From b05afccde0b9e664bdf492f92e812a0ba53d41ea Mon Sep 17 00:00:00 2001 From: Jeremy Kerr Date: Wed, 13 Jun 2012 14:23:26 +0800 Subject: [PATCH] tests: Add a few simple tests Add a few tests for the sign, verify, attach and detach code. These require some additional infrastructure to create a sample PE/COFF executable, plus a key & cert for testing. Signed-off-by: Jeremy Kerr --- Makefile.am | 2 +- configure.ac | 6 +++- tests/Makefile.am | 43 +++++++++++++++++++++++++ tests/common.sh | 12 +++++++ tests/sign-attach-verify.sh | 12 +++++++ tests/sign-verify-detached.sh | 10 ++++++ tests/sign-verify.sh | 6 ++++ tests/test.S | 9 ++++++ tests/test.lds | 60 +++++++++++++++++++++++++++++++++++ 9 files changed, 158 insertions(+), 2 deletions(-) create mode 100644 tests/Makefile.am create mode 100644 tests/common.sh create mode 100755 tests/sign-attach-verify.sh create mode 100755 tests/sign-verify-detached.sh create mode 100755 tests/sign-verify.sh create mode 100644 tests/test.S create mode 100644 tests/test.lds diff --git a/Makefile.am b/Makefile.am index a87cb5a..74b561d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -29,4 +29,4 @@ $(top_builddir)/docs/%.1: $(srcdir)/docs/%.1.in $(top_builddir)/% $(MKDIR_P) $(@D) $(HELP2MAN) --no-info -i $< -o $@ $(top_builddir)/$* -SUBDIRS = lib/ccan +SUBDIRS = lib/ccan . tests diff --git a/configure.ac b/configure.ac index 669b027..e48b9f2 100644 --- a/configure.ac +++ b/configure.ac @@ -7,12 +7,16 @@ AC_PREREQ(2.60) AC_CONFIG_HEADERS(config.h) AC_CONFIG_SRCDIR(sbsign.c) +AM_PROG_AS AC_PROG_CC AM_PROG_CC_C_O AC_PROG_CPP AC_PROG_RANLIB AC_PROG_MKDIR_P +AC_CHECK_TOOL(OBJCOPY, [objcopy]) +AC_CHECK_TOOL(STRIP, [strip]) + if test $cross_compiling = no; then AM_MISSING_PROG(HELP2MAN, help2man) else @@ -51,5 +55,5 @@ PKG_CHECK_MODULES(libcrypto, libcrypto, [], AC_MSG_ERROR([libcrypto (from the OpenSSL package) is required])) -AC_CONFIG_FILES([Makefile lib/ccan/Makefile]) +AC_CONFIG_FILES([Makefile lib/ccan/Makefile tests/Makefile]) AC_OUTPUT diff --git a/tests/Makefile.am b/tests/Makefile.am new file mode 100644 index 0000000..0c40a38 --- /dev/null +++ b/tests/Makefile.am @@ -0,0 +1,43 @@ + +test_key = private-key.rsa +test_cert = public-cert.pem +test_image = test.pecoff + +check_PROGRAMS = test.pecoff +check_DATA = $(test_key) $(test_cert) +check_SCRIPTS = common.sh + +test_image_arch = x86-64 +test_lds = $(srcdir)/test.lds + +test_pecoff_SOURCES = + +test.pecoff: test.elf + $(OBJCOPY) -j .text -j .sdata -j .data \ + -j .dynamic -j .dynsym -j .rel \ + -j .rela -j .reloc \ + --target=efi-app-$(test_image_arch) $^ $@ + $(STRIP) $@ + +test.elf: LDFLAGS = -nostdlib -T $(test_lds) -m64 +test.elf: test.$(OBJEXT) $(test_lds) + $(LINK) $< + +.INTERMEDIATE: test.elf + +test.$(OBJEXT): ASFLAGS = -m64 +test.