From cc0b4d38856529528547cbe921fc56c7aa31d052 Mon Sep 17 00:00:00 2001 From: Ceping Sun Date: Tue, 12 Sep 2023 03:58:12 -0400 Subject: [PATCH] add unit test in src/crypto Signed-off-by: Ceping Sun --- sh_script/unit_test_coverage.sh | 8 +- src/crypto/src/ek_cert.rs | 124 ++++++++++++++++ src/crypto/src/resolve.rs | 243 ++++++++++++++++++++++++++++++++ src/crypto/src/td_report.rs | 64 +++++++++ src/crypto/src/x509.rs | 243 ++++++++++++++++++++++++++++++++ 5 files changed, 680 insertions(+), 2 deletions(-) diff --git a/sh_script/unit_test_coverage.sh b/sh_script/unit_test_coverage.sh index 1e95622..383cf7c 100755 --- a/sh_script/unit_test_coverage.sh +++ b/sh_script/unit_test_coverage.sh @@ -1,8 +1,12 @@ readonly script_name=${0##*/} unit_test_folder=( - "src/protocol" - "src/global" + # "src/protocol" + # "src/global" + # "src/spdm" + # "src/eventlog" + # "src/tdtunnel" + "src/crypto" ) export RUSTFLAGS="-Cinstrument-coverage" diff --git a/src/crypto/src/ek_cert.rs b/src/crypto/src/ek_cert.rs index db4ea74..9256779 100644 --- a/src/crypto/src/ek_cert.rs +++ b/src/crypto/src/ek_cert.rs @@ -171,3 +171,127 @@ pub fn generate_ek_cert( .to_vec() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e))) } + +#[cfg(test)] +mod test { + use super::*; + use ring::rand::SystemRandom; + use ring::signature::{self, EcdsaKeyPair}; + use x509::Certificate; + use x509::Extensions; + use x509::ExtendedKeyUsage; + use der::{ Decodable, Encodable,}; + + #[test] + fn test_generate_ek_cert() { + let rand = SystemRandom::new(); + let pkcs8 = + EcdsaKeyPair::generate_pkcs8(&signature::ECDSA_P384_SHA384_ASN1_SIGNING, &rand) + .map_err(|_| ResolveError::GenerateKey); + let key_pair = ring::signature::EcdsaKeyPair::from_pkcs8( + &ring::signature::ECDSA_P384_SHA384_ASN1_SIGNING, + pkcs8.unwrap().as_ref(), + ).unwrap(); + let ek_pub = key_pair.public_key().as_ref(); + let res = generate_ek_cert(&ek_pub,&key_pair); + assert!(res.is_ok()); + let buffer = res.unwrap(); + let buffer = buffer.as_slice(); + let mut decoder = der::Decoder::new(&buffer).unwrap(); + let cert = Certificate::decode(&mut decoder); + let bingding = cert.unwrap(); + let cert_data = bingding.tbs_certificate(); + let extensions = cert_data.extensions.as_ref().unwrap(); + let bingding = extensions.to_vec().unwrap(); + let buffer = bingding.as_slice(); + let mut decoder = der::Decoder::new(&buffer).unwrap(); + let extensions = Extensions::decode(&mut decoder); + let bingding = extensions.unwrap(); + let data = bingding.get(); + let buffer = data.as_slice(); + + let basic_constrains: alloc::vec::Vec = vec![false]; + let basic_constrains = basic_constrains + .to_vec() + .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e))); + print!("basic_constrains is {:?}\n",basic_constrains); + for data in buffer { + if data.extn_id == BASIC_CONSTRAINTS { + assert_eq!(data.critical, Some(true)); + let value = data.extn_value.unwrap().as_bytes(); + print!("value is {:?}\n",value); + assert_eq!(value,basic_constrains.as_ref().unwrap()); + } + if data.extn_id == KEY_USAGE { + assert_eq!(data.critical, Some(true)); + } + if data.extn_id == AUTHORITY_KEY_IDENTIFIER { + assert_eq!(data.critical, Some(false)); + } + if data.extn_id == SUBJECT_ALT_NAME { + assert_eq!(data.critical, Some(false)); + } + } + + } + + #[test] + fn test_generate_ca_cert() { + let rand = SystemRandom::new(); + let pkcs8 = + EcdsaKeyPair::generate_pkcs8(&signature::ECDSA_P384_SHA384_ASN1_SIGNING, &rand) + .map_err(|_| ResolveError::GenerateKey); + + + let key_pair = ring::signature::EcdsaKeyPair::from_pkcs8( + &ring::signature::ECDSA_P384_SHA384_ASN1_SIGNING, + pkcs8.unwrap().as_ref(), + ).unwrap(); + + let td_quote = [100u8;0x100]; + let event_log = [111u8;0x100]; + + let res = generate_ca_cert(&td_quote,&event_log,&key_pair); + assert!