
android_bootable_recovery-25215285c4afb686eab90fa48f0965dcdea3564c.tar.xz
android_bootable_recovery-25215285c4afb686eab90fa48f0965dcdea3564c.tar.zst
android_bootable_recovery-25215285c4afb686eab90fa48f0965dcdea3564c.zip
Diffstat (limited to '')
-rw-r--r--Android.mk16
-rw-r--r--testdata/alter-footer.zipbin0 -> 4009 bytes
-rw-r--r--testdata/alter-metadata.zipbin0 -> 4009 bytes
-rw-r--r--testdata/fake-eocd.zipbin0 -> 4313 bytes
-rw-r--r--testdata/jarsigned.zipbin0 -> 2271 bytes
-rw-r--r--testdata/otasigned.zipbin0 -> 4009 bytes
-rw-r--r--testdata/random.zipbin0 -> 1024 bytes
-rw-r--r--testdata/unsigned.zipbin0 -> 376 bytes
-rw-r--r--verifier.c4
-rw-r--r--verifier_test.c91
-rwxr-xr-xverifier_test.sh94
11 files changed, 203 insertions, 2 deletions
diff --git a/Android.mk b/Android.mk
index 913aa1491..e89b2258c 100644
--- a/Android.mk
+++ b/Android.mk
@@ -44,6 +44,22 @@ LOCAL_STATIC_LIBRARIES += libstdc++ libc
include $(BUILD_EXECUTABLE)
+
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := verifier_test.c verifier.c
+
+LOCAL_MODULE := verifier_test
+
+LOCAL_FORCE_STATIC_EXECUTABLE := true
+
+LOCAL_MODULE_TAGS := tests
+
+LOCAL_STATIC_LIBRARIES := libmincrypt libcutils libstdc++ libc
+
+include $(BUILD_EXECUTABLE)
+
+
include $(commands_recovery_local_path)/minui/Android.mk
include $(commands_recovery_local_path)/minzip/Android.mk
include $(commands_recovery_local_path)/mtdutils/Android.mk
diff --git a/testdata/alter-footer.zip b/testdata/alter-footer.zip
new file mode 100644
index 000000000..f497ec000
--- /dev/null
+++ b/testdata/alter-footer.zip
Binary files differ
diff --git a/testdata/alter-metadata.zip b/testdata/alter-metadata.zip
new file mode 100644
index 000000000..1c71fbc49
--- /dev/null
+++ b/testdata/alter-metadata.zip
Binary files differ
diff --git a/testdata/fake-eocd.zip b/testdata/fake-eocd.zip
new file mode 100644
index 000000000..15dc0a946
--- /dev/null
+++ b/testdata/fake-eocd.zip
Binary files differ
diff --git a/testdata/jarsigned.zip b/testdata/jarsigned.zip
new file mode 100644
index 000000000..8b1ef8bdd
--- /dev/null
+++ b/testdata/jarsigned.zip
Binary files differ
diff --git a/testdata/otasigned.zip b/testdata/otasigned.zip
new file mode 100644
index 000000000..a6bc53e41
--- /dev/null
+++ b/testdata/otasigned.zip
Binary files differ
diff --git a/testdata/random.zip b/testdata/random.zip
new file mode 100644
index 000000000..18c0b3b9f
--- /dev/null
+++ b/testdata/random.zip
Binary files differ
diff --git a/testdata/unsigned.zip b/testdata/unsigned.zip
new file mode 100644
index 000000000..24e3eadac
--- /dev/null
+++ b/testdata/unsigned.zip
Binary files differ
diff --git a/verifier.c b/verifier.c
index 164fb4a01..9d39fd139 100644
--- a/verifier.c
+++ b/verifier.c
@@ -42,7 +42,7 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
// An archive with a whole-file signature will end in six bytes:
//
- // $ff $ff (2-byte comment size) (2-byte signature start)
+ // (2-byte signature start) $ff $ff (2-byte comment size)
//
// (As far as the ZIP format is concerned, these are part of the
// archive comment.) We start by reading this footer, this tells
@@ -169,7 +169,7 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
const uint8_t* sha1 = SHA_final(&ctx);
for (i = 0; i < numKeys; ++i) {
- // The 6 bytes is the "$ff $ff (signature_start) (comment_size)" that
+ // The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that
// the signing tool appends after the signature itself.
if (RSA_verify(pKeys+i, eocd + eocd_size - 6 - RSANUMBYTES,
RSANUMBYTES, sha1)) {
diff --git a/verifier_test.c b/verifier_test.c
new file mode 100644
index 000000000..5b6c1f451
--- /dev/null
+++ b/verifier_test.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2009 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include "verifier.h"
+
+// This is build/target/product/security/testkey.x509.pem after being
+// dumped out by dumpkey.jar.
