mirror/libsignal
0
0
Fork 0
mirror of https://github.com/signalapp/libsignal.git synced 2024-09-20 12:02:18 +02:00
Code

Replace read_test_file with include_bytes! in attest

Browse Source 
Replace the utility that reads a file's contents at runtime with the
standard macro that pastes in the file's contents at compile-time.
This commit is contained in:
akonradi-signal 2023-10-27 15:42:29 -04:00 committed by GitHub
parent 61f2cda107
commit a51aa5b055
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 72 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rust/attest/src/cds2.rs
View File

@ -62,7 +62,6 @@ pub fn extract_metrics(attestation_msg: &[u8]) -> Result<HashMap<String, i64>> {
#[cfg(test)]
mod test {
use super::*;
use crate::util::testio::read_test_file;
use std::time::{Duration, SystemTime};
#[test]
@ -71,8 +70,8 @@ mod test {
let mrenclave = hex!("39d78f17f8aa9a8e9cdaf16595947a057bac21f014d1abfd6a99b2dfd4e18d1d");
let attestation_msg = cds2::ClientHandshakeStart {
evidence: read_test_file("tests/data/cds2_test.evidence"),
endorsement: read_test_file("tests/data/cds2_test.endorsements"),
evidence: include_bytes!("../tests/data/cds2_test.evidence").to_vec(),
endorsement: include_bytes!("../tests/data/cds2_test.endorsements").to_vec(),
..Default::default()
};

29
rust/attest/src/dcap.rs
View File

@ -678,7 +678,6 @@ mod test {
use crate::dcap::endorsements::{QeTcbLevel, TcbInfoVersion};
use crate::dcap::fakes::FakeAttestation;
use crate::util::testio::read_test_file;
use boring::bn::BigNum;
use hex_literal::hex;
@ -694,8 +693,8 @@ mod test {
let current_time: SystemTime =
SystemTime::UNIX_EPOCH + Duration::from_millis(1674105089000);
let evidence_bytes = read_test_file("tests/data/dcap.evidence");
let endorsements_bytes = read_test_file("tests/data/dcap.endorsements");
let evidence_bytes = include_bytes!("../tests/data/dcap.evidence");
let endorsements_bytes = include_bytes!("../tests/data/dcap.endorsements");
let pubkey = verify_remote_attestation(
evidence_bytes.as_ref(),
@ -709,7 +708,7 @@ mod test {
.unwrap()
.to_owned();
let expected_pubkey = hex::decode(read_test_file("tests/data/dcap.pubkey")).unwrap();
let expected_pubkey = hex::decode(include_bytes!("../tests/data/dcap.pubkey")).unwrap();
assert_eq!(&expected_pubkey, pubkey.as_slice());
}
@ -720,8 +719,8 @@ mod test {
let current_time: SystemTime =
SystemTime::UNIX_EPOCH + Duration::from_millis(1657856984000);
let evidence_bytes = read_test_file("tests/data/dcap_v3.evidence");
let endorsements_bytes = read_test_file("tests/data/dcap_v3.endorsements");
let evidence_bytes = include_bytes!("../tests/data/dcap_v3.evidence");
let endorsements_bytes = include_bytes!("../tests/data/dcap_v3.endorsements");
let pubkey = verify_remote_attestation(
evidence_bytes.as_ref(),
@ -735,7 +734,7 @@ mod test {
.unwrap()
.to_owned();
let expected_pubkey = hex::decode(read_test_file("tests/data/dcap_v3.pubkey")).unwrap();
let expected_pubkey = hex::decode(include_bytes!("../tests/data/dcap_v3.pubkey")).unwrap();
assert_eq!(&expected_pubkey, pubkey.as_slice());
}
@ -744,8 +743,8 @@ mod test {
let current_time: SystemTime =
SystemTime::UNIX_EPOCH + Duration::from_millis(1674105089000);
let evidence_bytes = read_test_file("tests/data/dcap.evidence");
let endorsements_bytes = read_test_file("tests/data/dcap.endorsements");
let evidence_bytes = include_bytes!("../tests/data/dcap.evidence");
let endorsements_bytes = include_bytes!("../tests/data/dcap.endorsements");
let sw_advisories = &[ACCEPTED_SW_ADVISORIES, &["INTEL-SA-1234"]].concat();
@ -761,15 +760,15 @@ mod test {
.unwrap()
.to_owned();
let expected_pubkey = hex::decode(read_test_file("tests/data/dcap.pubkey")).unwrap();
let expected_pubkey = hex::decode(include_bytes!("../tests/data/dcap.pubkey")).unwrap();
assert_eq!(expected_pubkey, pubkey.as_slice());
}
#[test]
fn test_attestation_metrics() {
let evidence_bytes = read_test_file("tests/data/dcap.evidence");
let endorsements_bytes = read_test_file("tests/data/dcap.endorsements");
let metrics = attestation_metrics(&evidence_bytes, &endorsements_bytes).unwrap();
const EVIDENCE_BYTES: &[u8] = include_bytes!("../tests/data/dcap.evidence");
const ENDORSEMENTS_BYTES: &[u8] = include_bytes!("../tests/data/dcap.endorsements");
let metrics = attestation_metrics(EVIDENCE_BYTES, ENDORSEMENTS_BYTES).unwrap();
// 2023-02-17 21:56:09 UTC
assert_eq!(
*metrics.get("tcb_info_expiration_ts").unwrap(),
@ -792,8 +791,8 @@ mod test {
let current_time: SystemTime =
SystemTime::UNIX_EPOCH + Duration::from_millis(1652744306000);
let evidence_bytes = read_test_file("tests/data/dcap-expired.evidence");
let endorsements_bytes = read_test_file("tests/data/dcap-expired.endorsements");
let evidence_bytes = include_bytes!("../tests/data/dcap-expired.evidence");
let endorsements_bytes = include_bytes!("../tests/data/dcap-expired.endorsements");
assert!(verify_remote_attestation(
evidence_bytes.as_ref(),

