759 lines
21 KiB
Diff
759 lines
21 KiB
Diff
From 25fde75cbadc10af97e6684a52e72d516b974de5 Mon Sep 17 00:00:00 2001
|
||
From: jinlun <jinlun@huawei.com>
|
||
Date: Mon, 6 Nov 2023 20:29:16 +0800
|
||
Subject: [PATCH 04/26] dim: add test code
|
||
|
||
---
|
||
test/README.md | 23 ++
|
||
test/common.sh | 390 ++++++++++++++++++
|
||
test/dim_test_demo.c | 12 +
|
||
test/dim_test_demo_tamper.c | 13 +
|
||
test/test_dim_core.sh | 145 +++++++
|
||
test/test_dim_monitor.sh | 32 ++
|
||
test/test_module/Makefile | 16 +
|
||
test/test_module/dim_test_module_demo.c | 20 +
|
||
.../test_module/dim_test_module_demo_tamper.c | 23 ++
|
||
9 files changed, 674 insertions(+)
|
||
create mode 100644 test/README.md
|
||
create mode 100644 test/common.sh
|
||
create mode 100644 test/dim_test_demo.c
|
||
create mode 100644 test/dim_test_demo_tamper.c
|
||
create mode 100644 test/test_dim_core.sh
|
||
create mode 100644 test/test_dim_monitor.sh
|
||
create mode 100644 test/test_module/Makefile
|
||
create mode 100644 test/test_module/dim_test_module_demo.c
|
||
create mode 100644 test/test_module/dim_test_module_demo_tamper.c
|
||
|
||
diff --git a/test/README.md b/test/README.md
|
||
new file mode 100644
|
||
index 0000000..b75f3e6
|
||
--- /dev/null
|
||
+++ b/test/README.md
|
||
@@ -0,0 +1,23 @@
|
||
+# DIM 测试文档
|
||
+
|
||
+## 1 前置条件
|
||
+
|
||
+**OS版本支持**:openEuler 23.09以上版本;
|
||
+
|
||
+**内核版本支持**:当前支持openEuler kernel 5.10/6.4版本;
|
||
+
|
||
+**注意**:DIM包含内核组件,相关步骤需要以管理员(root)权限运行。
|
||
+
|
||
+## 2 使用openEuler源进行安装
|
||
+```
|
||
+yum install dim dim_tools make gcc
|
||
+```
|
||
+
|
||
+## 3 执行测试用例
|
||
+```
|
||
+cd dim/test/
|
||
+sh test/test_dim_core.sh
|
||
+sh test/test_monitor_core.sh
|
||
+```
|
||
+
|
||
+**注意**:全量度量功能默认关闭,如有需要,请将用例添加到对应的case_list中
|
||
\ No newline at end of file
|
||
diff --git a/test/common.sh b/test/common.sh
|
||
new file mode 100644
|
||
index 0000000..3bd8ced
|
||
--- /dev/null
|
||
+++ b/test/common.sh
|
||
@@ -0,0 +1,390 @@
|
||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||
+#!/bin/bash
|
||
+
|
||
+TEST_ROOT=/opt/dim
|
||
+TEST_DEMO_DIR=/opt/dim/demo
|
||
+TEST_DEMO_BPRM=$TEST_DEMO_DIR/dim_test_demo
|
||
+
|
||
+TEST_LOG=log
|
||
+DIM_CORE_PATH=/root/dim/dim_core.ko
|
||
+DIM_MONITOR_PATH=/root/dim/dim_monitor.ko
|
||
+
|
||
+DIM_BASELINE_DIR_PATH=/etc/dim/digest_list
|
||
+DIM_POLICY_PATH=/etc/dim/policy
|
||
+
|
||
+DIM_KERNEL_NAME="/boot/vmlinuz-*.$(arch)"
|
||
+
|
||
+TEST_MODULE_DIR=test_module
|
||
+DIM_MOD_NAME=dim_test_module_demo
|
||
+DIM_TEST_MOD_DEMO=$TEST_MODULE_DIR/dim_test_module_demo.ko
|
||
+
|
||
+DIM_TEST_MOD_DEMO_C=$TEST_MODULE_DIR/dim_test_module_demo.c
|
||
+DIM_TEST_MOD_DEMO_TAMPER_C=$TEST_MODULE_DIR/dim_test_module_demo_tamper.c
|
||
+
|
||
+TEST_RESULT=0
|
