From 217d9f98595076f344746bffdafb4314191f3e1b Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Mon, 20 Mar 2017 16:57:25 -0700 Subject: [PATCH] tests: Construct two bad packages at runtime for VerifierTest. For the BadPackage tests from VerifierTest: one alters the footer, and the other alters the metadata. Move the two tests to be based on otasigned_v3.zip (they're based on otasigned_v1.zip previously). Also construct the testdata files dynamically (to save the space and for better readability). Test: recovery_component_test Change-Id: I7604d563f8b4fa0c55fec8730c063384158e3abc --- tests/component/verifier_test.cpp | 49 ++++++++++++++++++++++++++++-- tests/testdata/alter-footer.zip | Bin 4009 -> 0 bytes tests/testdata/alter-metadata.zip | Bin 4009 -> 0 bytes 3 files changed, 46 insertions(+), 3 deletions(-) delete mode 100644 tests/testdata/alter-footer.zip delete mode 100644 tests/testdata/alter-metadata.zip diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp index 07a8c960..2cfb6d30 100644 --- a/tests/component/verifier_test.cpp +++ b/tests/component/verifier_test.cpp @@ -115,6 +115,51 @@ TEST(VerifierTest, load_keys_invalid_keys) { ASSERT_FALSE(load_keys(key_file5.path, certs)); } +TEST(VerifierTest, BadPackage_AlteredFooter) { + std::string testkey_v3; + ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("testkey_v3.txt"), &testkey_v3)); + TemporaryFile key_file1; + ASSERT_TRUE(android::base::WriteStringToFile(testkey_v3, key_file1.path)); + std::vector certs; + ASSERT_TRUE(load_keys(key_file1.path, certs)); + + std::string package; + ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("otasigned_v3.zip"), &package)); + ASSERT_EQ(std::string("\xc0\x06\xff\xff\xd2\x06", 6), package.substr(package.size() - 6, 6)); + + // Alter the footer. + package[package.size() - 5] = '\x05'; + ASSERT_EQ(VERIFY_FAILURE, + verify_file(reinterpret_cast(package.data()), package.size(), + certs)); +} + +TEST(VerifierTest, BadPackage_AlteredContent) { + std::string testkey_v3; + ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("testkey_v3.txt"), &testkey_v3)); + TemporaryFile key_file1; + ASSERT_TRUE(android::base::WriteStringToFile(testkey_v3, key_file1.path)); + std::vector