mirror of
https://github.com/mtrojnar/osslsigncode.git
synced 2025-04-04 08:50:12 -05:00
175 lines
4.5 KiB
Plaintext
Executable File
175 lines
4.5 KiB
Plaintext
Executable File
# this file is a library sourced from recipes/*
|
|
|
|
result_path=$(pwd)
|
|
cd $(dirname "$0")/../
|
|
script_path=$(pwd)
|
|
cd "${result_path}"
|
|
|
|
test_result() {
|
|
#1 last exit status
|
|
#2 test number
|
|
#3 test name
|
|
|
|
local result=0
|
|
|
|
if test "$1" -eq 0
|
|
then
|
|
printf "%s\n" "Test succeeded"
|
|
else
|
|
printf "%s\n" "Test failed"
|
|
printf "%03d. %-90s\t%s\n" "$2" "$3" "failed" 1>&3
|
|
result=1
|
|
fi
|
|
return "$result"
|
|
}
|
|
|
|
modify_blob() {
|
|
# $1 test number
|
|
# $2 filename extension
|
|
# $3 text searched in a binary file
|
|
|
|
local result=0
|
|
|
|
initial_blob=$(echo -n "$3" | xxd -p)
|
|
modified_blob=$(echo -n "FAKE" | xxd -p)
|
|
zero_blob="00000000"
|
|
|
|
xxd -p -c 1000 "test_$1.$2" | \
|
|
sed "s/$initial_blob$zero_blob/$initial_blob$modified_blob/" | \
|
|
xxd -p -r > "changed_$1.$2"
|
|
|
|
../../osslsigncode verify -verbose \
|
|
-CAfile "${script_path}/../certs/CACert.pem" \
|
|
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
|
|
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
|
|
-in "changed_$1.$2" 2>> "verify.log" 1>&2
|
|
result=$?
|
|
|
|
if test "$result" -ne 0 \
|
|
-o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -gt 1
|
|
then
|
|
printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2
|
|
result=1
|
|
else
|
|
rm -f "changed_$1.$2"
|
|
fi
|
|
|
|
return "$result"
|
|
}
|
|
|
|
search_pattern() {
|
|
# $1 test number
|
|
# $2 filename extension
|
|
# $3 pattern searched in a binary file or verify.log
|
|
|
|
local result=0
|
|
|
|
if ! grep -q "$3" "verify.log"
|
|
then
|
|
hex_pattern=$(echo -n "$3" | xxd -p)
|
|
if ! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2
|
|
then
|
|
result=1
|
|
printf "Failed: $3 not found\n"
|
|
fi
|
|
fi
|
|
return "$result"
|
|
}
|
|
|
|
verify_signature() {
|
|
# $1 sign exit code
|
|
# $2 test number
|
|
# $3 filename extension
|
|
# $4 expected result
|
|
# $5 fake time
|
|
# $6 sha256sum requirement
|
|
# $7 pattern searched in the verify.log file
|
|
# $8 modify requirement
|
|
|
|
local result=0
|
|
|
|
printf "" > "verify.log"
|
|
if test "$1" -eq 0
|
|
then
|
|
cp "test_$2.$3" "test_tmp.tmp"
|
|
TZ=GMT faketime -f "$5" /bin/bash -c '
|
|
printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
|
|
script_path=$(pwd)
|
|
../../osslsigncode verify -verbose \
|
|
-CAfile "${script_path}/../certs/CACert.pem" \
|
|
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
|
|
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
|
|
-in "test_tmp.tmp" 2>> "verify.log" 1>&2'
|
|
result=$?
|
|
rm -f "test_tmp.tmp"
|
|
|
|
if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN"
|
|
then
|
|
search_pattern "$2" "$3" "$7"
|
|
result=$?
|
|
fi
|
|
|
|
if test "$result" -eq 0 -a "$8" = "MODIFY"
|
|
then
|
|
modify_blob "$2" "$3" "$7"
|
|
result=$?
|
|
fi
|
|
|
|
if test "$6" = "sha256sum"
|
|
then
|
|
sha256sum "test_$2.$3" 2>> "sha256sum/$3.log" 1>&2
|
|
fi
|
|
|
|
if test "$4" = "success" -a "$result" -eq 0
|
|
then
|
|
rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3"
|
|
elif test "$4" = "fail" -a "$result" -eq 1
|
|
then
|
|
rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3"
|
|
rm -f "changed_$2.$3"
|
|
cat "verify.log" >> "results.log"
|
|
result=0
|
|
else
|
|
cat "verify.log" >> "results.log"
|
|
result=1
|
|
fi
|
|
else
|
|
result=1
|
|
fi
|
|
return "$result"
|
|
}
|
|
|
|
verify_leaf_hash() {
|
|
# $1 sign exit code
|
|
# $2 test number
|
|
# $3 filename extension
|
|
# $4 fake time
|
|
|
|
local result=0
|
|
printf "" > "verify.log"
|
|
if test "$1" -eq 0
|
|
then
|
|
cp "test_$2.$3" "test_tmp.tmp"
|
|
TZ=GMT faketime -f "$4" /bin/bash -c '
|
|
printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
|
|
script_path=$(pwd)
|
|
../../osslsigncode verify -verbose \
|
|
-CAfile "${script_path}/../certs/CACert.pem" \
|
|
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
|
|
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
|
|
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \
|
|
-in "test_tmp.tmp" 2>> "verify.log" 1>&2'
|
|
result=$?
|
|
rm -f "test_tmp.tmp"
|
|
if test "$result" -eq 0
|
|
then
|
|
rm -f "test_$2.$3"
|
|
else
|
|
cat "verify.log" >> "results.log"
|
|
fi
|
|
else
|
|
result=1
|
|
fi
|
|
return "$result"
|
|
}
|