||
+
|
||
+dim_core_status() {
|
||
+ cat /sys/kernel/security/dim/runtime_status
|
||
+}
|
||
+
|
||
+dim_core_baseline() {
|
||
+ echo 1 > /sys/kernel/security/dim/baseline_init
|
||
+}
|
||
+
|
||
+dim_core_measure() {
|
||
+ echo 1 > /sys/kernel/security/dim/measure
|
||
+}
|
||
+
|
||
+dim_core_measure_log() {
|
||
+ cat /sys/kernel/security/dim/ascii_runtime_measurements
|
||
+}
|
||
+
|
||
+dim_monitor_baseline() {
|
||
+ echo 1 > /sys/kernel/security/dim/monitor_baseline
|
||
+}
|
||
+
|
||
+dim_monitor_measure() {
|
||
+ echo 1 > /sys/kernel/security/dim/monitor_run
|
||
+}
|
||
+
|
||
+dim_monitor_measure_log() {
|
||
+ cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements
|
||
+}
|
||
+
|
||
+remove_dim_modules() {
|
||
+ # clean loaded modules
|
||
+ rmmod -f dim_monitor &> /dev/null
|
||
+ rmmod -f dim_core &> /dev/null
|
||
+ lsmod | grep -E 'dim_core|dim_monitor' &> /dev/null
|
||
+ if [ $? -eq 0 ]; then
|
||
+ echo "fail to remove dim modules!" >> $TEST_LOG
|
||
+ exit 1
|
||
+ fi
|
||
+}
|
||
+
|
||
+load_dim_modules () {
|
||
+ remove_dim_modules
|
||
+ load_dim_core_modules $1
|
||
+ load_dim_monitor_modules $2
|
||
+}
|
||
+
|
||
+load_dim_core_modules () {
|
||
+ # load dim_core module
|
||
+ if [ ! $DIM_CORE_PATH ]; then
|
||
+ modprobe dim_core $1
|
||
+ else
|
||
+ insmod $DIM_CORE_PATH $1
|
||
+ fi
|
||
+
|
||
+ if [ $? -ne 0 ]; then
|
||
+ echo "fail to load dim_core!"
|
||
+ exit 1
|
||
+ fi
|
||
+}
|
||
+
|
||
+load_dim_monitor_modules () {
|
||
+ # load dim_monitor module
|
||
+ if [ ! $DIM_MONITOR_PATH ]; then
|
||
+ modprobe dim_monitor $1
|
||
+ else
|
||
+ insmod $DIM_MONITOR_PATH $1
|
||
+ fi
|
||
+
|
||
+ if [ $? -ne 0 ]; then
|
||
+ echo "fail to load dim_monitor!"
|
||
+ exit 1
|
||
+ fi
|
||
+}
|
||
+
|
||
+dim_backup_baseline_and_policy() {
|
||
+ if [ -d $DIM_BASELINE_DIR_PATH ]; then
|
||
+ mv $DIM_BASELINE_DIR_PATH $DIM_BASELINE_DIR_PATH.bak
|
||
+ fi
|
||
+
|
||
+ if [ -f $DIM_POLICY_PATH ]; then
|
||
+ mv $DIM_POLICY_PATH $DIM_POLICY_PATH.bak
|
||
+ fi
|
||
+}
|
||
+
|
||
+dim_restore_baseline_and_policy() {
|
||
+ if [ -d $DIM_BASELINE_DIR_PATH.bak ]; then
|
||
+ rm -rf $DIM_BASELINE_DIR_PATH
|
||
+ mv $DIM_BASELINE_DIR_PATH.bak $DIM_BASELINE_DIR_PATH
|
||
+ fi
|
||
+
|
||
+ if [ -f $DIM_POLICY_PATH.bak ]; then
|
||
+ mv -f $DIM_POLICY_PATH.bak $DIM_POLICY_PATH
|
||
+ fi
|
||
+}
|
||
+
|
||
+dim_gen_baseline_file() {
|
||
+ mkdir -p $DIM_BASELINE_DIR_PATH
|
||
+ if [ -z $2 ]; then
|
||
+ dim_gen_baseline $1
|
||
+ else
|
||
+ dim_gen_baseline $1 -o "$DIM_BASELINE_DIR_PATH/$2"
|
||
+ fi
|
||
+}
|
||
+
|
||
+dim_gen_baseline_dir() {
|
||
+ mkdir -p $DIM_BASELINE_DIR_PATH
|
||
+ dim_gen_baseline -r $1 -o $DIM_BASELINE_DIR_PATH/$2
|
||
+}
|
||
+
|
||
+dim_gen_baseline_kerenl() {
