/*
* Copyright (C) 2009 The Android Open Source Project
*
* Licensed under the Apache License, version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agree to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <string>
#include <vector>
#include <android-base/file.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <android-base/test_utils.h>
#include <android-base/unique_fd.h>
#include <gtest/gtest.h>
#include <ziparchive/zip_writer.h>
#include "common/test_constants.h"
#include "otautil/sysutil.h"
#include "verifier.h"
using namespace std::string_literals;
static void LoadKeyFromFile(const std::string& file_name, Certificate* cert) {
std::string testkey_string;
ASSERT_TRUE(android::base::ReadFileToString(file_name, &testkey_string));
ASSERT_TRUE(LoadCertificateFromBuffer(
std::vector<uint8_t>(testkey_string.begin(), testkey_string.end()), cert));
}
static void VerifyPackageWithCertificates(const std::string& name,
const std::vector<Certificate>& certs) {
std::string package = from_testdata_base(name);
MemMapping memmap;
if (!memmap.MapFile(package)) {
FAIL() << "Failed to mmap " << package << ": " << strerror(errno) << "\n";
}
ASSERT_EQ(VERIFY_SUCCESS, verify_file(memmap.addr, memmap.length, certs));
}
static void VerifyPackageWithSingleCertificate(const std::string& name, Certificate&& cert) {
std::vector<Certificate> certs;
certs.emplace_back(std::move(cert));
VerifyPackageWithCertificates(name, certs);
}
static void BuildCertificateArchive(const std::vector<std::string>& file_names, int fd) {
FILE* zip_file_ptr = fdopen(fd, "wb");
ZipWriter zip_writer(zip_file_ptr);
for (const auto& name : file_names) {
std::string content;
ASSERT_TRUE(android::base::ReadFileToString(name, &content));
// Makes sure the zip entry name has the correct suffix.
std::string entry_name = name;
if (!android::base::EndsWith(entry_name, "x509.pem")) {
entry_name += "x509.pem";
}
ASSERT_EQ(0, zip_writer.StartEntry(entry_name.c_str(), ZipWriter::kCompress));
ASSERT_EQ(0, zip_writer.WriteBytes(content.data(), content.size()));
ASSERT_EQ(0, zip_writer.FinishEntry());
}
ASSERT_EQ(0, zip_writer.Finish());
ASSERT_EQ(0, fclose(zip_file_ptr));
}
TEST(VerifierTest, LoadCertificateFromBuffer_failure) {
Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
std::string testkey_string;
ASSERT_TRUE(
android::base::ReadFileToString(from_testdata_base("testkey_v1.txt"), &testkey_string));
ASSERT_FALSE(LoadCertificateFromBuffer(
std::vector<uint8_t>(testkey_string.begin(), testkey_string.end()), &cert));
}
TEST(VerifierTest, LoadCertificateFromBuffer_sha1_exponent3) {
Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
LoadKeyFromFile(from_testdata_base("testkey_v1.x509.pem"), &cert);
ASSERT_EQ(SHA_DIGEST_LENGTH, cert.hash_len);
ASSERT_EQ(Certificate::KEY_TYPE_RSA, cert.key_type);
ASSERT_EQ(nullptr, cert.ec);
VerifyPackageWithSingleCertificate("otasigned_v1.zip", std::move(cert));
}
TEST(VerifierTest, LoadCertificateFromBuffer_sha1_exponent65537) {
Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
LoadKeyFromFile(from_testdata_base("testkey_v2.x509.pem"), &cert);
ASSERT_EQ(SHA_DIGEST_LENGTH, cert.hash_len);
ASSERT_EQ(Certificate::KEY_TYPE_RSA, cert.key_type);
ASSERT_EQ(nullptr, cert.ec);
VerifyPackageWithSingleCertificate("otasigned_v2.zip", std::move(cert));
}
TEST(VerifierTest, LoadCertificateFromBuffer_sha256_exponent3) {
Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
LoadKeyFromFile(from_testdata_base("testkey_v3.x509.pem"), &cert);
ASSERT_EQ(SHA256_DIGEST_LENGTH, cert.hash_len);
ASSERT_EQ(Certificate::KEY_TYPE_RSA, cert.key_type);
ASSERT_EQ(nullptr, cert.ec);
VerifyPackageWithSingleCertificate("otasigned_v3.zip", std::move(cert));
}
TEST(VerifierTest, LoadCertificateFromBuffer_sha256_exponent65537) {
Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
LoadKeyFromFile(from_testdata_base("testkey_v4.x509.pem"), &cert);
ASSERT_EQ(SHA256_DIGEST_LENGTH, cert.hash_len);
ASSERT_EQ(Certificate::KEY_TYPE_RSA, cert.key_type);
ASSERT_EQ(nullptr, cert.ec);
VerifyPackageWithSingleCertificate("otasigned_v4.zip", std::move(cert));
}
TEST(VerifierTest, LoadCertificateFromBuffer_sha256_ec256bits) {
Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
LoadKeyFromFile(from_testdata_base("testkey_v5.x509.pem"), &cert);
ASSERT_EQ(SHA256_DIGEST_LENGTH, cert.hash_len);
ASSERT_EQ(Certificate::KEY_TYPE_EC, cert.key_type);
ASSERT_EQ(nullptr, cert.rsa);
VerifyPackageWithSingleCertificate("otasigned_v5.zip", std::move(cert));
}
TEST(VerifierTest, LoadKeysFromZipfile_empty_archive) {
TemporaryFile otacerts;
BuildCertificateArchive({}, otacerts.release());
std::vector<Certificate> certs = LoadKeysFromZipfile(otacerts.path);
ASSERT_TRUE(certs.empty());
}
TEST(VerifierTest, LoadKeysFromZipfile_single_key) {
TemporaryFile otacerts;
BuildCertificateArchive({ from_testdata_base("testkey_v1.x509.pem") }, otacerts.release());
std::vector<Certificate> certs = LoadKeysFromZipfile(otacerts.path);
ASSERT_EQ(1, certs.size());
VerifyPackageWithCertificates("otasigned_v1.zip", certs);
}
TEST(VerifierTest, LoadKeysFromZipfile_corrupted_key) {
TemporaryFile corrupted_key;
std::string content;
ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("testkey_v1.x509.pem"), &content));
content = "random-contents" + content;
ASSERT_TRUE(android::base::WriteStringToFd(content, corrupted_key.release()));
TemporaryFile otacerts;
BuildCertificateArchive({ from_testdata_base("testkey_v2.x509.pem"), corrupted_key.path },
otacerts.release());
std::vector<Certificate> certs = LoadKeysFromZipfile(otacerts.path);
ASSERT_EQ(0, certs.size());
}
TEST(VerifierTest, LoadKeysFromZipfile_multiple_key) {
TemporaryFile otacerts;
BuildCertificateArchive(
{
from_testdata_base("testkey_v3.x509.pem"),
from_testdata_base("testkey_v4.x509.pem"),
from_testdata_base("testkey_v5.x509.pem"),
},
otacerts.release());
std::vector<Certificate> certs = LoadKeysFromZipfile(otacerts.path);
ASSERT_EQ(3, certs.size());
VerifyPackageWithCertificates("otasigned_v3.zip", certs);
VerifyPackageWithCertificates("otasigned_v4.zip", certs);
VerifyPackageWithCertificates("otasigned_v5.zip", certs);
}
class VerifierTest : public testing::TestWithParam<std::vector<std::string>> {
protected:
void SetUp() override {
std::vector<std::string> args = GetParam();
std::string package = from_testdata_base(args[0]);
if (!memmap.MapFile(package)) {
FAIL() << "Failed to mmap " << package << ": " << strerror(errno) << "\n";
}
for (auto it = ++args.cbegin(); it != args.cend(); ++it) {
std::string public_key_file = from_testdata_base("testkey_" + *it + ".txt");
ASSERT_TRUE(load_keys(public_key_file.c_str(), certs));
}
}
MemMapping memmap;
std::vector<Certificate> certs;
};
class VerifierSuccessTest : public VerifierTest {
};
class VerifierFailureTest : public VerifierTest {
};
TEST(VerifierTest, load_keys_multiple_keys) {
std::string testkey_v4;
ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("testkey_v4.txt"), &testkey_v4));
std::string testkey_v3;
ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("testkey_v3.txt"), &testkey_v3));
std::string keys = testkey_v4 + "," + testkey_v3 + "," + testkey_v4;
TemporaryFile key_file1;
ASSERT_TRUE(android::base::WriteStringToFile(keys, key_file1.path));
std::vector<Certificate> certs;
ASSERT_TRUE(load_keys(key_file1.path, certs));
ASSERT_EQ(3U, certs.size());
}
TEST(VerifierTest, load_keys_invalid_keys) {
std::vector<Certificate> certs;
ASSERT_FALSE(load_keys("/doesntexist", certs));
// Empty file.
