mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 10:23:17 +00:00
Fix several codesign bugs
We were signing with the signing key + signing cert and verifying with the intermediate cert + root cert. However, we should have been signing with the signing key + signing cert + intermediate cert, and verifying with just the root cert. To fix this, I... 1. Provided new certs and test file .sign files to use the correct signing method. 2. Restructured the `unit_tests/input/signing` directory to highlight which files are for signing and which are for verification. There is a multi-arch build issue because I previously used i8 to represent a C character. I switched it to c_char, which should fix the clamav-debian multi-arch Docker image build. It turns out we weren't failing out when signing if one of the provided intermediate certificate paths is incorrect. Instead of using `filter_map()`, I switched to just iterate the list to populate the vector of intermediate certs.
This commit is contained in:
Val Snyder
parent
8ef70a4e6c
commit
afb3d490e1
22 changed files with 122 additions and 211 deletions
|
|
@ -29,125 +29,3 @@ Bd/OoRMlH6aAxOD3W8PR18TkR7wt5++qMEC+hvpTIBfqDzM6q/l1Gv1/xzKtDiFL
|
|||
9ZmIM79osXAOPMn/dNAh4hVURBl2n7/69FSRzQbVIBGt2YYlWV9HVfOXquuYJ3py
|
||||
pOQCrNNrFjEMFifHqO2ktkn7c8Tsw4dFVnIhKFU=
|
||||
-----END CERTIFICATE-----
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 0 (0x0)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=US, ST=MD, L=Laurel, O=Cisco, OU=Talos, CN=ClamAV BETA Root CA
|
||||
Validity
|
||||
Not Before: Mar 26 21:31:56 2025 GMT
|
||||
Not After : Jul 24 21:31:56 2025 GMT
|
||||
Subject: C=US, ST=MD, O=Cisco, OU=Talos, CN=ClamAV BETA Intermediate Signing CA
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public-Key: (4096 bit)
|
||||
Modulus:
|
||||
00:a1:6b:6a:b0:76:70:35:e1:d3:e5:49:1d:3f:e0:
|
||||
2c:1f:f3:bd:38:cb:cb:7b:ec:e3:f3:20:27:1c:99:
|
||||
1e:99:89:d0:f4:11:ef:b2:18:6c:1b:25:40:55:18:
|
||||
b0:c4:e8:03:0a:64:30:11:fa:b2:2b:6f:cb:2b:b8:
|
||||
aa:0c:29:36:77:6f:cf:12:35:67:14:e9:02:65:ad:
|
||||
6e:fb:fa:f9:b3:a2:9c:1b:d8:90:70:15:10:d0:29:
|
||||
2b:9f:49:6b:dc:75:fb:34:36:e8:cf:22:10:03:8d:
|
||||
7e:97:2c:c6:9c:be:29:33:b8:6b:b8:54:92:a0:28:
|
||||
92:a0:0c:ef:46:a6:0f:94:7a:c4:51:ef:a9:93:0f:
|
||||
46:43:63:1d:36:f8:51:4c:be:8f:89:06:a9:05:6f:
|
||||
e2:40:a9:b4:e3:69:d5:20:48:2d:b0:d8:2b:25:b1:
|
||||
af:08:3b:a8:a6:18:84:0c:05:54:2d:40:a0:e1:bf:
|
||||
af:18:22:2d:87:69:83:89:6d:cf:d3:5f:2b:01:7d:
|
||||
d4:4e:db:2c:80:b2:77:25:5f:55:e1:d4:d4:fe:ad:
|
||||
7a:7c:2b:b3:ef:32:73:aa:f7:f2:43:4e:ae:d3:25:
|
||||
69:57:c8:0b:cf:8c:bd:33:d9:05:87:9d:7b:09:e2:
|
||||
59:3f:01:d2:54:af:c4:8a:97:d7:4b:ce:d9:ad:15:
|
||||
6f:21:8a:e2:24:27:03:60:2e:6d:1d:dd:be:eb:77:
|
||||
a3:4d:ac:d6:01:4a:d4:ec:86:b7:b6:9d:02:3d:2a:
|
||||
7f:e0:5f:02:0f:58:d1:0b:cb:7b:e2:ff:e9:f3:5d:
|
||||
0f:6f:d1:12:77:5f:80:e7:96:67:dd:d7:13:2e:3c:
|
||||
cf:b7:d6:36:33:55:6e:e4:f8:67:08:bb:ed:9a:61:
|
||||
44:27:b0:e2:11:0a:b9:3f:fd:a5:2b:96:e4:7f:5e:
|
||||
