22 files changed, 127 insertions, 75 deletions

diff --git a/tests/Android.mk b/tests/Android.mk
index 4ce00b457..3f3c433eb 100644
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -16,11 +16,40 @@
 
 LOCAL_PATH := $(call my-dir)
 
+# Unit tests
 include $(CLEAR_VARS)
 LOCAL_CLANG := true
+LOCAL_MODULE := recovery_unit_test
 LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
 LOCAL_STATIC_LIBRARIES := libverifier
-LOCAL_SRC_FILES := asn1_decoder_test.cpp
-LOCAL_MODULE := asn1_decoder_test
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/..
+LOCAL_SRC_FILES := unit/asn1_decoder_test.cpp
+LOCAL_C_INCLUDES := bootable/recovery
+include $(BUILD_NATIVE_TEST)
+
+# Component tests
+include $(CLEAR_VARS)
+LOCAL_CLANG := true
+LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
+LOCAL_MODULE := recovery_component_test
+LOCAL_C_INCLUDES := bootable/recovery
+LOCAL_SRC_FILES := component/verifier_test.cpp
+LOCAL_FORCE_STATIC_EXECUTABLE := true
+LOCAL_STATIC_LIBRARIES := \
+    libbase \
+    libverifier \
+    libmincrypt \
+    libminui \
+    libminzip \
+    libcutils \
+    libc
+
+testdata_out_path := $(TARGET_OUT_DATA_NATIVE_TESTS)/$(LOCAL_MODULE)
+testdata_files := $(call find-subdir-files, testdata/*)
+
+GEN := $(addprefix $(testdata_out_path)/, $(testdata_files))
+$(GEN): PRIVATE_PATH := $(LOCAL_PATH)
+$(GEN): PRIVATE_CUSTOM_TOOL = cp $< $@
+$(GEN): $(testdata_out_path)/% : $(LOCAL_PATH)/%
+	$(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
 include $(BUILD_NATIVE_TEST)
diff --git a/verifier_test.cpp b/tests/component/verifier_test.cpp
index 2367e0052..7f7b1b448 100644
--- a/verifier_test.cpp
+++ b/tests/component/verifier_test.cpp
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 2009 The Android Open Source Project
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
+ * Licensed under the Apache License, version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agree to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
@@ -16,22 +16,33 @@
 
 #include <errno.h>
 #include <fcntl.h>
-#include <stdarg.h>
+#include <gtest/gtest.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 
 #include <memory>
+#include <string>
 #include <vector>
 
+#include <android-base/stringprintf.h>
+
 #include "common.h"
-#include "verifier.h"
-#include "ui.h"
 #include "mincrypt/sha.h"
 #include "mincrypt/sha256.h"
 #include "minzip/SysUtil.h"
+#include "ui.h"
+#include "verifier.h"
+
+#if defined(__LP64__)
+#define NATIVE_TEST_PATH "/nativetest64"
+#else
+#define NATIVE_TEST_PATH "/nativetest"
+#endif
+
+static const char* DATA_PATH = getenv("ANDROID_DATA");
+static const char* TESTDATA_PATH = "/recovery_component_test/testdata/";
 
 // This is build/target/product/security/testkey.x509.pem after being
 // dumped out by dumpkey.jar.
@@ -123,9 +134,7 @@ ECPublicKey test_ec_key =
 
 RecoveryUI* ui = NULL;
 
-// verifier expects to find a UI object; we provide one that does
-// nothing but print.
-class FakeUI : public RecoveryUI {
+class MockUI : public RecoveryUI {
     void Init() { }
     void SetStage(int, int) { }
     void SetLocale(const char*) { }
@@ -166,79 +175,93 @@ ui_print(const char* format, ...) {
     va_end(ap);
 }
 
