blob: 2297b31ccc768729d6519bcf115d7413405505ea [file] [log] [blame]
#include "config.h"
#include "image_verify.hpp"
#include "utils.hpp"
#include "version.hpp"
#include <openssl/evp.h>
#include <stdlib.h>
#include <filesystem>
#include <fstream>
#include <iostream>
#include <sstream>
#include <string>
#include <vector>
#include <gtest/gtest.h>
using namespace phosphor::software::manager;
using namespace phosphor::software::image;
class VersionTest : public testing::Test
{
protected:
virtual void SetUp()
{
char versionDir[] = "./versionXXXXXX";
_directory = mkdtemp(versionDir);
if (_directory.empty())
{
throw std::bad_alloc();
}
}
virtual void TearDown()
{
fs::remove_all(_directory);
}
std::string _directory;
};
/** @brief Make sure we correctly get the version and purpose from getValue()*/
TEST_F(VersionTest, TestGetValue)
{
auto manifestFilePath = _directory + "/" + "MANIFEST";
auto version = "test-version";
auto purpose = "BMC";
std::ofstream file;
file.open(manifestFilePath, std::ofstream::out);
ASSERT_TRUE(file.is_open());
file << "version=" << version << "\n";
file << "purpose=" << purpose << "\n";
file.close();
EXPECT_EQ(Version::getValue(manifestFilePath, "version"), version);
EXPECT_EQ(Version::getValue(manifestFilePath, "purpose"), purpose);
}
TEST_F(VersionTest, TestGetRepeatedValue)
{
auto manifestFilePath = _directory + "/" + "MANIFEST";
const std::vector<std::string> names = {"foo.bar", "baz.bim"};
std::ofstream file;
file.open(manifestFilePath, std::ofstream::out);
ASSERT_TRUE(file.is_open());
for (const auto& name : names)
{
file << "CompatibleName=" << name << "\n";
}
file.close();
EXPECT_EQ(Version::getRepeatedValues(manifestFilePath, "CompatibleName"),
names);
}
TEST_F(VersionTest, TestGetValueWithCRLF)
{
auto manifestFilePath = _directory + "/" + "MANIFEST";
auto version = "test-version";
auto purpose = "BMC";
std::ofstream file;
file.open(manifestFilePath, std::ofstream::out);
ASSERT_TRUE(file.is_open());
file << "version=" << version << "\r\n";
file << "purpose=" << purpose << "\r\n";
file.close();
EXPECT_EQ(Version::getValue(manifestFilePath, "version"), version);
EXPECT_EQ(Version::getValue(manifestFilePath, "purpose"), purpose);
}
TEST_F(VersionTest, TestGetVersionWithQuotes)
{
auto releasePath = _directory + "/" + "os-release";
auto version = "1.2.3-test-version";
std::ofstream file;
file.open(releasePath, std::ofstream::out);
ASSERT_TRUE(file.is_open());
file << "VERSION_ID=\"" << version << "\"\n";
file.close();
EXPECT_EQ(Version::getBMCVersion(releasePath), version);
}
TEST_F(VersionTest, TestGetVersionWithoutQuotes)
{
auto releasePath = _directory + "/" + "os-release";
auto version = "9.88.1-test-version";
std::ofstream file;
file.open(releasePath, std::ofstream::out);
ASSERT_TRUE(file.is_open());
file << "VERSION_ID=" << version << "\n";
file.close();
EXPECT_EQ(Version::getBMCVersion(releasePath), version);
}
/** @brief Make sure we correctly get the Id from getId()*/
TEST_F(VersionTest, TestGetId)
{
auto version = "test-id";
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_count = 0;
EVP_MD_CTX_Ptr ctx(EVP_MD_CTX_new(), &::EVP_MD_CTX_free);
EVP_DigestInit(ctx.get(), EVP_sha512());
EVP_DigestUpdate(ctx.get(), version, strlen(version));
EVP_DigestFinal(ctx.get(), digest, &digest_count);
char mdString[EVP_MAX_MD_SIZE * 2 + 1];
for (decltype(digest_count) i = 0; i < digest_count; i++)
{
snprintf(&mdString[i * 2], 3, "%02x", (unsigned int)digest[i]);
}
std::string hexId = std::string(mdString);
hexId = hexId.substr(0, 8);
EXPECT_EQ(Version::getId(version), hexId);
}
TEST_F(VersionTest, TestGetExtendedVersion)
{
auto releasePath = _directory + "/" + "os-release";
auto ExtendedVersion = "9.88.1-test-ExtendedVersion";
std::ofstream file;
file.open(releasePath, std::ofstream::out);
ASSERT_TRUE(file.is_open());
file << "EXTENDED_VERSION=" << ExtendedVersion << "\n";
file.close();
EXPECT_EQ(Version::getBMCExtendedVersion(releasePath), ExtendedVersion);
}
class SignatureTest : public testing::Test
{
public:
static constexpr auto opensslCmd = "openssl dgst -sha256 -sign ";
static constexpr auto testPath = "/tmp/_testSig";
protected:
void command(const std::string& cmd)
{
auto val = std::system(cmd.c_str());
if (val)
{
std::cout << "COMMAND Error: " << val << std::endl;
}
}
virtual void SetUp()
{
// Create test base directory.