|
||
+ mkdir -p $DIM_BASELINE_DIR_PATH
|
||
+ if [ -z $1 ]; then
|
||
+ dim_gen_baseline -k "$(uname -r)" $DIM_KERNEL_NAME
|
||
+ else
|
||
+ dim_gen_baseline -k "$(uname -r)" -o $DIM_BASELINE_DIR_PATH/$1 $DIM_KERNEL_NAME
|
||
+ fi
|
||
+}
|
||
+
|
||
+DIM_BASELINE_DIR_ALL=("/usr/bin" "/usr/sbin" "/usr/lib64" "/usr/libexec" "/usr/lib")
|
||
+
|
||
+dim_gen_baseline_all() {
|
||
+ if [ $1 ]; then
|
||
+ digest_algorithm="-a sm3"
|
||
+ else
|
||
+ digest_algorithm=""
|
||
+ fi
|
||
+
|
||
+ mkdir -p /etc/dim/digest_list
|
||
+ for baseline_file in "${DIM_BASELINE_DIR_ALL[@]}"; do
|
||
+ dim_gen_baseline $digest_algorithm -r $baseline_file -o "$DIM_BASELINE_DIR_PATH/${baseline_file##*/}.hash"
|
||
+ done
|
||
+ dim_gen_baseline $digest_algorithm -k "$(uname -r)" -o $DIM_BASELINE_DIR_PATH/kernel.hash $DIM_KERNEL_NAME
|
||
+}
|
||
+
|
||
+
|
||
+dim_gen_policy_bprm_path() {
|
||
+ echo "measure obj=BPRM_TEXT path=$1" >> $DIM_POLICY_PATH
|
||
+}
|
||
+
|
||
+dim_gen_policy_module_name() {
|
||
+ echo "measure obj=MODULE_TEXT name=$1" >> $DIM_POLICY_PATH
|
||
+}
|
||
+
|
||
+dim_gen_policy_kernel() {
|
||
+ echo "measure obj=KERNEL_TEXT" >> $DIM_POLICY_PATH
|
||
+}
|
||
+
|
||
+dim_gen_policy_all() {
|
||
+ rm -f $DIM_POLICY_PATH
|
||
+ cat $DIM_BASELINE_DIR_PATH/* | awk '{print $4}' | while read line; do
|
||
+ if [[ "$line" == /* ]]; then
|
||
+ echo "measure obj=BPRM_TEXT path=$line" >> $DIM_POLICY_PATH
|
||
+ continue
|
||
+ fi
|
||
+ if [ "$line" == "$(uname -r)" ]; then
|
||
+ echo "measure obj=KERNEL_TEXT" >> $DIM_POLICY_PATH
|
||
+ continue
|
||
+ fi
|
||
+ if [ "$line" != "$(uname -r)" ]; then
|
||
+ echo "measure obj=MODULE_TEXT name=$(basename $line)" >> $DIM_POLICY_PATH
|
||
+ fi
|
||
+ done
|
||
+ sed -i '/dim_core/d' $DIM_POLICY_PATH
|
||
+ sed -i '/dim_monitor/d' $DIM_POLICY_PATH
|
||
+}
|
||
+
|
||
+dim_gen_cert() {
|
||
+ mkdir -p $TEST_ROOT/cert/
|
||
+ openssl genrsa -out $TEST_ROOT/cert/dim.key 4096 &>> $TEST_LOG
|
||
+ openssl req -new -sha256 -key $TEST_ROOT/cert/dim.key -out $TEST_ROOT/cert/dim.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=DIM" &>> $TEST_LOG
|
||
+ openssl x509 -req -days 3650 -signkey $TEST_ROOT/cert/dim.key -in $TEST_ROOT/cert/dim.csr -out $TEST_ROOT/cert/dim.crt &>> $TEST_LOG
|
||
+ openssl x509 -in $TEST_ROOT/cert/dim.crt -out $TEST_ROOT/cert/dim.der -outform DER &>> $TEST_LOG
|
||
+ mkdir -p /etc/keys
|
||
+ cp $TEST_ROOT/cert/dim.der /etc/keys/x509_dim.der
|
||
+}
|
||
+
|
||
+dim_gen_signature() {
|
||
+ openssl dgst -sha256 -out $DIM_POLICY_PATH.sig -sign $TEST_ROOT/cert/dim.key $DIM_POLICY_PATH
|
||
+ for file in $(ls $DIM_BASELINE_DIR_PATH | grep .hash); do
|
||
+ openssl dgst -sha256 -out $DIM_BASELINE_DIR_PATH/$file.sig -sign $TEST_ROOT/cert/dim.key $DIM_BASELINE_DIR_PATH/$file
