blob: 5aabcbcc0baa0ba3995aa014b2c4779c3790523a [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package globsuid_test
import (
func TestDownloadSignatureMatch(t *testing.T) {
defer testutil.InitRandGenerator(t.Logf)()
ctx, shutdown := utiltest.V23Init()
defer shutdown()
sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
defer deferFn()
binaryVON := "binary"
pkgVON := naming.Join(binaryVON, "testpkg")
defer utiltest.StartRealBinaryRepository(t, ctx, binaryVON)()
up := testutil.RandomBytes(testutil.RandomIntn(5 << 20))
mediaInfo := repository.MediaInfo{Type: "application/octet-stream"}
sig, err := binarylib.Upload(ctx, naming.Join(binaryVON, "testbinary"), up, mediaInfo)
if err != nil {
t.Fatalf("Upload(%v) failed:%v", binaryVON, err)
// Upload packages for this application
tmpdir, err := ioutil.TempDir("", "test-package-")
if err != nil {
t.Fatalf("ioutil.TempDir failed: %v", err)
defer os.RemoveAll(tmpdir)
pkgContents := testutil.RandomBytes(testutil.RandomIntn(5 << 20))
if err := ioutil.WriteFile(filepath.Join(tmpdir, "pkg.txt"), pkgContents, 0600); err != nil {
t.Fatalf("ioutil.WriteFile failed: %v", err)
pkgSig, err := binarylib.UploadFromDir(ctx, pkgVON, tmpdir)
if err != nil {
t.Fatalf("binarylib.UploadFromDir failed: %v", err)
// Start the application repository
envelope, serverStop := utiltest.StartApplicationRepository(ctx)
defer serverStop()
root, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
if err := impl.SaveCreatorInfo(root); err != nil {
// Create a script wrapping the test target that implements suidhelper.
helperPath := utiltest.GenerateSuidHelperScript(t, root)
// Set up the device manager. Since we won't do device manager updates,
// don't worry about its application envelope and current link.
dmh := servicetest.RunCommand(t, sh, nil, utiltest.DeviceManager, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
pid := servicetest.ReadPID(t, dmh)
defer syscall.Kill(pid, syscall.SIGINT)
utiltest.ClaimDevice(t, ctx, "claimable", "dm", "mydevice", utiltest.NoPairingToken)
p := v23.GetPrincipal(ctx)
publisher, err := p.BlessSelf("publisher")
if err != nil {
t.Fatalf("Failed to generate publisher blessings:%v", err)
*envelope = application.Envelope{
Binary: application.SignedFile{
File: naming.Join(binaryVON, "testbinary"),
Signature: *sig,
Publisher: publisher,
Packages: map[string]application.SignedFile{
"pkg": application.SignedFile{
File: pkgVON,
Signature: *pkgSig,
// Using the publisher should fail, because blessing "publisher" is not covered by the
// trusted roots of the device manager's principal
if _, err := utiltest.AppStub().Install(ctx, utiltest.MockApplicationRepoName, device.Config{}, nil); verror.ErrorID(err) != impl.ErrOperationFailed.ID {
t.Fatalf("Unexpected error installing app:%v (expected ErrOperationFailed)", err)
// Changing the publisher blessing to one that is covered by the DM roots, should
// allow the app installation to succeed.
envelope.Publisher, err = p.Bless(p.PublicKey(), p.BlessingStore().Default(), "publisher", security.UnconstrainedUse())
if err != nil {
t.Fatalf("Failed to generate trusted publisher blessings: %v", err)
if _, err := utiltest.AppStub().Install(ctx, utiltest.MockApplicationRepoName, device.Config{}, nil); err != nil {
t.Fatalf("Failed to Install app:%v", err)
// Verify that when the binary is corrupted, signature verification fails.
up[0] = up[0] ^ 0xFF
if err := binarylib.Delete(ctx, naming.Join(binaryVON, "testbinary")); err != nil {
t.Fatalf("Delete(%v) failed:%v", binaryVON, err)
if _, err := binarylib.Upload(ctx, naming.Join(binaryVON, "testbinary"), up, mediaInfo); err != nil {
t.Fatalf("Upload(%v) failed:%v", binaryVON, err)
if _, err := utiltest.AppStub().Install(ctx, utiltest.MockApplicationRepoName, device.Config{}, nil); verror.ErrorID(err) != impl.ErrOperationFailed.ID {
t.Fatalf("Failed to verify signature mismatch for binary:%v. Got errorid=%v[%v], want errorid=%v", binaryVON, verror.ErrorID(err), err, impl.ErrOperationFailed.ID)
// Restore the binary and verify that installation succeeds.
up[0] = up[0] ^ 0xFF
if err := binarylib.Delete(ctx, naming.Join(binaryVON, "testbinary")); err != nil {
t.Fatalf("Delete(%v) failed:%v", binaryVON, err)
if _, err := binarylib.Upload(ctx, naming.Join(binaryVON, "testbinary"), up, mediaInfo); err != nil {
t.Fatalf("Upload(%v) failed:%v", binaryVON, err)
if _, err := utiltest.AppStub().Install(ctx, utiltest.MockApplicationRepoName, device.Config{}, nil); err != nil {
t.Fatalf("Failed to Install app:%v", err)
// Verify that when the package contents are corrupted, signature verification fails.
pkgContents[0] = pkgContents[0] ^ 0xFF
if err := binarylib.Delete(ctx, pkgVON); err != nil {
t.Fatalf("Delete(%v) failed:%v", pkgVON, err)
if err := os.Remove(filepath.Join(tmpdir, "pkg.txt")); err != nil {
t.Fatalf("Remove(%v) failed:%v", filepath.Join(tmpdir, "pkg.txt"), err)
if err := ioutil.WriteFile(filepath.Join(tmpdir, "pkg.txt"), pkgContents, 0600); err != nil {
t.Fatalf("ioutil.WriteFile failed: %v", err)
if _, err = binarylib.UploadFromDir(ctx, pkgVON, tmpdir); err != nil {
t.Fatalf("binarylib.UploadFromDir failed: %v", err)
if _, err := utiltest.AppStub().Install(ctx, utiltest.MockApplicationRepoName, device.Config{}, nil); verror.ErrorID(err) != impl.ErrOperationFailed.ID {
t.Fatalf("Failed to verify signature mismatch for package:%v", pkgVON)