This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/develop by this push:
new 33f0530 [attestation] Add unit test for SgxQuote::parse_from()
33f0530 is described below
commit 33f053016734df8fd1c7313bf904cde36630b23c
Author: Mingshen Sun <[email protected]>
AuthorDate: Tue Feb 11 21:02:32 2020 -0800
[attestation] Add unit test for SgxQuote::parse_from()
---
attestation/Cargo.toml | 2 +
attestation/src/lib.rs | 10 +++
attestation/src/platform.rs | 34 +++++++++
attestation/src/report.rs | 133 ++++++++++++++++++++++++++++++++++++
tests/unit_tests/enclave/Cargo.toml | 1 +
tests/unit_tests/enclave/src/lib.rs | 17 +++--
6 files changed, 188 insertions(+), 9 deletions(-)
diff --git a/attestation/Cargo.toml b/attestation/Cargo.toml
index fd7c57b..3b1be74 100644
--- a/attestation/Cargo.toml
+++ b/attestation/Cargo.toml
@@ -14,6 +14,7 @@ mesalock_sgx = [
"sgx_rand",
"sgx_tse",
]
+enclave_unit_test = ["teaclave_test_utils/mesalock_sgx"]
[dependencies]
anyhow = { version = "1.0.26" }
@@ -37,6 +38,7 @@ url = { version = "2.1.1" }
yasna = { version = "0.3.0", features = ["bit-vec", "num-bigint",
"chrono"] }
teaclave_types = { path = "../types" }
+teaclave_test_utils = { path = "../tests/test_utils" }
sgx_rand = { version = "1.1.0", optional = true }
sgx_tcrypto = { version = "1.1.0", optional = true }
diff --git a/attestation/src/lib.rs b/attestation/src/lib.rs
index 146f596..11e13a5 100644
--- a/attestation/src/lib.rs
+++ b/attestation/src/lib.rs
@@ -112,3 +112,13 @@ cfg_if::cfg_if! {
pub use attestation::RemoteAttestation;
}
}
+
+#[cfg(all(feature = "enclave_unit_test", feature = "mesalock_sgx"))]
+pub mod tests {
+ use super::*;
+ use teaclave_test_utils::*;
+
+ pub fn run_tests() -> bool {
+ run_tests!(platform::tests::run_tests, report::tests::run_tests)
+ }
+}
diff --git a/attestation/src/platform.rs b/attestation/src/platform.rs
index 608d9ad..08449f8 100644
--- a/attestation/src/platform.rs
+++ b/attestation/src/platform.rs
@@ -128,3 +128,37 @@ pub(crate) fn get_sgx_quote(ak_id: &sgx_att_key_id_t,
report: sgx_report_t) -> R
Ok(quote)
}
+
+#[cfg(all(feature = "enclave_unit_test", feature = "mesalock_sgx"))]
+pub mod tests {
+ use super::*;
+ use crate::key;
+ use teaclave_test_utils::*;
+
+ pub fn run_tests() -> bool {
+ run_tests!(
+ test_init_sgx_quote,
+ test_create_sgx_isv_enclave_report,
+ test_get_sgx_quote,
+ )
+ }
+
+ fn test_init_sgx_quote() {
+ assert!(init_sgx_quote().is_ok());
+ }
+
+ fn test_create_sgx_isv_enclave_report() {
+ let (_ak_id, qe_target_info) = init_sgx_quote().unwrap();
+ let key_pair = key::Secp256k1KeyPair::new().unwrap();
+ let sgx_report_result = create_sgx_isv_enclave_report(key_pair.pub_k,
qe_target_info);
+ assert!(sgx_report_result.is_ok());
+ }
+
+ fn test_get_sgx_quote() {
+ let (ak_id, qe_target_info) = init_sgx_quote().unwrap();
+ let key_pair = key::Secp256k1KeyPair::new().unwrap();
