[OpenWrt-Devel] [PATCH ucert 6/9] add cram based unit tests

Petr Štetiar ynezz at true.cz
Thu Dec 19 17:04:18 EST 2019


For improved QA etc. for the start with initial test case for dump
command.

Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
 CMakeLists.txt                    |  14 +++++++
 tests/CMakeLists.txt              |  14 +++++++
 tests/cram/CMakeLists.txt         |  21 ++++++++++
 tests/cram/inputs/invalid.ucert   | Bin 0 -> 362 bytes
 tests/cram/inputs/key-build.ucert | Bin 0 -> 356 bytes
 tests/cram/test_ucert.t           |  65 ++++++++++++++++++++++++++++++
 6 files changed, 114 insertions(+)
 create mode 100644 tests/CMakeLists.txt
 create mode 100644 tests/cram/CMakeLists.txt
 create mode 100644 tests/cram/inputs/invalid.ucert
 create mode 100644 tests/cram/inputs/key-build.ucert
 create mode 100644 tests/cram/test_ucert.t

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 443d79bd4e8b..71c005990335 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -19,6 +19,14 @@ FIND_LIBRARY(ubox NAMES ubox)
 FIND_LIBRARY(blobmsg_json NAMES blobmsg_json)
 FIND_LIBRARY(json NAMES json-c json)
 
+MACRO(ADD_UNIT_TEST_SAN name)
+	ADD_EXECUTABLE(${name}-san ${name}.c)
+	TARGET_COMPILE_OPTIONS(${name}-san PRIVATE -g -fno-omit-frame-pointer -fsanitize=undefined,address,leak -fno-sanitize-recover=all)
+	TARGET_LINK_OPTIONS(${name}-san PRIVATE -fsanitize=undefined,address,leak)
+	TARGET_LINK_LIBRARIES(${name}-san ucert_lib ${ubox} ${blobmsg_json} ${json})
+	TARGET_INCLUDE_DIRECTORIES(${name}-san PRIVATE ${PROJECT_SOURCE_DIR})
+ENDMACRO(ADD_UNIT_TEST_SAN)
+
 IF(UCERT_HOST_BUILD)
 	ADD_DEFINITIONS(-DUCERT_HOST_BUILD)
 ENDIF()
@@ -39,4 +47,10 @@ ELSE()
 	TARGET_LINK_LIBRARIES(ucert ucert_lib ${ubox})
 ENDIF()
 
+IF(UNIT_TESTING)
+	ENABLE_TESTING()
+	ADD_SUBDIRECTORY(tests)
+	ADD_UNIT_TEST_SAN(ucert)
+ENDIF()
+
 INSTALL(TARGETS ucert RUNTIME DESTINATION bin)
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
new file mode 100644
index 000000000000..efefc2e6cde7
--- /dev/null
+++ b/tests/CMakeLists.txt
@@ -0,0 +1,14 @@
+ADD_SUBDIRECTORY(cram)
+
+MACRO(ADD_UNIT_TEST name)
+  ADD_EXECUTABLE(${name} ${name}.c)
+  TARGET_LINK_LIBRARIES(${name} ubox blobmsg_json ${json})
+  TARGET_INCLUDE_DIRECTORIES(${name} PRIVATE ${PROJECT_SOURCE_DIR})
+ENDMACRO(ADD_UNIT_TEST)
+
+FILE(GLOB test_cases "test-*.c")
+FOREACH(test_case ${test_cases})
+  GET_FILENAME_COMPONENT(test_case ${test_case} NAME_WE)
+  ADD_UNIT_TEST(${test_case})
+  ADD_UNIT_TEST_SAN(${test_case})
+ENDFOREACH(test_case)
diff --git a/tests/cram/CMakeLists.txt b/tests/cram/CMakeLists.txt
new file mode 100644
index 000000000000..47247aa026a6
--- /dev/null
+++ b/tests/cram/CMakeLists.txt
@@ -0,0 +1,21 @@
+FIND_PACKAGE(PythonInterp 3 REQUIRED)
+FILE(GLOB test_cases "test_*.t")
+
+SET(PYTHON_VENV_DIR "${CMAKE_CURRENT_BINARY_DIR}/.venv")
+SET(PYTHON_VENV_PIP "${PYTHON_VENV_DIR}/bin/pip")
+SET(PYTHON_VENV_CRAM "${PYTHON_VENV_DIR}/bin/cram")
+
+ADD_CUSTOM_COMMAND(
+	OUTPUT ${PYTHON_VENV_CRAM}
+	COMMAND ${PYTHON_EXECUTABLE} -m venv ${PYTHON_VENV_DIR}
+	COMMAND ${PYTHON_VENV_PIP} install cram
+)
+ADD_CUSTOM_TARGET(prepare-cram-venv ALL DEPENDS ${PYTHON_VENV_CRAM})
+
+ADD_TEST(
+	NAME cram
+	COMMAND ${PYTHON_VENV_CRAM} ${test_cases}
+	WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+)
+
+SET_PROPERTY(TEST cram APPEND PROPERTY ENVIRONMENT "TEST_BIN_DIR=$<TARGET_FILE_DIR:ucert>")
diff --git a/tests/cram/inputs/invalid.ucert b/tests/cram/inputs/invalid.ucert
new file mode 100644
index 0000000000000000000000000000000000000000..dbdeb725d490b51fb442ae3c5a5b90a32376f108
GIT binary patch
literal 362
zcmZwDyHbNt5P;!Lp`+9mmXtaa8pj0Uj74IIQG^6 at K{AdraLxfvJmkVPP<nX^U&g}M
z at HH%Kki^OvyWPLqZ;PTRJ~@C227tGC76ow_5zM2x?~_?{#)s6MmAjqsk0j%zQ`<q3
zWL3p#y<QVV?$#K{iA0soYQnH!>w-31Uf?$C_TsUrr8PYjbt&|wj_P)<(Qp~$*0OhO
zXW{fp_l6esQJNUkNV+UjQQEv4(A7!H#E$FbN4eLYChq8*g9^aM6Tmxc#fStEyaMdO
z&U%cp1t~8t0WSdiu$x$nVkemUn|OclmH&3KTF`)mR<!94+~M~#fDhY?*e+e`_>cW&
zjx5I8F=cqI|BJ0B6v<VJ4A0aYdEDr$;zdJMMhX*5O;%b$A2*H5cBeLJl>Y_z0WNxQ
A<p2Nx