(res.is_ok()); + let buffer = res.unwrap(); + let buffer = buffer.as_slice(); + let mut decoder = der::Decoder::new(&buffer).unwrap(); + let cert = Certificate::decode(&mut decoder); + let bingding = cert.unwrap(); + let cert_data = bingding.tbs_certificate(); + let extensions = cert_data.extensions.as_ref().unwrap(); + let bingding = extensions.to_vec().unwrap(); + let buffer = bingding.as_slice(); + let mut decoder = der::Decoder::new(&buffer).unwrap(); + let extensions = Extensions::decode(&mut decoder); + let bingding = extensions.unwrap(); + let data = bingding.get(); + let buffer = data.as_slice(); + let basic_constrains: alloc::vec::Vec = vec![true]; + let basic_constrains = basic_constrains + .to_vec() + .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e))); + for data in buffer { + if data.extn_id == BASIC_CONSTRAINTS { + assert_eq!(data.critical, Some(true)); + let value = data.extn_value.unwrap().as_bytes(); + assert_eq!(value,basic_constrains.as_ref().unwrap()); + } + if data.extn_id == EXTENDED_KEY_USAGE { + let value = data.extn_value.unwrap(); + let eku = ExtendedKeyUsage::from_der(value.as_bytes()).ok(); + assert_eq!(eku.unwrap().contains(&VTPMTD_CA_EXTENDED_KEY_USAGE),true); + } + if data.extn_id == EXTNID_VTPMTD_QUOTE { + let value = data.extn_value.unwrap().as_bytes(); + assert_eq!(data.critical, Some(false)); + assert_eq!(td_quote, value); + } + if data.extn_id == EXTNID_VTPMTD_EVENT_LOG { + let value = data.extn_value.unwrap().as_bytes(); + assert_eq!(data.critical, Some(false)); + assert_eq!(event_log, value); + } + } + } +} diff --git a/src/crypto/src/resolve.rs b/src/crypto/src/resolve.rs index 6d995aa..1357364 100644 --- a/src/crypto/src/resolve.rs +++ b/src/crypto/src/resolve.rs @@ -244,3 +244,246 @@ pub fn verify_peer_cert(cert_chain: &[u8], td_report_buf: &mut [u8]) -> SpdmResu Ok(()) } + +#[cfg(test)] +mod test { + use super::*; + const CERT_TEST: [u8; 1533] = [ + 0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x5a, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, + 0x4b, 0x85, 0xa3, 0xae, 0x94, 0x79, 0x3d, 0x5e, 0x34, 0x4f, 0xc6, 0xb3, 0xb2, 0x5b, 0x3a, + 0xef, 0x3c, 0x2c, 0xe3, 0xd3, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, + 0x03, 0x03, 0x30, 0x21, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, + 0x44, 0x4d, 0x54, 0x46, 0x20, 0x6c, 0x69, 0x62, 0x73, 0x70, 0x64, 0x6d, 0x20, 0x45, 0x43, + 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x34, + 0x30, 0x33, 0x30, 0x35, 0x35, 0x35, 0x35, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x33, + 0x33, 0x31, 0x30, 0x35, 0x35, 0x35, 0x35, 0x33, 0x5a, 0x30, 0x21, 0x31, 0x1f, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x44, 0x4d, 0x54, 0x46, 0x20, 0x6c, 0x69, 0x62, + 0x73, 0x70, 0x64, 0x6d, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, 0x30, + 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, + 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0x14, 0xdc, 0x60, 0x3b, 0x7a, 0x09, 0x8f, + 0x4c, 0x6c, 0xa9, 0xfd, 0x94, 0xe0, 0x22, 0xc5, 0xab, 0xe7, 0x56, 0x16, 0xf1, 0xa7, 0x60, + 0x84, 0x78, 0x64, 0x93, 0x6c, 0xc2, 0x66, 0xec, 0x5c, 0xb9, 0x96, 0xd2, 0x32, 0xfc, 0xac, + 0xfc, 0xd7, 0x22, 0x73, 0x59, 0xb7, 0x9d, 0xa8, 0x02, 0x79, 0x2f, 0xae, 0x44, 0xeb, 0xfd, + 0x84, 0xd9, 0x07, 0xb2, 0x66, 0xe0, 0x71, 0x3b, 0x8b, 0xe7, 0x22, 0xb7, 0x14, 0xbf, 0xe0, + 0x35, 0x90, 0x10, 0x26, 0x87, 0xcf, 0x22, 0x4b, 0xcf, 0xe3, 0x57, 0xb0, 0xb5, 0x04, 0x4e, + 0x05, 0x3b, 0x67, 0x8b, 0x7b, 0x1f, 0x64, 0x1c, 0xeb, 0x67, 0xba, 0x51, 0xe9, 0xa8, 0xa3, + 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x2d, + 0xe6, 0x2e, 0xba, 0x60, 0xd9, 0xec, 0xa1, 