TemporaryFile key_file1;
ASSERT_FALSE(load_keys(key_file1.path, certs));
// Invalid contents.
ASSERT_TRUE(android::base::WriteStringToFile("invalid", key_file1.path));
ASSERT_FALSE(load_keys(key_file1.path, certs));
std::string testkey_v4;
ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("testkey_v4.txt"), &testkey_v4));
// Invalid key version: "v4 ..." => "v6 ...".
std::string invalid_key2(testkey_v4);
invalid_key2[1] = '6';
TemporaryFile key_file2;
ASSERT_TRUE(android::base::WriteStringToFile(invalid_key2, key_file2.path));
ASSERT_FALSE(load_keys(key_file2.path, certs));
// Invalid key content: inserted extra bytes ",2209831334".
std::string invalid_key3(testkey_v4);
invalid_key3.insert(invalid_key2.size() - 2, ",2209831334");
TemporaryFile key_file3;
ASSERT_TRUE(android::base::WriteStringToFile(invalid_key3, key_file3.path));
ASSERT_FALSE(load_keys(key_file3.path, certs));
// Invalid key: the last key must not end with an extra ','.
std::string invalid_key4 = testkey_v4 + ",";
TemporaryFile key_file4;
ASSERT_TRUE(android::base::WriteStringToFile(invalid_key4, key_file4.path));
ASSERT_FALSE(load_keys(key_file4.path, certs));
// Invalid key separator.
std::string invalid_key5 = testkey_v4 + ";" + testkey_v4;
TemporaryFile key_file5;
ASSERT_TRUE(android::base::WriteStringToFile(invalid_key5, key_file5.path));
ASSERT_FALSE(load_keys(key_file5.path, certs));
}
TEST(VerifierTest, BadPackage_AlteredFooter) {
std::string testkey_v3;
ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("testkey_v3.txt"), &testkey_v3));
TemporaryFile key_file1;
ASSERT_TRUE(android::base::WriteStringToFile(testkey_v3, key_file1.path));
std::vector<Certificate> certs;
ASSERT_TRUE(load_keys(key_file1.path, certs));
std::string package;
ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("otasigned_v3.zip"), &package));
ASSERT_EQ(std::string("\xc0\x06\xff\xff\xd2\x06", 6), package.substr(package.size() - 6, 6));
// Alter the footer.
package[package.size() - 5] = '\x05';
ASSERT_EQ(VERIFY_FAILURE,
verify_file(reinterpret_cast<const unsigned char*>(package.data()), package.size(),
certs));
}
TEST(VerifierTest, BadPackage_AlteredContent) {
std::string testkey_v3;
ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("testkey_v3.txt"), &testkey_v3));
TemporaryFile key_file1;
ASSERT_TRUE(android::base::WriteStringToFile(testkey_v3, key_file1.path));
std::vector<Certificate> certs;
ASSERT_TRUE(load_keys(key_file1.path, certs));
std::string package;
ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("otasigned_v3.zip"), &package));
ASSERT_GT(package.size(), static_cast<size_t>(100));
// Alter the content.