fs::create_directories(testPath);
// Create unique temporary path for images
std::string tmpDir(testPath);
tmpDir += "/extractXXXXXX";
std::string imageDir = mkdtemp(const_cast<char*>(tmpDir.c_str()));
// Create unique temporary configuration path
std::string tmpConfDir(testPath);
tmpConfDir += "/confXXXXXX";
std::string confDir = mkdtemp(const_cast<char*>(tmpConfDir.c_str()));
extractPath = imageDir;
extractPath /= "images";
signedConfPath = confDir;
signedConfPath /= "conf";
signedConfOpenBMCPath = confDir;
signedConfOpenBMCPath /= "conf";
signedConfOpenBMCPath /= "OpenBMC";
std::cout << "SETUP " << std::endl;
command("mkdir " + extractPath.string());
command("mkdir " + signedConfPath.string());
command("mkdir " + signedConfOpenBMCPath.string());
std::string hashFile = signedConfOpenBMCPath.string() + "/hashfunc";
command("echo \"HashType=RSA-SHA256\" > " + hashFile);
std::string manifestFile = extractPath.string() + "/" + "MANIFEST";
command(
"echo \"purpose=xyz.openbmc_project.Software.Version.VersionPurpose.BMC\" > " +
manifestFile);
command("echo \"HashType=RSA-SHA256\" >> " + manifestFile);
command("echo \"KeyType=OpenBMC\" >> " + manifestFile);
std::string kernelFile = extractPath.string() + "/" + "image-kernel";
command("echo \"image-kernel file \" > " + kernelFile);
std::string rofsFile = extractPath.string() + "/" + "image-rofs";
command("echo \"image-rofs file \" > " + rofsFile);
std::string rwfsFile = extractPath.string() + "/" + "image-rwfs";
command("echo \"image-rwfs file \" > " + rwfsFile);
std::string ubootFile = extractPath.string() + "/" + "image-u-boot";
command("echo \"image-u-boot file \" > " + ubootFile);
std::string pkeyFile = extractPath.string() + "/" + "private.pem";
command("openssl genrsa -out " + pkeyFile + " 2048");
std::string pubkeyFile = extractPath.string() + "/" + "publickey";
command("openssl rsa -in " + pkeyFile + " -outform PEM " +
"-pubout -out " + pubkeyFile);
command("cp " + pubkeyFile + " " + signedConfOpenBMCPath.string());
command(opensslCmd + pkeyFile + " -out " + kernelFile + ".sig " +
kernelFile);
command(opensslCmd + pkeyFile + " -out " + manifestFile + ".sig " +
manifestFile);
command(opensslCmd + pkeyFile + " -out " + rofsFile + ".sig " +
rofsFile);
command(opensslCmd + pkeyFile + " -out " + rwfsFile + ".sig " +
rwfsFile);
command(opensslCmd + pkeyFile + " -out " + ubootFile + ".sig " +
ubootFile);
command(opensslCmd + pkeyFile + " -out " + pubkeyFile + ".sig " +
pubkeyFile);
#ifdef WANT_SIGNATURE_FULL_VERIFY
std::string fullFile = extractPath.string() + "/" + "image-full";
command("cat " + kernelFile + ".sig " + rofsFile + ".sig " + rwfsFile +
".sig " + ubootFile + ".sig " + manifestFile + ".sig " +
pubkeyFile + ".sig > " + fullFile);
command(opensslCmd + pkeyFile + " -out " + fullFile + ".sig " +
fullFile);
#endif
signature = std::make_unique<Signature>(extractPath, signedConfPath);
}
virtual void TearDown()
{
command("rm -rf " + std::string(testPath));
}
std::unique_ptr<Signature> signature;
fs::path extractPath;
fs::path signedConfPath;
fs::path signedConfOpenBMCPath;
};
/** @brief Test for success scenario*/
TEST_F(SignatureTest, TestSignatureVerify)
{
EXPECT_TRUE(signature->verify());
}
/** @brief Test failure scenario with corrupted signature file*/
TEST_F(SignatureTest, TestCorruptSignatureFile)
{
// corrupt the image-kernel.sig file and ensure that verification fails
std::string kernelFile = extractPath.string() + "/" + "image-kernel";
command("echo \"dummy data\" > " + kernelFile + ".sig ");
EXPECT_FALSE(signature->verify());
}
/** @brief Test failure scenario with no public key in the image*/
TEST_F(SignatureTest, TestNoPublicKeyInImage)
{
// Remove publickey file from the image and ensure that verify fails
std::string pubkeyFile = extractPath.string() + "/" + "publickey";
command("rm " + pubkeyFile);
EXPECT_FALSE(signature->verify());
}
/** @brief Test failure scenario with invalid hash function value*/
TEST_F(SignatureTest, TestInvalidHashValue)
