From f73ba9313bcf5614e1f2b2590337445ae137842c Mon Sep 17 00:00:00 2001 From: Magnus Kulke Date: Fri, 25 Oct 2024 17:26:15 +0200 Subject: [PATCH] wip6 --- az-cvm-vtpm/az-snp-vtpm/Cargo.toml | 2 + az-cvm-vtpm/az-snp-vtpm/README.md | 8 +++ .../az-snp-vtpm/tests/integration_tests.rs | 50 +++++++++++++++++++ az-cvm-vtpm/az-tdx-vtpm/README.md | 9 ++++ .../az-tdx-vtpm/tests/integration_tests.rs | 50 +++++++++++++++++++ 5 files changed, 119 insertions(+) create mode 100644 az-cvm-vtpm/az-snp-vtpm/tests/integration_tests.rs create mode 100644 az-cvm-vtpm/az-tdx-vtpm/tests/integration_tests.rs diff --git a/az-cvm-vtpm/az-snp-vtpm/Cargo.toml b/az-cvm-vtpm/az-snp-vtpm/Cargo.toml index db313a2..774eec4 100644 --- a/az-cvm-vtpm/az-snp-vtpm/Cargo.toml +++ b/az-cvm-vtpm/az-snp-vtpm/Cargo.toml @@ -28,8 +28,10 @@ ureq.workspace = true [dev-dependencies] serde_json.workspace = true +hex.workspace = true [features] default = ["attester", "verifier"] attester = [] verifier = ["az-cvm-vtpm/openssl", "openssl", "ureq/tls"] +integration_test = [] diff --git a/az-cvm-vtpm/az-snp-vtpm/README.md b/az-cvm-vtpm/az-snp-vtpm/README.md index 4ab38c9..7da756a 100644 --- a/az-cvm-vtpm/az-snp-vtpm/README.md +++ b/az-cvm-vtpm/az-snp-vtpm/README.md @@ -71,3 +71,11 @@ signs ┌─ ┌─┴────────────┐ │ │ │ └─ └─┬────────────┘ │ └──────────────┘ ``` + +## Integration Tests + +The integration test suite can run on an SNP CVM. It needs to be executed as root and the tests have to run sequentially. + +```bash +sudo -E env "PATH=$PATH" cargo t --features integration_test -- --test-threads 1 +``` diff --git a/az-cvm-vtpm/az-snp-vtpm/tests/integration_tests.rs b/az-cvm-vtpm/az-snp-vtpm/tests/integration_tests.rs new file mode 100644 index 0000000..aae6fe2 --- /dev/null +++ b/az-cvm-vtpm/az-snp-vtpm/tests/integration_tests.rs @@ -0,0 +1,50 @@ +use az_snp_vtpm::{hcl, report, vtpm}; +use serde::Deserialize; + +#[cfg(feature = "integration_test")] +#[test] +fn get_report_with_varying_report_data_len() { + let mut report_data = "test".as_bytes(); + vtpm::get_report_with_report_data(report_data).unwrap(); + report_data = "test_test".as_bytes(); + vtpm::get_report_with_report_data(report_data).unwrap(); +} + +#[derive(Deserialize, Debug)] +struct VarDataUserData { + #[serde(rename = "user-data")] + user_data: String, +} + +#[cfg(feature = "integration_test")] +#[test] +fn get_report_with_report_data() { + let mut report_data: [u8; 64] = [0; 64]; + report_data[42] = 42; + let bytes = vtpm::get_report_with_report_data(&report_data).unwrap(); + let hcl_report = hcl::HclReport::new(bytes).unwrap(); + let var_data = hcl_report.var_data(); + let VarDataUserData { user_data } = serde_json::from_slice(var_data).unwrap(); + assert_eq!(user_data.to_lowercase(), hex::encode(report_data)); + + let var_data_hash = hcl_report.var_data_sha256(); + let snp_report: report::AttestationReport = hcl_report.try_into().unwrap(); + assert_eq!(var_data_hash, snp_report.report_data[..32]); +} + +#[cfg(feature = "integration_test")] +#[test] +fn get_report() { + let bytes = vtpm::get_report().unwrap(); + let hcl_report = hcl::HclReport::new(bytes).unwrap(); + + let var_data_hash = hcl_report.var_data_sha256(); + let snp_report: report::AttestationReport = hcl_report.try_into().unwrap(); + assert_eq!(var_data_hash, snp_report.report_data[..32]); +} + +#[cfg(feature = "integration_test")] +#[test] +fn ak_pub() { + let _ = vtpm::get_ak_pub().unwrap(); +} diff --git a/az-cvm-vtpm/az-tdx-vtpm/README.md b/az-cvm-vtpm/az-tdx-vtpm/README.md index 67ebe3a..82647c0 100644 --- a/az-cvm-vtpm/az-tdx-vtpm/README.md +++ b/az-cvm-vtpm/az-tdx-vtpm/README.md @@ -20,3 +20,12 @@ On the TDX CVM, retrieve a TD Quote and write it to disk: ```bash sudo ./tdx-vtpm ``` + +## Integration Tests + +The integration test suite can run on a TDX CVM. It needs to be executed as root and the tests have to run sequentially. + +```bash +sudo -E env "PATH=$PATH" cargo t --features integration_test -- --test-threads 1 +``` + diff --git a/az-cvm-vtpm/az-tdx-vtpm/tests/integration_tests.rs b/az-cvm-vtpm/az-tdx-vtpm/tests/integration_tests.rs new file mode 100644 index 0000000..6b7ff24 --- /dev/null +++ b/az-cvm-vtpm/az-tdx-vtpm/tests/integration_tests.rs @@ -0,0 +1,50 @@ +use az_tdx_vtpm::{hcl, tdx, vtpm}; +use serde::Deserialize; + +#[cfg(feature = "integration_test")] +#[test] +fn get_report_with_varying_report_data_len() { + let mut report_data = "test".as_bytes(); + vtpm::get_report_with_report_data(report_data).unwrap(); + report_data = "test_test".as_bytes(); + vtpm::get_report_with_report_data(report_data).unwrap(); +} + +#[derive(Deserialize, Debug)] +struct VarDataUserData { + #[serde(rename = "user-data")] + user_data: String, +} + +#[cfg(feature = "integration_test")] +#[test] +fn get_report_with_report_data() { + let mut report_data: [u8; 64] = [0; 64]; + report_data[42] = 42; + let bytes = vtpm::get_report_with_report_data(&report_data).unwrap(); + let hcl_report = hcl::HclReport::new(bytes).unwrap(); + let var_data = hcl_report.var_data(); + let VarDataUserData { user_data } = serde_json::from_slice(var_data).unwrap(); + assert_eq!(user_data.to_lowercase(), hex::encode(report_data)); + + let var_data_hash = hcl_report.var_data_sha256(); + let td_report: tdx::TdReport = hcl_report.try_into().unwrap(); + assert_eq!(var_data_hash, td_report.report_mac.reportdata[..32]); +} + +#[cfg(feature = "integration_test")] +#[test] +fn get_report() { + let bytes = vtpm::get_report().unwrap(); + let hcl_report = hcl::HclReport::new(bytes).unwrap(); + + let var_data_hash = hcl_report.var_data_sha256(); + let td_report: tdx::TdReport = hcl_report.try_into().unwrap(); + assert_eq!(var_data_hash, td_report.report_mac.reportdata[..32]); +} + +#[cfg(feature = "integration_test")] +#[test] +fn ak_pub() { + let _ = vtpm::get_ak_pub().unwrap(); +}