literal 0
HcmV?d00001

diff --git a/tests/cram/inputs/key-build.ucert b/tests/cram/inputs/key-build.ucert
new file mode 100644
index 0000000000000000000000000000000000000000..8b347b1e3f63edcb0c37dd5f1d3e477cd91954ed
GIT binary patch
literal 356
zcmZvXJ5Pg99L4_~G|KGY$f#k^8Y$Gop$}>mp~XIs#+bmp7r6D(2X7dCd<wsegP+O4
z$x<g1w{w2O$@u})FaW$Ki#SZ8m|z|)gMcjJ3qGRWV$+?1e<B4hpF1v+WxFob8x2vC
zxI1&Cq%u`|`HW$~F$8_Q?%*!#50a^+XQGiwh8+2GSMz!|XuJ+fdp$UHifDdq_+uLf
zC`(OhrhQguC~Mu1XnxkVu<QBdN$GdzsW-Xgpa$^y4DbOv2_j((ZvY3dSH-wkk<D{}
z+AF{z?58%P*bSG#7Csz(mA{<iD;ko>j<@`gJN|wF2w-=WI2*4D{^NeTL^k7{gfd*&
r|CMc|6e)FzOyAO7W!fBSQm3h at 6O{>;uBdHch+F1Ww<pe;T($oLPOWSL

literal 0
HcmV?d00001

diff --git a/tests/cram/test_ucert.t b/tests/cram/test_ucert.t
new file mode 100644
index 000000000000..985740def8f2
--- /dev/null
+++ b/tests/cram/test_ucert.t
@@ -0,0 +1,65 @@
+check that ucert is producing expected results:
+
+  $ [ -n "$TEST_BIN_DIR" ] && export PATH="$TEST_BIN_DIR:$PATH"
+  $ export TEST_INPUTS="$TESTDIR/inputs"
+  $ alias ucert='valgrind --quiet --leak-check=full ucert'
+
+  $ ucert
+  Usage: ucert <command> <options>
+  Commands:
+    -A:\t\t\tappend signature (needs -c and -x) (esc)
+    -D:\t\t\tdump (needs -c) (esc)
+    -I:\t\t\tissue cert and revoker (needs -c and -p and -s) (esc)
+    -R:\t\t\tprocess revoker certificate (needs -c and -P) (esc)
+    -V:\t\t\tverify (needs -c and -p|-P, may have -m) (esc)
+  Options:
+    -c <file>:\t\tcertificate file (esc)
+    -m <file>:\t\tmessage file (verify only) (esc)
+    -p <file>:\t\tpublic key file (esc)
+    -P <path>:\t\tpublic key directory (verify only) (esc)
+    -q:\t\t\tquiet (do not print verification result, use return code only) (esc)
+    -s <file>:\t\tsecret key file (issue only) (esc)
+    -x <file>:\t\tsignature file (append only) (esc)
+  
+  [1]
+
+  $ ucert -D -c $TEST_INPUTS/key-build.ucert
+  === CHAIN ELEMENT 01 ===
+  signature:
+  ---
+  untrusted comment: signed by key 84bfc88a17166577
+  RWSEv8iKFxZld+bQ+NTqCdDlHOuVYNw5Qw7Q8shjfMgFJcTqrzaqO0bysjIQhTadmcwvWiWvHlyMcwAXSix2BYdfghz/zhDjvgU=
+  ---
+  payload:
+  ---
+  "ucert": {
+  \t"certtype": 1, (esc)
+  \t"validfrom": 1546188410, (esc)
+  \t"expiresat": 1577724410, (esc)
+  \t"pubkey": "untrusted comment: Local build key\\nRWSEv8iKFxZld6vicE1icWhYNfEV9PM7C9MKUKl+YNEKB+PdAWGDF5Z9\\n" (esc)
+  }
+  ---
+  $ ucert-san -D -c $TEST_INPUTS/key-build.ucert
+  === CHAIN ELEMENT 01 ===
+  signature:
+  ---
+  untrusted comment: signed by key 84bfc88a17166577
+  RWSEv8iKFxZld+bQ+NTqCdDlHOuVYNw5Qw7Q8shjfMgFJcTqrzaqO0bysjIQhTadmcwvWiWvHlyMcwAXSix2BYdfghz/zhDjvgU=
+  ---
+  payload:
+  ---
+  "ucert": {
+  \t"certtype": 1, (esc)
+  \t"validfrom": 1546188410, (esc)
+  \t"expiresat": 1577724410, (esc)
+  \t"pubkey": "untrusted comment: Local build key\\nRWSEv8iKFxZld6vicE1icWhYNfEV9PM7C9MKUKl+YNEKB+PdAWGDF5Z9\\n" (esc)
+  }
+  ---
+
+  $ ucert -D -c $TEST_INPUTS/invalid.ucert
+  cert_dump(406): cannot parse cert
+  [1]
+
+  $ ucert-san -D -c $TEST_INPUTS/invalid.ucert
+  cert_dump(406): cannot parse cert
+  [1]

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list