60:c6:7d:8c:d6:19:64:79:ff:02:98:eb:53:db:35:
|
||||
9f:ac:a7:02:51:92:85:37:9a:23:1e:f3:c4:b6:cb:
|
||||
0b:7d:65:ed:50:10:94:47:0d:cc:2a:34:a7:65:fd:
|
||||
de:c0:c1:01:ac:e9:4f:c2:02:2d:b2:eb:c5:f8:e6:
|
||||
db:cd:aa:87:91:63:94:40:5e:00:0b:f1:08:07:04:
|
||||
85:79:ce:c8:43:cf:c9:af:66:31:20:e7:58:bf:dd:
|
||||
6b:cb:d4:a4:89:e2:c0:11:15:02:ca:80:cc:97:2a:
|
||||
36:f6:7f:9c:78:f2:5c:35:70:c9:58:6f:95:91:25:
|
||||
88:e3:d7:da:c0:0f:b8:cd:5e:2e:9f:67:d2:14:74:
|
||||
c7:31:09:91:87:0d:97:9f:30:f3:72:1c:ac:98:c1:
|
||||
da:f2:b3:8d:9e:36:21:cb:e8:d9:53:4f:98:2e:d8:
|
||||
ad:44:af
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints: critical
|
||||
CA:TRUE
|
||||
X509v3 Key Usage: critical
|
||||
Certificate Sign, CRL Sign
|
||||
X509v3 Extended Key Usage:
|
||||
OCSP Signing, E-mail Protection
|
||||
Netscape Cert Type:
|
||||
SSL CA
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
4c:8c:2d:f9:22:a4:de:f6:91:30:8e:50:ad:1b:1c:f8:f1:e0:
|
||||
e5:93:7b:57:1c:75:b4:e1:3b:f1:43:12:c1:af:5a:00:c4:a1:
|
||||
5b:6e:9b:07:74:83:68:01:7c:d4:44:25:41:30:34:7d:79:59:
|
||||
f4:ac:df:4a:44:1c:f0:a2:e2:ac:1d:60:b5:83:48:55:a8:45:
|
||||
66:31:43:9d:2a:0c:df:0e:06:5e:e5:e1:1d:d7:99:2d:33:60:
|
||||
2f:f2:39:f0:3c:1f:c3:a8:ff:85:34:75:dd:27:35:d2:a2:f3:
|
||||
36:bc:17:80:ce:60:89:29:66:0c:ee:8e:1d:82:df:a6:33:2b:
|
||||
47:a9:fc:2a:e3:82:b2:07:e2:8a:3a:df:ed:3c:4e:61:d5:c3:
|
||||
f8:df:d2:d3:c6:f4:d7:b9:a7:71:32:bf:42:e9:d2:99:25:ef:
|
||||
0d:8d:7e:0f:2c:17:2b:b2:c6:e0:31:7f:06:85:af:ae:52:e9:
|
||||
b3:4c:06:7f:1a:9d:ee:21:f2:e1:53:94:73:cd:7c:96:5d:c0:
|
||||
b7:1a:55:55:72:c8:13:4f:b0:c6:ca:6a:46:75:aa:f9:1c:9d:
|
||||
74:94:d5:87:50:39:36:4a:41:eb:4e:78:c9:b6:9d:ce:ef:68:
|
||||
57:76:e6:89:a6:82:b9:eb:69:84:8e:24:e2:62:6d:3f:4d:02:
|
||||
ea:2a:5d:cf:a0:74:6a:0a:0c:b5:31:5c:54:61:96:86:c9:07:
|
||||
c0:f4:b5:e0:66:25:63:28:9e:3e:ec:63:a6:04:aa:03:dd:30:
|
||||
40:7f:74:e5:8c:55:79:1f:41:6d:52:72:ce:92:ed:9a:13:ae:
|
||||
30:68:80:04:86:5d:bb:42:e3:f6:63:20:e2:86:f5:72:78:30:
|
||||
34:91:58:35:1d:db:68:02:7a:61:de:61:73:e2:5e:df:96:c7:
|
||||
5a:02:13:8f:66:df:9d:05:99:71:e9:ef:6d:a9:cf:28:83:40:
|
||||
8e:48:d3:8f:6a:37:b5:f0:a6:13:63:28:76:8d:3f:3d:35:94:
|
||||
d8:ef:3a:15:bc:ac:5c:63:0a:ae:60:fa:78:6f:1e:67:0d:7d:
|
||||
22:b4:60:3d:95:10:93:5a:49:ee:30:58:81:e3:5c:07:65:46:
|
||||
b2:02:76:32:6c:2e:2c:79:0c:f7:d9:c1:4f:5a:e4:20:53:08:
|
||||
d7:68:79:36:a8:59:e2:ce:7a:8f:50:32:20:a7:b6:6a:ba:33:
|
||||
55:b6:bd:a6:e8:91:c3:36:b1:3b:ab:1f:ee:d7:d4:d4:dd:28:
|
||||
98:53:d5:18:f7:44:dd:e8:dd:61:88:20:39:9e:1c:53:ab:6c:
|
||||
92:2b:7c:08:6a:8f:98:8b:9d:33:ac:12:b1:c6:ba:7b:45:57:
|
||||
a0:9d:9b:0c:46:a1:22:e1
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFoTCCA4mgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL
|
||||
MAkGA1UECAwCTUQxDzANBgNVBAcMBkxhdXJlbDEOMAwGA1UECgwFQ2lzY28xDjAM
|
||||
BgNVBAsMBVRhbG9zMRwwGgYDVQQDDBNDbGFtQVYgQkVUQSBSb290IENBMB4XDTI1
|
||||
MDMyNjIxMzE1NloXDTI1MDcyNDIxMzE1NlowaDELMAkGA1UEBhMCVVMxCzAJBgNV
|
||||
BAgMAk1EMQ4wDAYDVQQKDAVDaXNjbzEOMAwGA1UECwwFVGFsb3MxLDAqBgNVBAMM