0x86, 0x3b, 0x78, 0xd8, 0x44, 0x81, 0xc0, 0xe7, + 0x1c, 0x99, 0x72, 0x97, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, + 0x80, 0x14, 0x2d, 0xe6, 0x2e, 0xba, 0x60, 0xd9, 0xec, 0xa1, 0x86, 0x3b, 0x78, 0xd8, 0x44, + 0x81, 0xc0, 0xe7, 0x1c, 0x99, 0x72, 0x97, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x03, 0x69, 0x00, 0x30, 0x66, 0x02, 0x31, 0x00, 0xc7, + 0x8c, 0x51, 0x68, 0x9f, 0x3e, 0x65, 0xb8, 0x97, 0x08, 0xbb, 0x34, 0x60, 0xe1, 0xe1, 0x4b, + 0x36, 0xc3, 0x07, 0xa9, 0xd6, 0x96, 0x4d, 0x50, 0x63, 0xf6, 0x80, 0xed, 0x3f, 0x0b, 0x84, + 0xe0, 0xb7, 0x03, 0x08, 0x12, 0xc8, 0x28, 0xbb, 0x5b, 0xc4, 0xcc, 0x8d, 0x0b, 0xff, 0x23, + 0x84, 0x59, 0x02, 0x31, 0x00, 0xdd, 0xf9, 0xa8, 0x3d, 0xf7, 0x1c, 0xe7, 0x7a, 0xf7, 0xd7, + 0x5c, 0xe2, 0x0b, 0xf8, 0x2b, 0xe5, 0x72, 0x5c, 0x4a, 0xfb, 0xd8, 0xdb, 0xba, 0x08, 0xf1, + 0x78, 0x94, 0x39, 0xdd, 0x0d, 0x3c, 0x1e, 0x1f, 0x00, 0x2a, 0x58, 0x51, 0x52, 0x5e, 0xb1, + 0x2f, 0xba, 0xe6, 0xb3, 0x7b, 0x95, 0xf5, 0x40, 0x30, 0x82, 0x01, 0xda, 0x30, 0x82, 0x01, + 0x61, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x30, 0x21, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x16, 0x44, 0x4d, 0x54, 0x46, 0x20, 0x6c, 0x69, 0x62, 0x73, 0x70, 0x64, + 0x6d, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, + 0x32, 0x33, 0x30, 0x34, 0x30, 0x33, 0x30, 0x35, 0x35, 0x35, 0x35, 0x33, 0x5a, 0x17, 0x0d, + 0x33, 0x33, 0x30, 0x33, 0x33, 0x31, 0x30, 0x35, 0x35, 0x35, 0x35, 0x33, 0x5a, 0x30, 0x30, + 0x31, 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x25, 0x44, 0x4d, 0x54, 0x46, + 0x20, 0x6c, 0x69, 0x62, 0x73, 0x70, 0x64, 0x6d, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, + 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, + 0x65, 0x72, 0x74, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xb8, 0x06, 0x8a, + 0xbd, 0x78, 0x64, 0xa2, 0x66, 0x69, 0x74, 0x09, 0xd8, 0xd9, 0x06, 0xfc, 0x53, 0xcf, 0x5e, + 0xe2, 0xc8, 0xd8, 0x43, 0x58, 0x33, 0xa5, 0x06, 0xff, 0x0f, 0xc0, 0xf8, 0xea, 0x14, 0x72, + 0xcc, 0x07, 0x33, 0xb8, 0xe4, 0xe3, 0xd6, 0x47, 0x23, 0x92, 0xaa, 0x7d, 0xb5, 0x4b, 0x2d, + 0xd5, 0x21, 0x3a, 0xd0, 0x2e, 0x2b, 0xec, 0x3e, 0x11, 0xba, 0x02, 0x47, 0x67, 0x51, 0xd5, + 0x1e, 0x98, 0x43, 0xf5, 0xf6, 0x0d, 0x3d, 0x89, 0x9b, 0x8f, 0x8d, 0xb0, 0xb3, 0x12, 0xe2, + 0xcf, 0xe9, 0xb1, 0xd6, 0x63, 0xa8, 0x7f, 0xe4, 0x0c, 0x13, 0x89, 0x7f, 0xae, 0xde, 0xcb, + 0x78, 0x6a, 0x79, 0xa3, 0x5e, 0x30, 0x5c, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, + 0x03, 0x02, 0x01, 0xfe, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0xe5, 0x58, 0x59, 0xd4, 0xb6, 0xbc, 0xf5, 0xb8, 0x90, 0xfc, 0xb3, 0xe6, 0x23, 0xcc, 0x48, + 0x0e, 0x0f, 0x70, 0x2a, 0xba, 0x30, 0x20, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, + 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, + 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x03, 0x67, 0x00, 0x30, 0x64, 0x02, 0x30, 0x0a, 0x92, + 0xa0, 0xdd, 0x8e, 0x1e, 0x23, 0x86, 0x39, 0x28, 0xc5, 0xd2, 0x7b, 0x43, 0x57, 0x1c, 0x54, + 0xc1, 0x98, 0xcd, 0x39, 0xe1, 0x5f, 0x2e, 0x9d, 0xcc, 0xf1, 0x49, 0x4a, 0x2c, 0x98, 0x77, + 0xe7, 0xad, 0x72, 0x2c, 0x79, 0x0e, 0x88, 0xcd, 0x39, 0x32, 0xca, 0x17, 0xc3, 0xa9, 0x1c, + 0xf6, 0x02, 0x30, 0x2b, 0x0c, 0x87, 0xa8, 0x96, 0x1d, 0xca, 0x9d, 0xa3, 0xbd, 0x20, 0xb9, + 0x50, 0x5f, 0xa1, 0x09, 0xa4, 0xca, 0x68, 0x23, 0x2a, 0x98, 0x6e, 0x34, 0x34, 0x68, 0xab, + 0x43, 0x31, 0x1f, 0xf0, 0x93, 0x3c, 0xa5, 0x96, 0x36, 0x58, 0xa4, 0x32, 0xf1, 0x43, 0xef, + 0x7f, 0xe5, 0x53, 0x45, 0x7a, 0x34, 0x30, 0x82, 0x02, 0x42, 0x30, 0x82, 0x01, 0xc8, 0xa0, + 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x03, 0x30, 0x30, 0x31, 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x25, 0x44, 0x4d, 0x54, 0x46, 0x20, 0x6c, 0x69, 0x62, 0x73, 0x70, 