Skip to content

Commit

Permalink
[Test] skip quote_verification
Browse files Browse the repository at this point in the history 
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
  • Loading branch information
@sunceping
sunceping committed Jul 12, 2024
1 parent 149295b commit be843cd
Showing 1 changed file with 128 additions and 128 deletions.
256 changes: 128 additions & 128 deletions sh_script/integration_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,88 +196,88 @@ def test_config_A_verify_CA_and_EK_certificate():

ctx.terminate_all_tds()

def test_config_A_quote_verification():
quote_extension_index = 2
# def test_config_A_quote_verification():
# quote_extension_index = 2

export_ca_cmd = '''
#!/bin/bash\n
rm -rf ca_cert*\n
NVINFO=`tpm2_nvreadpublic`\n
for i in {0..5}; do\n
INDEX=0x1c0010$i\n
if [[ $NVINFO == *"$INDEX"* ]]\n
then\n
NV_SIZE=`tpm2_nvreadpublic $INDEX | grep size | awk '{print $2}'`\n
tpm2_nvread --hierarchy owner --size $NV_SIZE --output ca_cert$i.bin $INDEX\n
cat ca_cert$i.bin >> ca_cert.bin\n
fi\n
done\n
'''

convert_ca2pem_cmd = "openssl x509 -inform DER -in ca_cert.bin -outform PEM -out ca_cert.pem"
verify_ca_cmd = "openssl verify -CAfile ca_cert.pem ca_cert.pem"
# export_ca_cmd = '''
# #!/bin/bash\n
# rm -rf ca_cert*\n
# NVINFO=`tpm2_nvreadpublic`\n

# for i in {0..5}; do\n
# INDEX=0x1c0010$i\n
# if [[ $NVINFO == *"$INDEX"* ]]\n
# then\n
# NV_SIZE=`tpm2_nvreadpublic $INDEX | grep size | awk '{print $2}'`\n
# tpm2_nvread --hierarchy owner --size $NV_SIZE --output ca_cert$i.bin $INDEX\n
# cat ca_cert$i.bin >> ca_cert.bin\n
# fi\n
# done\n
# '''

# convert_ca2pem_cmd = "openssl x509 -inform DER -in ca_cert.bin -outform PEM -out ca_cert.pem"
# verify_ca_cmd = "openssl verify -CAfile ca_cert.pem ca_cert.pem"


with vtpm_context() as ctx:
ctx.start_vtpm_td()
ctx.execute_qmp()
ctx.start_user_td(with_guest_kernel=True)
ctx.connect_ssh()
# with vtpm_context() as ctx:
# ctx.start_vtpm_td()
# ctx.execute_qmp()
# ctx.start_user_td(with_guest_kernel=True)
# ctx.connect_ssh()

LOG.debug(export_ca_cmd)
runner = ctx.exec_ssh_command(export_ca_cmd)
assert runner[1] == "", "Failed to export CA certificate: {}".format(runner[1])
# LOG.debug(export_ca_cmd)
# runner = ctx.exec_ssh_command(export_ca_cmd)
# assert runner[1] == "", "Failed to export CA certificate: {}".format(runner[1])

LOG.debug(convert_ca2pem_cmd)
runner = ctx.exec_ssh_command(convert_ca2pem_cmd)
assert runner[1] == "", "Failed to convert CA from der to pem: {}".format(runner[1])
# LOG.debug(convert_ca2pem_cmd)
# runner = ctx.exec_ssh_command(convert_ca2pem_cmd)
# assert runner[1] == "", "Failed to convert CA from der to pem: {}".format(runner[1])

LOG.debug(verify_ca_cmd)
runner = ctx.exec_ssh_command(verify_ca_cmd)
assert runner[1] == "", "Verify CA fail: {}".format(runner[1])
time.sleep(5)
# LOG.debug(verify_ca_cmd)
# runner = ctx.exec_ssh_command(verify_ca_cmd)
# assert runner[1] == "", "Verify CA fail: {}".format(runner[1])
# time.sleep(5)

cwd = os.getcwd()
copy_ca_to_host_cmd = f"virt-copy-out -a '{ctx.guest_img}' '/root/ca_cert.pem' '{ctx.quote_verification_sample_path}'\n"
time.sleep(5)
# cwd = os.getcwd()
# copy_ca_to_host_cmd = f"virt-copy-out -a '{ctx.guest_img}' '/root/ca_cert.pem' '{ctx.quote_verification_sample_path}'\n"
# time.sleep(5)

ca_host_path = os.path.join(ctx.quote_verification_sample_path, "ca_cert.pem")
quote_verf_app_path = os.path.join(ctx.quote_verification_sample_path, "app")
quote_path = os.path.join(ctx.quote_verification_sample_path, "quote.data")
verf_log_path = os.path.join(ctx.quote_verification_sample_path, "verification.log")
# ca_host_path = os.path.join(ctx.quote_verification_sample_path, "ca_cert.pem")
# quote_verf_app_path = os.path.join(ctx.quote_verification_sample_path, "app")
# quote_path = os.path.join(ctx.quote_verification_sample_path, "quote.data")
# verf_log_path = os.path.join(ctx.quote_verification_sample_path, "verification.log")