18
rust/attest/src/dcap/endorsements.rs
View File

@ -298,7 +298,6 @@ impl TryFrom<[u8; std::mem::size_of::<EndorsementsHeader>()]> for EndorsementsHe
#[cfg(test)]
mod tests {
use crate::util::testio::read_test_file;
use hex_literal::hex;
use std::convert::{TryFrom, TryInto};
@ -306,17 +305,16 @@ mod tests {
#[test]
fn verify_signature_chain_integrity() {
let _data = read_test_file("tests/data/dcap.endorsements");
let _data = include_bytes!("../../tests/data/dcap.endorsements");
// let endorsements = Endorsements::from_bytes(data.as_slice());
}
#[test]
fn make_endorsements() {
let data = read_test_file("tests/data/dcap.endorsements");
const DATA: &[u8] = include_bytes!("../../tests/data/dcap.endorsements");
let endorsements =
SgxEndorsements::try_from(data.as_slice()).expect("failed to parse endorsements");
let endorsements = SgxEndorsements::try_from(DATA).expect("failed to parse endorsements");
assert_eq!(1, endorsements._version)
}
@ -324,7 +322,7 @@ mod tests {
#[test]
fn make_endorsements_header() {
let data: [u8; std::mem::size_of::<EndorsementsHeader>()] =
read_test_file("tests/data/dcap.endorsements")
include_bytes!("../../tests/data/dcap.endorsements")
[..std::mem::size_of::<EndorsementsHeader>()]
.try_into()
.unwrap();
@ -337,8 +335,8 @@ mod tests {
#[test]
fn parse_tcb_info_v3() {
let data = read_test_file("tests/data/tcb_info_v3.json");
let tcb_info: TcbInfo = serde_json::from_slice(&data).unwrap();
const DATA: &[u8] = include_bytes!("../../tests/data/tcb_info_v3.json");
let tcb_info: TcbInfo = serde_json::from_slice(DATA).unwrap();
assert_eq!(TcbInfoVersion::V3, tcb_info.version);
assert_eq!(hex!("00606A000000"), tcb_info.fmspc);
assert_eq!(
@ -356,8 +354,8 @@ mod tests {
#[test]
fn parse_tcb_info_v2() {
let data = read_test_file("tests/data/tcb_info_v2.json");
let tcb_info: TcbInfo = serde_json::from_slice(&data).unwrap();
const DATA: &[u8] = include_bytes!("../../tests/data/tcb_info_v2.json");
let tcb_info: TcbInfo = serde_json::from_slice(DATA).unwrap();
assert_eq!(TcbInfoVersion::V2, tcb_info.version);
assert_eq!(hex!("00606A000000"), tcb_info.fmspc);
assert_eq!(