|
||||
I0NsYW1BViBCRVRBIEludGVybWVkaWF0ZSBTaWduaW5nIENBMIICIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAg8AMIICCgKCAgEAoWtqsHZwNeHT5UkdP+AsH/O9OMvLe+zj8yAn
|
||||
HJkemYnQ9BHvshhsGyVAVRiwxOgDCmQwEfqyK2/LK7iqDCk2d2/PEjVnFOkCZa1u
|
||||
+/r5s6KcG9iQcBUQ0Ckrn0lr3HX7NDbozyIQA41+lyzGnL4pM7hruFSSoCiSoAzv
|
||||
RqYPlHrEUe+pkw9GQ2MdNvhRTL6PiQapBW/iQKm042nVIEgtsNgrJbGvCDuophiE
|
||||
DAVULUCg4b+vGCIth2mDiW3P018rAX3UTtssgLJ3JV9V4dTU/q16fCuz7zJzqvfy
|
||||
Q06u0yVpV8gLz4y9M9kFh517CeJZPwHSVK/EipfXS87ZrRVvIYriJCcDYC5tHd2+
|
||||
63ejTazWAUrU7Ia3tp0CPSp/4F8CD1jRC8t74v/p810Pb9ESd1+A55Zn3dcTLjzP
|
||||
t9Y2M1Vu5PhnCLvtmmFEJ7DiEQq5P/2lK5bkf15gxn2M1hlkef8CmOtT2zWfrKcC
|
||||
UZKFN5ojHvPEtssLfWXtUBCURw3MKjSnZf3ewMEBrOlPwgItsuvF+ObbzaqHkWOU
|
||||
QF4AC/EIBwSFec7IQ8/Jr2YxIOdYv91ry9SkieLAERUCyoDMlyo29n+cePJcNXDJ
|
||||
WG+VkSWI49fawA+4zV4un2fSFHTHMQmRhw2XnzDzchysmMHa8rONnjYhy+jZU0+Y
|
||||
LtitRK8CAwEAAaNVMFMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
|
||||
HQYDVR0lBBYwFAYIKwYBBQUHAwkGCCsGAQUFBwMEMBEGCWCGSAGG+EIBAQQEAwIC
|
||||
BDANBgkqhkiG9w0BAQsFAAOCAgEATIwt+SKk3vaRMI5QrRsc+PHg5ZN7Vxx1tOE7
|
||||
8UMSwa9aAMShW26bB3SDaAF81EQlQTA0fXlZ9KzfSkQc8KLirB1gtYNIVahFZjFD
|
||||
nSoM3w4GXuXhHdeZLTNgL/I58Dwfw6j/hTR13Sc10qLzNrwXgM5giSlmDO6OHYLf
|
||||
pjMrR6n8KuOCsgfiijrf7TxOYdXD+N/S08b017mncTK/QunSmSXvDY1+DywXK7LG
|
||||
4DF/BoWvrlLps0wGfxqd7iHy4VOUc818ll3AtxpVVXLIE0+wxspqRnWq+RyddJTV
|
||||
h1A5NkpB6054ybadzu9oV3bmiaaCuetphI4k4mJtP00C6ipdz6B0agoMtTFcVGGW
|
||||
hskHwPS14GYlYyiePuxjpgSqA90wQH905YxVeR9BbVJyzpLtmhOuMGiABIZdu0Lj
|
||||
9mMg4ob1cngwNJFYNR3baAJ6Yd5hc+Je35bHWgITj2bfnQWZcenvbanPKINAjkjT
|
||||
j2o3tfCmE2Modo0/PTWU2O86FbysXGMKrmD6eG8eZw19IrRgPZUQk1pJ7jBYgeNc
|
||||
B2VGsgJ2MmwuLHkM99nBT1rkIFMI12h5NqhZ4s56j1AyIKe2arozVba9puiRwzax
|
||||
O6sf7tfU1N0omFPVGPdE3ejdYYggOZ4cU6tskit8CGqPmIudM6wSsca6e0VXoJ2b
|
||||
DEahIuE=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -115,42 +115,45 @@ pub unsafe extern "C" fn codesign_sign_file(
|
|||
let signature_file_path_str = validate_str_param!(signature_file_path_str);
|
||||
let signature_file_path = Path::new(signature_file_path_str);
|
||||
|
||||
let cert_path_strs: &[*const i8] = std::slice::from_raw_parts(cert_paths_str, cert_paths_len);
|
||||
let cert_path_strs: &[*const c_char] =
|
||||
std::slice::from_raw_parts(cert_paths_str, cert_paths_len);
|
||||
|
||||
// now convert the cert_path_strs to a Vec<&Path>
|
||||
let cert_paths: Vec<PathBuf> = cert_path_strs
|
||||
.iter()
|
||||
.filter_map(|&path_str| -> Option<PathBuf> {
|
||||
let path_str = if path_str.is_null() {
|
||||
warn!("Intermiediate path string is NULL");
|
||||
return None;
|
||||
} else {
|
||||
#[allow(unused_unsafe)]
|
||||
match unsafe { CStr::from_ptr(path_str) }.to_str() {
|
||||
Err(e) => {
|
||||
warn!("Intermediate path string is not valid unicode: {}", e);
|
||||
return None;
|
||||
}
|
||||
Ok(s) => Some(s),
|
||||
}
|
||||
};
|
||||
let mut cert_paths: Vec<PathBuf> = Vec::with_capacity(cert_paths_len);
|
||||
|
||||
if let Some(path_str) = path_str {