+ let sgx_report = create_sgx_isv_enclave_report(key_pair.pub_k,
qe_target_info).unwrap();
+ let quote_result = get_sgx_quote(&ak_id, sgx_report);
+ assert!(quote_result.is_ok());
+ }
+}
diff --git a/attestation/src/report.rs b/attestation/src/report.rs
index 731de0c..9b80159 100644
--- a/attestation/src/report.rs
+++ b/attestation/src/report.rs
@@ -67,6 +67,19 @@ pub struct SgxEnclaveReport {
pub report_data: [u8; 64],
}
+impl std::fmt::Debug for SgxEnclaveReport {
+ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+ writeln!(f, "cpu_svn: {:?}", self.cpu_svn)?;
+ writeln!(f, "misc_select: {:?}", self.misc_select)?;
+ writeln!(f, "attributes: {:?}", self.attributes)?;
+ writeln!(f, "mr_enclave: {:?}", self.mr_enclave)?;
+ writeln!(f, "mr_signer: {:?}", self.mr_signer)?;
+ writeln!(f, "isv_prod_id: {}", self.isv_prod_id)?;
+ writeln!(f, "isv_svn: {}", self.isv_svn)?;
+ writeln!(f, "report_data: {:?}", &self.report_data.to_vec())
+ }
+}
+
impl SgxEnclaveReport {
pub fn parse_from<'a>(bytes: &'a [u8]) -> Result<Self> {
let mut pos: usize = 0;
@@ -136,17 +149,20 @@ impl SgxEnclaveReport {
}
}
+#[derive(Debug, PartialEq)]
pub enum SgxQuoteVersion {
V1(SgxEpidQuoteSigType),
V2(SgxEpidQuoteSigType),
V3(SgxEcdsaQuoteAkType),
}
+#[derive(Debug, PartialEq)]
pub enum SgxEpidQuoteSigType {
Unlinkable,
Linkable,
}
+#[derive(Debug, PartialEq)]
pub enum SgxEcdsaQuoteAkType {
P256_256,
P384_384,
@@ -189,6 +205,18 @@ pub struct SgxQuote {
pub isv_enclave_report: SgxEnclaveReport,
}
+impl std::fmt::Debug for SgxQuote {
+ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+ writeln!(f, "version: {:?}", self.version)?;
+ writeln!(f, "gid: {}", self.gid)?;
+ writeln!(f, "isv_svn_qe: {}", self.isv_svn_qe)?;
+ writeln!(f, "isv_svn_pce: {}", self.isv_svn_pce)?;
+ writeln!(f, "qe_vendor_id: {}", self.qe_vendor_id)?;
+ writeln!(f, "user_data: {:?}", &self.user_data)?;
+ writeln!(f, "isv_enclave_report: \n{:?}", self.isv_enclave_report)
+ }
+}
+
impl SgxQuote {
fn parse_from<'a>(bytes: &'a [u8]) -> Result<Self> {
let mut pos: usize = 0;
@@ -265,6 +293,7 @@ impl SgxQuote {
}
}
+#[derive(Debug)]
pub struct AttestationReport {
pub freshness: Duration,
pub sgx_quote_status: SgxQuoteStatus,
@@ -323,6 +352,7 @@ impl AttestationReport {
// Verify attestation report
let attn_report: Value = serde_json::from_slice(&report.report)?;
+ log::trace!("attn_report: {}", attn_report);
// 1. Check timestamp is within 24H (90day is recommended by Intel)
let quote_freshness = {
@@ -378,3 +408,106 @@ impl AttestationReport {
})
}
}
+
+#[cfg(all(feature = "enclave_unit_test", feature = "mesalock_sgx"))]
+pub mod tests {
+ use super::*;
+ use serde_json::json;
+ use teaclave_test_utils::*;
+
+ fn report_fixture() -> Value {
+ let report = json!({
+ "version": 3,
+ "timestamp": "2020-02-11T22:25:59.682915",
+ "platformInfoBlob":
"1502006504000900000D0D02040180030000000000000000000\