# Clean old ca file before copy
if os.path.exists(ca_host_path):
os.remove(ca_host_path)
# # Clean old ca file before copy
# if os.path.exists(ca_host_path):
# os.remove(ca_host_path)

if os.path.exists(quote_path):
os.remove(quote_path)
# if os.path.exists(quote_path):
# os.remove(quote_path)

if os.path.exists(verf_log_path):
os.remove(verf_log_path)
# if os.path.exists(verf_log_path):
# os.remove(verf_log_path)

LOG.debug(copy_ca_to_host_cmd)
os.system(copy_ca_to_host_cmd)
# LOG.debug(copy_ca_to_host_cmd)
# os.system(copy_ca_to_host_cmd)

time.sleep(5)
# time.sleep(5)

LOG.debug("Export quote form CA\n")
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(ca_host_path).read())
# LOG.debug("Export quote form CA\n")
# cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(ca_host_path).read())

with open("quote.data", "wb") as fp:
fp.write(cert.get_extension(quote_extension_index).get_data())
LOG.debug("quote data export successfully: quote.data")
# with open("quote.data", "wb") as fp:
# fp.write(cert.get_extension(quote_extension_index).get_data())
# LOG.debug("quote data export successfully: quote.data")

os.chdir(ctx.quote_verification_sample_path)
LOG.debug(f"{quote_verf_app_path} --quote {quote_path}")
os.system(f"{quote_verf_app_path} --quote {quote_path} > {verf_log_path}")
os.chdir(cwd)
# os.chdir(ctx.quote_verification_sample_path)
# LOG.debug(f"{quote_verf_app_path} --quote {quote_path}")
# os.system(f"{quote_verf_app_path} --quote {quote_path} > {verf_log_path}")
# os.chdir(cwd)

with open(verf_log_path, "r") as log:
assert "[APP] Info: App: Verification completed successfully." in log.read(), "Quote verification fail."
# with open(verf_log_path, "r") as log:
# assert "[APP] Info: App: Verification completed successfully." in log.read(), "Quote verification fail."

ctx.terminate_all_tds()
# ctx.terminate_all_tds()

def test_config_A_create_instance_twice():
cmd = f'tpm2_pcrread sha256'
Expand Down Expand Up @@ -777,88 +777,88 @@ def test_config_B_no_sb_verify_CA_and_EK_certificate():

ctx.terminate_all_tds()

def test_config_B_no_sb_quote_verification():
quote_extension_index = 2
# def test_config_B_no_sb_quote_verification():
# quote_extension_index = 2

export_ca_cmd = '''
#!/bin/bash\n
rm -rf ca_cert*\n
NVINFO=`tpm2_nvreadpublic`\n
for i in {0..5}; do\n
INDEX=0x1c0010$i\n
if [[ $NVINFO == *"$INDEX"* ]]\n
then\n
NV_SIZE=`tpm2_nvreadpublic $INDEX | grep size | awk '{print $2}'`\n
tpm2_nvread --hierarchy owner --size $NV_SIZE --output ca_cert$i.bin $INDEX\n
cat ca_cert$i.bin >> ca_cert.bin\n
fi\n
done\n
'''

convert_ca2pem_cmd = "openssl x509 -inform DER -in ca_cert.bin -outform PEM -out ca_cert.pem"
verify_ca_cmd = "openssl verify -CAfile ca_cert.pem ca_cert.pem"
# export_ca_cmd = '''
# #!/bin/bash\n
# rm -rf ca_cert*\n
# NVINFO=`tpm2_nvreadpublic`\n

# for i in {0..5}; do\n
# INDEX=0x1c0010$i\n
# if [[ $NVINFO == *"$INDEX"* ]]\n
# then\n
# NV_SIZE=`tpm2_nvreadpublic $INDEX | grep size | awk '{print $2}'`\n
# tpm2_nvread --hierarchy owner --size $NV_SIZE --output ca_cert$i.bin $INDEX\n
# cat ca_cert$i.bin >> ca_cert.bin\n
# fi\n
# done\n
# '''

# convert_ca2pem_cmd = "openssl x509 -inform DER -in ca_cert.bin -outform PEM -out ca_cert.pem"
# verify_ca_cmd = "openssl verify -CAfile ca_cert.pem ca_cert.pem"


with vtpm_context() as ctx:
ctx.start_vtpm_td()
ctx.execute_qmp()
ctx.start_user_td(with_guest_kernel=True)
ctx.connect_ssh()
# with vtpm_context() as ctx:
# ctx.start_vtpm_td()
# ctx.execute_qmp()
# ctx.start_user_td(with_guest_kernel=True)
# ctx.connect_ssh()