|
||||
match Path::new(path_str).canonicalize() {
|
||||
Ok(path) => Some(path),
|
||||
Err(e) => {
|
||||
warn!(
|
||||
"Invalid intermediate certificate path: '{}' {}",
|
||||
path_str, e
|
||||
);
|
||||
None
|
||||
}
|
||||
}
|
||||
} else {
|
||||
None
|
||||
for &path_str in cert_path_strs {
|
||||
if path_str.is_null() {
|
||||
return ffi_error!(
|
||||
err = err,
|
||||
Error::SignFailed("Intermediate certificate path is NULL".to_string())
|
||||
);
|
||||
}
|
||||
|
||||
#[allow(unused_unsafe)]
|
||||
let path_str = CStr::from_ptr(path_str)
|
||||
.to_str()
|
||||
.map_err(|e| {
|
||||
warn!("Intermediate path string is not valid unicode: {e}");
|
||||
ffi_error!(
|
||||
err = err,
|
||||
Error::SignFailed("Intermediate certificate path is NULL".to_string())
|
||||
)
|
||||
})
|
||||
.unwrap();
|
||||
|
||||
match Path::new(path_str).canonicalize() {
|
||||
Ok(path) => cert_paths.push(path),
|
||||
Err(e) => {
|
||||
warn!("Invalid intermediate certificate path: '{path_str}' {e}",);
|
||||
return ffi_error!(
|
||||
err = err,
|
||||
Error::SignFailed(format!(
|
||||
"Invalid intermediate certificate path: '{path_str}': {e}",
|
||||
))
|
||||
);
|
||||
}
|
||||
})
|
||||
.collect();
|
||||
}
|
||||
}
|
||||
|
||||
let signing_key_path_str = validate_str_param!(signing_key_path_str);
|
||||
let signing_key_path = match Path::new(signing_key_path_str).canonicalize() {
|
||||
|
|
@ -159,8 +162,7 @@ pub unsafe extern "C" fn codesign_sign_file(
|
|||
return ffi_error!(
|
||||
err = err,
|
||||
Error::SignFailed(format!(
|
||||
"Invalid signing key path '{}': {}",
|
||||
signing_key_path_str, e
|
||||
"Invalid signing key path '{signing_key_path_str}': {e}",
|
||||
))
|
||||
);
|
||||
}
|
||||
|
|
@ -372,7 +374,6 @@ pub unsafe extern "C" fn codesign_verifier_new(
|
|||
#[export_name = "codesign_verifier_free"]
|
||||
pub unsafe extern "C" fn codesign_verifier_free(verifier: *mut c_void) {
|
||||
if verifier.is_null() {
|
||||
return;
|
||||
} else {
|
||||
let _ = unsafe { Box::from_raw(verifier as *mut Verifier) };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -980,7 +980,7 @@ static int sign(const struct optstruct *opts)
|
|||
if (NULL == target) {
|
||||
mprintf(LOGG_ERROR, "sign: No target file specified.\n");
|
||||
mprintf(LOGG_ERROR, "To sign a file with sigtool, you must specify a target file and use the --key and --cert options.\n");
|
||||
mprintf(LOGG_ERROR, "For example: sigtool --sign myfile.cvd --key /path/to/private.key --cert /path/to/public.pem --cert /path/to/intermediate.pem --cert /path/to/root-ca.pem\n");
|
||||
mprintf(LOGG_ERROR, "For example: sigtool --sign myfile.cvd --key /path/to/private.key --cert /path/to/public.crt --cert /path/to/intermediate.crt --cert /path/to/root-ca.crt\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
|
@ -994,7 +994,7 @@ static int sign(const struct optstruct *opts)
|
|||
if (NULL == target) {
|
||||
mprintf(LOGG_ERROR, "sign: No private key specified.\n");
|
||||