+
A00000B000000020000000000000B2FE0AE0F7FD4D552BF7EF4\
+
C938D44E349F1BD0E76F041362DC52B43B7B25994978D792137\
+
90362F6DAE91797ACF5BD5072E45F9A60795D1FFB10140421D8\
+ 691FFD",
+ "isvEnclaveQuoteStatus": "GROUP_OUT_OF_DATE",
+ "isvEnclaveQuoteBody":
"AgABAC8LAAAKAAkAAAAAAK1zRQOIpndiP4IhlnW2AkwAAAAA\
+
AAAAAAAAAAAAAAAABQ4CBf+AAAAAAAAAAAAAAAAAAAAAAAAA\
+
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAA\
+
AAAAADMKqRCjd2eA4gAmrj2sB68OWpMfhPH4MH27hZAvWGlT\
+
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACD1xnn\
+
ferKFHD2uvYqTXdDA8iZ22kCD5xw7h38CMfOngAAAAAAAAAA\
+
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
+
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
+
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
+
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
+
AAAAAAAAAADYIY9k0MVmCdIDUuFLf/2bGIHAfPjO9nvC7fgz\
+
rQedeA3WW4dFeI6oe+RCLdV3XYD1n6lEZjITOzPPLWDxulGz",
+ "id": "53530608302195762335736519878284384788",
+ "epidPseudonym":
"NRksaQej8R/SyyHpZXzQGNBXqfrzPy5KCxcmJrEjupXrq3xrm2y2+J\
+
p0IBVtcW15MCekYs9K3UH82fPyj6F5ciJoMsgEMEIvRR+csX9uyd54\
+
p+m+/RVyuGYhWbhUcpJigdI5Q3x04GG/A7EP10j/zypwqhYLQh0qN1\
+ ykYt1N1P0="
+ });
+
+ report
+ }
+
+ pub fn run_tests() -> bool {
+ run_tests!(test_sgx_quote_parse_from,)
+ }
+
+ fn test_sgx_quote_parse_from() {
+ let attn_report = report_fixture();
+ let sgx_quote_body_encoded =
attn_report["isvEnclaveQuoteBody"].as_str().unwrap();
+ let quote_raw =
base64::decode(&sgx_quote_body_encoded.as_bytes()).unwrap();
+ let sgx_quote = SgxQuote::parse_from(quote_raw.as_slice()).unwrap();
+
+ assert_eq!(
+ sgx_quote.version,
+ SgxQuoteVersion::V2(SgxEpidQuoteSigType::Linkable)
+ );
+ assert_eq!(sgx_quote.gid, 2863);
+ assert_eq!(sgx_quote.isv_svn_qe, 10);
+ assert_eq!(sgx_quote.isv_svn_pce, 9);
+ assert_eq!(
+ sgx_quote.qe_vendor_id,
+ Uuid::parse_str("00000000-ad73-4503-88a6-77623f822196").unwrap()
+ );
+ assert_eq!(
+ sgx_quote.user_data,
+ [117, 182, 2, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+ );
+
+ let isv_enclave_report = sgx_quote.isv_enclave_report;
+ assert_eq!(
+ isv_enclave_report.cpu_svn,
+ [5, 14, 2, 5, 255, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+ );
+ assert_eq!(isv_enclave_report.misc_select, 0);
+ assert_eq!(
+ isv_enclave_report.attributes,
+ [7, 0, 0, 0, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 0, 0]
+ );
+ assert_eq!(
+ isv_enclave_report.mr_enclave,
+ [
+ 51, 10, 169, 16, 163, 119, 103, 128, 226, 0, 38, 174, 61, 172,
7, 175, 14, 90, 147,
+ 31, 132, 241, 248, 48, 125, 187, 133, 144, 47, 88, 105, 83
+ ]
+ );
+ assert_eq!(
+ isv_enclave_report.mr_signer,
+ [
+ 131, 215, 25, 231, 125, 234, 202, 20, 112, 246, 186, 246, 42,
77, 119, 67, 3, 200,
+ 153, 219, 105, 2, 15, 156, 112, 238, 29, 252, 8, 199, 206, 158
+ ]
+ );
+ assert_eq!(isv_enclave_report.isv_prod_id, 0);
+ assert_eq!(isv_enclave_report.isv_svn, 0);
