forked from puzzleos/stubby
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test-get-cmdline.c
165 lines (149 loc) · 4.1 KB
/
test-get-cmdline.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
#include "stubby_efi.h"
#include "kcmdline.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdbool.h>
typedef struct {
EFI_STATUS expstatus;
BOOLEAN secure;
char *builtin;
char *runtime;
char *expected;
} TestData;
#define ResultNotChecked "Result should not be checked"
TestData tests[] = {
// all good secure
{EFI_SUCCESS, true,
"root=atomix STUBBY_RT_CLI1 more",
"console=ttyS0",
"root=atomix console=ttyS0 more"},
// no builtin, use runtime.
{EFI_SUCCESS, true,
"",
"root=atomix verbose",
"root=atomix verbose"},
// no builtin no runtime means empty.
{EFI_SUCCESS, true,
"",
"",
""},
// insecure, no builtin, bad runtime token allows runtime
{EFI_SECURITY_VIOLATION, false,
"",
"root=atomix verbose rootkit=yes",
"root=atomix verbose rootkit=yes"},
// all good secure marker at beginning
{EFI_SUCCESS, true,
"STUBBY_RT_CLI1 root=atomix more",
"console=ttyS0",
"console=ttyS0 root=atomix more"},
// all good secure marker at end
{EFI_SUCCESS, true,
"root=atomix more STUBBY_RT_CLI1",
"console=ttyS0",
"root=atomix more console=ttyS0"},
// all good insecure
{EFI_SUCCESS, false,
"root=atomix STUBBY_RT_CLI1 more",
"console=ttyS0",
"root=atomix console=ttyS0 more"},
// secure, good builtin but bad runtime token result is not important.
{EFI_SECURITY_VIOLATION, true,
"root=atomix STUBBY_RT_CLI1 more",
"console=ttyS0 more",
ResultNotChecked},
// insecure, good builtin but bad runtime token.
{EFI_SECURITY_VIOLATION, true,
"root=atomix STUBBY_RT_CLI1 more2",
"console=ttyS0 more1",
ResultNotChecked},
// marker not a full token
{EFI_INVALID_PARAMETER, false,
"root=atomix STUBBY_RT_CLI1=abcd more",
"console=ttyS0",
ResultNotChecked},
// no marker in secureboot input
{EFI_INVALID_PARAMETER, true,
"root=atomix",
"console=ttyS0",
ResultNotChecked},
// no marker in insecure - just append.
{EFI_SUCCESS, false,
"root=atomix",
"console=ttyS0",
"root=atomix console=ttyS0"},
// namespace for marker found twice in builtin secure
{EFI_INVALID_PARAMETER, true,
"root=atomix STUBBY_RT debug STUBBY_RT_CLI1 ",
"console=ttyS0",
ResultNotChecked},
// namespace for marker found twice in builtin insecure
{EFI_INVALID_PARAMETER, false,
"root=atomix STUBBY_RT debug STUBBY_RT_CLI1 ",
"console=ttyS0",
ResultNotChecked},
// namespace appears in runtime
{EFI_INVALID_PARAMETER, false,
"root=atomix debug STUBBY_RT_CLI1",
"console=ttyS0 STUBBY_RT",
ResultNotChecked},
};
BOOLEAN do_get_cmdline(TestData td) {
EFI_STATUS status;
CHAR16 *errmsg;
CHAR8 *found;
UINTN found_len;
CHAR16 status_found[64];
CHAR16 status_exp[64];
// Print(L"builtin [%d] = '%a'\nruntime [%d] = '%a'\n", td.builtin, strlen(td.builtin), td.runtime, strlen(td.runtime));
status = get_cmdline(
td.secure,
(CHAR8 *)td.builtin, strlen(td.builtin),
(CHAR8 *)td.runtime, strlen(td.runtime),
&found, &found_len,
&errmsg);
StatusToString(status_found, status);
StatusToString(status_exp, td.expstatus);
if (status != td.expstatus) {
Print(L"expected status '%ls' found '%ls'\n", status_found, status_exp);
Print(L"errmsg = %ls\n", errmsg);
return false;
}
// only care to check further for EFI_SUCCESS or EFI_SECURITY_VIOLATION
if ((status == EFI_SECURITY_VIOLATION && td.secure) ||
(status != EFI_SUCCESS && status != EFI_SECURITY_VIOLATION)) {
if (errmsg) {
free(errmsg);
}
return true;
}
// Print(L"%d/%d strcmp(%a, found)=%d\n", strlen(td.expected), found_len, td.expected, strcmp(td.expected, found));
if (strlen(td.expected) != found_len || strcmp(td.expected, (char *)found) != 0) {
Print(L"expected(%d): %a|\nfound (%d): %a|\nerrmsg: %ls\n",
strlen(td.expected), td.expected, found_len, found, errmsg);
if (errmsg) {
free(errmsg);
}
return false;
}
return true;
}
int main()
{
int num = sizeof(tests) / sizeof(tests[0]);
int passes = 0, fails = 0;
for (int i=0; i<num; i++) {
if (do_get_cmdline(tests[i])) {
passes++;
} else {
fails++;
Print(L"test %d FAIL\n", i);
}
}
if (fails != 0) {
return 1;
}
Print(L"passed: %d. failed: %d\n", passes, fails);
return 0;
}