mprintf(LOGG_ERROR, "To sign a file with sigtool, you must specify a target file and use the --key and --cert options.\n");
|
||||
mprintf(LOGG_ERROR, "For example: sigtool --sign myfile.cvd --key /path/to/private.key --cert /path/to/public.pem --cert /path/to/intermediate.pem --cert /path/to/root-ca.pem\n");
|
||||
mprintf(LOGG_ERROR, "For example: sigtool --sign myfile.cvd --key /path/to/private.key --cert /path/to/public.crt --cert /path/to/intermediate.crt --cert /path/to/root-ca.crt\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
|
@ -1002,7 +1002,7 @@ static int sign(const struct optstruct *opts)
|
|||
if (NULL == opt) {
|
||||
mprintf(LOGG_ERROR, "sign: No signing or intermediate certificates specified.\n");
|
||||
mprintf(LOGG_ERROR, "To sign a file with sigtool, you must specify a target file and use the --key and --cert options.\n");
|
||||
mprintf(LOGG_ERROR, "For example: sigtool --sign myfile.cvd --key /path/to/private.key --cert /path/to/public.pem --cert /path/to/intermediate.pem --cert /path/to/root-ca.pem\n");
|
||||
mprintf(LOGG_ERROR, "For example: sigtool --sign myfile.cvd --key /path/to/private.key --cert /path/to/public.crt --cert /path/to/intermediate.crt --cert /path/to/root-ca.crt\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
|
@ -1010,7 +1010,7 @@ static int sign(const struct optstruct *opts)
|
|||
if (!opt->strarg) {
|
||||
mprintf(LOGG_ERROR, "sign: The --cert option requires a path value to a signing or intermediate certificate.\n");
|
||||
mprintf(LOGG_ERROR, "To sign a file with sigtool, you must specify a target file and use the --key and --cert options.\n");
|
||||
mprintf(LOGG_ERROR, "For example: sigtool --sign myfile.cvd --key /path/to/private.key --cert /path/to/public.pem --cert /path/to/intermediate.pem --cert /path/to/root-ca.pem\n");
|
||||
mprintf(LOGG_ERROR, "For example: sigtool --sign myfile.cvd --key /path/to/private.key --cert /path/to/public.crt --cert /path/to/intermediate.crt --cert /path/to/root-ca.crt\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -264,7 +264,7 @@ set(ENVIRONMENT
|
|||
CK_DEFAULT_TIMEOUT=300
|
||||
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}
|
||||
DYLD_LIBRARY_PATH=${LD_LIBRARY_PATH}
|
||||
CVD_CERTS_DIR=${CMAKE_SOURCE_DIR}/unit_tests/input/signing/public
|
||||
CVD_CERTS_DIR=${CMAKE_SOURCE_DIR}/unit_tests/input/signing/verify
|
||||
PATH=${NEW_PATH}
|
||||
LIBSSL=${LIBSSL}
|
||||
LIBCRYPTO=${LIBCRYPTO}
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ set(ENCRYPTED_TESTFILES
|
|||
clamav_hdb_scanfiles/clam.exe.2007.one
|
||||
clamav_hdb_scanfiles/clam.exe.2010.one
|
||||
clamav_hdb_scanfiles/clam.exe.webapp-export.one
|
||||
signing/private/signing-test.key
|
||||
signing/sign/signing-test.key
|
||||
)
|
||||
|
||||
if(ENABLE_UNRAR)
|
||||
|
|
@ -69,7 +69,7 @@ endif()
|
|||
|
||||
add_custom_target(tgt_build_unit_tests_directories ALL
|
||||
COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/clamav_hdb_scanfiles
|
||||
COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/signing/private
|
||||
COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/signing/sign