$(OBJEXT): $(srcdir)/test.S + $(AS) -o $@ $^ + +$(test_key): Makefile + openssl genrsa -out $@ 2048 + +$(test_cert): $(test_key) Makefile + openssl req -x509 -sha256 -subj '/' -new -key $< -out $@ + +TESTS = sign-verify.sh \ + sign-verify-detached.sh \ + sign-attach-verify.sh + +EXTRA_DIST = $(test_lds) test.S $(TESTS) $(check_SCRIPTS) +CLEANFILES = $(test_key) $(test_cert) $(test_image) diff --git a/tests/common.sh b/tests/common.sh new file mode 100644 index 0000000..af60285 --- /dev/null +++ b/tests/common.sh @@ -0,0 +1,12 @@ + +basedir=.. +testdir="$basedir/tests" +bindir="$basedir" + +sbsign=$bindir/sbsign +sbverify=$bindir/sbverify +sbattach=$bindir/sbattach + +key="$testdir/private-key.rsa" +cert="$testdir/public-cert.pem" +image="$testdir/test.pecoff" diff --git a/tests/sign-attach-verify.sh b/tests/sign-attach-verify.sh new file mode 100755 index 0000000..333308e --- /dev/null +++ b/tests/sign-attach-verify.sh @@ -0,0 +1,12 @@ +#!/bin/bash -e + +. "$srcdir/common.sh" + +sig=test.sig +signed=test.signed + +trap 'rm -f "$sig" "$signed"' EXIT + +"$sbsign" --cert "$cert" --key "$key" --detached --output $sig "$image" +"$sbattach" --attach $sig $signed +"$sbverify" --cert "$cert" "$signed" diff --git a/tests/sign-verify-detached.sh b/tests/sign-verify-detached.sh new file mode 100755 index 0000000..02c583e --- /dev/null +++ b/tests/sign-verify-detached.sh @@ -0,0 +1,10 @@ +#!/bin/bash -e + +. "$srcdir/common.sh" + +sig=test.sig + +trap 'rm -f "$sig"' EXIT + +"$sbsign" --cert "$cert" --key "$key" --detached --output $sig "$image" +"$sbverify" --cert "$cert" --detached $sig "$image" diff --git a/tests/sign-verify.sh b/tests/sign-verify.sh new file mode 100755 index 0000000..bc9bceb --- /dev/null +++ b/tests/sign-verify.sh @@ -0,0 +1,6 @@ +#!/bin/bash -e + +. "$srcdir/common.sh" + +"$sbsign" --cert "$cert" --key "$key" --output test.signed "$image" +"$sbverify" --cert "$cert" test.signed diff --git a/tests/test.S b/tests/test.S new file mode 100644 index 0000000..67384a6 --- /dev/null +++ b/tests/test.S @@ -0,0 +1,9 @@ + +.text +.globl _start +_start: + nop + +.data +data: + .long 0x0 diff --git a/tests/test.lds b/tests/test.lds new file mode 100644 index 0000000..e4eb6ae --- /dev/null +++ b/tests/test.lds @@ -0,0 +1,60 @@ +/* Same as elf_x86_64_fbsd_efi.lds, except for OUTPUT_FORMAT below - KEEP IN SYNC */ +OUTPUT_FORMAT("elf64-x86-64", "elf64-x86-64", "elf64-x86-64") +OUTPUT_ARCH(i386:x86-64) +ENTRY(_start) +SECTIONS +{ + . = 0; + ImageBase = .; + .hash : { *(.hash) } /* this MUST come first! */ + . = ALIGN(4096); + .eh_frame : + { + *(.eh_frame) + } + . = ALIGN(4096); + .text : + { + *(.text) + } + . = ALIGN(4096); + .reloc : + { + *(.reloc) + } + . = ALIGN(4096); + .data : + { + *(.rodata*) + *(.got.plt) + *(.got) + *(.data*) + *(.sdata) + /* the EFI loader doesn't seem to like a .bss section, so we stick + it all into .data: */ + *(.sbss) + *(.scommon) + *(.dynbss) + *(.bss) + *(COMMON) + *(.rel.local) + } + . = ALIGN(4096); + .dynamic : { *(.dynamic) } + . = ALIGN(4096); + .rela : + { + *(.rela.data*) + *(.rela.got) + *(.rela.stab) + } + . = ALIGN(4096); + .dynsym : { *(.dynsym) } + . = ALIGN(4096); + .dynstr : { *(.dynstr) } + . = ALIGN(4096); + .ignored.reloc : + { + *(.rela.reloc) + } +}