certs; + ASSERT_TRUE(load_keys(key_file1.path, certs)); + + std::string package; + ASSERT_TRUE(android::base::ReadFileToString(from_testdata_base("otasigned_v3.zip"), &package)); + ASSERT_GT(package.size(), static_cast(100)); + + // Alter the content. + std::string altered1(package); + altered1[50] += 1; + ASSERT_EQ(VERIFY_FAILURE, + verify_file(reinterpret_cast(altered1.data()), altered1.size(), + certs)); + + std::string altered2(package); + altered2[10] += 1; + ASSERT_EQ(VERIFY_FAILURE, + verify_file(reinterpret_cast(altered2.data()), altered2.size(), + certs)); +} + TEST_P(VerifierSuccessTest, VerifySucceed) { ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs, nullptr), VERIFY_SUCCESS); } @@ -157,6 +202,4 @@ INSTANTIATE_TEST_CASE_P(WrongHash, VerifierFailureTest, INSTANTIATE_TEST_CASE_P(BadPackage, VerifierFailureTest, ::testing::Values( std::vector({"random.zip", "v1"}), - std::vector({"fake-eocd.zip", "v1"}), - std::vector({"alter-metadata.zip", "v1"}), - std::vector({"alter-footer.zip", "v1"}))); + std::vector({"fake-eocd.zip", "v1"}))); diff --git a/tests/testdata/alter-footer.zip b/tests/testdata/alter-footer.zip deleted file mode 100644 index f497ec000519e4b81802430b5098a9caa4cf2be3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4009 zcmd6oc|25Y8^`CE&0ZqAnuJNnnaEa&#FOlX%2F}LKBi2`zRXz4l9GL`WT&i^C^Dij zp~XIkP?5@#A=^88d!wHBegA&$`JB(3bDjHpf6n#0@9TFN>p@|B5LV_-InG)IvSIK+ zU=RasGfg>NLmhboO+#HBZLHZI1D%y-2;>y4iJhVW2^v~_@~B>v19P1_zTMXPoTgl& zc(p;R6P8#>KIlJ`{q=i2qdIFu+I9aFH6`Ihc2rh}Fv~sLEITu^M(LaIJu@)f}ZSz$MTR-ilq`R2NnbH6}4(6>WcU5pPG~S8$EN}($s_}y*%gh@j26}w+^^l z+733N~bl~);SKP?u6Pz+g+A*INgPR^zWs0_f?xHdY^RRY`H;t%>7!Y}~m@TI_ zAnMW_x5b)dA52PlbcyXa$K?1+b&iP1s(jgHo9^A?3tA>3b{5wqk@nrN50_Fkz8;o5 zmxx;a#5)nws-5(({JjQN{>=DnZkkD{Cw){&Z}PR}d_yS)biZAh8W1S9YNpx|s~9!z zU^6q?Ty=>orc)hc#k1winN| zt4DsX@qfQ)BvvEI=zcp=*d&m!z2@CFRgG}vpy2)wn)Mf^JS~bEW7-l7ylQ*AgdYF^7j&4vjS`95`W39Hk$8q$PRyRj_-xOGL@)im!s9 zOPnu#B_(4kwNH?QV@S`XU!`kZfnUY9ea{H|@*=s0_8!fD>O-M1HVJpAJg+ls^vp~B zo@9n&arwy--A4hXgbSUuiPQQ~v`CRvLB$otYw)nUvfCpCBQO6Yp_O!}D!NatPN`E; z^17>v(Kl9M#SB=JOu6DVMJIY!kogO0qlKPu?xt69?ICgRyfjYpIN0v9alkKKO;}CR z%+GXLuE^*D{t~r-O75XsKF+{Y70Mp-fA}F&%W5h9$dT1SwP!S;dx7DfJugOQiiXm1 zFU@?uYiHY?