0x64, 0x6d, 0x20, + 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, + 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x33, + 0x30, 0x34, 0x30, 0x33, 0x30, 0x35, 0x35, 0x35, 0x35, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x33, + 0x30, 0x33, 0x33, 0x31, 0x30, 0x35, 0x35, 0x35, 0x35, 0x33, 0x5a, 0x30, 0x2d, 0x31, 0x2b, + 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x22, 0x44, 0x4d, 0x54, 0x46, 0x20, 0x6c, + 0x69, 0x62, 0x73, 0x70, 0x64, 0x6d, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x72, + 0x65, 0x71, 0x75, 0x73, 0x65, 0x74, 0x65, 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x76, + 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, + 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xb1, 0x01, 0xd6, 0x06, 0xe0, 0xa5, 0xe7, 0xd0, + 0xa9, 0xff, 0xd3, 0x72, 0x10, 0xdd, 0xfe, 0x5e, 0x15, 0x5a, 0x91, 0x69, 0xeb, 0x4e, 0x08, + 0x58, 0x2c, 0x54, 0xc9, 0xd9, 0x94, 0x26, 0xe3, 0xa3, 0x9f, 0x95, 0xb5, 0x71, 0xb1, 0x1c, + 0x3f, 0x59, 0x87, 0xdc, 0x5f, 0x54, 0xda, 0x04, 0x96, 0xa8, 0x24, 0x33, 0xfa, 0xd5, 0x90, + 0xc0, 0x04, 0xfc, 0x1d, 0x86, 0x51, 0x98, 0xbb, 0x6e, 0x20, 0x9e, 0x55, 0x13, 0xb3, 0xad, + 0x09, 0x01, 0xa8, 0x26, 0x71, 0x94, 0x9a, 0x87, 0xe0, 0x1a, 0x40, 0xbc, 0xe0, 0x2a, 0x62, + 0x6c, 0x1e, 0x92, 0xe6, 0xa9, 0xcd, 0x31, 0xf5, 0xa3, 0xbd, 0x27, 0xd4, 0x74, 0xa3, 0x81, + 0xb8, 0x30, 0x81, 0xb5, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, + 0xe0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x19, 0x40, 0xd6, + 0xb3, 0x45, 0xd7, 0x5c, 0x73, 0x18, 0xde, 0xc6, 0x0b, 0x37, 0x7a, 0x8d, 0x36, 0xd3, 0x48, + 0xd5, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x2a, 0x30, 0x28, 0xa0, 0x26, + 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1c, 0x82, 0x12, 0x01, 0xa0, 0x18, 0x0c, + 0x16, 0x41, 0x43, 0x4d, 0x45, 0x3a, 0x57, 0x49, 0x44, 0x47, 0x45, 0x54, 0x3a, 0x31, 0x32, + 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x25, + 0x01, 0x01, 0xff, 0x04, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x1a, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, + 0x01, 0x83, 0x1c, 0x82, 0x12, 0x06, 0x04, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, + 0x83, 0x1c, 0x82, 0x12, 0x02, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, + 0x03, 0x03, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x74, 0xfa, 0xc3, 0xe4, 0x62, 0x38, + 0x97, 0x0d, 0x36, 0x05, 0x98, 0xd0, 0x00, 0x8d, 0x9a, 0x28, 0xe3, 0xe7, 0xc2, 0x94, 0x29, + 0x97, 0xd2, 0x6b, 0xab, 0xea, 0x81, 0xb6, 0x95, 0xd8, 0xfb, 0x0f, 0x07, 0x41, 0xf9, 0x16, + 0x0f, 0x83, 0x6a, 0xac, 0x65, 0xe2, 0x70, 0xef, 0x69, 0x90, 0x18, 0x80, 0x02, 0x31, 0x00, + 0xa3, 0xda, 0x10, 0x14, 0xd7, 0x93, 0xb8, 0xd1, 0xbe, 0xf5, 0x6f, 0x1a, 0x10, 0xe8, 0x01, + 0xc0, 0x32, 0x42, 0x10, 0x9c, 0x4b, 0x68, 0xbf, 0x10, 0x86, 0x3b, 0xce, 0x15, 0x7e, 0xf5, + 0x7f, 0x3f, 0xba, 0x0f, 0x03, 0xb5, 0x2c, 0x34, 0x91, 0x9b, 0x74, 0x0a, 0x82, 0x53, 0xcf, + 0xa4, 0xe7, 0x53, + ]; + + fn new_cert() -> Result, ResolveError>{ + let algorithm = AlgorithmIdentifier { + algorithm: ID_EC_PUBKEY_OID, + parameters: Some(Any::new(Tag::ObjectIdentifier, SECP384R1_OID.as_bytes()).unwrap()), + }; + let rand = SystemRandom::new(); + let pkcs8_bytes = + EcdsaKeyPair::generate_pkcs8(&signature::ECDSA_P384_SHA384_ASN1_SIGNING, &rand) + .map_err(|_| 0); + let pkc8 = pkcs8_bytes.unwrap(); + let key_pair = ring::signature::EcdsaKeyPair::from_pkcs8( + &signature::ECDSA_P384_SHA384_ASN1_SIGNING, + pkc8.as_ref(), + ); + let key = &key_pair.unwrap(); + // print!("public key is {:?}\n",key.public_key()); + let x509_certificate = + x509::CertificateBuilder::new(algorithm, algorithm, key.public_key().as_ref())? + // 1970-01-01T00:00:00Z + .set_not_before(core::time::Duration::new(0, 0))? + // 9999-12-31T23:59:59Z + .set_not_after(core::time::Duration::new(253402300799, 0))? + .add_extension(Extension::new( + EXTENDED_KEY_USAGE, + Some(false), + Some(&[]), + )?)