7
rust/attest/src/dcap/evidence.rs
View File

@ -140,7 +140,6 @@ impl CustomClaims<'_> {
mod test {
use super::*;
use crate::dcap::MREnclave;
use crate::util::testio::read_test_file;
use hex_literal::hex;
use std::convert::TryFrom;
@ -149,10 +148,10 @@ mod test {
#[test]
fn from_bytes() {
let data = read_test_file("tests/data/dcap.evidence");
let pkey = hex::decode(read_test_file("tests/data/dcap.pubkey")).unwrap();
const DATA: &[u8] = include_bytes!("../../tests/data/dcap.evidence");
let pkey = hex::decode(include_bytes!("../../tests/data/dcap.pubkey")).unwrap();
let evidence = Evidence::try_from(data.as_slice()).expect("should parse");
let evidence = Evidence::try_from(DATA).expect("should parse");
assert_eq!(pkey, evidence.claims.map.get("pk").unwrap().as_slice());
assert_eq!(
EXPECTED_MRENCLAVE,

13
rust/attest/src/dcap/fakes.rs
View File

@ -27,16 +27,11 @@ use boring::hash::{Hasher, MessageDigest};
use boring::nid::Nid;
use boring::pkey::{PKey, Private, Public};
use chrono::Utc;
use lazy_static::lazy_static;
use std::convert::TryFrom;
use std::time::SystemTime;
lazy_static! {
static ref EVIDENCE_BYTES: Vec<u8> =
crate::util::testio::read_test_file("tests/data/dcap.evidence");
static ref ENDORSEMENT_BYTES: Vec<u8> =
crate::util::testio::read_test_file("tests/data/dcap.endorsements");
}
const EVIDENCE_BYTES: &[u8] = include_bytes!("../../tests/data/dcap.evidence");
const ENDORSEMENT_BYTES: &[u8] = include_bytes!("../../tests/data/dcap.endorsements");
pub(crate) struct SigningInfo {
pub root: TestCert,
@ -133,8 +128,8 @@ impl FakeAttestation {
/// when signed. To perform a test, manipulate evidence/endorsements
/// before [`FakeAttestationBuilder::sign`]ing them.
pub fn builder() -> FakeAttestationBuilder {
let uevidence = Evidence::try_from(EVIDENCE_BYTES.as_slice()).unwrap();
let mut uendorsements = SgxEndorsements::try_from(ENDORSEMENT_BYTES.as_slice()).unwrap();
let uevidence = Evidence::try_from(EVIDENCE_BYTES).unwrap();
let mut uendorsements = SgxEndorsements::try_from(ENDORSEMENT_BYTES).unwrap();
let signing_info = SigningInfo::default();
// by default, expire tcb_info/qe_id tomorrow
let tomorrow = Utc::now() + chrono::Duration::days(1);

5
rust/attest/src/dcap/sgx_x509.rs
View File

@ -381,13 +381,12 @@ impl<'a> TryFrom<SequenceOf<'a, SgxExtension<'a>>> for Configuration {
#[cfg(test)]
mod test {
use super::*;
use crate::util::testio::read_test_file;
#[test]
fn test_deserialization() {
let data = read_test_file("tests/data/sgx_x509_extension.der");
const DATA: &[u8] = include_bytes!("../../tests/data/sgx_x509_extension.der");
let ext = SgxPckExtension::from_der(&data).unwrap();
let ext = SgxPckExtension::from_der(DATA).unwrap();
assert_eq!(ext.pceid, [0u8, 0u8]);
assert_eq!(ext.tcb.pcesvn, 11);