|
||||
)
|
||||
|
||||
# Decrypt test file
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -1,34 +1,3 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFWTCCA0ECFE2pmfv8w11dekWvzh/bw7eQEp99MA0GCSqGSIb3DQEBCwUAMGkx
|
||||
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDEPMA0GA1UEBwwGTGF1cmVsMQ4wDAYD
|
||||
VQQKDAVDaXNjbzEOMAwGA1UECwwFVGFsb3MxHDAaBgNVBAMME0NsYW1BViBURVNU
|
||||
IFJvb3QgQ0EwHhcNMjUwMzI2MTc1NjMyWhcNMjcwMzI2MTc1NjMyWjBpMQswCQYD
|
||||
VQQGEwJVUzELMAkGA1UECAwCTUQxDzANBgNVBAcMBkxhdXJlbDEOMAwGA1UECgwF
|
||||
Q2lzY28xDjAMBgNVBAsMBVRhbG9zMRwwGgYDVQQDDBNDbGFtQVYgVEVTVCBSb290
|
||||
IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1ARsUmzhLiv2scny
|
||||
9viNJPeROHSrZ8pPG4weMyjDdDhbrrCjPoBXMFYDqLGt853W20gWpbBq9wdZbbaS
|
||||
kqgv5DMy5FAtZcplx68Ern5TbbJkD5KiE9FA1FPAGL9Cq6JXKerSxj0njX6U8K+d
|
||||
FqOUXqyWRk1HMD8UiynrpwDD6tpsfevOTIlbLpwvi3xb79EAXq2vHoyH2bkiY/+H
|
||||
QzezYkBVRxRDt1q4XiklPpoX/2vnROQ9n8yQ0CH/bC0SSwQNHBXOTmTDsKtCfEhD
|
||||
mGCY62dfBlotZiJTKj/mCZZ1/Yb3UCRm1yqhuDJFnubAyHsTL1KScN73ICI2JA8b
|
||||
jiqHr5Cl8Q2olgd4iQs+HdzxXObZUGoaG+3mOG5SRq9CWyjGn37HZpTQsll3jlld
|
||||
kRWVliVDfwTSqp8R2aqd8cDrjtzKqUkCAVgLswTLybpFvlIvY+VDyCvlszFxxvVY
|
||||
9qKn9IBXaT33zO4oAgxQGsnXLpL6lM86n81Dl6Yvb2r8SY5mMIvuMQYm16fKCf9C
|
||||
2ZCV7pQcOgaUKk3/eqqwu4Bvt4Y2wtG5ABSoboAMixOdE2XUPzBKcKxdNN/PcD5P
|
||||
Hb3ogTCeUM44o3onhD2xaMR7tOtZtGT2AdA4zhVfuJi7MsU7ia/oCA2/Om6LUYL1
|
||||
H7YXGl4/FKz9OTZqGtnn6qt1lPkCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAMAQQ
|
||||
i6IgsNzSijrtykLCs0Ocjzjr1vGEY9gs0z+InleRD+SOPnS9/aa7ZlvduR3pPlMp
|
||||
/roV8+GSEwV6tgvxF5V5KYXpAl1hmeZnx6p/BtPtaTkq6uKJOoErrQuC2KkHn8Dp
|
||||
olb4N9IkDNkVmPYupSDTy4ZX2GRFkCOvPnUVP+pXY7IVVuR6LEAQ9bm+Rwfyd+TZ
|
||||
bdKA3wnNLmTAyLjS2UNTBlXAf6iKi/k/UEfbriCEDaXafx860DX2iTdhNUlBL5ba
|
||||
GpW/AZpCEsLGAQ6wFOXpmGFjjKgND3B83MRAiaH5iINrDB2c2+pNU/5QXhOGEkDq
|
||||
/I7jRq/t96fYH+xpyCg5gNlKfQznvvS01GrssNblGZ1sdDuRMp9TCZ31WS09BM01
|
||||
6hXM85CSnoYXdv77bapx3v9bAupo5hUyY5pGDJu6GRJZ6u/xd7c4CJv/NlKMeKX4
|
||||
H51VoTZiU47DZ9uplnDB5fXsgsf6gutdQrr8DmKeEhS7YhBdRhoQOt4FRwknlS76
|
||||
bFMAGSxH/XPJDqOFXXR2arhZNP/s//suaNVSWF4gLgVSmmzLB5I2RzG/klW6b1GT
|
||||
46tsFUOLkEWnMKOvHfo3zPstS8u/W9CYf0xCqLaSINXmaNXver/dXugixu9M15bc
|
||||
72CWJ5EESQkTUCIuJIR6uLWu73rKPEy+0LOkDDQ=
|
||||
-----END CERTIFICATE-----
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
31
unit_tests/input/signing/verify/clamav-test.crt
Normal file
31
unit_tests/input/signing/verify/clamav-test.crt
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFWTCCA0ECFE2pmfv8w11dekWvzh/bw7eQEp99MA0GCSqGSIb3DQEBCwUAMGkx
|
||||
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDEPMA0GA1UEBwwGTGF1cmVsMQ4wDAYD
|
||||
VQQKDAVDaXNjbzEOMAwGA1UECwwFVGFsb3MxHDAaBgNVBAMME0NsYW1BViBURVNU
|
||||
IFJvb3QgQ0EwHhcNMjUwMzI2MTc1NjMyWhcNMjcwMzI2MTc1NjMyWjBpMQswCQYD
|
||||
VQQGEwJVUzELMAkGA1UECAwCTUQxDzANBgNVBAcMBkxhdXJlbDEOMAwGA1UECgwF
|
||||
Q2lzY28xDjAMBgNVBAsMBVRhbG9zMRwwGgYDVQQDDBNDbGFtQVYgVEVTVCBSb290
|
||||
IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1ARsUmzhLiv2scny