-int main(int argc, char** argv) {
-    if (argc < 2) {
-        fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]);
-        return 2;
-    }
-
+class VerifierTest : public testing::TestWithParam<std::vector<std::string>> {
+  public:
+    MemMapping memmap;
     std::vector<Certificate> certs;
-    int argn = 1;
-    while (argn < argc) {
-        if (strcmp(argv[argn], "-sha256") == 0) {
-            if (certs.empty()) {
-                fprintf(stderr, "May only specify -sha256 after key type\n");
-                return 2;
+
+    virtual void SetUp() {
+        std::vector<std::string> args = GetParam();
+        std::string package = android::base::StringPrintf("%s%s%s%s", DATA_PATH, NATIVE_TEST_PATH,
+                TESTDATA_PATH, args[0].c_str());
+        for (auto it = ++(args.cbegin()); it != args.cend(); ++it) {
+            if (it->substr(it->length() - 3, it->length()) == "256") {
+                if (certs.empty()) {
+                    FAIL() << "May only specify -sha256 after key type\n";
+                }
+                certs.back().hash_len = SHA256_DIGEST_SIZE;
+            } else if (*it == "ec") {
+                certs.emplace_back(SHA_DIGEST_SIZE, Certificate::EC,
+                        nullptr, std::unique_ptr<ECPublicKey>(new ECPublicKey(test_ec_key)));
+            } else if (*it == "e3") {
+                certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+                        std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
+            } else if (*it == "f4") {
+                certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+                        std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_f4_key)), nullptr);
             }
-            ++argn;
-            certs.back().hash_len = SHA256_DIGEST_SIZE;
-        } else if (strcmp(argv[argn], "-ec") == 0) {
-            ++argn;
-            certs.emplace_back(SHA_DIGEST_SIZE, Certificate::EC,
-                    nullptr, std::unique_ptr<ECPublicKey>(new ECPublicKey(test_ec_key)));
-        } else if (strcmp(argv[argn], "-e3") == 0) {
-            ++argn;
+        }
+        if (certs.empty()) {
             certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
                     std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
-        } else if (strcmp(argv[argn], "-f4") == 0) {
-            ++argn;
-            certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
-                    std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_f4_key)), nullptr);
-        } else if (strcmp(argv[argn], "-file") == 0) {
-            if (!certs.empty()) {
-                fprintf(stderr, "Cannot specify -file with other certs specified\n");
-                return 2;
-            }
-            ++argn;
-            if (!load_keys(argv[argn], certs)) {
-                fprintf(stderr, "Cannot load keys from %s\n", argv[argn]);
-            }
-            ++argn;
-        } else if (argv[argn][0] == '-') {
-            fprintf(stderr, "Unknown argument %s\n", argv[argn]);
-            return 2;
-        } else {
-            break;
+        }
+        if (sysMapFile(package.c_str(), &memmap) != 0) {
+            FAIL() << "Failed to mmap " << package << ": " << strerror(errno) << "\n";
         }
     }
 
-    if (argn == argc) {
-        fprintf(stderr, "Must specify package to verify\n");
-        return 2;
+    static void SetUpTestCase() {
+        ui = new MockUI();
     }
+};
 
-    if (certs.empty()) {
-        certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
-                std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
-    }
+class VerifierSuccessTest : public VerifierTest {
+};
 
-    ui = new FakeUI();
+class VerifierFailureTest : public VerifierTest {
+};
 
-    MemMapping map;
-    if (sysMapFile(argv[argn], &map) != 0) {
-        fprintf(stderr, "failed to mmap %s: %s\n", argv[argn], strerror(errno));
-        return 4;
-    }
+TEST_P(VerifierSuccessTest, VerifySucceed) {
+    ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs), VERIFY_SUCCESS);
+}
 