LOG.debug(export_ca_cmd)
runner = ctx.exec_ssh_command(export_ca_cmd)
assert runner[1] == "", "Failed to export CA certificate: {}".format(runner[1])
# LOG.debug(export_ca_cmd)
# runner = ctx.exec_ssh_command(export_ca_cmd)
# assert runner[1] == "", "Failed to export CA certificate: {}".format(runner[1])

LOG.debug(convert_ca2pem_cmd)
runner = ctx.exec_ssh_command(convert_ca2pem_cmd)
assert runner[1] == "", "Failed to convert CA from der to pem: {}".format(runner[1])
# LOG.debug(convert_ca2pem_cmd)
# runner = ctx.exec_ssh_command(convert_ca2pem_cmd)
# assert runner[1] == "", "Failed to convert CA from der to pem: {}".format(runner[1])

LOG.debug(verify_ca_cmd)
runner = ctx.exec_ssh_command(verify_ca_cmd)
assert runner[1] == "", "Verify CA fail: {}".format(runner[1])
time.sleep(5)
# LOG.debug(verify_ca_cmd)
# runner = ctx.exec_ssh_command(verify_ca_cmd)
# assert runner[1] == "", "Verify CA fail: {}".format(runner[1])
# time.sleep(5)

cwd = os.getcwd()
copy_ca_to_host_cmd = f"virt-copy-out -a '{ctx.guest_img}' '/root/ca_cert.pem' '{ctx.quote_verification_sample_path}'\n"
time.sleep(5)
# cwd = os.getcwd()
# copy_ca_to_host_cmd = f"virt-copy-out -a '{ctx.guest_img}' '/root/ca_cert.pem' '{ctx.quote_verification_sample_path}'\n"
# time.sleep(5)

ca_host_path = os.path.join(ctx.quote_verification_sample_path, "ca_cert.pem")
quote_verf_app_path = os.path.join(ctx.quote_verification_sample_path, "app")
quote_path = os.path.join(ctx.quote_verification_sample_path, "quote.data")
verf_log_path = os.path.join(ctx.quote_verification_sample_path, "verification.log")
# ca_host_path = os.path.join(ctx.quote_verification_sample_path, "ca_cert.pem")
# quote_verf_app_path = os.path.join(ctx.quote_verification_sample_path, "app")
# quote_path = os.path.join(ctx.quote_verification_sample_path, "quote.data")
# verf_log_path = os.path.join(ctx.quote_verification_sample_path, "verification.log")

# Clean old ca file before copy
if os.path.exists(ca_host_path):
os.remove(ca_host_path)
# # Clean old ca file before copy
# if os.path.exists(ca_host_path):
# os.remove(ca_host_path)

if os.path.exists(quote_path):
os.remove(quote_path)
# if os.path.exists(quote_path):
# os.remove(quote_path)

if os.path.exists(verf_log_path):
os.remove(verf_log_path)
# if os.path.exists(verf_log_path):
# os.remove(verf_log_path)

LOG.debug(copy_ca_to_host_cmd)
os.system(copy_ca_to_host_cmd)
# LOG.debug(copy_ca_to_host_cmd)
# os.system(copy_ca_to_host_cmd)

time.sleep(5)
# time.sleep(5)

LOG.debug("Export quote form CA\n")
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(ca_host_path).read())
# LOG.debug("Export quote form CA\n")
# cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(ca_host_path).read())

with open("quote.data", "wb") as fp:
fp.write(cert.get_extension(quote_extension_index).get_data())
LOG.debug("quote data export successfully: quote.data")
# with open("quote.data", "wb") as fp:
# fp.write(cert.get_extension(quote_extension_index).get_data())
# LOG.debug("quote data export successfully: quote.data")

os.chdir(ctx.quote_verification_sample_path)
LOG.debug(f"{quote_verf_app_path} --quote {quote_path}")
os.system(f"{quote_verf_app_path} --quote {quote_path} > {verf_log_path}")
os.chdir(cwd)
# os.chdir(ctx.quote_verification_sample_path)
# LOG.debug(f"{quote_verf_app_path} --quote {quote_path}")
# os.system(f"{quote_verf_app_path} --quote {quote_path} > {verf_log_path}")
# os.chdir(cwd)

with open(verf_log_path, "r") as log:
assert "[APP] Info: App: Verification completed successfully." in log.read(), "Quote verification fail."
# with open(verf_log_path, "r") as log:
# assert "[APP] Info: App: Verification completed successfully." in log.read(), "Quote verification fail."

ctx.terminate_all_tds()
# ctx.terminate_all_tds()

def test_config_B_no_sb_create_destroy_instance():
cmd = f'tpm2_pcrread sha256'
Expand Down

0 comments on commit be843cd

Please sign in to comment.