|
||||
9viNJPeROHSrZ8pPG4weMyjDdDhbrrCjPoBXMFYDqLGt853W20gWpbBq9wdZbbaS
|
||||
kqgv5DMy5FAtZcplx68Ern5TbbJkD5KiE9FA1FPAGL9Cq6JXKerSxj0njX6U8K+d
|
||||
FqOUXqyWRk1HMD8UiynrpwDD6tpsfevOTIlbLpwvi3xb79EAXq2vHoyH2bkiY/+H
|
||||
QzezYkBVRxRDt1q4XiklPpoX/2vnROQ9n8yQ0CH/bC0SSwQNHBXOTmTDsKtCfEhD
|
||||
mGCY62dfBlotZiJTKj/mCZZ1/Yb3UCRm1yqhuDJFnubAyHsTL1KScN73ICI2JA8b
|
||||
jiqHr5Cl8Q2olgd4iQs+HdzxXObZUGoaG+3mOG5SRq9CWyjGn37HZpTQsll3jlld
|
||||
kRWVliVDfwTSqp8R2aqd8cDrjtzKqUkCAVgLswTLybpFvlIvY+VDyCvlszFxxvVY
|
||||
9qKn9IBXaT33zO4oAgxQGsnXLpL6lM86n81Dl6Yvb2r8SY5mMIvuMQYm16fKCf9C
|
||||
2ZCV7pQcOgaUKk3/eqqwu4Bvt4Y2wtG5ABSoboAMixOdE2XUPzBKcKxdNN/PcD5P
|
||||
Hb3ogTCeUM44o3onhD2xaMR7tOtZtGT2AdA4zhVfuJi7MsU7ia/oCA2/Om6LUYL1
|
||||
H7YXGl4/FKz9OTZqGtnn6qt1lPkCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAMAQQ
|
||||
i6IgsNzSijrtykLCs0Ocjzjr1vGEY9gs0z+InleRD+SOPnS9/aa7ZlvduR3pPlMp
|
||||
/roV8+GSEwV6tgvxF5V5KYXpAl1hmeZnx6p/BtPtaTkq6uKJOoErrQuC2KkHn8Dp
|
||||
olb4N9IkDNkVmPYupSDTy4ZX2GRFkCOvPnUVP+pXY7IVVuR6LEAQ9bm+Rwfyd+TZ
|
||||
bdKA3wnNLmTAyLjS2UNTBlXAf6iKi/k/UEfbriCEDaXafx860DX2iTdhNUlBL5ba
|
||||
GpW/AZpCEsLGAQ6wFOXpmGFjjKgND3B83MRAiaH5iINrDB2c2+pNU/5QXhOGEkDq
|
||||
/I7jRq/t96fYH+xpyCg5gNlKfQznvvS01GrssNblGZ1sdDuRMp9TCZ31WS09BM01
|
||||
6hXM85CSnoYXdv77bapx3v9bAupo5hUyY5pGDJu6GRJZ6u/xd7c4CJv/NlKMeKX4
|
||||
H51VoTZiU47DZ9uplnDB5fXsgsf6gutdQrr8DmKeEhS7YhBdRhoQOt4FRwknlS76
|
||||
bFMAGSxH/XPJDqOFXXR2arhZNP/s//suaNVSWF4gLgVSmmzLB5I2RzG/klW6b1GT
|
||||
46tsFUOLkEWnMKOvHfo3zPstS8u/W9CYf0xCqLaSINXmaNXver/dXugixu9M15bc
|
||||
72CWJ5EESQkTUCIuJIR6uLWu73rKPEy+0LOkDDQ=
|
||||
-----END CERTIFICATE-----
|
||||
31
unit_tests/input/verify/clamav.crt
Normal file
31
unit_tests/input/verify/clamav.crt
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFWTCCA0ECFE2pmfv8w11dekWvzh/bw7eQEp99MA0GCSqGSIb3DQEBCwUAMGkx
|
||||
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDEPMA0GA1UEBwwGTGF1cmVsMQ4wDAYD
|
||||
VQQKDAVDaXNjbzEOMAwGA1UECwwFVGFsb3MxHDAaBgNVBAMME0NsYW1BViBURVNU
|
||||
IFJvb3QgQ0EwHhcNMjUwMzI2MTc1NjMyWhcNMjcwMzI2MTc1NjMyWjBpMQswCQYD
|
||||
VQQGEwJVUzELMAkGA1UECAwCTUQxDzANBgNVBAcMBkxhdXJlbDEOMAwGA1UECgwF
|
||||
Q2lzY28xDjAMBgNVBAsMBVRhbG9zMRwwGgYDVQQDDBNDbGFtQVYgVEVTVCBSb290
|
||||
IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1ARsUmzhLiv2scny
|
||||
9viNJPeROHSrZ8pPG4weMyjDdDhbrrCjPoBXMFYDqLGt853W20gWpbBq9wdZbbaS
|
||||
kqgv5DMy5FAtZcplx68Ern5TbbJkD5KiE9FA1FPAGL9Cq6JXKerSxj0njX6U8K+d
|
||||
FqOUXqyWRk1HMD8UiynrpwDD6tpsfevOTIlbLpwvi3xb79EAXq2vHoyH2bkiY/+H
|
||||
QzezYkBVRxRDt1q4XiklPpoX/2vnROQ9n8yQ0CH/bC0SSwQNHBXOTmTDsKtCfEhD
|
||||
mGCY62dfBlotZiJTKj/mCZZ1/Yb3UCRm1yqhuDJFnubAyHsTL1KScN73ICI2JA8b
|
||||
jiqHr5Cl8Q2olgd4iQs+HdzxXObZUGoaG+3mOG5SRq9CWyjGn37HZpTQsll3jlld
|
||||
kRWVliVDfwTSqp8R2aqd8cDrjtzKqUkCAVgLswTLybpFvlIvY+VDyCvlszFxxvVY
|
||||
9qKn9IBXaT33zO4oAgxQGsnXLpL6lM86n81Dl6Yvb2r8SY5mMIvuMQYm16fKCf9C
|
||||
2ZCV7pQcOgaUKk3/eqqwu4Bvt4Y2wtG5ABSoboAMixOdE2XUPzBKcKxdNN/PcD5P
|
||||
Hb3ogTCeUM44o3onhD2xaMR7tOtZtGT2AdA4zhVfuJi7MsU7ia/oCA2/Om6LUYL1
|
||||