-    int result = verify_file(map.addr, map.length, certs);
-    if (result == VERIFY_SUCCESS) {
-        printf("VERIFIED\n");
-        return 0;
-    } else if (result == VERIFY_FAILURE) {
-        printf("NOT VERIFIED\n");
-        return 1;
-    } else {
-        printf("bad return value\n");
-        return 3;
-    }
+TEST_P(VerifierFailureTest, VerifyFailure) {
+    ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs), VERIFY_FAILURE);
 }
+
+INSTANTIATE_TEST_CASE_P(SingleKeySuccess, VerifierSuccessTest,
+        ::testing::Values(
+            std::vector<std::string>({"otasigned.zip", "e3"}),
+            std::vector<std::string>({"otasigned_f4.zip", "f4"}),
+            std::vector<std::string>({"otasigned_sha256.zip", "e3", "sha256"}),
+            std::vector<std::string>({"otasigned_f4_sha256.zip", "f4", "sha256"}),
+            std::vector<std::string>({"otasigned_ecdsa_sha256.zip", "ec", "sha256"})));
+
+INSTANTIATE_TEST_CASE_P(MultiKeySuccess, VerifierSuccessTest,
+        ::testing::Values(
+            std::vector<std::string>({"otasigned.zip", "f4", "e3"}),
+            std::vector<std::string>({"otasigned_f4.zip", "ec", "f4"}),
+            std::vector<std::string>({"otasigned_sha256.zip", "ec", "e3", "e3", "sha256"}),
+            std::vector<std::string>({"otasigned_f4_sha256.zip", "ec", "sha256", "e3", "f4", "sha256"}),
+            std::vector<std::string>({"otasigned_ecdsa_sha256.zip", "f4", "sha256", "e3", "ec", "sha256"})));
+
+INSTANTIATE_TEST_CASE_P(WrongKey, VerifierFailureTest,
+        ::testing::Values(
+            std::vector<std::string>({"otasigned.zip", "f4"}),
+            std::vector<std::string>({"otasigned_f4.zip", "e3"}),
+            std::vector<std::string>({"otasigned_ecdsa_sha256.zip", "e3", "sha256"})));
+
+INSTANTIATE_TEST_CASE_P(WrongHash, VerifierFailureTest,
+        ::testing::Values(
+            std::vector<std::string>({"otasigned.zip", "e3", "sha256"}),
+            std::vector<std::string>({"otasigned_f4.zip", "f4", "sha256"}),
+            std::vector<std::string>({"otasigned_sha256.zip"}),
+            std::vector<std::string>({"otasigned_f4_sha256.zip", "f4"}),
+            std::vector<std::string>({"otasigned_ecdsa_sha256.zip"})));
+
+INSTANTIATE_TEST_CASE_P(BadPackage, VerifierFailureTest,
+        ::testing::Values(
+            std::vector<std::string>({"random.zip"}),
+            std::vector<std::string>({"fake-eocd.zip"}),
+            std::vector<std::string>({"alter-metadata.zip"}),
+            std::vector<std::string>({"alter-footer.zip"})));
diff --git a/testdata/alter-footer.zip b/tests/testdata/alter-footer.zip
index f497ec000..f497ec000 100644
--- a/testdata/alter-footer.zip
+++ b/tests/testdata/alter-footer.zip
diff --git a/testdata/alter-metadata.zip b/tests/testdata/alter-metadata.zip
index 1c71fbc49..1c71fbc49 100644
--- a/testdata/alter-metadata.zip
+++ b/tests/testdata/alter-metadata.zip
diff --git a/testdata/fake-eocd.zip b/tests/testdata/fake-eocd.zip
index 15dc0a946..15dc0a946 100644
--- a/testdata/fake-eocd.zip
+++ b/tests/testdata/fake-eocd.zip