? + .add_extension(Extension::new( + EXTNID_VTPMTD_REPORT, + Some(false), + Some(&[]), + )?)? + .add_extension(Extension::new( + EXTNID_VTPMTD_EVENT_LOG, + Some(false), + Some(&[]), + )?)? + .build(); + + x509_certificate + .to_vec() + .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e))) + } + + #[test] + fn test_get_cert_from_cert_chain() { + let mut index = -1; + let cert_size = CERT_TEST.len(); + let mut res = get_cert_from_certchain(&CERT_TEST, index); + let mut offset = res.as_ref().unwrap().0; + let this_cert_len = res.as_ref().unwrap().1 - offset; + print!("res 0 is {}\n", res.as_ref().unwrap().0); + print!("res 0 is {}\n", res.as_ref().unwrap().1); + print!("this_cert_len = {}\n", this_cert_len); + assert_eq!(cert_size, res.as_ref().unwrap().1); + index = -2; + res = get_cert_from_certchain(&CERT_TEST, index); + assert!(res.is_err()); + index = 100; + res = get_cert_from_certchain(&CERT_TEST, index); + assert!(res.is_err()); + index = 0; + res = get_cert_from_certchain(&CERT_TEST, index); + offset = res.as_ref().unwrap().0; + let this_cert_len_1 = res.as_ref().unwrap().1 - offset; + print!("res 0 is {}\n", res.as_ref().unwrap().0); + print!("res 0 is {}\n", res.as_ref().unwrap().1); + assert_eq!(offset, 0); + assert_eq!(this_cert_len_1 < cert_size, true); + index = 1; + res = get_cert_from_certchain(&CERT_TEST, index); + offset = res.as_ref().unwrap().0; + let this_cert_len_2 = res.as_ref().unwrap().1 - offset; + print!("res 0 is {}\n", res.as_ref().unwrap().0); + print!("res 0 is {}\n", res.as_ref().unwrap().1); + assert_eq!(offset, this_cert_len_1); + assert_eq!(this_cert_len_2 < cert_size, true); + } + + #[test] + fn test_generate_ecdsa_keypairs() { + let res = generate_ecdsa_keypairs(); + assert_eq!(res.is_none(), false); + } + #[test] + fn test_verify_peer_cert_invalid_cert() { + let mut td_report_buf: [u8; 1024] = [00; 1024]; + let res = verify_peer_cert(&[], &mut td_report_buf); + assert!(res.is_err()); + } + + #[test] + fn test_verify_peer_cert() { + let mut td_report_buf: [u8; 1024] = [00; 1024]; + let res = verify_peer_cert(&CERT_TEST, &mut td_report_buf); + assert!(res.is_err()); + } + + #[test] + fn test_verify_peer_cert_invalid_buffer() { + let res = verify_peer_cert(&CERT_TEST, &mut []); + assert!(res.is_err()); + print!("error is {:?}\n", res.err()); + } + // #[test] + // fn test_generate_td_report(){ + // let mut public_key:[u8;48] = [0xdf;48]; + // let res = generate_td_report(&mut public_key); + // assert_eq!(res.is_err(),false); + // } + + // #[test] + // fn test_generate_certificate(){ + // let mut pkcs8 = generate_ecdsa_keypairs().expect("Failed to generate ecdsa keypair.\n"); + + // let mut key_pair = ring::signature::EcdsaKeyPair::from_pkcs8( + // &signature::ECDSA_P384_SHA384_ASN1_SIGNING, + // pkcs8.as_ref(), + // ); + // let mut key_pair = key_pair.unwrap(); + // let event_log :[u8;0x100] = [0xff;0x100]; + // let res = generate_certificate(&key_pair, &event_log); + // assert_eq!(res.is_err(),false); + // } + + // #[test] + // fn test_parse_extensions(){ + // let extn_id: ObjectIdentifier = ObjectIdentifier::new("2.5.29.37"); + // let extension = Extension::new(extn_id, Some(false), None).unwrap(); + // let extensios = vec![extension]; + // // let res = parse_extensions(); + // } +} \ No newline at end of file diff --git a/src/crypto/src/td_report.rs b/src/crypto/src/td_report.rs index 3575aef..b5735c5 100644 --- a/src/crypto/src/td_report.rs +++ b/src/crypto/src/td_report.rs @@ -89,3 +89,67 @@ pub fn verify_td_report(td_report: &[u8]) -> SpdmResult { Ok(()) } + +#[cfg(test)] +mod test { + use super::*; + use core::mem::size_of; + use core::mem::align_of; + + #[repr(align(256))] + struct TEST { + buf: [u8; TD_REPORT_MAC_SIZE], + } + + #[test] + fn test_tdx_report_mac_buf() { + + let test = TEST { + buf: [0u8; TD_REPORT_MAC_SIZE] + }; + let addres = test.buf.as_ptr() as *const u8 as usize; + print!