|
||
+ done
|
||
+}
|
||
+
|
||
+dim_baseline_to_measure_log() {
|
||
+ name="$(echo "$1" | awk '{print $4}')"
|
||
+ if [[ $name == $(uname -r)/* ]]; then
|
||
+ name="$(basename $name)"
|
||
+ fi
|
||
+
|
||
+ echo "$(echo "$1" | awk '{print $3}') $name"
|
||
+}
|
||
+
|
||
+tamper_dim_test_demo() {
|
||
+ gcc dim_test_demo_tamper.c -o $TEST_DEMO_DIR/dim_test_demo
|
||
+}
|
||
+
|
||
+tamper_dim_test_mod_demo() {
|
||
+ rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
|
||
+ mv $DIM_TEST_MOD_DEMO_C $DIM_TEST_MOD_DEMO_C.bak
|
||
+ mv $DIM_TEST_MOD_DEMO_TAMPER_C $DIM_TEST_MOD_DEMO_C
|
||
+ cd $TEST_MODULE_DIR
|
||
+ make > /dev/null
|
||
+ cd ..
|
||
+}
|
||
+
|
||
+tamper_dim_test_mod_demo_end() {
|
||
+ rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
|
||
+ mv $DIM_TEST_MOD_DEMO_C $DIM_TEST_MOD_DEMO_TAMPER_C
|
||
+ mv $DIM_TEST_MOD_DEMO_C.bak $DIM_TEST_MOD_DEMO_C
|
||
+}
|
||
+
|
||
+gen_dim_test_demo() {
|
||
+ gcc dim_test_demo.c -o $TEST_DEMO_BPRM
|
||
+ dim_gen_baseline_file $TEST_DEMO_BPRM test.hash
|
||
+ dim_gen_policy_bprm_path $TEST_DEMO_BPRM
|
||
+}
|
||
+
|
||
+gen_dim_test_mod_demo() {
|
||
+ rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
|
||
+ cd $TEST_MODULE_DIR
|
||
+ make > /dev/null
|
||
+ cd ..
|
||
+ dim_gen_baseline_file $DIM_TEST_MOD_DEMO test.hash
|
||
+ dim_gen_policy_module_name $DIM_MOD_NAME
|
||
+}
|
||
+
|
||
+measure_log_tampered() {
|
||
+ if [ $2 ]; then
|
||
+ echo "$1 \[tampered\]"
|
||
+ else
|
||
+ baseline="$(dim_gen_baseline_file $1)"
|
||
+ echo "$(dim_baseline_to_measure_log "$baseline") \[tampered\]"
|
||
+ fi
|
||
+}
|
||
+
|
||
+measure_log_static() {
|
||
+ if [ $2 ]; then
|
||
+ baseline="$(dim_gen_baseline_kerenl)"
|
||
+ echo "$(dim_baseline_to_measure_log "$baseline") \[static baseline\]"
|
||
+ else
|
||
+ baseline="$(dim_gen_baseline_file $1)"
|
||
+ echo "$(dim_baseline_to_measure_log "$baseline") \[static baseline\]"
|
||
+ fi
|
||
+}
|
||
+
|
||
+measure_log_no_static() {
|
||
+ if [ $2 ]; then
|
||
+ echo "$1 \[no static baseline\]"
|
||
+ else
|
||
+ baseline="$(dim_gen_baseline_file $1)"
|
||
+ echo "$(dim_baseline_to_measure_log "$baseline") \[no static baseline\]"
|
||
+ fi
|
||
+}
|
||
+
|
||
+check_dim_measure_log_match() {
|
||
+ if [ "$2" == "dim_monitor_measure_log" ]; then
|
||
+ dim_monitor_measure_log | grep "$1" &> /dev/null
|
||
+ else
|
||
+ dim_core_measure_log | grep "$1" &> /dev/null
|
||
+ fi
|
||
+
|
||
+ if [ $? -ne 0 ]; then
|
||
+ echo "check fail:" >> $TEST_LOG
|
||
+ echo " get measure log: $($2)" >> $TEST_LOG
|
||
+ echo " want measure log: $1" >> $TEST_LOG
|
||
+ TEST_RESULT=1
|
||
+ return 1
|
||
+ fi
|
||
+
|
||
+ echo "check ok: measure log has $1" >> $TEST_LOG
|
||
+}
|
||
+
|
||