diff --git a/testdata/jarsigned.zip b/tests/testdata/jarsigned.zip
index 8b1ef8bdd..8b1ef8bdd 100644
--- a/testdata/jarsigned.zip
+++ b/tests/testdata/jarsigned.zip
diff --git a/testdata/otasigned.zip b/tests/testdata/otasigned.zip
index a6bc53e41..a6bc53e41 100644
--- a/testdata/otasigned.zip
+++ b/tests/testdata/otasigned.zip
diff --git a/testdata/otasigned_ecdsa_sha256.zip b/tests/testdata/otasigned_ecdsa_sha256.zip
index 999fcdd0f..999fcdd0f 100644
--- a/testdata/otasigned_ecdsa_sha256.zip
+++ b/tests/testdata/otasigned_ecdsa_sha256.zip
diff --git a/testdata/otasigned_f4.zip b/tests/testdata/otasigned_f4.zip
index dd1e4dd40..dd1e4dd40 100644
--- a/testdata/otasigned_f4.zip
+++ b/tests/testdata/otasigned_f4.zip
diff --git a/testdata/otasigned_f4_sha256.zip b/tests/testdata/otasigned_f4_sha256.zip
index 3af408c40..3af408c40 100644
--- a/testdata/otasigned_f4_sha256.zip
+++ b/tests/testdata/otasigned_f4_sha256.zip
diff --git a/testdata/otasigned_sha256.zip b/tests/testdata/otasigned_sha256.zip
index 0ed4409b3..0ed4409b3 100644
--- a/testdata/otasigned_sha256.zip
+++ b/tests/testdata/otasigned_sha256.zip
diff --git a/testdata/random.zip b/tests/testdata/random.zip
index 18c0b3b9f..18c0b3b9f 100644
--- a/testdata/random.zip
+++ b/tests/testdata/random.zip
diff --git a/testdata/test_f4.pk8 b/tests/testdata/test_f4.pk8
index 3052613c5..3052613c5 100644
--- a/testdata/test_f4.pk8
+++ b/tests/testdata/test_f4.pk8
diff --git a/testdata/test_f4.x509.pem b/tests/testdata/test_f4.x509.pem
index 814abcf99..814abcf99 100644
--- a/testdata/test_f4.x509.pem
+++ b/tests/testdata/test_f4.x509.pem
diff --git a/testdata/test_f4_sha256.x509.pem b/tests/testdata/test_f4_sha256.x509.pem
index 9d5376b45..9d5376b45 100644
--- a/testdata/test_f4_sha256.x509.pem
+++ b/tests/testdata/test_f4_sha256.x509.pem
diff --git a/testdata/testkey.pk8 b/tests/testdata/testkey.pk8
index 586c1bd5c..586c1bd5c 100644
--- a/testdata/testkey.pk8
+++ b/tests/testdata/testkey.pk8
diff --git a/testdata/testkey.x509.pem b/tests/testdata/testkey.x509.pem
index e242d83e2..e242d83e2 100644
--- a/testdata/testkey.x509.pem
+++ b/tests/testdata/testkey.x509.pem
diff --git a/testdata/testkey_ecdsa.pk8 b/tests/testdata/testkey_ecdsa.pk8
index 9a521c8cf..9a521c8cf 100644
--- a/testdata/testkey_ecdsa.pk8
+++ b/tests/testdata/testkey_ecdsa.pk8
diff --git a/testdata/testkey_ecdsa.x509.pem b/tests/testdata/testkey_ecdsa.x509.pem
index b12283645..b12283645 100644
--- a/testdata/testkey_ecdsa.x509.pem
+++ b/tests/testdata/testkey_ecdsa.x509.pem
diff --git a/testdata/testkey_sha256.x509.pem b/tests/testdata/testkey_sha256.x509.pem
index 002ce8968..002ce8968 100644
--- a/testdata/testkey_sha256.x509.pem
+++ b/tests/testdata/testkey_sha256.x509.pem
diff --git a/testdata/unsigned.zip b/tests/testdata/unsigned.zip
index 24e3eadac..24e3eadac 100644
--- a/testdata/unsigned.zip
+++ b/tests/testdata/unsigned.zip
diff --git a/tests/asn1_decoder_test.cpp b/tests/unit/asn1_decoder_test.cpp
index af96d87d2..af96d87d2 100644
--- a/tests/asn1_decoder_test.cpp
+++ b/tests/unit/asn1_decoder_test.cpp