("buffer is {:x}\n", addres); + let mut buffer = TdxReportMacBuf::new(); + // assert_eq!( + // buffer.report_mac_buf_start(), + // (buffer.start + buffer.offset) as u64 + // ); + buffer.adjust(); + print!("buffer is {:x}\n", buffer.start); + print!("buffer is {}\n", buffer.offset); + // let data = buffer.report_mac_buf_mut(); + // print!("len is {}\n", data.len()); + // // for d in data { + // // print!("d is {}\n",d); + // // } + // // assert_eq!(buffer.end, TD_REPORT_MAC_BUF_SIZE); + let mac_address = buffer.report_mac_buf_start(); + print!("buffer adddress is 0x{:x}\n", mac_address); + + let size = size_of::(); + print!("size is {}\n", size); + // print!("buffer start is 0x{:X}\n", buffer.start); + // print!( + // "buffer start + offset is 0x{:X}\n", + // buffer.start + buffer.offset + // ); + // print!("buffer offset is {}\n", buffer.offset); + // print!("buffer end is {}\n", buffer.end); + } + + #[test] + fn test_verify_td_report_error_data() { + let mut td_report: [u8; 0x1000] = [0xff; 0x1000]; + let res = verify_td_report(&mut td_report); + assert!(res.is_err()); + } + + #[test] + #[should_panic] + fn test_verify_td_report(){ + let mut td_report: [u8; 1024] = [0xff; 1024]; + let res = verify_td_report(&mut td_report); + assert!(res.is_err()); + } + +} \ No newline at end of file diff --git a/src/crypto/src/x509.rs b/src/crypto/src/x509.rs index 4a9b939..e3859bb 100644 --- a/src/crypto/src/x509.rs +++ b/src/crypto/src/x509.rs @@ -648,3 +648,246 @@ impl<'a> Sequence<'a> for Extension<'a> { } pub type ExtendedKeyUsage = alloc::vec::Vec; + + +#[cfg(test)] +mod test { + use super::*; + // use ring::pkcs8::Document; + use ring::rand::SystemRandom; + use ring::signature::{self, EcdsaKeyPair, KeyPair}; + use zerocopy::AsBytes; + const ID_EC_PUBKEY_OID: ObjectIdentifier = ObjectIdentifier::new("1.2.840.10045.2.1"); + const SECP384R1_OID: ObjectIdentifier = ObjectIdentifier::new("1.3.132.0.34"); + + #[test] + fn test_new_cert() { + let algorithm = AlgorithmIdentifier { + algorithm: ID_EC_PUBKEY_OID, + parameters: Some(Any::new(Tag::ObjectIdentifier, SECP384R1_OID.as_bytes()).unwrap()), + }; + + let rand = SystemRandom::new(); + let pkcs8_bytes = + EcdsaKeyPair::generate_pkcs8(&signature::ECDSA_P384_SHA384_ASN1_SIGNING, &rand) + .map_err(|_| 0); + let pkc8 = pkcs8_bytes.unwrap(); + let key_pair = ring::signature::EcdsaKeyPair::from_pkcs8( + &signature::ECDSA_P384_SHA384_ASN1_SIGNING, + pkc8.as_ref(), + ); + let key = key_pair.unwrap(); + print!("public key is {:?}\n",key.public_key()); + + let mut certificatebuilder = + CertificateBuilder::new(algorithm, algorithm, key.public_key().as_ref()); + print!("cert new is {}\n", certificatebuilder.is_err()); + assert_eq!(certificatebuilder.is_err(), false); + + // 1970-01-01T00:00:00Z + certificatebuilder = certificatebuilder + .unwrap() + .set_not_before(core::time::Duration::new(0, 0)); + + print!("cert set_not_before is {}\n", certificatebuilder.is_err()); + assert_eq!(certificatebuilder.is_err(), false); + // 9999-12-31T23:59:59Z + certificatebuilder = certificatebuilder + .unwrap() + .set_not_after(core::time::Duration::new(253402300799, 0)); + print!("cert set_not_after is {}\n", certificatebuilder.is_err()); + assert_eq!(certificatebuilder.is_err(), false); + + certificatebuilder = certificatebuilder + .unwrap() + .set_public_key(algorithm, key.public_key().as_ref()); + print!