{
// Change the hashfunc value and ensure that verification fails
std::string hashFile = signedConfOpenBMCPath.string() + "/hashfunc";
command("echo \"HashType=md5\" > " + hashFile);
EXPECT_FALSE(signature->verify());
}
/** @brief Test for failure scenario with no config file in system*/
TEST_F(SignatureTest, TestNoConfigFileInSystem)
{
// Remove the conf folder in the system and ensure that verify fails
command("rm -rf " + signedConfOpenBMCPath.string());
EXPECT_FALSE(signature->verify());
}
#ifdef WANT_SIGNATURE_FULL_VERIFY
/** @brief Test for failure scenario without full verification */
TEST_F(SignatureTest, TestNoFullSignature)
{
// Remove the full signature and ensure that verify fails
std::string fullFile = extractPath.string() + "/" + "image-full.sig";
command("rm " + fullFile);
EXPECT_FALSE(signature->verify());
}
/** @brief Test for failure scenario without full verification */
TEST_F(SignatureTest, TestNoFullSignatureForBIOS)
{
// Remove the full signature
std::string fullFile = extractPath.string() + "/" + "image-full.sig";
command("rm " + fullFile);
// Change the purpose to BIOS
std::string manifestFile = extractPath.string() + "/" + "MANIFEST";
std::string pkeyFile = extractPath.string() + "/" + "private.pem";
command("sed -i s/VersionPurpose.BMC/VersionPurpose.BIOS/ " + manifestFile);
command(opensslCmd + pkeyFile + " -out " + manifestFile + ".sig " +
manifestFile);
// Re-create signature object and make sure verify succeed.
signature = std::make_unique<Signature>(extractPath, signedConfPath);
EXPECT_TRUE(signature->verify());
}
#endif
class FileTest : public testing::Test
{
protected:
std::string readFile(fs::path path)
{
std::ifstream f(path, std::ios::in);
const auto sz = fs::file_size(path);
std::string result(sz, '\0');
f.read(result.data(), sz);
return result;
}
void command(const std::string& cmd)
{
auto val = std::system(cmd.c_str());
if (val)
{
std::cout << "COMMAND Error: " << val << std::endl;
}
}
virtual void SetUp()
{
// Create test base directory.
tmpDir = fs::temp_directory_path() / "testFileXXXXXX";
if (!mkdtemp(tmpDir.data()))
{
throw "Failed to create tmp dir";
}
std::string file1 = tmpDir + "/file1";
std::string file2 = tmpDir + "/file2";
command("echo \"File Test1\n\n\" > " + file1);
command("echo \"FileTe st2\n\nte st2\" > " + file2);
srcFiles.push_back(file1);
srcFiles.push_back(file2);
}
virtual void TearDown()
{
fs::remove_all(tmpDir);
}
std::vector<std::string> srcFiles;
std::string tmpDir;
};
TEST_F(FileTest, TestMergeFiles)
{
std::string retFile = tmpDir + "/retFile";
for (auto file : srcFiles)
{
command("cat " + file + " >> " + retFile);
}
std::string dstFile = tmpDir + "/dstFile";
utils::mergeFiles(srcFiles, dstFile);
ASSERT_NE(fs::file_size(retFile), static_cast<uintmax_t>(-1));
ASSERT_NE(fs::file_size(dstFile), static_cast<uintmax_t>(-1));
ASSERT_EQ(fs::file_size(retFile), fs::file_size(dstFile));
std::string ssRetFile = readFile(fs::path(retFile));
std::string ssDstFile = readFile(fs::path(dstFile));
ASSERT_EQ(ssRetFile, ssDstFile);
}
TEST(ExecTest, TestConstructArgv)
{
auto name = "/bin/ls";
auto arg1 = "-a";
auto arg2 = "-l";
auto arg3 = "-t";
auto arg4 = "-rS";
auto argV = utils::internal::constructArgv(name, arg1, arg2, arg3, arg4);
char** charArray = argV.data();
EXPECT_EQ(argV.size(), 6);
EXPECT_EQ(charArray[0], name);
EXPECT_EQ(charArray[1], arg1);
EXPECT_EQ(charArray[2], arg2);
EXPECT_EQ(charArray[3], arg3);
EXPECT_EQ(charArray[4], arg4);
EXPECT_EQ(charArray[5], nullptr);
name = "/usr/bin/du";
argV = utils::internal::constructArgv(name);
charArray = argV.data();
EXPECT_EQ(argV.size(), 2);
EXPECT_EQ(charArray[0], name);
EXPECT_EQ(charArray[1], nullptr);
name = "/usr/bin/hexdump";
arg1 = "-C";
arg2 = "/path/to/filename";
argV = utils::internal::constructArgv(name, arg1, arg2);
charArray = argV.data();
EXPECT_EQ(argV.size(), 4);
EXPECT_EQ(charArray[0], name);
EXPECT_EQ(charArray[1], arg1);
EXPECT_EQ(charArray[2], arg2);
EXPECT_EQ(charArray[3], nullptr);
}