Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / a66b5c053b6bd2d381ddbd995031987e2cf7bcf0 / . / libs / apkverify / tests / apkverify_test.rs
blob: 0b3320881a5d4fc1926de28f594f50f15300440e [file] [log] [blame]
Jooyung Han12a0b702021-08-05 23:20:31 +0900[diff] [blame]1/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Andrew Walbran117cd5e2021-08-13 11:42:13 +0000[diff] [blame]17use apkverify::{testing::assert_contains, verify};
Jooyung Hancee6de62021-08-11 15:52:07 +0900[diff] [blame]18use std::matches;
Jooyung Hand8397852021-08-10 16:29:36 +0900[diff] [blame]19
Seungjae Yoo91e250a2022-06-07 02:21:56 +0000[diff] [blame]20const KEY_NAMES_DSA: &[&str] = &["1024", "2048", "3072"];
21const KEY_NAMES_ECDSA: &[&str] = &["p256", "p384", "p521"];
22const KEY_NAMES_RSA: &[&str] = &["1024", "2048", "3072", "4096", "8192", "16384"];
Jooyung Hancee6de62021-08-11 15:52:07 +0900[diff] [blame]23
24#[test]
25fn test_verify_truncated_cd() {
26 use zip::result::ZipError;
27 let res = verify("tests/data/v2-only-truncated-cd.apk");
28 // TODO(jooyung): consider making a helper for err assertion
29 assert!(matches!(
Andrew Walbran117cd5e2021-08-13 11:42:13 +0000[diff] [blame]30 res.unwrap_err().root_cause().downcast_ref::<ZipError>().unwrap(),
Jooyung Hancee6de62021-08-11 15:52:07 +0900[diff] [blame]31 ZipError::InvalidArchive(_),
32 ));
33}
Seungjae Yoo91e250a2022-06-07 02:21:56 +0000[diff] [blame]34
35#[test]
36fn test_verify_v3() {
37 assert!(verify("tests/data/test.apex").is_ok());
38}
39
40// TODO(b/190343842)
41#[test]
42fn test_verify_v3_dsa_sha256() {
43 for key_name in KEY_NAMES_DSA.iter() {
44 let res = verify(format!("tests/data/v3-only-with-dsa-sha256-{}.apk", key_name));
45 assert!(res.is_err());
Alice Wanga66b5c02022-09-16 07:25:17 +0000[diff] [blame^]46 assert_contains(&res.unwrap_err().to_string(), "not implemented");
Seungjae Yoo91e250a2022-06-07 02:21:56 +0000[diff] [blame]47 }
48}
49
50#[test]
51fn test_verify_v3_ecdsa_sha256() {
52 for key_name in KEY_NAMES_ECDSA.iter() {
53 assert!(verify(format!("tests/data/v3-only-with-ecdsa-sha256-{}.apk", key_name)).is_ok());
54 }
55}
56
57// TODO(b/190343842)
58#[test]
59fn test_verify_v3_ecdsa_sha512() {
60 for key_name in KEY_NAMES_ECDSA.iter() {
61 let res = verify(format!("tests/data/v3-only-with-ecdsa-sha512-{}.apk", key_name));
62 assert!(res.is_err());
Alice Wanga66b5c02022-09-16 07:25:17 +0000[diff] [blame^]63 assert_contains(&res.unwrap_err().to_string(), "not implemented");
Seungjae Yoo91e250a2022-06-07 02:21:56 +0000[diff] [blame]64 }
65}
66
67#[test]
68fn test_verify_v3_rsa_sha256() {
69 for key_name in KEY_NAMES_RSA.iter() {
70 assert!(
71 verify(format!("tests/data/v3-only-with-rsa-pkcs1-sha256-{}.apk", key_name)).is_ok()
72 );
73 }
74}
75
76#[test]
77fn test_verify_v3_rsa_sha512() {
78 for key_name in KEY_NAMES_RSA.iter() {
79 assert!(
80 verify(format!("tests/data/v3-only-with-rsa-pkcs1-sha512-{}.apk", key_name)).is_ok()
81 );
82 }
83}
84
85// TODO(b/190343842)
86#[test]
87fn test_verify_v3_sig_does_not_verify() {
88 let path_list = [
89 "tests/data/v3-only-with-dsa-sha256-2048-sig-does-not-verify.apk",
90 "tests/data/v3-only-with-ecdsa-sha512-p521-sig-does-not-verify.apk",
91 "tests/data/v3-only-with-rsa-pkcs1-sha256-3072-sig-does-not-verify.apk",
92 ];
93 for path in path_list.iter() {
94 let res = verify(path);
95 assert!(res.is_err());