14
rust/attest/src/ias.rs
View File

@ -138,13 +138,11 @@ mod test {
use chrono::DateTime;
use std::time::Duration;
use crate::util::testio::read_test_file;
use super::*;
#[test]
fn happy_path() {
verify_signature(&GOOD_PEM, &GOOD_MESSAGE, &GOOD_SIGNATURE, SystemTime::now()).unwrap();
verify_signature(GOOD_PEM, &GOOD_MESSAGE, &GOOD_SIGNATURE, SystemTime::now()).unwrap();
}
#[test]
@ -152,7 +150,7 @@ mod test {
let future_time = DateTime::parse_from_rfc3339("2038-01-19T03:14:06Z").unwrap();
let time: SystemTime =
SystemTime::UNIX_EPOCH + Duration::from_millis(future_time.timestamp_millis() as u64);
verify_signature(&GOOD_PEM, &GOOD_MESSAGE, &GOOD_SIGNATURE, time)
verify_signature(GOOD_PEM, &GOOD_MESSAGE, &GOOD_SIGNATURE, time)
.expect_err("CRL has expired");
}
@ -160,7 +158,7 @@ mod test {
fn bad_signature_test() {
let signature = corrupt(GOOD_SIGNATURE.clone());
verify_signature(&GOOD_PEM, &GOOD_MESSAGE, &signature, SystemTime::now())
verify_signature(GOOD_PEM, &GOOD_MESSAGE, &signature, SystemTime::now())
.expect_err("signature does not match");
}
@ -168,7 +166,7 @@ mod test {
fn bad_data_test() {
let body = corrupt(GOOD_MESSAGE.clone());
verify_signature(&GOOD_PEM, &body, &GOOD_SIGNATURE, SystemTime::now())
verify_signature(GOOD_PEM, &body, &GOOD_SIGNATURE, SystemTime::now())
.expect_err("signature does not match");
}
@ -183,12 +181,12 @@ mod test {
decode_block(string.as_str()).unwrap()
}
const GOOD_PEM: &[u8] = include_bytes!("../tests/data/ias-sig-cert.pem");
lazy_static! {
static ref GOOD_PEM: Vec<u8> = read_test_file("tests/data/ias-sig-cert.pem");
static ref GOOD_SIGNATURE: Vec<u8> =
base64_to_bytes("Hj4zz2gLX+g1T4avpcpXxmBqI5bpKKLOy4HLCTO0PwKcV+Q3fhDJVuVy0+SEgzC1TlmARKyH/DVynWu3pA9FA+4BvZxb7nLbaMG4PXdYu56sHDCzFVPsm9TPgqsVu5PbVXatZQ0oVxMkzKtPae3fy/ootXkG+4ahOU6Hwqa0Uy6+HYzL2CJZRJjHV6/iZjgTLjYsQqS0mZiaUuFoqn8RRb8/f7/9SujDSLa8dmKBqaZCtZpeHh4posLWjOhTJx07FhBRh5EV01gXFfys56h2NTc7MpmYbzt2onfH/3lDM8DfdNUJl0TfikzJyVdLWXi0MyAS2nrRhHFwVp365FYEJg==");
static ref GOOD_MESSAGE: Vec<u8> = base64_to_bytes(
std::str::from_utf8(&read_test_file("tests/data/ias-valid-message.txt"))
std::str::from_utf8(include_bytes!("../tests/data/ias-valid-message.txt"))
.expect("Invalid UTF-8")
);

23
rust/attest/src/sgx_session.rs
View File

@ -178,24 +178,23 @@ impl Handshake {
#[cfg(test)]
mod tests {
use crate::util::testio::read_test_file;
use std::time::{Duration, SystemTime};
use super::*;
fn handshake_from_tests_data() -> Result<Handshake> {
// Read test data files, de-hex-stringing as necessary.
let evidence_bytes = read_test_file("tests/data/cds2_test.evidence");
let endorsement_bytes = read_test_file("tests/data/cds2_test.endorsements");
const EVIDENCE_BYTES: &[u8] = include_bytes!("../tests/data/cds2_test.evidence");
const ENDORSEMENT_BYTES: &[u8] = include_bytes!("../tests/data/cds2_test.endorsements");
let mut mrenclave_bytes = vec![0u8; 32];
let mrenclave_str = read_test_file("tests/data/cds2_test.mrenclave");
let mrenclave_str = include_bytes!("../tests/data/cds2_test.mrenclave");
hex::decode_to_slice(mrenclave_str, &mut mrenclave_bytes)
.expect("Failed to decode mrenclave from hex string");
let current_time = SystemTime::UNIX_EPOCH + Duration::from_millis(1655857680000);
Handshake::new(
&mrenclave_bytes,
&evidence_bytes,
&endorsement_bytes,
EVIDENCE_BYTES,
ENDORSEMENT_BYTES,
&[],
current_time,
)
@ -203,18 +202,18 @@ mod tests {
#[test]
fn test_clock_skew() {
let evidence_bytes = read_test_file("tests/data/cds2_test.evidence");
let endorsement_bytes = read_test_file("tests/data/cds2_test.endorsements");
const EVIDENCE_BYTES: &[u8] = include_bytes!("../tests/data/cds2_test.evidence");
const ENDORSEMENT_BYTES: &[u8] = include_bytes!("../tests/data/cds2_test.endorsements");
let mut mrenclave_bytes = vec![0u8; 32];
let mrenclave_str = read_test_file("tests/data/cds2_test.mrenclave");
let mrenclave_str = include_bytes!("../tests/data/cds2_test.mrenclave");
hex::decode_to_slice(mrenclave_str, &mut mrenclave_bytes)
.expect("Failed to decode mrenclave from hex string");
let test = |time: SystemTime, expect_success: bool| {
let result = Handshake::new(
&mrenclave_bytes,
&evidence_bytes,
&endorsement_bytes,
EVIDENCE_BYTES,
ENDORSEMENT_BYTES,
&[],
time,
);
@ -247,7 +246,7 @@ mod tests {
fn test_happy_path() -> Result<()> {
// Spin up a handshake for the server-side.
let mut private_key = [0u8; 32];
let private_key_hex = read_test_file("tests/data/cds2_test.privatekey");
let private_key_hex = include_bytes!("../tests/data/cds2_test.privatekey");
hex::decode_to_slice(private_key_hex, &mut private_key)
.expect("Failed to decode private key from hex string");