("cert set_public_key is {}\n", certificatebuilder.is_err()); + assert_eq!(certificatebuilder.is_err(), false); + + let extn_id: ObjectIdentifier = ObjectIdentifier::new("2.5.29.37"); + let value :[u8;0x100] = [0xff;0x100]; + let extension = Extension::new(extn_id, Some(false), Some(&value)); + certificatebuilder = certificatebuilder.unwrap().add_extension(extension.unwrap()); + + let mut sig_buf : alloc::vec::Vec = alloc::vec::Vec::new(); + let signer = |data: &[u8], sig_buf: &mut alloc::vec::Vec| { + let rand = SystemRandom::new(); + let signature = key.sign(&rand, data).unwrap(); + sig_buf.extend_from_slice(signature.as_ref()); + }; + certificatebuilder = certificatebuilder.unwrap().sign(&mut sig_buf, signer); + print!("cert sign is {}\n", certificatebuilder.is_err()); + assert_eq!(certificatebuilder.is_err(), false); + + let mut cert = certificatebuilder.unwrap().build(); + + let tb_cert = cert.tbs_certificate(); + print!("tb_cert signature is {:?}\n",tb_cert.signature); + assert_eq!(tb_cert.signature, algorithm); + + print!("cert {:?}\n", cert.tbs_certificate().validity.not_before); + print!("cert {:?}\n", cert.tbs_certificate().validity.not_after); + print!("Public key algorithm is {:?}\n", cert.tbs_certificate.subject_public_key_info.algorithm); + // print!("Public key info is {:?}\n", cert.tbs_certificate.subject_public_key_info.subject_public_key.raw_bytes()); + assert_eq!(cert.tbs_certificate.subject_public_key_info.algorithm,algorithm); + + let data = [0u8;100]; + let res = cert.set_signature(&data); + assert!(res.is_ok()); + + } + + #[test] + fn test_extension_new_none(){ + let extn_id: ObjectIdentifier = ObjectIdentifier::new("2.5.29.37"); + let extension = Extension::new(extn_id, Some(false), None); + print!("extension is {}\n",extension.is_err()); + print!("extension critical is {:?}\n",extension.unwrap().critical); + } + + #[test] + fn test_version(){ + let bytes:[u8;1] = [1;1]; + print!("len {}\n",bytes.as_bytes().len()); + let uinbytes = UIntBytes::new(&bytes).unwrap(); + let uinbytes_len = uinbytes.encoded_len().unwrap(); + print!("uinbytes_len {}\n",uinbytes_len); + let uinbytes_len = uinbytes.len(); + print!("uinbytes_len {}\n",uinbytes_len); + let version = Version(uinbytes); + let tag = version.tag(); + print!("tag number is {}\n",tag.number()); + print!("tag number is {}\n", tag.is_context_specific()); + assert_eq!(tag.number(), TagNumber::N0); + assert_eq!(tag.is_context_specific(), true); + let mut can_decode = Version::can_decode(tag); + print!("can_decode is {}\n",can_decode); + assert_eq!(can_decode,true); + let tag_false = Tag::ContextSpecific { constructed: false, number: TagNumber::new(0) }; + can_decode = Version::can_decode(tag_false); + print!("can_decode is {}\n",can_decode); + assert_eq!(can_decode,false); + let tag_n30 = Tag::ContextSpecific { constructed: true, number: TagNumber::new(30) }; + can_decode = Version::can_decode(tag_n30); + print!("can_decode is {}\n",can_decode); + assert_eq!(can_decode,false); + + + let der_len = version.encoded_len(); + assert_eq!(der_len.is_err(),false); + // assert_eq!(der_len.unwrap(), uinbytes_len + 3); + print!("der_len is {}\n",der_len.unwrap()); + + let bytes:[u8;1] = [0;1]; + print!("len {}\n",bytes.as_bytes().len()); + let uinbytes = UIntBytes::new(&bytes).unwrap(); + let version = Version(uinbytes); + let mut bytes = [0u8;10]; + let mut encode_data = der::Encoder::new(&mut bytes); + print!("encode_data is {:?}\n",encode_data); + let der_encode = version.encode(&mut encode_data); + print!("der_encode is {}\n",der_encode.is_err()); + + let buffer:[u8;10] = [0;10]; + let decoder_res = der::Decoder::new(&buffer); + print!