96 let error_msg = &res.unwrap_err().to_string();
97 assert!(
Alice Wanga66b5c02022-09-16 07:25:17 +0000[diff] [blame^]98 error_msg.contains("Signature is invalid") || error_msg.contains("not implemented")
Seungjae Yoo91e250a2022-06-07 02:21:56 +0000[diff] [blame]99 );
100 }
101}
102
103// TODO(b/190343842)
104#[test]
105fn test_verify_v3_digest_mismatch() {
106 let path_list = [
107 "tests/data/v3-only-with-dsa-sha256-3072-digest-mismatch.apk",
108 "tests/data/v3-only-with-rsa-pkcs1-sha512-8192-digest-mismatch.apk",
109 ];
110 for path in path_list.iter() {
111 let res = verify(path);
112 assert!(res.is_err());
113 let error_msg = &res.unwrap_err().to_string();
Alice Wanga66b5c02022-09-16 07:25:17 +0000[diff] [blame^]114 assert!(error_msg.contains("Digest mismatch") || error_msg.contains("not implemented"));
Seungjae Yoo91e250a2022-06-07 02:21:56 +0000[diff] [blame]115 }
116}
117
118#[test]
119fn test_verify_v3_wrong_apk_sig_block_magic() {
120 let res = verify("tests/data/v3-only-with-ecdsa-sha512-p384-wrong-apk-sig-block-magic.apk");
121 assert!(res.is_err());
122 assert_contains(&res.unwrap_err().to_string(), "No APK Signing Block");
123}
124
125#[test]
126fn test_verify_v3_apk_sig_block_size_mismatch() {
127 let res =
128 verify("tests/data/v3-only-with-rsa-pkcs1-sha512-4096-apk-sig-block-size-mismatch.apk");
129 assert!(res.is_err());
130 assert_contains(
131 &res.unwrap_err().to_string(),
132 "APK Signing Block sizes in header and footer do not match",
133 );
134}
135
136#[test]
137fn test_verify_v3_cert_and_public_key_mismatch() {
138 let res = verify("tests/data/v3-only-cert-and-public-key-mismatch.apk");
139 assert!(res.is_err());
140 assert_contains(&res.unwrap_err().to_string(), "Public key mismatch");
141}
142
143#[test]
144fn test_verify_v3_empty() {
145 let res = verify("tests/data/v3-only-empty.apk");
146 assert!(res.is_err());
147 assert_contains(&res.unwrap_err().to_string(), "APK too small for APK Signing Block");
148}
149
150#[test]
151fn test_verify_v3_no_certs_in_sig() {
152 let res = verify("tests/data/v3-only-no-certs-in-sig.apk");
153 assert!(res.is_err());
154 assert_contains(&res.unwrap_err().to_string(), "No certificates listed");
155}
156
157#[test]
158fn test_verify_v3_no_supported_sig_algs() {
159 let res = verify("tests/data/v3-only-no-supported-sig-algs.apk");
160 assert!(res.is_err());
161 assert_contains(&res.unwrap_err().to_string(), "No supported signatures found");
162}
163
164#[test]
165fn test_verify_v3_signatures_and_digests_block_mismatch() {
166 let res = verify("tests/data/v3-only-signatures-and-digests-block-mismatch.apk");
167 assert!(res.is_err());
168 assert_contains(
169 &res.unwrap_err().to_string(),
170 "Signature algorithms don't match between digests and signatures records",
171 );
172}
173
174#[test]
175fn test_verify_v3_unknown_additional_attr() {
176 assert!(verify("tests/data/v3-only-unknown-additional-attr.apk").is_ok());
177}
178
179#[test]
180fn test_verify_v3_unknown_pair_in_apk_sig_block() {
181 assert!(verify("tests/data/v3-only-unknown-pair-in-apk-sig-block.apk").is_ok());
182}
183
184#[test]
185fn test_verify_v3_ignorable_unsupported_sig_algs() {
186 assert!(verify("tests/data/v3-only-with-ignorable-unsupported-sig-algs.apk").is_ok());
187}
188
189#[test]
190fn test_verify_v3_stamp() {
191 assert!(verify("tests/data/v3-only-with-stamp.apk").is_ok());
192}