+check_dim_measure_log_length() {
|
||
+ if [ $($2 | wc -l) -ne $1 ]; then
|
||
+ echo "check fail: measure log length is not $1" >> $TEST_LOG
|
||
+ TEST_RESULT=1
|
||
+ return 1
|
||
+ fi
|
||
+
|
||
+ echo "check ok: measure log length is $1" >> $TEST_LOG
|
||
+}
|
||
+
|
||
+check_dim_measure_log_not_contain() {
|
||
+ if [ "$2" == "dim_monitor_measure_log" ]; then
|
||
+ dim_monitor_measure_log | grep "$1" &> /dev/null
|
||
+ else
|
||
+ dim_core_measure_log | grep "$1" &> /dev/null
|
||
+ fi
|
||
+ if [ $? -eq 0 ]; then
|
||
+ echo "check fail"
|
||
+ TEST_RESULT=1
|
||
+ return 1
|
||
+ fi
|
||
+
|
||
+ echo "check ok: measure log hasn't $1" >> $TEST_LOG
|
||
+}
|
||
+
|
||
+check_dim_core_log_normal() {
|
||
+ dim_core_baseline
|
||
+ check_dim_measure_log_not_contain "\[no static baseline\]" "dim_core_measure_log"
|
||
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_core_measure_log"
|
||
+ dim_core_measure
|
||
+ check_dim_measure_log_not_contain "\[no static baseline\]" "dim_core_measure_log"
|
||
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_core_measure_log"
|
||
+}
|
||
+
|
||
+check_dim_monitor_log_normal() {
|
||
+ dim_monitor_baseline
|
||
+ check_dim_measure_log_length 2 "dim_monitor_measure_log"
|
||
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_monitor_measure_log"
|
||
+ dim_monitor_measure
|
||
+ check_dim_measure_log_length 2 "dim_monitor_measure_log"
|
||
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_monitor_measure_log"
|
||
+}
|
||
+
|
||
+check_dim_monitor_log_tampered() {
|
||
+ dim_core_baseline
|
||
+ dim_monitor_measure
|
||
+ check_dim_measure_log_length 3 "dim_monitor_measure_log"
|
||
+ check_dim_measure_log_match "dim_core.data \[tampered\]" "dim_monitor_measure_log"
|
||
+}
|
||
+
|
||
+run_dim_core_baseline_and_check_log() {
|
||
+ dim_core_baseline
|
||
+ check_dim_measure_log_length "$2" "dim_core_measure_log"
|
||
+ check_dim_measure_log_match "$1" "dim_core_measure_log"
|
||
+}
|
||
+
|
||
+run_dim_core_measure_and_check_log() {
|
||
+ dim_core_measure
|
||
+ check_dim_measure_log_length "$2" "dim_core_measure_log"
|
||
+ check_dim_measure_log_match "$1" "dim_core_measure_log"
|
||
+}
|
||
+
|
||
+run_dim_core_and_check_log() {
|
||
+ if [ "$1" = "baseline" ]; then
|
||
+ run_dim_core_baseline_and_check_log "$2" "$3"
|
||
+ if [ $4 ]; then
|
||
+ kill $4
|
||
+ fi
|
||
+ elif [ "$1" = "measure" ]; then
|
||
+ run_dim_core_measure_and_check_log "$2" "$3"
|
||
+ if [ $4 ]; then
|
||
+ kill $4
|
||
+ fi
|
||
+ else
|
||
+ run_dim_core_baseline_and_check_log "$1" "$2"
|
||
+ run_dim_core_measure_and_check_log "$3" "$4"
|
||
+ if [ $5 ]; then
|
||
+ kill $5
|
||
+ fi
|
||
+ fi
|
||
+}
|
||
+
|
||
+test_pre() {
|
||
+ mkdir -p $TEST_DEMO_DIR
|
||