std::string altered1(package);
altered1[50] += 1;
ASSERT_EQ(VERIFY_FAILURE,
verify_file(reinterpret_cast<const unsigned char*>(altered1.data()), altered1.size(),
certs));
std::string altered2(package);
altered2[10] += 1;
ASSERT_EQ(VERIFY_FAILURE,
verify_file(reinterpret_cast<const unsigned char*>(altered2.data()), altered2.size(),
certs));
}
TEST(VerifierTest, BadPackage_SignatureStartOutOfBounds) {
std::string testkey_v3;
ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("testkey_v3.txt"), &testkey_v3));
TemporaryFile key_file;
ASSERT_TRUE(android::base::WriteStringToFile(testkey_v3, key_file.path));
std::vector<Certificate> certs;
ASSERT_TRUE(load_keys(key_file.path, certs));
// Signature start is 65535 (0xffff) while comment size is 0 (Bug: 31914369).
std::string package = "\x50\x4b\x05\x06"s + std::string(12, '\0') + "\xff\xff\xff\xff\x00\x00"s;
ASSERT_EQ(VERIFY_FAILURE, verify_file(reinterpret_cast<const unsigned char*>(package.data()),
package.size(), certs));
}
TEST_P(VerifierSuccessTest, VerifySucceed) {
ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs, nullptr), VERIFY_SUCCESS);
}
TEST_P(VerifierFailureTest, VerifyFailure) {
ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs, nullptr), VERIFY_FAILURE);
}
INSTANTIATE_TEST_CASE_P(SingleKeySuccess, VerifierSuccessTest,
::testing::Values(
std::vector<std::string>({"otasigned_v1.zip", "v1"}),
std::vector<std::string>({"otasigned_v2.zip", "v2"}),
std::vector<std::string>({"otasigned_v3.zip", "v3"}),
std::vector<std::string>({"otasigned_v4.zip", "v4"}),
std::vector<std::string>({"otasigned_v5.zip", "v5"})));
INSTANTIATE_TEST_CASE_P(MultiKeySuccess, VerifierSuccessTest,
::testing::Values(
std::vector<std::string>({"otasigned_v1.zip", "v1", "v2"}),
std::vector<std::string>({"otasigned_v2.zip", "v5", "v2"}),
std::vector<std::string>({"otasigned_v3.zip", "v5", "v1", "v3"}),
std::vector<std::string>({"otasigned_v4.zip", "v5", "v1", "v4"}),
std::vector<std::string>({"otasigned_v5.zip", "v4", "v1", "v5"})));
INSTANTIATE_TEST_CASE_P(WrongKey, VerifierFailureTest,
::testing::Values(
std::vector<std::string>({"otasigned_v1.zip", "v2"}),
std::vector<std::string>({"otasigned_v2.zip", "v1"}),
std::vector<std::string>({"otasigned_v3.zip", "v5"}),
std::vector<std::string>({"otasigned_v4.zip", "v5"}),
std::vector<std::string>({"otasigned_v5.zip", "v3"})));
INSTANTIATE_TEST_CASE_P(WrongHash, VerifierFailureTest,
::testing::Values(
std::vector<std::string>({"otasigned_v1.zip", "v3"}),
std::vector<std::string>({"otasigned_v2.zip", "v4"}),
std::vector<std::string>({"otasigned_v3.zip", "v1"}),
std::vector<std::string>({"otasigned_v4.zip", "v2"})));
INSTANTIATE_TEST_CASE_P(BadPackage, VerifierFailureTest,
::testing::Values(
std::vector<std::string>({"random.zip", "v1"}),
std::vector<std::string>({"fake-eocd.zip", "v1"})));
