Projects
Eulaceura:Factory
dim
_service:obs_scm:backport-Optimize-test-framewo...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:backport-Optimize-test-framework-and-add-testcases.patch of Package dim
From cfa580aa836f8c7f93e28971827bc67fdc20c679 Mon Sep 17 00:00:00 2001 From: Huaxin Lu <luhuaxin1@huawei.com> Date: Mon, 19 Feb 2024 15:18:49 +0800 Subject: [PATCH 21/26] Optimize test framework and add testcases --- test/Makefile | 16 ++- test/README.md | 23 ---- test/common.sh | 47 ++++--- test/test_dfx/Makefile | 11 ++ test/test_dfx/test_dim_core_dfx.sh | 48 ++++++++ test/test_dim_monitor.sh | 32 ----- test/test_function/Makefile | 11 ++ test/{ => test_function}/dim_test_demo.c | 2 +- .../dim_test_demo_tamper.c | 2 +- test/{ => test_function}/test_dim_core.sh | 34 +++-- test/test_function/test_dim_monitor.sh | 47 +++++++ test/{ => test_function}/test_module/Makefile | 2 +- .../test_module/dim_test_module_demo.c | 2 +- .../test_module/dim_test_module_demo_tamper.c | 2 +- test/test_interface/Makefile | 12 ++ test/test_interface/test_dim_core_modparam.sh | 116 ++++++++++++++++++ .../test_dim_monitor_modparam.sh | 79 ++++++++++++ 17 files changed, 393 insertions(+), 93 deletions(-) delete mode 100644 test/README.md create mode 100644 test/test_dfx/Makefile create mode 100644 test/test_dfx/test_dim_core_dfx.sh delete mode 100644 test/test_dim_monitor.sh create mode 100644 test/test_function/Makefile rename test/{ => test_function}/dim_test_demo.c (64%) rename test/{ => test_function}/dim_test_demo_tamper.c (68%) rename test/{ => test_function}/test_dim_core.sh (85%) create mode 100644 test/test_function/test_dim_monitor.sh rename test/{ => test_function}/test_module/Makefile (68%) rename test/{ => test_function}/test_module/dim_test_module_demo.c (80%) rename test/{ => test_function}/test_module/dim_test_module_demo_tamper.c (82%) create mode 100644 test/test_interface/Makefile create mode 100644 test/test_interface/test_dim_core_modparam.sh create mode 100644 test/test_interface/test_dim_monitor_modparam.sh diff --git a/test/Makefile b/test/Makefile index 4a61307..435e818 100644 --- a/test/Makefile +++ b/test/Makefile @@ -1,11 +1,15 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. +# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. -.PHONY: test +.PHONY: test clean + +all: test test: - sh test_dim_core.sh - sh test_dim_monitor.sh + make -C test_interface/ test + make -C test_function/ test + make -C test_dfx/ test clean: - rm -f log - make -C test_module/ clean \ No newline at end of file + make -C test_interface/ clean + make -C test_function/ clean + make -C test_dfx/ clean \ No newline at end of file diff --git a/test/README.md b/test/README.md deleted file mode 100644 index b75f3e6..0000000 --- a/test/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# DIM 测试文档 - -## 1 前置条件 - -**OS版本支持**:openEuler 23.09以上版本; - -**内核版本支持**:当前支持openEuler kernel 5.10/6.4版本; - -**注意**:DIM包含内核组件,相关步骤需要以管理员(root)权限运行。 - -## 2 使用openEuler源进行安装 -``` -yum install dim dim_tools make gcc -``` - -## 3 执行测试用例 -``` -cd dim/test/ -sh test/test_dim_core.sh -sh test/test_monitor_core.sh -``` - -**注意**:全量度量功能默认关闭,如有需要,请将用例添加到对应的case_list中 \ No newline at end of file diff --git a/test/common.sh b/test/common.sh index a16c564..6772a35 100644 --- a/test/common.sh +++ b/test/common.sh @@ -6,8 +6,8 @@ TEST_DEMO_DIR=/opt/dim/demo TEST_DEMO_BPRM=$TEST_DEMO_DIR/dim_test_demo TEST_LOG=log -DIM_CORE_PATH=../src/dim_core.ko -DIM_MONITOR_PATH=../src/dim_monitor.ko +DIM_CORE_PATH=../../src/dim_core.ko +DIM_MONITOR_PATH=../../src/dim_monitor.ko DIM_BASELINE_DIR_PATH=/etc/dim/digest_list DIM_POLICY_PATH=/etc/dim/policy @@ -23,6 +23,22 @@ DIM_TEST_MOD_DEMO_TAMPER_C=$TEST_MODULE_DIR/dim_test_module_demo_tamper.c TEST_RESULT=0 +check_value_zero() { + if [ $1 -ne 0 ]; then + echo "failed to check value: $1 == 0, context: $2" + TEST_RESULT=1 + return 1 + fi +} + +check_value_not_zero() { + if [ $1 -eq 0 ]; then + echo "failed to check value: $1 != 0, context: $2" + TEST_RESULT=1 + return 1 + fi +} + dim_core_status() { cat /sys/kernel/security/dim/runtime_status } @@ -64,11 +80,11 @@ remove_dim_modules() { load_dim_modules () { remove_dim_modules - load_dim_core_modules $1 - load_dim_monitor_modules $2 + load_dim_core_module $1 + load_dim_monitor_module $2 } -load_dim_core_modules () { +load_dim_core_module () { # load dim_core module if [ ! $DIM_CORE_PATH ]; then modprobe dim_core $1 @@ -78,11 +94,11 @@ load_dim_core_modules () { if [ $? -ne 0 ]; then echo "fail to load dim_core!" - exit 1 + return 1 fi } -load_dim_monitor_modules () { +load_dim_monitor_module () { # load dim_monitor module if [ ! $DIM_MONITOR_PATH ]; then modprobe dim_monitor $1 @@ -92,11 +108,15 @@ load_dim_monitor_modules () { if [ $? -ne 0 ]; then echo "fail to load dim_monitor!" - exit 1 + return 1 fi } dim_backup_baseline_and_policy() { + if [ -d $DIM_BASELINE_DIR_PATH.bak ]; then + rm -rf $DIM_BASELINE_DIR_PATH.bak + fi + if [ -d $DIM_BASELINE_DIR_PATH ]; then mv $DIM_BASELINE_DIR_PATH $DIM_BASELINE_DIR_PATH.bak fi @@ -376,15 +396,4 @@ run_dim_core_and_check_log() { fi } -test_pre() { - mkdir -p $TEST_DEMO_DIR - gcc dim_test_demo.c -o $TEST_DEMO_DIR/dim_test_demo - dim_backup_baseline_and_policy - load_dim_modules -} - -test_post() { - remove_dim_modules - dim_restore_baseline_and_policy -} diff --git a/test/test_dfx/Makefile b/test/test_dfx/Makefile new file mode 100644 index 0000000..ed229ae --- /dev/null +++ b/test/test_dfx/Makefile @@ -0,0 +1,11 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. + +.PHONY: test clean + +all: test + +test: + sh test_dim_core_dfx.sh + +clean: + rm -f log \ No newline at end of file diff --git a/test/test_dfx/test_dim_core_dfx.sh b/test/test_dfx/test_dim_core_dfx.sh new file mode 100644 index 0000000..78deb33 --- /dev/null +++ b/test/test_dfx/test_dim_core_dfx.sh @@ -0,0 +1,48 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. +#!/bin/bash + +. ../common.sh + +test_pre() { + dim_backup_baseline_and_policy + load_dim_core_module + dim_gen_baseline_all + dim_gen_policy_all + TEST_RESULT=0 +} + +test_post() { + remove_dim_modules + dim_restore_baseline_and_policy +} + +test_rmmod_when_baseline() { + dim_core_baseline & + # try to remove module when doing measurement + for i in {1..1000}; do + sleep 0.1 + rmmod dim_core &> /dev/null + if [ $? -eq 0 ]; then + break + fi + done +} + +case_list=" + test_rmmod_when_baseline \ + " + +echo "===== Start testing dim_core DFX =====" + +for case in $case_list; do + test_pre + $case + if [ $TEST_RESULT -eq 0 ]; then + echo "$case PASS" + else + echo "$case FAIL" + fi + test_post +done + +echo "===== End testing dim_core DFX =====" \ No newline at end of file diff --git a/test/test_dim_monitor.sh b/test/test_dim_monitor.sh deleted file mode 100644 index b4a1ea8..0000000 --- a/test/test_dim_monitor.sh +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. -#!/bin/bash - -. ./common.sh - -test_measure_monitor_normal() { - dim_gen_baseline_all - dim_gen_policy_all - check_dim_core_log_normal - check_dim_monitor_log_normal -} - -test_measure_monitor_tamper() { - test_measure_monitor_normal - check_dim_monitor_log_tampered -} - -# Full measurement. The test is disabled by default. -# case_list="test_measure_monitor_normal \ -# test_measure_monitor_tamper" -case_list="" - -for case in $case_list; do - test_pre - $case - if [ $TEST_RESULT -eq 0 ]; then - echo "$case PASS" - else - echo "$case FAIL" - fi - test_post -done diff --git a/test/test_function/Makefile b/test/test_function/Makefile new file mode 100644 index 0000000..2d792cd --- /dev/null +++ b/test/test_function/Makefile @@ -0,0 +1,11 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. + +.PHONY: test clean + +test: + sh test_dim_core.sh + sh test_dim_monitor.sh + +clean: + rm -f log + make -C test_module/ clean \ No newline at end of file diff --git a/test/dim_test_demo.c b/test/test_function/dim_test_demo.c similarity index 64% rename from test/dim_test_demo.c rename to test/test_function/dim_test_demo.c index 113fc3d..5312d6d 100644 --- a/test/dim_test_demo.c +++ b/test/test_function/dim_test_demo.c @@ -1,5 +1,5 @@ /* - * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. + * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. */ #include <stdio.h> diff --git a/test/dim_test_demo_tamper.c b/test/test_function/dim_test_demo_tamper.c similarity index 68% rename from test/dim_test_demo_tamper.c rename to test/test_function/dim_test_demo_tamper.c index 7f95775..40cae5d 100644 --- a/test/dim_test_demo_tamper.c +++ b/test/test_function/dim_test_demo_tamper.c @@ -1,5 +1,5 @@ /* - * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. + * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. */ #include <stdio.h> diff --git a/test/test_dim_core.sh b/test/test_function/test_dim_core.sh similarity index 85% rename from test/test_dim_core.sh rename to test/test_function/test_dim_core.sh index 8d707cc..6ee5038 100644 --- a/test/test_dim_core.sh +++ b/test/test_function/test_dim_core.sh @@ -1,7 +1,19 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. +# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. #!/bin/bash -. ./common.sh +. ../common.sh + +test_pre() { + mkdir -p $TEST_DEMO_DIR + gcc dim_test_demo.c -o $TEST_DEMO_DIR/dim_test_demo + dim_backup_baseline_and_policy + load_dim_modules +} + +test_post() { + remove_dim_modules + dim_restore_baseline_and_policy +} test_measure_bprm_text_normal() { gen_dim_test_demo @@ -118,11 +130,13 @@ test_invalid_policy() { done &>> $TEST_LOG } -# Full measurement. The test is disabled by default. -# test_measure_all_text_normal \ -# test_measure_all_text_normal_sm3 \ -# test_measure_all_text_normal_sign \ -case_list="test_measure_bprm_text_normal \ +# The following testcases are disabled by default: +# test_measure_all_text_normal +# test_measure_all_text_normal_sm3 +# test_measure_all_text_normal_sign + +case_list=" + test_measure_bprm_text_normal \ test_measure_bprm_text_no_baseline \ test_measure_bprm_text_tamper_1 \ test_measure_bprm_text_tamper_2 \ @@ -130,7 +144,10 @@ case_list="test_measure_bprm_text_normal \ test_measure_module_text_no_baseline \ test_measure_module_text_tamper \ test_measure_kernel_normal \ - test_invalid_policy" + test_invalid_policy \ + " + +echo "===== Start testing dim_core function =====" for case in $case_list; do test_pre @@ -143,3 +160,4 @@ for case in $case_list; do test_post done +echo "===== End testing dim_core function =====" \ No newline at end of file diff --git a/test/test_function/test_dim_monitor.sh b/test/test_function/test_dim_monitor.sh new file mode 100644 index 0000000..2f9319b --- /dev/null +++ b/test/test_function/test_dim_monitor.sh @@ -0,0 +1,47 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. +#!/bin/bash + +. ../common.sh + +test_pre() { + dim_backup_baseline_and_policy + load_dim_modules +} + +test_post() { + remove_dim_modules + dim_restore_baseline_and_policy +} + +test_measure_monitor_normal() { + dim_gen_baseline_all + dim_gen_policy_all + check_dim_core_log_normal + check_dim_monitor_log_normal +} + +test_measure_monitor_tamper() { + test_measure_monitor_normal + check_dim_monitor_log_tampered +} + +# The following testcases are disabled by default: +# test_measure_monitor_normal +# test_measure_monitor_tamper + +case_list="" + +echo "===== Start testing dim_monitor function =====" + +for case in $case_list; do + test_pre + $case + if [ $TEST_RESULT -eq 0 ]; then + echo "$case PASS" + else + echo "$case FAIL" + fi + test_post +done + +echo "===== End testing dim_monitor function =====" \ No newline at end of file diff --git a/test/test_module/Makefile b/test/test_function/test_module/Makefile similarity index 68% rename from test/test_module/Makefile rename to test/test_function/test_module/Makefile index 240e73e..e3e945b 100644 --- a/test/test_module/Makefile +++ b/test/test_function/test_module/Makefile @@ -1,4 +1,4 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. +# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. obj-m := dim_test_module_demo.o diff --git a/test/test_module/dim_test_module_demo.c b/test/test_function/test_module/dim_test_module_demo.c similarity index 80% rename from test/test_module/dim_test_module_demo.c rename to test/test_function/test_module/dim_test_module_demo.c index 3303365..f1a2ca7 100644 --- a/test/test_module/dim_test_module_demo.c +++ b/test/test_function/test_module/dim_test_module_demo.c @@ -1,5 +1,5 @@ /* - * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. + * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. */ #include <linux/module.h> diff --git a/test/test_module/dim_test_module_demo_tamper.c b/test/test_function/test_module/dim_test_module_demo_tamper.c similarity index 82% rename from test/test_module/dim_test_module_demo_tamper.c rename to test/test_function/test_module/dim_test_module_demo_tamper.c index c443d7b..25cb6f2 100644 --- a/test/test_module/dim_test_module_demo_tamper.c +++ b/test/test_function/test_module/dim_test_module_demo_tamper.c @@ -1,5 +1,5 @@ /* - * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. + * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. */ #include <linux/module.h> diff --git a/test/test_interface/Makefile b/test/test_interface/Makefile new file mode 100644 index 0000000..0c41839 --- /dev/null +++ b/test/test_interface/Makefile @@ -0,0 +1,12 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. + +.PHONY: test clean + +all: test + +test: + sh test_dim_core_modparam.sh + sh test_dim_monitor_modparam.sh + +clean: + rm -f log \ No newline at end of file diff --git a/test/test_interface/test_dim_core_modparam.sh b/test/test_interface/test_dim_core_modparam.sh new file mode 100644 index 0000000..67cd815 --- /dev/null +++ b/test/test_interface/test_dim_core_modparam.sh @@ -0,0 +1,116 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. +#!/bin/bash + +. ../common.sh + +test_pre() { + TEST_RESULT=0 +} + +check_valid_module_param() +{ + remove_dim_modules + load_dim_core_module $1 &> /dev/null + check_value_zero $? $1 + remove_dim_modules +} + +check_invalid_module_param() +{ + remove_dim_modules + load_dim_core_module $1 &> /dev/null + check_value_not_zero $? $1 + remove_dim_modules +} + +test_module_param_measure_hash() +{ + check_valid_module_param measure_hash=sha256 + check_valid_module_param measure_hash=sm3 + check_invalid_module_param measure_hash=md5 + check_invalid_module_param measure_hash=abc +} + +test_module_param_measure_pcr() +{ + check_valid_module_param measure_pcr=0 + check_valid_module_param measure_pcr=1 + check_valid_module_param measure_pcr=11 + check_valid_module_param measure_pcr=127 + check_invalid_module_param measure_pcr=128 + check_invalid_module_param measure_pcr=-1 + check_invalid_module_param measure_pcr=abc +} + +test_module_param_measure_schedule() +{ + check_valid_module_param measure_schedule=0 + check_valid_module_param measure_schedule=50 + check_valid_module_param measure_schedule=1000 + check_invalid_module_param measure_schedule=-1 + check_invalid_module_param measure_schedule=abc + check_invalid_module_param measure_schedule=1001 +} + +test_module_param_measure_interval() +{ + dim_backup_baseline_and_policy + dim_gen_policy_bprm_path /usr/bin/bash + dim_gen_baseline_file /usr/bin/bash test.hash + check_valid_module_param measure_interval=0 + check_valid_module_param measure_interval=1000 + check_valid_module_param measure_interval=525600 + check_invalid_module_param measure_interval=-1 + check_invalid_module_param measure_interval=abc + # check_invalid_module_param measure_interval=525601 + dim_restore_baseline_and_policy +} + +test_module_param_measure_action() +{ + check_valid_module_param measure_action=0 + check_valid_module_param measure_action=1 + check_invalid_module_param measure_action=abc +} + +test_module_param_signature() +{ + check_valid_module_param signature=0 + check_valid_module_param signature=1 + check_invalid_module_param signature=abc +} + +test_module_param_measure_log_capacity() +{ + check_valid_module_param measure_log_capacity=100 + check_valid_module_param measure_log_capacity=10000 + check_valid_module_param measure_log_capacity=4294967295 + check_invalid_module_param measure_log_capacity=99 + check_invalid_module_param measure_log_capacity=0 + check_invalid_module_param measure_log_capacity=4294967296 + check_invalid_module_param measure_log_capacity=abc +} + +case_list=" + test_module_param_measure_hash \ + test_module_param_measure_pcr \ + test_module_param_measure_schedule \ + test_module_param_measure_interval \ + test_module_param_measure_action \ + test_module_param_signature \ + test_module_param_measure_log_capacity \ + " + +echo "===== Start testing dim_core module parameters =====" + +for case in $case_list; do + test_pre + $case + if [ $TEST_RESULT -eq 0 ]; then + echo "$case PASS" + else + echo "$case FAIL" + fi +done + +echo "===== End testing dim_core module parameters =====" \ No newline at end of file diff --git a/test/test_interface/test_dim_monitor_modparam.sh b/test/test_interface/test_dim_monitor_modparam.sh new file mode 100644 index 0000000..1aaedf1 --- /dev/null +++ b/test/test_interface/test_dim_monitor_modparam.sh @@ -0,0 +1,79 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved. +#!/bin/bash + +. ../common.sh + +test_pre() { + remove_dim_modules + load_dim_core_module + TEST_RESULT=0 +} + +test_post() { + remove_dim_modules +} + +check_valid_module_param() +{ + load_dim_monitor_module $1 &> /dev/null + check_value_zero $? $1 + rmmod dim_monitor &> /dev/null +} + +check_invalid_module_param() +{ + load_dim_monitor_module $1 &> /dev/null + check_value_not_zero $? $1 + rmmod dim_monitor &> /dev/null +} + +test_module_param_measure_hash() +{ + check_valid_module_param measure_hash=sha256 + check_valid_module_param measure_hash=sm3 + check_invalid_module_param measure_hash=md5 + check_invalid_module_param measure_hash=abc +} + +test_module_param_measure_pcr() +{ + check_valid_module_param measure_pcr=0 + check_valid_module_param measure_pcr=1 + check_valid_module_param measure_pcr=11 + check_valid_module_param measure_pcr=127 + check_invalid_module_param measure_pcr=128 + check_invalid_module_param measure_pcr=-1 + check_invalid_module_param measure_pcr=abc +} + +test_module_param_measure_log_capacity() +{ + check_valid_module_param measure_log_capacity=100 + check_valid_module_param measure_log_capacity=10000 + check_valid_module_param measure_log_capacity=4294967295 + check_invalid_module_param measure_log_capacity=99 + check_invalid_module_param measure_log_capacity=0 + check_invalid_module_param measure_log_capacity=4294967296 + check_invalid_module_param measure_log_capacity=abc +} + + +case_list=" + test_module_param_measure_hash \ + test_module_param_measure_pcr \ + test_module_param_measure_log_capacity \ + " + +echo "===== Start testing dim_monitor module parameters =====" + +for case in $case_list; do + test_pre + $case + if [ $TEST_RESULT -eq 0 ]; then + echo "$case PASS" + else + echo "$case FAIL" + fi +done + +echo "===== End testing dim_monitor module parameters =====" \ No newline at end of file -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2