+ gcc dim_test_demo.c -o $TEST_DEMO_DIR/dim_test_demo
|
||
+ dim_backup_baseline_and_policy
|
||
+ load_dim_modules
|
||
+}
|
||
+
|
||
+test_post() {
|
||
+ remove_dim_modules
|
||
+ dim_restore_baseline_and_policy
|
||
+}
|
||
+
|
||
diff --git a/test/dim_test_demo.c b/test/dim_test_demo.c
|
||
new file mode 100644
|
||
index 0000000..113fc3d
|
||
--- /dev/null
|
||
+++ b/test/dim_test_demo.c
|
||
@@ -0,0 +1,12 @@
|
||
+/*
|
||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||
+ */
|
||
+
|
||
+#include <stdio.h>
|
||
+
|
||
+int main()
|
||
+{
|
||
+ printf("dim_test_demo\n");
|
||
+ while (1);
|
||
+ return 0;
|
||
+}
|
||
diff --git a/test/dim_test_demo_tamper.c b/test/dim_test_demo_tamper.c
|
||
new file mode 100644
|
||
index 0000000..7f95775
|
||
--- /dev/null
|
||
+++ b/test/dim_test_demo_tamper.c
|
||
@@ -0,0 +1,13 @@
|
||
+/*
|
||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||
+ */
|
||
+
|
||
+#include <stdio.h>
|
||
+
|
||
+int main()
|
||
+{
|
||
+ printf("dim_test_demo");
|
||
+ printf("_tamper\n");
|
||
+ while (1);
|
||
+ return 0;
|
||
+}
|
||
diff --git a/test/test_dim_core.sh b/test/test_dim_core.sh
|
||
new file mode 100644
|
||
index 0000000..01fa2b9
|
||
--- /dev/null
|
||
+++ b/test/test_dim_core.sh
|
||
@@ -0,0 +1,145 @@
|
||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||
+#!/bin/bash
|
||
+
|
||
+. ./common.sh
|
||
+
|
||
+test_measure_bprm_text_normal() {
|
||
+ gen_dim_test_demo
|
||
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
|
||
+ # test
|
||
+ run_dim_core_and_check_log "$(measure_log_static $TEST_DEMO_BPRM)" 1 "$(measure_log_static $TEST_DEMO_BPRM)" 1 $pid
|
||
+}
|
||
+
|
||
+test_measure_bprm_text_no_baseline() {
|
||
+ gen_dim_test_demo
|
||
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
|
||
+ # remove baseline
|
||
+ rm -f $DIM_BASELINE_DIR_PATH/test.hash
|
||
+ # test
|
||
+ run_dim_core_and_check_log "$(measure_log_no_static $TEST_DEMO_BPRM)" 1 "$(measure_log_no_static $TEST_DEMO_BPRM)" 1 $pid
|
||
+}
|
||
+
|
||
+test_measure_bprm_text_tamper_1() {
|
||
+ # prepare
|
||
+ gen_dim_test_demo
|
||
+ tamper_dim_test_demo
|
||
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
|
||
+ # test
|
||
+ run_dim_core_and_check_log "$(measure_log_tampered $TEST_DEMO_BPRM)" 1 "$(measure_log_tampered $TEST_DEMO_BPRM)" 1 $pid
|
||
+}
|
||
+
|
||
+test_measure_bprm_text_tamper_2() {
|
||
+ # prepare
|
||
+ gen_dim_test_demo
|
||
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
|
||
+ # test baseline
|
||
+ run_dim_core_and_check_log baseline "$(measure_log_static $TEST_DEMO_BPRM)" 1 $pid
|
||
+ # tamper dim_test_demo
|
||
+ tamper_dim_test_demo
|
||
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
|
||
+ # test measure
|
||