+RSAPublicKey test_key =
+ { 64, 0xc926ad21,
+ { 1795090719, 2141396315, 950055447, -1713398866,
+ -26044131, 1920809988, 546586521, -795969498,
+ 1776797858, -554906482, 1805317999, 1429410244,
+ 129622599, 1422441418, 1783893377, 1222374759,
+ -1731647369, 323993566, 28517732, 609753416,
+ 1826472888, 215237850, -33324596, -245884705,
+ -1066504894, 774857746, 154822455, -1797768399,
+ -1536767878, -1275951968, -1500189652, 87251430,
+ -1760039318, 120774784, 571297800, -599067824,
+ -1815042109, -483341846, -893134306, -1900097649,
+ -1027721089, 950095497, 555058928, 414729973,
+ 1136544882, -1250377212, 465547824, -236820568,
+ -1563171242, 1689838846, -404210357, 1048029507,
+ 895090649, 247140249, 178744550, -747082073,
+ -1129788053, 109881576, -350362881, 1044303212,
+ -522594267, -1309816990, -557446364, -695002876},
+ { -857949815, -510492167, -1494742324, -1208744608,
+ 251333580, 2131931323, 512774938, 325948880,
+ -1637480859, 2102694287, -474399070, 792812816,
+ 1026422502, 2053275343, -1494078096, -1181380486,
+ 165549746, -21447327, -229719404, 1902789247,
+ 772932719, -353118870, -642223187, 216871947,
+ -1130566647, 1942378755, -298201445, 1055777370,
+ 964047799, 629391717, -2062222979, -384408304,
+ 191868569, -1536083459, -612150544, -1297252564,
+ -1592438046, -724266841, -518093464, -370899750,
+ -739277751, -1536141862, 1323144535, 61311905,
+ 1997411085, 376844204, 213777604, -217643712,
+ 9135381, 1625809335, -1490225159, -1342673351,
+ 1117190829, -57654514, 1825108855, -1281819325,
+ 1111251351, -1726129724, 1684324211, -1773988491,
+ 367251975, 810756730, -1941182952, 1175080310 }
+ };
+
+void ui_print(const char* fmt, ...) {
+ char buf[256];
+ va_list ap;
+ va_start(ap, fmt);
+ vsnprintf(buf, 256, fmt, ap);
+ va_end(ap);
+
+ fputs(buf, stderr);
+}
+
+void ui_set_progress(float fraction) {
+}
+
+int main(int argc, char **argv) {
+ if (argc != 2) {
+ fprintf(stderr, "Usage: %s <package>\n", argv[0]);
+ return 2;
+ }
+
+ int result = verify_file(argv[1], &test_key, 1);
+ if (result == VERIFY_SUCCESS) {
+ printf("SUCCESS\n");
+ return 0;
+ } else if (result == VERIFY_FAILURE) {
+ printf("FAILURE\n");
+ return 1;
+ } else {
+ printf("bad return value\n");
+ return 3;
+ }
+}
diff --git a/verifier_test.sh b/verifier_test.sh
new file mode 100755
index 000000000..6350e80d3
--- /dev/null
+++ b/verifier_test.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+#
+# A test suite for applypatch. Run in a client where you have done
+# envsetup, choosecombo, etc.
+#
+# DO NOT RUN THIS ON A DEVICE YOU CARE ABOUT. It will mess up your
+# system partition.
+#
+#
+# TODO: find some way to get this run regularly along with the rest of
+# the tests.
+
+EMULATOR_PORT=5580
+DATA_DIR=$ANDROID_BUILD_TOP/bootable/recovery/testdata
+
+WORK_DIR=/data/local/tmp
+
+# set to 0 to use a device instead
+USE_EMULATOR=0
+
+# ------------------------
+
+if [ "$USE_EMULATOR" == 1 ]; then
+ emulator -wipe-data -noaudio -no-window -port $EMULATOR_PORT &
+ pid_emulator=$!
+ ADB="adb -s emulator-$EMULATOR_PORT "
+else
+ ADB="adb -d "
+fi
+
+echo "waiting to connect to device"
+$ADB wait-for-device
+
+# run a command on the device; exit with the exit status of the device
+# command.
+run_command() {
+ $ADB shell "$@" \; echo \$? | awk '{if (b) {print a}; a=$0; b=1} END {exit a}'
+}
+
+testname() {
+ echo
+ echo "::: testing $1 :::"
+ testname="$1"
+}
+
+fail() {
+ echo
+ echo FAIL: $testname
+ echo
+ [ "$open_pid" == "" ] || kill $open_pid
+ [ "$pid_emulator" == "" ] || kill $pid_emulator
+ exit 1
+}
+
+
+cleanup() {
+ # not necessary if we're about to kill the emulator, but nice for
+ # running on real devices or already-running emulators.
+ run_command rm $WORK_DIR/verifier_test
+ run_command rm $WORK_DIR/package.zip
+
+ [ "$pid_emulator" == "" ] || kill $pid_emulator
+}
+
+$ADB push $ANDROID_PRODUCT_OUT/system/bin/verifier_test \
+ $WORK_DIR/verifier_test
+
+expect_succeed() {
+ testname "$1 (should succeed)"
+ $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
+ run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip || fail
+}
+
+expect_fail() {
+ testname "$1 (should fail)"
+ $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
+ run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip && fail
+}
+
+expect_fail unsigned.zip
+expect_fail jarsigned.zip
+expect_succeed otasigned.zip
+expect_fail random.zip
+expect_fail fake-eocd.zip
+expect_fail alter-metadata.zip
+expect_fail alter-footer.zip
+
+# --------------- cleanup ----------------------
+
+cleanup
+
+echo
+echo PASS
+echo