`>~*Y$Ul$RN3Gg-o}v3;*Ss4i|I!v8Eqkl(NwjC2sML7E{pE?I-7S^F zgPk5GhHQ1Ehx9ou%;V@jv~3@q8kW;Y26I)Kow2clImhJH^Ww~r4d zt;!jcbg~WgTh*&PBXs3h7=|Jnz94((>faxhHqX>8+8^+p(0e*juq5f0Uc0MQAbWIS zUg;2Bq@&SfrsoXf%J9xEtZJ{w(~Ny+Wtg=Z?kjQOmaI@)i@h~Z;Y4;ytN!OXu;SeD zo)+r7-cj0aRGNH!S4sF39~dbL<#$0`i9|R@i6`DVI=aV&=;(~Yv(nw0OIF^`ro?lb zN(=ex?en#g+OOu@tSnc%cq$vWjE0M>h@ABi9kwfelUkIQ&q#V;|FPi7(>vp1UD2?w z0}odQ>2AYofIm{xhPpXd?fALgYr)eF&y8o ziYe9lFVZKFnRgsR-YHLV5+4hVj7pUn?S1pY!ET;A`W+mdv$WE1e@fqCQ~B70n>80B z>g1-Gdl%XwTKAXCH-#h&KlCU@PxE(ldxv)1af`X4H%Pc>sBu{Ae?L!cJwC_Qs82*k;r zKsd|3X8!90$MzwajRfuoVf~Z1;ABs-|AWZ0Rq5YI*!>_*|0F!mk_dPv0kH5v)_dy4 z=CjsQe;>aZ&L182&s8=W_gbS`A5+ZRU#t9VTYsZBsJ3SA>tm7G2!5xTR=5mSxdh5nQMQ{;8_Gn4&Y@;})>EyA~lJ4(phKx zeS;vnkRH?RTxyte;lHGcl@u{-MqZWG`FRlvP_RY8n`f})b80GGl(P#L5A z^YNeh*%Sb^QDA^s(G-A-xrqQP3k3imov}i&fkqCA(#dDIw>{mG>gq2D6Jo=wh^V{| zkMdr)zV;&KvgZ=UxT`lM@3UC#QTNQ(djH{|9=>v9CG+*z@u^|QJdxTm@SYbHrd6X) z60FquwqtA9SCw0a;nW(H!04K`tIhSj+ungqSpA_;lIokc%HhZFwPEqqD4Euf1cSM?IneZJCscF zKLA@HC5t5wrruS#Stby8Tg=L3<>Pi10D7Ce1dNjYjvqwJ>fGfC zgJ)e3Dq?Gn;sMD`Ywvf$$aNsOCg{J;xkXONA}9VsPXc8_#c{5s!V80gPykrncs!W( z$2=YY#HTnRYQp%bCfr1@y|=I!u!^{7iO$`cNv$vv=i9p4+X`i~tj&^RAX!NSl=Emk zvHva%QX{P`%c@5WxPL34D7{8d7G+q9<(W0_mbibsZ-g$c5hLdjwsJXM49Hu#ch~Z; z4ffQ$A_guYt`ns+EW7*kLR_a<7w9t5G#4*&yG~wAh_AnKyD+X-ZXP`cUCFlDFKfp2 z*bhikswzu4>|Q4@XnLTpVTSCZ`}Ru?=i|T&0s%foLI<^G#gQZjqP{`!&|}LmR=*h| zxlcQWwVMetCH!N-c0tCko`RoqsV<_ruP?HnEDRK;&|)KxVpOyw9>aj|Tlm$CPjEXK zU?@N{vqT!1rUsHT|Dij&(L*=*?gl$$Ry&LWKn}c@nZ-0(N(94&(llDAI32!|{L|k4 z%U<59{Sf=jDzxivYDo9=m~NayFFsDKv6EWAd12^8dvZ&BG?XoD1asRjwF1UJkN$q! zEwsLhxa@fPp*eaySTBd9UdlkxGqJ_=mo3uQc04 zbP0k3>JwD#vM1ANBgGfP)1Qx8qM{hN2l_|)Vyl+@w`piJI+UgAU>kB;GyE9^9tQ(D zPBltIr-Uez*xKSSDbzdzr^_C1Q283Gpw<2m34l diff --git a/tests/testdata/alter-metadata.zip b/tests/testdata/alter-metadata.zip deleted file mode 100644 index 1c71fbc49e2e50444ea0d1136ad0ad878d6124b0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4009 zcmd6oc{o&UAIImI&0ZqAOu{78ne38Cd6L~wwu&*<#>lkTml;c0QX)H*>}0Q`A|ncu zwAcp`DpFZ$?B3DS8+qRA{rkDkb*^*n-?=~cb$;LbzP~>ceJG3%!pgi<;%(I+>lz;f z1~EKrt}U-;q`SvZ+elCMFxGsxq3&`s1agAb#7@zI1P?Aec~mdTfw{(gz0KbCjJABD z#6!bY7c8-gygy(t``dgy<6+jY%;|lT)Rctd+0j|;!Yp^~vmDIL8)a_7ce`ReBM)X= zuL_jk9{gknJdTHqQY@2n(^v?