+ run_dim_core_and_check_log measure "$(measure_log_tampered $TEST_DEMO_BPRM)" 2 $pid
|
||
+
|
||
+ kill $pid
|
||
+}
|
||
+
|
||
+test_measure_kernel_normal() {
|
||
+ dim_gen_policy_kernel
|
||
+ dim_gen_baseline_kerenl test.hash
|
||
+
|
||
+ run_dim_core_and_check_log "$(measure_log_static $DIM_KERNEL_NAME "kernel")" 1 "$(measure_log_static $DIM_KERNEL_NAME "kernel")" 1
|
||
+}
|
||
+
|
||
+test_measure_module_text_normal() {
|
||
+ gen_dim_test_mod_demo
|
||
+ insmod $DIM_TEST_MOD_DEMO
|
||
+ run_dim_core_and_check_log "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1 "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1
|
||
+ rmmod $DIM_TEST_MOD_DEMO
|
||
+}
|
||
+
|
||
+test_measure_module_text_no_baseline() {
|
||
+ gen_dim_test_mod_demo
|
||
+ insmod $DIM_TEST_MOD_DEMO
|
||
+
|
||
+ # remove baseline
|
||
+ rm -f $DIM_BASELINE_DIR_PATH/test.hash
|
||
+
|
||
+ run_dim_core_and_check_log "$(measure_log_no_static $DIM_MOD_NAME "mod_no_static")" 1 "$(measure_log_no_static $DIM_MOD_NAME "mod_no_static")" 1
|
||
+ rmmod $DIM_TEST_MOD_DEMO
|
||
+}
|
||
+
|
||
+test_measure_module_text_tamper() {
|
||
+ gen_dim_test_mod_demo
|
||
+ insmod $DIM_TEST_MOD_DEMO
|
||
+
|
||
+ run_dim_core_and_check_log baseline "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1
|
||
+ rmmod $DIM_TEST_MOD_DEMO
|
||
+ tamper_dim_test_mod_demo
|
||
+ insmod $DIM_TEST_MOD_DEMO
|
||
+ run_dim_core_and_check_log measure "$(measure_log_tampered $DIM_MOD_NAME "module_tampered")" 2
|
||
+ rmmod $DIM_TEST_MOD_DEMO
|
||
+ tamper_dim_test_mod_demo_end
|
||
+}
|
||
+
|
||
+test_measure_all_text_normal() {
|
||
+ dim_gen_baseline_all
|
||
+ dim_gen_policy_all
|
||
+ check_dim_core_log_normal
|
||
+}
|
||
+
|
||
+test_measure_all_text_normal_sm3() {
|
||
+ dim_gen_baseline_all 1
|
||
+ dim_gen_policy_all
|
||
+ load_dim_modules "measure_hash=sm3"
|
||
+ check_dim_core_log_normal
|
||
+}
|
||
+
|
||
+test_measure_all_text_normal_sign() {
|
||
+ dim_gen_baseline_all
|
||
+ dim_gen_policy_all
|
||
+ dim_gen_cert
|
||
+ dim_gen_signature
|
||
+ load_dim_modules "signature=on"
|
||
+ check_dim_core_log_normal
|
||
+}
|
||
+
|
||
+POLICY_INVALID="measure1 obj=BPRM_TEXT path=/opt/dim/demo/dim_test_demo\n\
|
||
+measure obj1=BPRM_TEXT path=/opt/dim/demo/dim_test_demo\n\
|
||
+measure obj=BPRM_TEXT1 path=/opt/dim/demo/dim_test_demo\n\
|
||
+measure obj=BPRM_TEXT name=/opt/dim/demo/dim_test_demo\n\
|
||
+measure obj=MODULE_TEXT path=$(head -c 4096 < /dev/zero | tr '\0' '\141')\n"
|
||
+
|
||
+test_invalid_policy() {
|
||
+ IFS=$'\n'
|
||
+ for policy in $(echo -e $POLICY_INVALID); do
|
||
+ echo "$policy" > $DIM_POLICY_PATH
|
||
+ dim_core_baseline
|
||
+ dim_core_status
|
||
+ done &>> $TEST_LOG
|
||
+}
|
||
+
|
||
+# Full measurement. The test is disabled by default.
