From 47e9a2299befdb65f2f7a601565561053f89d1b0 Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 4 Mar 2020 13:31:54 +0100 Subject: [PATCH] attach-signature tests --- tests/recipes/06_test_sha256sum | 6 -- tests/recipes/31_extract_signature | 12 +-- tests/recipes/32_attach_signature | 15 ++-- tests/recipes/33_attach_signed | 69 +++++++++++++++++ tests/recipes/34_attach_nest | 74 +++++++++++++++++++ ...3_remove_signature => 35_remove_signature} | 30 ++++---- ...{35_varia_sha256sum => 36_varia_sha256sum} | 10 +-- ...d_signature_blob => 39_add_signature_blob} | 24 +++--- tests/test_library | 7 +- 9 files changed, 188 insertions(+), 59 deletions(-) create mode 100644 tests/recipes/33_attach_signed create mode 100644 tests/recipes/34_attach_nest rename tests/recipes/{33_remove_signature => 35_remove_signature} (56%) rename tests/recipes/{35_varia_sha256sum => 36_varia_sha256sum} (82%) rename tests/recipes/{36_add_signature_blob => 39_add_signature_blob} (66%) diff --git a/tests/recipes/06_test_sha256sum b/tests/recipes/06_test_sha256sum index ad79ad5..a06460d 100644 --- a/tests/recipes/06_test_sha256sum +++ b/tests/recipes/06_test_sha256sum @@ -13,8 +13,6 @@ if test -s "test.exe" res=1 cat "sha256sum_exe.log" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log" - else - rm -f test_0[1-5]*[1-3]*.exe fi rm -f "sha256sum_exe.log" else @@ -28,8 +26,6 @@ if test -s "test.ex_" res=1 cat "sha256sum_ex_.log" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log" - else - rm -f test_0[1-5]*[1-3]*.ex_ fi rm -f "sha256sum_ex_.log" else @@ -43,8 +39,6 @@ if test -s "sample.msi" res=1 cat "sha256sum_msi.log" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log" - else - rm -f test_0[1-5]*[1-3]*.msi fi rm -f "sha256sum_msi.log" else diff --git a/tests/recipes/31_extract_signature b/tests/recipes/31_extract_signature index a8544cd..7611591 100644 --- a/tests/recipes/31_extract_signature +++ b/tests/recipes/31_extract_signature @@ -9,14 +9,14 @@ test_name="311. Extract the signature from the PE file" printf "\n%s\n" "$test_name" if test -s "test.exe" then - ../../osslsigncode sign -h sha256 \ + ../../osslsigncode sign -h sha512 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -in "test.exe" -out "test_311.exe" && \ ../../osslsigncode extract-signature -pem \ -in "test_311.exe" -out "sign_pe.pem" verify_signature "$?" "311" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" + "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -27,14 +27,14 @@ test_name="312. Extract the signature from the CAB file" printf "\n%s\n" "$test_name" if [ -s "test.ex_" ] then - ../../osslsigncode sign -h sha256 \ + ../../osslsigncode sign -h sha512 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -in "test.ex_" -out "test_312.ex_" && \ ../../osslsigncode extract-signature -pem \ -in "test_312.ex_" -out "sign_cab.pem" verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" + "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -45,14 +45,14 @@ test_name="313. Extract the signature from the MSI file" printf "\n%s\n" "$test_name" if test -s "sample.msi" then - ../../osslsigncode sign -h sha256 \ + ../../osslsigncode sign -h sha512 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -in "sample.msi" -out "test_313.msi" && \ ../../osslsigncode extract-signature -pem \ -in "test_313.msi" -out "sign_msi.pem" verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" + "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" diff --git a/tests/recipes/32_attach_signature b/tests/recipes/32_attach_signature index c3dd5d4..d610748 100644 --- a/tests/recipes/32_attach_signature +++ b/tests/recipes/32_attach_signature @@ -9,12 +9,13 @@ test_name="321. Attach the signature to the PE file" printf "\n%s\n" "$test_name" if test -s "test.exe" then - ../../osslsigncode attach-signature -sigin "sign_pe.pem" \ + ../../osslsigncode attach-signature \ + -sigin "sign_pe.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ -in "test.exe" -out "test_321.exe" verify_signature "$?" "321" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" + "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -25,12 +26,13 @@ test_name="322. Attach the signature to the CAB file" printf "\n%s\n" "$test_name" if [ -s "test.ex_" ] then - ../../osslsigncode attach-signature -sigin "sign_cab.pem" \ + ../../osslsigncode attach-signature \ + -sigin "sign_cab.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ -in "test.ex_" -out "test_322.ex_" verify_signature "$?" "322" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" + "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -41,12 +43,13 @@ test_name="323. Attach the signature to the MSI file" printf "\n%s\n" "$test_name" if test -s "sample.msi" then - ../../osslsigncode attach-signature -sigin "sign_msi.pem" \ + ../../osslsigncode attach-signature \ + -sigin "sign_msi.