H7YXGl4/FKz9OTZqGtnn6qt1lPkCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAMAQQ
|
||||
i6IgsNzSijrtykLCs0Ocjzjr1vGEY9gs0z+InleRD+SOPnS9/aa7ZlvduR3pPlMp
|
||||
/roV8+GSEwV6tgvxF5V5KYXpAl1hmeZnx6p/BtPtaTkq6uKJOoErrQuC2KkHn8Dp
|
||||
olb4N9IkDNkVmPYupSDTy4ZX2GRFkCOvPnUVP+pXY7IVVuR6LEAQ9bm+Rwfyd+TZ
|
||||
bdKA3wnNLmTAyLjS2UNTBlXAf6iKi/k/UEfbriCEDaXafx860DX2iTdhNUlBL5ba
|
||||
GpW/AZpCEsLGAQ6wFOXpmGFjjKgND3B83MRAiaH5iINrDB2c2+pNU/5QXhOGEkDq
|
||||
/I7jRq/t96fYH+xpyCg5gNlKfQznvvS01GrssNblGZ1sdDuRMp9TCZ31WS09BM01
|
||||
6hXM85CSnoYXdv77bapx3v9bAupo5hUyY5pGDJu6GRJZ6u/xd7c4CJv/NlKMeKX4
|
||||
H51VoTZiU47DZ9uplnDB5fXsgsf6gutdQrr8DmKeEhS7YhBdRhoQOt4FRwknlS76
|
||||
bFMAGSxH/XPJDqOFXXR2arhZNP/s//suaNVSWF4gLgVSmmzLB5I2RzG/klW6b1GT
|
||||
46tsFUOLkEWnMKOvHfo3zPstS8u/W9CYf0xCqLaSINXmaNXver/dXugixu9M15bc
|
||||
72CWJ5EESQkTUCIuJIR6uLWu73rKPEy+0LOkDDQ=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -167,11 +167,12 @@ class TC(testcase.TestCase):
|
|||
|
||||
self.log.warning('VG: {}'.format(os.getenv("VG")))
|
||||
|
||||
command = '{valgrind} {valgrind_args} {sigtool} --sign {input} --key {key} --cert {cert}'.format(
|
||||
command = '{valgrind} {valgrind_args} {sigtool} --sign {input} --key {signing_key} --cert {signing_cert} --cert {intermediate_cert}'.format(
|
||||
valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, sigtool=TC.sigtool,
|
||||
input=TC.path_tmp / 'file_to_sign',
|
||||
key=TC.path_build / 'unit_tests' / 'input' / 'signing' / 'private' / 'signing-test.key',
|
||||
cert=TC.path_source / 'unit_tests' / 'input' / 'signing' / 'private' / 'signing-test.crt'
|
||||
signing_key=TC.path_build / 'unit_tests' / 'input' / 'signing' / 'sign' / 'signing-test.key',
|
||||
signing_cert=TC.path_source / 'unit_tests' / 'input' / 'signing' / 'sign' / 'signing-test.crt',
|
||||
intermediate_cert=TC.path_source / 'unit_tests' / 'input' / 'signing' / 'sign' / 'intermediate-test.crt'
|
||||
)
|
||||
output = self.execute_command(command)
|
||||
|
||||
|
|
@ -182,7 +183,7 @@ class TC(testcase.TestCase):
|
|||
command = '{valgrind} {valgrind_args} {sigtool} --verify {input} --cvdcertsdir {cvdcertsdir}'.format(
|
||||
valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, sigtool=TC.sigtool,
|
||||
input=TC.path_tmp / 'file_to_sign',
|
||||
cvdcertsdir=TC.path_source / 'unit_tests' / 'input' / 'signing' / 'public'
|
||||
cvdcertsdir=TC.path_source / 'unit_tests' / 'input' / 'signing' / 'verify'
|
||||
)
|
||||
output = self.execute_command(command)
|
||||
|
||||
|
|
@ -203,7 +204,7 @@ class TC(testcase.TestCase):
|
|||
command = '{valgrind} {valgrind_args} {sigtool} --verify {input} --cvdcertsdir {cvdcertsdir}'.format(
|
||||
valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, sigtool=TC.sigtool,
|
||||
input=TC.path_tmp / 'file_to_sign',
|
||||
cvdcertsdir=TC.path_source / 'unit_tests' / 'input' / 'signing' / 'public'
|
||||
cvdcertsdir=TC.path_source / 'unit_tests' / 'input' / 'signing' / 'verify'
|
||||
)
|
||||
output = self.execute_command(command)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue