tests: Add a few simple tests

Add a few tests for the sign, verify, attach and detach code. These require some additional infrastructure to create a sample PE/COFF executable, plus a key & cert for testing. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 14:23:26 +08:00 · 2012-06-13 14:23:26 +08:00 · b05afccde0
commit b05afccde0
parent 0c5de30566
9 changed files with 158 additions and 2 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -29,4 +29,4 @@ $(top_builddir)/docs/%.1: $(srcdir)/docs/%.1.in $(top_builddir)/%
 	$(MKDIR_P) $(@D)
 	$(HELP2MAN) --no-info -i $< -o $@ $(top_builddir)/$*

-SUBDIRS = lib/ccan
+SUBDIRS = lib/ccan . tests
--- a/configure.ac
+++ b/configure.ac
@ -7,12 +7,16 @@ AC_PREREQ(2.60)
 AC_CONFIG_HEADERS(config.h)
 AC_CONFIG_SRCDIR(sbsign.c)

+AM_PROG_AS
 AC_PROG_CC
 AM_PROG_CC_C_O
 AC_PROG_CPP
 AC_PROG_RANLIB
 AC_PROG_MKDIR_P

+AC_CHECK_TOOL(OBJCOPY, [objcopy])
+AC_CHECK_TOOL(STRIP, [strip])
+
 if test $cross_compiling = no; then
  AM_MISSING_PROG(HELP2MAN, help2man)
 else
@ -51,5 +55,5 @@ PKG_CHECK_MODULES(libcrypto, libcrypto,
    [],
    AC_MSG_ERROR([libcrypto (from the OpenSSL package) is required]))

-AC_CONFIG_FILES([Makefile lib/ccan/Makefile])
+AC_CONFIG_FILES([Makefile lib/ccan/Makefile tests/Makefile])
 AC_OUTPUT
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@ -0,0 +1,43 @@
+
+test_key = private-key.rsa
+test_cert = public-cert.pem
+test_image = test.pecoff
+
+check_PROGRAMS = test.pecoff
+check_DATA = $(test_key) $(test_cert)
+check_SCRIPTS = common.sh
+
+test_image_arch = x86-64
+test_lds = $(srcdir)/test.lds
+
+test_pecoff_SOURCES =
+
+test.pecoff: test.elf
+	$(OBJCOPY) -j .text -j .sdata -j .data \
+		-j .dynamic -j .dynsym  -j .rel \
+		-j .rela -j .reloc \
+		--target=efi-app-$(test_image_arch) $^ $@
+	$(STRIP) $@
+
+test.elf: LDFLAGS = -nostdlib -T $(test_lds) -m64
+test.elf: test.$(OBJEXT) $(test_lds)
+	$(LINK) $<
+
+.INTERMEDIATE: test.elf
+
+test.$(OBJEXT): ASFLAGS = -m64
+test.$(OBJEXT): $(srcdir)/test.S
+	$(AS) -o $@ $^
+
+$(test_key): Makefile
+	openssl genrsa -out $@ 2048
+
+$(test_cert): $(test_key) Makefile
+	openssl req -x509 -sha256 -subj '/' -new -key $< -out $@
+
+TESTS = sign-verify.sh \
+	sign-verify-detached.sh \
+	sign-attach-verify.sh
+
+EXTRA_DIST = $(test_lds) test.S $(TESTS) $(check_SCRIPTS)
+CLEANFILES = $(test_key) $(test_cert) $(test_image)
--- a/tests/common.sh
+++ b/tests/common.sh
@ -0,0 +1,12 @@
+
+basedir=..
+testdir="$basedir/tests"
+bindir="$basedir"
+
+sbsign=$bindir/sbsign
+sbverify=$bindir/sbverify
+sbattach=$bindir/sbattach
+
+key="$testdir/private-key.rsa"
+cert="$testdir/public-cert.pem"
+image="$testdir/test.pecoff"
--- a/tests/sign-attach-verify.sh
+++ b/tests/sign-attach-verify.sh
@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+. "$srcdir/common.sh"
+
+sig=test.sig
+signed=test.signed
+
+trap 'rm -f "$sig" "$signed"' EXIT
+
+"$sbsign" --cert "$cert" --key "$key" --detached --output $sig "$image"
+"$sbattach" --attach $sig $signed
+"$sbverify" --cert "$cert" "$signed"
--- a/tests/sign-verify-detached.sh
+++ b/tests/sign-verify-detached.sh
@ -0,0 +1,10 @@
+#!/bin/bash -e
+
+. "$srcdir/common.sh"
+
+sig=test.sig
+
+trap 'rm -f "$sig"' EXIT
+
+"$sbsign" --cert "$cert" --key "$key" --detached --output $sig "$image"
+"$sbverify" --cert "$cert" --detached $sig "$image"
--- a/tests/sign-verify.sh
+++ b/tests/sign-verify.sh
@ -0,0 +1,6 @@
+#!/bin/bash -e
+
+. "$srcdir/common.sh"
+
+"$sbsign" --cert "$cert" --key "$key" --output test.signed "$image"
+"$sbverify" --cert "$cert" test.signed
--- a/tests/test.S
+++ b/tests/test.S
@ -0,0 +1,9 @@
+
+.text
+.globl _start
+_start:
+	nop
+
+.data
+data:
+	.long	0x0
--- a/tests/test.lds
+++ b/tests/test.lds
@ -0,0 +1,60 @@
+/* Same as elf_x86_64_fbsd_efi.lds, except for OUTPUT_FORMAT below - KEEP IN SYNC */
+OUTPUT_FORMAT("elf64-x86-64", "elf64-x86-64", "elf64-x86-64")
+OUTPUT_ARCH(i386:x86-64)
+ENTRY(_start)
+SECTIONS
+{
+  . = 0;
+  ImageBase = .;
+  .hash : { *(.hash) }	/* this MUST come first! */
+  . = ALIGN(4096);
+  .eh_frame :
+  {
+    *(.eh_frame)
+  }
+  . = ALIGN(4096);
+  .text :
+  {
+   *(.text)
+  }
+  . = ALIGN(4096);
+  .reloc :
+  {
+   *(.reloc)
+  }
+  . = ALIGN(4096);
+  .data :
+  {
+   *(.rodata*)
+   *(.got.plt)
+   *(.got)
+   *(.data*)
+   *(.sdata)
+   /* the EFI loader doesn't seem to like a .bss section, so we stick
+      it all into .data: */
+   *(.sbss)
+   *(.scommon)
+   *(.dynbss)
+   *(.bss)
+   *(COMMON)
+   *(.rel.local)
+  }
+  . = ALIGN(4096);
+  .dynamic  : { *(.dynamic) }
+  . = ALIGN(4096);
+  .rela :
+  {
+    *(.rela.data*)
+    *(.rela.got)
+    *(.rela.stab)
+  }
+  . = ALIGN(4096);
+  .dynsym   : { *(.dynsym) }
+  . = ALIGN(4096);
+  .dynstr   : { *(.dynstr) }
+  . = ALIGN(4096);
+  .ignored.reloc :
+  {
+    *(.rela.reloc)
+  }
+}