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ -in "sample.msi" -out "test_323.msi" verify_signature "$?" "323" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" + "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" diff --git a/tests/recipes/33_attach_signed b/tests/recipes/33_attach_signed new file mode 100644 index 0000000..4f62ee2 --- /dev/null +++ b/tests/recipes/33_attach_signed @@ -0,0 +1,69 @@ +#!/bin/sh +# Attach the signature to the signed PE/CAB/MSI file. + +. $(dirname $0)/../test_library +script_path=$(pwd) + +# PE file +test_name="331. Attach the signature to the signed PE file" +printf "\n%s\n" "$test_name" +if test -s "test.exe" + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.exe" -out "test_331_signed.exe" + ../../osslsigncode attach-signature \ + -sigin "sign_pe.pem" \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "test_331_signed.exe" -out "test_331.exe" + verify_signature "$?" "331" "exe" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# CAB file +test_name="332. Attach the signature to the signed CAB file" +printf "\n%s\n" "$test_name" +if [ -s "test.ex_" ] + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.ex_" -out "test_332_signed.ex_" + ../../osslsigncode attach-signature \ + -sigin "sign_cab.pem" \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "test_332_signed.ex_" -out "test_332.ex_" + verify_signature "$?" "332" "ex_" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# MSI file +test_name="333. Attach the signature to the signed MSI file" +printf "\n%s\n" "$test_name" +if test -s "sample.msi" + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "sample.msi" -out "test_333_signed.msi" + ../../osslsigncode attach-signature -sigin "sign_msi.pem" \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "test_333_signed.msi" -out "test_333.msi" + verify_signature "$?" "333" "msi" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +exit 0 diff --git a/tests/recipes/34_attach_nest b/tests/recipes/34_attach_nest new file mode 100644 index 0000000..90c7bc7 --- /dev/null +++ b/tests/recipes/34_attach_nest @@ -0,0 +1,74 @@ +#!/bin/sh +# Attach the signature to the signed PE/CAB/MSI file with the "nest" flag +# in order to attach the new signature instead of replacing the first one. + +. $(dirname $0)/../test_library +script_path=$(pwd) + +# PE file +test_name="341. Attach the signature to the signed PE file with the nest flag" +printf "\n%s\n" "$test_name" +if test -s "test.exe" + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.exe" -out "test_341_signed.exe" + ../../osslsigncode attach-signature \ + -sigin "sign_pe.pem" \ + -nest \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "test_341_signed.exe" -out "test_341.exe" + verify_signature "$?" "341" "exe" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# CAB file +test_name="342. Attach the signature to the signed CAB file with the nest flag" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.ex_" -out "test_342_signed.ex_" + ../../osslsigncode attach-signature \ + -sigin "sign_cab.pem" \ + -nest \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "test_342_signed.ex_" -out "test_342.ex_" + verify_signature "$?" "342" "ex_" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# MSI file +test_name="343. Attach the signature to the signed MSI file with the nest flag" +printf "\n%s\n" "$test_name" +if test -s "sample.msi" + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "sample.msi" -out "test_343_signed.msi" + ../../osslsigncode attach-signature \ + -sigin "sign_msi.pem" \ + -nest \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "test_343_signed.msi" -out "test_343.msi" + verify_signature "$?" "343" "msi" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +exit 0 diff --git a/tests/recipes/33_remove_signature b/tests/recipes/35_remove_signature similarity index 56% rename from tests/recipes/33_remove_signature rename to tests/recipes/35_remove_signature index d27e02b..c31cccc 100644 --- a/tests/recipes/33_remove_signature +++ b/tests/recipes/35_remove_signature @@ -5,54 +5,54 @@ script_path=$(pwd) # PE file -test_name="331. Remove the signature from the PE file" +test_name="351. Remove the signature from the PE file" printf "\n%s\n" "$test_name" if test -s "test.exe" then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_331_signed.exe" && \ + -in "test.exe" -out "test_351_signed.exe" && \ ../../osslsigncode remove-signature \ - -in "test_331_signed.exe" -out "test_331.exe" - verify_signature "$?" "331" "exe" "fail" "@2019-09-01 12:00:00" \ - "sha256sum" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + -in "test_351_signed.exe" -out "test_351.exe" + verify_signature "$?" "351" "exe" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" fi # CAB file -test_name="332. Remove the signature from the CAB file" +test_name="352. Remove the signature from the CAB file" printf "\n%s\n" "$test_name" if [ -s "test.ex_" ] then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_332_signed.ex_" && \ + -in "test.ex_" -out "test_352_signed.ex_" && \ ../../osslsigncode remove-signature \ - -in "test_332_signed.ex_" -out "test_332.ex_" - verify_signature "$?" "332" "ex_" "fail" "@2019-09-01 12:00:00" \ - "sha256sum" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + -in "test_352_signed.ex_" -out "test_352.ex_" + verify_signature "$?" "352" "ex_" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" fi # MSI file -test_name="333. Remove the signature from the MSI file" +test_name="353. Remove the signature from the MSI file" printf "\n%s\n" "$test_name" if test -s "sample.msi" then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_333_signed.msi" && \ + -in "sample.msi" -out "test_353_signed.msi" && \ ../../osslsigncode remove-signature \ - -in "test_333_signed.msi" -out "test_333.msi" - verify_signature "$?" "333" "msi" "fail" "@2019-09-01 12:00:00" \ - "sha256sum" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + -in "test_353_signed.msi" -out "test_353.msi" + verify_signature "$?" "353" "msi" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" diff --git a/tests/recipes/35_varia_sha256sum b/tests/recipes/36_varia_sha256sum similarity index 82% rename from tests/recipes/35_varia_sha256sum rename to tests/recipes/36_varia_sha256sum index 0c0d40b..89a4f6c 100644 --- a/tests/recipes/35_varia_sha256sum +++ b/tests/recipes/36_varia_sha256sum @@ -1,11 +1,11 @@ #!/bin/sh -# Checking SHA256 message digests for 31x-34x tests. +# Checking SHA256 message digests for 31x-33x tests. . $(dirname $0)/../test_library res=0 res=0 skip=0 -test_name="351. Checking SHA256 message digests for 31x-34x tests" +test_name="361. Checking SHA256 message digests for 31x-33x tests" printf "\n%s\n" "$test_name" if test -s "test.exe" then @@ -14,8 +14,6 @@ if test -s "test.exe" res=1 cat "sha256sum_exe.log" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log" - else - rm -f test_3[1-4]*[1-2]*.exe fi rm -f "sha256sum_exe.log" else @@ -29,8 +27,6 @@ if test -s "test.ex_" res=1 cat "sha256sum_ex_.log" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log" - else - rm -f test_3[1-4]*[1-2]*.ex_ fi rm -f "sha256sum_ex_.log" else @@ -44,8 +40,6 @@ if test -s "sample.msi" res=1 cat "sha256sum_msi.log" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log" - else - rm -f test_3[1-4]*[1-2]*.msi fi rm -f "sha256sum_msi.log" else diff --git a/tests/recipes/36_add_signature_blob b/tests/recipes/39_add_signature_blob similarity index 66% rename from tests/recipes/36_add_signature_blob rename to tests/recipes/39_add_signature_blob index 2907b6e..5e05385 100644 --- a/tests/recipes/36_add_signature_blob +++ b/tests/recipes/39_add_signature_blob @@ -5,18 +5,18 @@ script_path=$(pwd) # PE file -test_name="361. Add an unauthenticated blob to the PE file" +test_name="391. Add an unauthenticated blob to the PE file" printf "\n%s\n" "$test_name" if test -s "test.exe" then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_361_signed.exe" + -in "test.exe" -out "test_391_signed.exe" ../../osslsigncode add \ -addUnauthenticatedBlob \ - -in "test_361_signed.exe" -out "test_361.exe" - verify_signature "$?" "361" "exe" "success" "@2019-09-01 12:00:00" \ + -in "test_391_signed.exe" -out "test_391.exe" + verify_signature "$?" "391" "exe" "success" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" test_result "$?" "$test_name" else @@ -24,18 +24,18 @@ if test -s "test.exe" fi # CAB file -test_name="362. Add an unauthenticated blob to the CAB file" +test_name="392. Add an unauthenticated blob to the CAB file" printf "\n%s\n" "$test_name" if test -s "test.ex_" then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_362_signed.ex_" + -in "test.ex_" -out "test_392_signed.ex_" ../../osslsigncode add \ -addUnauthenticatedBlob \ - -in "test_362_signed.ex_" -out "test_362.ex_" - verify_signature "$?" "362" "ex_" "success" "@2019-09-01 12:00:00" \ + -in "test_392_signed.ex_" -out "test_392.ex_" + verify_signature "$?" "392" "ex_" "success" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" test_result "$?" "$test_name" else @@ -43,18 +43,18 @@ if test -s "test.ex_" fi # MSI file -test_name="363. Add an unauthenticated blob to the MSI file" +test_name="393. Add an unauthenticated blob to the MSI file" printf "\n%s\n" "$test_name" if test -s "sample.msi" then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_363_signed.msi" + -in "sample.msi" -out "test_393_signed.msi" ../../osslsigncode add \ -addUnauthenticatedBlob \ - -in "test_363_signed.msi" -out "test_363.msi" - verify_signature "$?" "363" "msi" "success" "@2019-09-01 12:00:00" \ + -in "test_393_signed.msi" -out "test_393.msi" + verify_signature "$?" "393" "msi" "success" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" test_result "$?" "$test_name" else diff --git a/tests/test_library b/tests/test_library index 699fc69..96aea84 100755 --- a/tests/test_library +++ b/tests/test_library @@ -113,12 +113,7 @@ verify_signature() { fi if test "$6" = "sha256sum" then - if test -s "test_$2_signed.$3" - then - sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2 - else - sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2 - fi + sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2 fi if test "$4" = "success" -a "$result" -eq 0 then