wip6

mkulke · Oct 25, 2024 · f73ba93 · f73ba93
1 parent 5b93b6c
commit f73ba93
Show file tree

Hide file tree

Showing 5 changed files with 119 additions and 0 deletions.
diff --git a/az-cvm-vtpm/az-snp-vtpm/Cargo.toml b/az-cvm-vtpm/az-snp-vtpm/Cargo.toml
@@ -28,8 +28,10 @@ ureq.workspace = true
 
 [dev-dependencies]
 serde_json.workspace = true
+hex.workspace = true
 
 [features]
 default = ["attester", "verifier"]
 attester = []
 verifier = ["az-cvm-vtpm/openssl", "openssl", "ureq/tls"]
+integration_test = []
diff --git a/az-cvm-vtpm/az-snp-vtpm/README.md b/az-cvm-vtpm/az-snp-vtpm/README.md
@@ -71,3 +71,11 @@ signs ┌─  ┌─┴────────────┐ │  │ │
       └─  └─┬────────────┘ │
             └──────────────┘
 ```
+
+## Integration Tests
+
+The integration test suite can run on an SNP CVM. It needs to be executed as root and the tests have to run sequentially.
+
+```bash
+sudo -E env "PATH=$PATH" cargo t --features integration_test -- --test-threads 1
+```
diff --git a/az-cvm-vtpm/az-snp-vtpm/tests/integration_tests.rs b/az-cvm-vtpm/az-snp-vtpm/tests/integration_tests.rs
@@ -0,0 +1,50 @@
+use az_snp_vtpm::{hcl, report, vtpm};
+use serde::Deserialize;
+
+#[cfg(feature = "integration_test")]
+#[test]
+fn get_report_with_varying_report_data_len() {
+    let mut report_data = "test".as_bytes();
+    vtpm::get_report_with_report_data(report_data).unwrap();
+    report_data = "test_test".as_bytes();
+    vtpm::get_report_with_report_data(report_data).unwrap();
+}
+
+#[derive(Deserialize, Debug)]
+struct VarDataUserData {
+    #[serde(rename = "user-data")]
+    user_data: String,
+}
+
+#[cfg(feature = "integration_test")]
+#[test]
+fn get_report_with_report_data() {
+    let mut report_data: [u8; 64] = [0; 64];
+    report_data[42] = 42;
+    let bytes = vtpm::get_report_with_report_data(&report_data).unwrap();
+    let hcl_report = hcl::HclReport::new(bytes).unwrap();
+    let var_data = hcl_report.var_data();
+    let VarDataUserData { user_data } = serde_json::from_slice(var_data).unwrap();
+    assert_eq!(user_data.to_lowercase(), hex::encode(report_data));
+
+    let var_data_hash = hcl_report.var_data_sha256();
+    let snp_report: report::AttestationReport = hcl_report.try_into().unwrap();
+    assert_eq!(var_data_hash, snp_report.report_data[..32]);
+}
+
+#[cfg(feature = "integration_test")]
+#[test]
+fn get_report() {
+    let bytes = vtpm::get_report().unwrap();
+    let hcl_report = hcl::HclReport::new(bytes).unwrap();
+
+    let var_data_hash = hcl_report.var_data_sha256();
+    let snp_report: report::AttestationReport = hcl_report.try_into().unwrap();
+    assert_eq!(var_data_hash, snp_report.report_data[..32]);
+}
+
+#[cfg(feature = "integration_test")]
+#[test]
+fn ak_pub() {
+    let _ = vtpm::get_ak_pub().unwrap();
+}
diff --git a/az-cvm-vtpm/az-tdx-vtpm/README.md b/az-cvm-vtpm/az-tdx-vtpm/README.md
@@ -20,3 +20,12 @@ On the TDX CVM, retrieve a TD Quote and write it to disk:
 ```bash
 sudo ./tdx-vtpm
 ```
+
+## Integration Tests
+
+The integration test suite can run on a TDX CVM. It needs to be executed as root and the tests have to run sequentially.
+
+```bash
+sudo -E env "PATH=$PATH" cargo t --features integration_test -- --test-threads 1
+```
+
diff --git a/az-cvm-vtpm/az-tdx-vtpm/tests/integration_tests.rs b/az-cvm-vtpm/az-tdx-vtpm/tests/integration_tests.rs
@@ -0,0 +1,50 @@
+use az_tdx_vtpm::{hcl, tdx, vtpm};
+use serde::Deserialize;
+
+#[cfg(feature = "integration_test")]
+#[test]
+fn get_report_with_varying_report_data_len() {
+    let mut report_data = "test".as_bytes();
+    vtpm::get_report_with_report_data(report_data).unwrap();
+    report_data = "test_test".as_bytes();
+    vtpm::get_report_with_report_data(report_data).unwrap();
+}
+
+#[derive(Deserialize, Debug)]
+struct VarDataUserData {
+    #[serde(rename = "user-data")]
+    user_data: String,
+}
+
+#[cfg(feature = "integration_test")]
+#[test]
+fn get_report_with_report_data() {
+    let mut report_data: [u8; 64] = [0; 64];
+    report_data[42] = 42;
+    let bytes = vtpm::get_report_with_report_data(&report_data).unwrap();
+    let hcl_report = hcl::HclReport::new(bytes).unwrap();
+    let var_data = hcl_report.var_data();
+    let VarDataUserData { user_data } = serde_json::from_slice(var_data).unwrap();
+    assert_eq!(user_data.to_lowercase(), hex::encode(report_data));
+
+    let var_data_hash = hcl_report.var_data_sha256();
+    let td_report: tdx::TdReport = hcl_report.try_into().unwrap();
+    assert_eq!(var_data_hash, td_report.report_mac.reportdata[..32]);
+}
+
+#[cfg(feature = "integration_test")]
+#[test]
+fn get_report() {
+    let bytes = vtpm::get_report().unwrap();
+    let hcl_report = hcl::HclReport::new(bytes).unwrap();
+
+    let var_data_hash = hcl_report.var_data_sha256();
+    let td_report: tdx::TdReport = hcl_report.try_into().unwrap();
+    assert_eq!(var_data_hash, td_report.report_mac.reportdata[..32]);
+}
+
+#[cfg(feature = "integration_test")]
+#[test]
+fn ak_pub() {
+    let _ = vtpm::get_ak_pub().unwrap();
+}