|
||
+# test_measure_all_text_normal \
|
||
+# test_measure_all_text_normal_sm3 \
|
||
+# test_measure_all_text_normal_sign \
|
||
+case_list="test_measure_bprm_text_normal \
|
||
+ test_measure_bprm_text_no_baseline \
|
||
+ test_measure_bprm_text_tamper_1 \
|
||
+ test_measure_bprm_text_tamper_2 \
|
||
+ test_measure_module_text_normal \
|
||
+ test_measure_module_text_no_baseline \
|
||
+ test_measure_module_text_tamper \
|
||
+ test_measure_kernel_normal \
|
||
+ test_invalid_policy"
|
||
+
|
||
+for case in $case_list; do
|
||
+ test_pre
|
||
+ $case
|
||
+ if [ $TEST_RESULT -eq 0 ]; then
|
||
+ echo "$case PASS"
|
||
+ else
|
||
+ echo "$case FAIL"
|
||
+ fi
|
||
+ test_post
|
||
+done
|
||
+
|
||
diff --git a/test/test_dim_monitor.sh b/test/test_dim_monitor.sh
|
||
new file mode 100644
|
||
index 0000000..b4a1ea8
|
||
--- /dev/null
|
||
+++ b/test/test_dim_monitor.sh
|
||
@@ -0,0 +1,32 @@
|
||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||
+#!/bin/bash
|
||
+
|
||
+. ./common.sh
|
||
+
|
||
+test_measure_monitor_normal() {
|
||
+ dim_gen_baseline_all
|
||
+ dim_gen_policy_all
|
||
+ check_dim_core_log_normal
|
||
+ check_dim_monitor_log_normal
|
||
+}
|
||
+
|
||
+test_measure_monitor_tamper() {
|
||
+ test_measure_monitor_normal
|
||
+ check_dim_monitor_log_tampered
|
||
+}
|
||
+
|
||
+# Full measurement. The test is disabled by default.
|
||
+# case_list="test_measure_monitor_normal \
|
||
+# test_measure_monitor_tamper"
|
||
+case_list=""
|
||
+
|
||
+for case in $case_list; do
|
||
+ test_pre
|
||
+ $case
|
||
+ if [ $TEST_RESULT -eq 0 ]; then
|
||
+ echo "$case PASS"
|
||
+ else
|
||
+ echo "$case FAIL"
|
||
+ fi
|
||
+ test_post
|
||
+done
|
||
diff --git a/test/test_module/Makefile b/test/test_module/Makefile
|
||
new file mode 100644
|
||
index 0000000..4255525
|
||
--- /dev/null
|
||
+++ b/test/test_module/Makefile
|
||
@@ -0,0 +1,16 @@
|
||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||
+
|
||
+obj-m := dim_test_module_demo.o
|
||
+
|
||
+KERNEL := $(DESTDIR)/lib/modules/$(shell uname -r)/build
|
||
+CONFIG_MODULE_SIG=n
|
||
+
|
||
+PWD := $(shell pwd)
|
||
+
|
||
+modules :
|
||
+ $(MAKE) -C $(KERNEL) M=$(PWD) modules
|
||
+
|
||
+.PHONEY:clean
|
||
+
|
||
+clean :
|
||
+ $(MAKE) -C $(KERNEL) SUBDIRS=$(PWD) clean
|
||
diff --git a/test/test_module/dim_test_module_demo.c b/test/test_module/dim_test_module_demo.c
|
||
new file mode 100644
|
||
index 0000000..3303365
|
||
--- /dev/null
|
||
+++ b/test/test_module/dim_test_module_demo.c
|
||
@@ -0,0 +1,20 @@
|
||
+/*
|
||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||
+ */
|
||
+
|
||
+#include <linux/module.h>
|
||
+
|
||
+static int test_mod_init(void)
|
||
+{
|
||
+ pr_info("init!\n");
|
||
+ return 0;
|
||
+}
|
||
+
|
||
+static void test_mod_exit(void)
|
||
+{
|
||
+ pr_info("exit!\n");
|
||
+}
|
||
+
|
||
+module_init(test_mod_init);
|
||
+module_exit(test_mod_exit);
|
||
+MODULE_LICENSE("");
|
||
diff --git a/test/test_module/dim_test_module_demo_tamper.c b/test/test_module/dim_test_module_demo_tamper.c
|
||
new file mode 100644
|
||
index 0000000..c443d7b
|
||
--- /dev/null
|
||
+++ b/test/test_module/dim_test_module_demo_tamper.c
|
||
@@ -0,0 +1,23 @@
|
||
+/*
|
||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||
+ */
|
||
+
|
||
+#include <linux/module.h>
|
||
+
|
||
+static int test_mod_init(void)
|
||
+{
|
||
+ int i = 0;
|
||
+ i += 1;
|
||
+ pr_info("%d\n", i);
|
||
+ pr_info("init!\n");
|
||
+ return 0;
|
||
+}
|
||
+
|
||
+static void test_mod_exit(void)
|
||
+{
|
||
+ pr_info("exit!\n");
|
||
+}
|
||
+
|
||
+module_init(test_mod_init);
|
||
+module_exit(test_mod_exit);
|
||
+MODULE_LICENSE("");
|
||
--
|
||
2.33.0
|
||
|