9
rust/attest/src/svr2.rs
View File

@ -142,7 +142,6 @@ fn new_handshake_with_constants(
#[cfg(test)]
mod tests {
use crate::util::testio::read_test_file;
use std::time::{Duration, SystemTime};
use hex_literal::hex;
@ -151,23 +150,23 @@ mod tests {
#[test]
fn attest_svr2() {
let handshake_bytes = read_test_file("tests/data/svr2handshakestart.data");
const HANDSHAKE_BYTES: &[u8] = include_bytes!("../tests/data/svr2handshakestart.data");
let current_time = SystemTime::UNIX_EPOCH + Duration::from_secs(1683836600);
let mrenclave_bytes =
hex!("a8a261420a6bb9b61aa25bf8a79e8bd20d7652531feb3381cbffd446d270be95");
new_handshake(&mrenclave_bytes, &handshake_bytes, current_time).unwrap();
new_handshake(&mrenclave_bytes, HANDSHAKE_BYTES, current_time).unwrap();
}
#[test]
fn attest_svr2_bad_config() {
let handshake_bytes = read_test_file("tests/data/svr2handshakestart.data");
const HANDSHAKE_BYTES: &[u8] = include_bytes!("../tests/data/svr2handshakestart.data");
let current_time = SystemTime::UNIX_EPOCH + Duration::from_secs(1683836600);
let mrenclave_bytes =
hex!("a8a261420a6bb9b61aa25bf8a79e8bd20d7652531feb3381cbffd446d270be95");
assert!(new_handshake_with_constants(
&mrenclave_bytes,
&handshake_bytes,
HANDSHAKE_BYTES,
current_time,
&[],
&RaftConfig {

49
rust/attest/src/util.rs
View File

@ -99,6 +99,24 @@ pub(crate) fn read_array<const N: usize>(bytes: &mut &[u8]) -> [u8; N] {
res
}
#[derive(Debug)]
pub(crate) struct FailedToConvertToAsn1Time;
pub(crate) fn system_time_to_asn1_time(
timestamp: SystemTime,
) -> Result<Asn1Time, FailedToConvertToAsn1Time> {
let epoch_duration = timestamp
.duration_since(SystemTime::UNIX_EPOCH)
.map_err(|_| FailedToConvertToAsn1Time)?;
let t: time_t = epoch_duration
.as_secs()
.try_into()
.map_err(|_| FailedToConvertToAsn1Time)?;
Asn1Time::from_unix(t).map_err(|_| FailedToConvertToAsn1Time)
}
#[cfg(test)]
mod test {
use super::*;
@ -137,34 +155,3 @@ mod test {
assert_eq!(&[2u8, 3, 4, 5], slice);
}
}
#[derive(Debug)]
pub(crate) struct FailedToConvertToAsn1Time;
pub(crate) fn system_time_to_asn1_time(
timestamp: SystemTime,
) -> Result<Asn1Time, FailedToConvertToAsn1Time> {
let epoch_duration = timestamp
.duration_since(SystemTime::UNIX_EPOCH)
.map_err(|_| FailedToConvertToAsn1Time)?;
let t: time_t = epoch_duration
.as_secs()
.try_into()
.map_err(|_| FailedToConvertToAsn1Time)?;
Asn1Time::from_unix(t).map_err(|_| FailedToConvertToAsn1Time)
}
#[cfg(test)]
pub(crate) mod testio {
use std::fs;
use std::path::Path;
/// Read a file to bytes, panicking on errors or if the file does not exist
///
/// `path` should be relative to the package root directory
pub(crate) fn read_test_file(path: &str) -> Vec<u8> {
fs::read(Path::new(env!("CARGO_MANIFEST_DIR")).join(path)).expect("Failed to read file")
}
}