From 73ae31ce0ac09c0e45924d817644261c87ab1a60 Mon Sep 17 00:00:00 2001
From: Doug Zongker <dougz@android.com>
Date: Wed, 9 Dec 2009 17:01:45 -0800
Subject: add a simple unit test for the OTA package verifier

---
 Android.mk                  |  16 ++++++++
 testdata/alter-footer.zip   | Bin 0 -> 4009 bytes
 testdata/alter-metadata.zip | Bin 0 -> 4009 bytes
 testdata/fake-eocd.zip      | Bin 0 -> 4313 bytes
 testdata/jarsigned.zip      | Bin 0 -> 2271 bytes
 testdata/otasigned.zip      | Bin 0 -> 4009 bytes
 testdata/random.zip         | Bin 0 -> 1024 bytes
 testdata/unsigned.zip       | Bin 0 -> 376 bytes
 verifier.c                  |   4 +-
 verifier_test.c             |  91 ++++++++++++++++++++++++++++++++++++++++++
 verifier_test.sh            |  94 ++++++++++++++++++++++++++++++++++++++++++++
 11 files changed, 203 insertions(+), 2 deletions(-)
 create mode 100644 testdata/alter-footer.zip
 create mode 100644 testdata/alter-metadata.zip
 create mode 100644 testdata/fake-eocd.zip
 create mode 100644 testdata/jarsigned.zip
 create mode 100644 testdata/otasigned.zip
 create mode 100644 testdata/random.zip
 create mode 100644 testdata/unsigned.zip
 create mode 100644 verifier_test.c
 create mode 100755 verifier_test.sh

diff --git a/Android.mk b/Android.mk
index deec80ae4..c7ae1f1e2 100644
--- a/Android.mk
+++ b/Android.mk
@@ -43,6 +43,22 @@ LOCAL_STATIC_LIBRARIES += libstdc++ libc
 
 include $(BUILD_EXECUTABLE)
 
+
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := verifier_test.c verifier.c
+
+LOCAL_MODULE := verifier_test
+
+LOCAL_FORCE_STATIC_EXECUTABLE := true
+
+LOCAL_MODULE_TAGS := tests
+
+LOCAL_STATIC_LIBRARIES := libmincrypt libcutils libstdc++ libc
+
+include $(BUILD_EXECUTABLE)
+
+
 include $(commands_recovery_local_path)/minui/Android.mk
 include $(commands_recovery_local_path)/minzip/Android.mk
 include $(commands_recovery_local_path)/mtdutils/Android.mk
diff --git a/testdata/alter-footer.zip b/testdata/alter-footer.zip
new file mode 100644
index 000000000..f497ec000
Binary files /dev/null and b/testdata/alter-footer.zip differ
diff --git a/testdata/alter-metadata.zip b/testdata/alter-metadata.zip
new file mode 100644
index 000000000..1c71fbc49
Binary files /dev/null and b/testdata/alter-metadata.zip differ
diff --git a/testdata/fake-eocd.zip b/testdata/fake-eocd.zip
new file mode 100644
index 000000000..15dc0a946
Binary files /dev/null and b/testdata/fake-eocd.zip differ
diff --git a/testdata/jarsigned.zip b/testdata/jarsigned.zip
new file mode 100644
index 000000000..8b1ef8bdd
Binary files /dev/null and b/testdata/jarsigned.zip differ
diff --git a/testdata/otasigned.zip b/testdata/otasigned.zip
new file mode 100644
index 000000000..a6bc53e41
Binary files /dev/null and b/testdata/otasigned.zip differ
diff --git a/testdata/random.zip b/testdata/random.zip
new file mode 100644
index 000000000..18c0b3b9f
Binary files /dev/null and b/testdata/random.zip differ
diff --git a/testdata/unsigned.zip b/testdata/unsigned.zip
new file mode 100644
index 000000000..24e3eadac
Binary files /dev/null and b/testdata/unsigned.zip differ
diff --git a/verifier.c b/verifier.c
index 164fb4a01..9d39fd139 100644
--- a/verifier.c
+++ b/verifier.c
@@ -42,7 +42,7 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
 
     // An archive with a whole-file signature will end in six bytes:
     //
-    //   $ff $ff (2-byte comment size) (2-byte signature start)
+    //   (2-byte signature start) $ff $ff (2-byte comment size)
     //
     // (As far as the ZIP format is concerned, these are part of the
     // archive comment.)  We start by reading this footer, this tells
@@ -169,7 +169,7 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
 
     const uint8_t* sha1 = SHA_final(&ctx);
     for (i = 0; i < numKeys; ++i) {
-        // The 6 bytes is the "$ff $ff (signature_start) (comment_size)" that
+        // The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that
         // the signing tool appends after the signature itself.
         if (RSA_verify(pKeys+i, eocd + eocd_size - 6 - RSANUMBYTES,
                        RSANUMBYTES, sha1)) {
diff --git a/verifier_test.c b/verifier_test.c
new file mode 100644
index 000000000..5b6c1f451
--- /dev/null
+++ b/verifier_test.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2009 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include "verifier.h"
+
+// This is build/target/product/security/testkey.x509.pem after being
+// dumped out by dumpkey.jar.
+RSAPublicKey test_key =
+    { 64, 0xc926ad21,
+      { 1795090719, 2141396315, 950055447, -1713398866,
+        -26044131, 1920809988, 546586521, -795969498,
+        1776797858, -554906482, 1805317999, 1429410244,
+        129622599, 1422441418, 1783893377, 1222374759,
+        -1731647369, 323993566, 28517732, 609753416,
+        1826472888, 215237850, -33324596, -245884705,
+        -1066504894, 774857746, 154822455, -1797768399,
+        -1536767878, -1275951968, -1500189652, 87251430,
+        -1760039318, 120774784, 571297800, -599067824,
+        -1815042109, -483341846, -893134306, -1900097649,
+        -1027721089, 950095497, 555058928, 414729973,
+        1136544882, -1250377212, 465547824, -236820568,
+        -1563171242, 1689838846, -404210357, 1048029507,
+        895090649, 247140249, 178744550, -747082073,
+        -1129788053, 109881576, -350362881, 1044303212,
+        -522594267, -1309816990, -557446364, -695002876},
+      { -857949815, -510492167, -1494742324, -1208744608,
+        251333580, 2131931323, 512774938, 325948880,
+        -1637480859, 2102694287, -474399070, 792812816,
+        1026422502, 2053275343, -1494078096, -1181380486,
+        165549746, -21447327, -229719404, 1902789247,
+        772932719, -353118870, -642223187, 216871947,
+        -1130566647, 1942378755, -298201445, 1055777370,
+        964047799, 629391717, -2062222979, -384408304,
+        191868569, -1536083459, -612150544, -1297252564,
+        -1592438046, -724266841, -518093464, -370899750,
+        -739277751, -1536141862, 1323144535, 61311905,
+        1997411085, 376844204, 213777604, -217643712,
+        9135381, 1625809335, -1490225159, -1342673351,
+        1117190829, -57654514, 1825108855, -1281819325,
+        1111251351, -1726129724, 1684324211, -1773988491,
+        367251975, 810756730, -1941182952, 1175080310 }
+    };
+
+void ui_print(const char* fmt, ...) {
+    char buf[256];
+    va_list ap;
+    va_start(ap, fmt);
+    vsnprintf(buf, 256, fmt, ap);
+    va_end(ap);
+
+    fputs(buf, stderr);
+}
+
+void ui_set_progress(float fraction) {
+}
+
+int main(int argc, char **argv) {
+    if (argc != 2) {
+        fprintf(stderr, "Usage: %s <package>\n", argv[0]);
+        return 2;
+    }
+
+    int result = verify_file(argv[1], &test_key, 1);
+    if (result == VERIFY_SUCCESS) {
+        printf("SUCCESS\n");
+        return 0;
+    } else if (result == VERIFY_FAILURE) {
+        printf("FAILURE\n");
+        return 1;
+    } else {
+        printf("bad return value\n");
+        return 3;
+    }
+}
diff --git a/verifier_test.sh b/verifier_test.sh
new file mode 100755
index 000000000..6350e80d3
--- /dev/null
+++ b/verifier_test.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+#
+# A test suite for applypatch.  Run in a client where you have done
+# envsetup, choosecombo, etc.
+#
+# DO NOT RUN THIS ON A DEVICE YOU CARE ABOUT.  It will mess up your
+# system partition.
+#
+#
+# TODO: find some way to get this run regularly along with the rest of
+# the tests.
+
+EMULATOR_PORT=5580
+DATA_DIR=$ANDROID_BUILD_TOP/bootable/recovery/testdata
+
+WORK_DIR=/data/local/tmp
+
+# set to 0 to use a device instead
+USE_EMULATOR=0
+
+# ------------------------
+
+if [ "$USE_EMULATOR" == 1 ]; then
+  emulator -wipe-data -noaudio -no-window -port $EMULATOR_PORT &
+  pid_emulator=$!
+  ADB="adb -s emulator-$EMULATOR_PORT "
+else
+  ADB="adb -d "
+fi
+
+echo "waiting to connect to device"
+$ADB wait-for-device
+
+# run a command on the device; exit with the exit status of the device
+# command.
+run_command() {
+  $ADB shell "$@" \; echo \$? | awk '{if (b) {print a}; a=$0; b=1} END {exit a}'
+}
+
+testname() {
+  echo
+  echo "::: testing $1 :::"
+  testname="$1"
+}
+
+fail() {
+  echo
+  echo FAIL: $testname
+  echo
+  [ "$open_pid" == "" ] || kill $open_pid
+  [ "$pid_emulator" == "" ] || kill $pid_emulator
+  exit 1
+}
+
+
+cleanup() {
+  # not necessary if we're about to kill the emulator, but nice for
+  # running on real devices or already-running emulators.
+  run_command rm $WORK_DIR/verifier_test
+  run_command rm $WORK_DIR/package.zip
+
+  [ "$pid_emulator" == "" ] || kill $pid_emulator
+}
+
+$ADB push $ANDROID_PRODUCT_OUT/system/bin/verifier_test \
+          $WORK_DIR/verifier_test
+
+expect_succeed() {
+  testname "$1 (should succeed)"
+  $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
+  run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip || fail
+}
+
+expect_fail() {
+  testname "$1 (should fail)"
+  $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
+  run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip && fail
+}
+
+expect_fail unsigned.zip
+expect_fail jarsigned.zip
+expect_succeed otasigned.zip
+expect_fail random.zip
+expect_fail fake-eocd.zip
+expect_fail alter-metadata.zip
+expect_fail alter-footer.zip
+
+# --------------- cleanup ----------------------
+
+cleanup
+
+echo
+echo PASS
+echo
-- 
cgit v1.2.3