+ assert_eq!(
+ isv_enclave_report.report_data.to_vec(),
+ [
+ 216, 33, 143, 100, 208, 197, 102, 9, 210, 3, 82, 225, 75, 127,
253, 155, 24, 129,
+ 192, 124, 248, 206, 246, 123, 194, 237, 248, 51, 173, 7, 157,
120, 13, 214, 91,
+ 135, 69, 120, 142, 168, 123, 228, 66, 45, 213, 119, 93, 128,
245, 159, 169, 68,
+ 102, 50, 19, 59, 51, 207, 45, 96, 241, 186, 81, 179
+ ]
+ .to_vec()
+ );
+ }
+}
diff --git a/tests/unit_tests/enclave/Cargo.toml
b/tests/unit_tests/enclave/Cargo.toml
index 66548f0..ec232e7 100644
--- a/tests/unit_tests/enclave/Cargo.toml
+++ b/tests/unit_tests/enclave/Cargo.toml
@@ -15,6 +15,7 @@ default = []
mesalock_sgx = [
"sgx_tstd",
"teaclave_attestation/mesalock_sgx",
+ "teaclave_attestation/enclave_unit_test",
"teaclave_binder/mesalock_sgx",
"teaclave_rpc/mesalock_sgx",
"teaclave_service_enclave_utils/mesalock_sgx",
diff --git a/tests/unit_tests/enclave/src/lib.rs
b/tests/unit_tests/enclave/src/lib.rs
index e8328e8..a33e2de 100644
--- a/tests/unit_tests/enclave/src/lib.rs
+++ b/tests/unit_tests/enclave/src/lib.rs
@@ -24,15 +24,13 @@ extern crate log;
use std::prelude::v1::*;
-use teaclave_types;
-use teaclave_types::TeeServiceResult;
-
use teaclave_binder::proto::{
ECallCommand, FinalizeEnclaveInput, FinalizeEnclaveOutput,
InitEnclaveInput, InitEnclaveOutput,
RunTestInput, RunTestOutput,
};
use teaclave_binder::{handle_ecall, register_ecall_handler};
use teaclave_service_enclave_utils::ServiceEnclave;
+use teaclave_types::{self, TeeServiceResult};
use teaclave_access_control_service_enclave;
use teaclave_authentication_service_enclave;
@@ -42,7 +40,7 @@ use teaclave_test_utils::check_all_passed;
use teaclave_worker;
#[handle_ecall]
-fn handle_run_test(_args: &RunTestInput) -> TeeServiceResult<RunTestOutput> {
+fn handle_run_test(_: &RunTestInput) -> TeeServiceResult<RunTestOutput> {
let ret = check_all_passed!(
teaclave_management_service_enclave::tests::run_tests(),
teaclave_storage_service_enclave::tests::run_tests(),
@@ -53,21 +51,22 @@ fn handle_run_test(_args: &RunTestInput) ->
TeeServiceResult<RunTestOutput> {
teaclave_types::tests::run_tests(),
);
- assert_eq!(ret, true);
+ assert!(ret);
+
+ #[cfg(not(sgx_sim))]
+ assert!(teaclave_attestation::tests::run_tests());
Ok(RunTestOutput::default())
}
#[handle_ecall]
-fn handle_init_enclave(_args: &InitEnclaveInput) ->
TeeServiceResult<InitEnclaveOutput> {
+fn handle_init_enclave(_: &InitEnclaveInput) ->
TeeServiceResult<InitEnclaveOutput> {
ServiceEnclave::init(env!("CARGO_PKG_NAME"))?;
Ok(InitEnclaveOutput::default())
}
#[handle_ecall]
-fn handle_finalize_enclave(
- _args: &FinalizeEnclaveInput,
-) -> TeeServiceResult<FinalizeEnclaveOutput> {
+fn handle_finalize_enclave(_: &FinalizeEnclaveInput) ->
TeeServiceResult<FinalizeEnclaveOutput> {
ServiceEnclave::finalize()?;
Ok(FinalizeEnclaveOutput::default())
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