^SJtYVYAW7!d}=}BZ}iG>Pg573@b;R`$LCC?-qP^2 zb|~Sc5!(D@%b~jL4l^rn19BqY?8~bh-d>gPdSUF{2kHIlK!3q}mZph5l9drsx22Go zT0iqPS)Z`#x_lvl`*S-;LEh@!}yj1%!kRriXfc%!5iyvRqT;Q}UMLG2d-- z-7Jb?7HO7o@_iN&9W*uK9Y1{OIHxRb2x%whmO!r~1Ioo2Mz^W2AvhGdLn0fL7|4#{?e<)#w)mCu9**t5^Zy$a2 zBRw%T-Bp{n*FQx1UbjJXbT}Q6Mkwm>rx}->6&nma}|UG6GWTMVqP8G(KU%P6CQ`=nU&wHS{PxXGCDcQCc`s z=u$AOJIp6wT7UZJ7KLd(>RxOM7o2leYsi-RImSok@LaMC$V24haSFY3jm$#lN{hx( zBQ|>?ciu@%yKx$YZar;hZ->Xb+PM%2IDV~4>E{lB+E7VFH#h0ANttN3VBP+TSWv3F(%D?n! zyq_AB<2t;OdSOI1{YGu+ccbpf;epJSmsCy7qo=k%4vMSmh}4m5UGR^TyigTj!RNkU zSJqZC-KH5eUlZ_Q!C0(DiqZ9MxUfkeLA>VucQvgDmEe%RkJ|O;CcUhR8e?B382a3< zn8UVEq+HPjIrLKH;mV^boo|eJ)UPIv&tMJ?Egu+dRM0qXOB|u^f21RI@O6l1gtBK^z}t@4ebM(|HQ{a6KoRhKt*0h z_{gbO2HnXF=aLG`QoTokWrTAbwTV*((X=R$6+y*i#jEh}Vma|B!Kh1rN$MossgCJY zuT$=jlDc+U)%ZKBuwn+RNwz|9o1zQ7GuYw6-Ho%9^L^792JF#`T|$7c5G-r`PT* z6UZK!n^itQ7in)ao$fxxxIDC@6RXxE@-#yUtpc-E$9*Ht-I5b}+2Ux+Q#hWT(rWPK z2UvOLSa%C`R{scX7b027*Q_F6yKo{Kw}gg^EQ@&fiViuHyiG02%V#9rcl=cF=0?;(# zLoCPq6*1-7fCc(EGV_je=zEn3PU2&s;SuRFFT|Qy$cidwy>kkkv82gvhjG326!0Y_f z(9`WX4F+?rlToH~pAzzm^dgM?ZH&*9C}8|XN4n5~I8yr6cS3zu9P!Ow1xb2FKNgF( z*SSAGb)1W7-An^JKhs8mK_KObzYUE2r-L(VmnsTWS7rtwt2Y4Qg4kP_!y!;BO_aWc zHw5D1NFaEyubTfF!67~isxv#YaW+C`ZA6hMX zOsikT*&%B}ZIpHmf5cSdPoX!m8%17YzcAT9CEv(ylzWXuAt8`I#W&H1udWPp`4JE= zW>RL%5zUCRuFgb9JPPN7!ZP2q&zy#U6htwCZCCh_a0VBEWVuN}++c=MSpWdT0kR?B zvfNM>VK@ZjSQ`Y~q`-z#K(F3}vH&bBY>+r&Q4Mkm7y!9`4+P*$jvW7U9;gKj z!OLQS#qfeW2xfbMFdz`C;$NIh!cYKH*!dpO+3TB>+X`$)OdrMbRm+k3ESEUqoLo_=)NM1sqN6}k6a zaH7B$H@Je;XiofRxr(XKn^{iJedD|KVc682Rd(;eZ+Sv=KR9VAIIs*Q(>UKA>LK*i zS4mn59RVt&@Vv&g{Ygzby^i#LcXl)9BAY*d*o=HI^p}MK&(qT>43GZLv>4Y9&okR% zyrog`2a-tv8n9(jvRLv!YO(6ga)F@RVm5BepTt=J=xy>MNS*`5m>Wlo8^#agJ7NVn zwjV90Tg(#<&pIbm#MT_m1CpCozwdyN>p*f%@c$fhi=2{0PW+ed1j@P-$GMscFANSs z0bphQ_F$er=Jo&}z9k9K<0enF;iiIZJ%uHJP2>e@bneznYNfFR-`16$Rw$cwZI(O( z$x0%iTu17OeZ??Hjm%*=R()#Vy<34r={16KD5Ekg&x}Qv(jZVNc8|V&IYzy3xu*a=T8>#dnBxf^Nf2Kdy`1uG=Ff#Mjp-E{yAupGE(G zE@#{AlQZXf><^?VSC^+8^sEyYFw^L5m?rz`z5ANO`8epDK%lR&(0-j62_(shXkZvJ z_}Ds})qmPp{`2;s!_5TQQvT5phhUS}Pr)y_R5ww*Hy79~3xk9yw794v7*!p~$1q@i z3%|O_ac&nw3a_2p;npC&NbDanbp}*)x9J@ z25#{1m1UcXE<$iXeS)e(_Cz{uxa2}a`tuQMR5T-3qi?u3u6ik8o0e9iQ+cW`wjrlA zBY;tGet%&5iAKqolu#8io80kOw9$)#LrCA;{?O1Y)ArtH)of_qP;