("decoder_res is {}\n ",decoder_res.is_err()); + let mut decoder = decoder_res.unwrap(); + print!("none {}\n",decoder.is_failed()); + let res = decoder.any(); + print!("res is {}\n",res.is_err()); + let der = Version::decode(&mut decoder); + print!("der res is {}\n", der.is_err()); + + } + + #[test] + fn test_algorithm_identifier(){ + let algorithm = AlgorithmIdentifier { + algorithm: ID_EC_PUBKEY_OID, + parameters: Some(Any::new(Tag::ObjectIdentifier, SECP384R1_OID.as_bytes()).unwrap()), + }; + let binding = algorithm.to_vec().unwrap(); + let buffer= binding.as_slice(); + let mut decoder = der::Decoder::new(&buffer).unwrap(); + let res = AlgorithmIdentifier::decode(&mut decoder); + print!("res is {}\n", res.is_err()); + } + + #[test] + fn test_extension(){ + let mut extn_id: ObjectIdentifier = ObjectIdentifier::new("2.5.29.37"); + let value :[u8;0x100] = [0xff;0x100]; + let extension = Extension::new(extn_id, Some(false), Some(&value)); + assert_ne!(extension.is_err(),true); + assert_eq!(extension.as_ref().unwrap().extn_id,extn_id); + assert_eq!(extension.as_ref().unwrap().critical,Some(false)); + // assert_eq!(extension.unwrap().extn_value,Some(&value)); + extn_id = ObjectIdentifier::new("2.5.29.30"); + let extension = Extension::new(extn_id, Some(true), Some(&[])); + print!("extension is {}\n",extension.is_err()); + let buffer:[u8;1024] = [0xff;1024]; + let mut decoder = der::Decoder::new(&buffer).unwrap(); + let decode_extn = Extension::decode(&mut decoder); + print!("decode_extn is {}\n",decode_extn.is_err()); + } + + #[test] + fn test_strcut_extensions(){ + let extn_id: ObjectIdentifier = ObjectIdentifier::new("2.5.29.37"); + let value :[u8;0x100] = [0xff;0x100]; + let extension = Extension::new(extn_id, Some(false), Some(&value)).unwrap(); + let extensios = Extensions(vec![extension]); + + let tag = extensios.tag(); + assert_eq!(tag.number(),TagNumber::N3); + assert!(tag.is_context_specific()); + let mut can_decode = Extensions::can_decode(tag); + print!("can_decode is {}\n",can_decode); + assert_eq!(can_decode,true); + let tag_false = Tag::ContextSpecific { constructed: false, number: TagNumber::new(0) }; + can_decode = Extensions::can_decode(tag_false); + print!("can_decode is {}\n",can_decode); + assert_eq!(can_decode,false); + let tag_n30 = Tag::ContextSpecific { constructed: true, number: TagNumber::new(30) }; + can_decode = Extensions::can_decode(tag_n30); + print!("can_decode is {}\n",can_decode); + assert_eq!(can_decode,false); + let get_res = extensios.get(); + assert_eq!(get_res.get(0).unwrap().extn_id,extn_id); + assert_eq!(get_res.get(0).unwrap().critical,Some(false)); + + let encode_len_res = extensios.encoded_len(); + assert_ne!(encode_len_res.is_err(),true); + print!("encode_len_res is {}\n", encode_len_res.unwrap()); + + let mut bytes1 = [0u8;279]; + let mut encode_data = der::Encoder::new(&mut bytes1); + let mut encode_res = extensios.encode(&mut encode_data); + print!("encode_res {}\n",encode_res.is_err()); + assert!(encode_res.is_err()); + let mut bytes2 = [0u8;280]; + encode_data = der::Encoder::new(&mut bytes2); + encode_res = extensios.encode(&mut encode_data); + assert_ne!(encode_res.is_err(), true); + } + + #[test] + fn test_subject_publickeyinfo(){ + let algorithm = AlgorithmIdentifier { + algorithm: ID_EC_PUBKEY_OID, + parameters: Some(Any::new(Tag::ObjectIdentifier, SECP384R1_OID.as_bytes()).unwrap()), + }; + let public_key =[0u8;96]; + let subject_public_key_info = SubjectPublicKeyInfo { + algorithm, + subject_public_key: BitString::new(0, &public_key).unwrap(), + }; + print!("subject_public_key_info is {:?}\n",subject_public_key_info.encoded_len()); + // const EXAMPLE_MSG: &[u8] = hex::encode("0022FF"); + let buffer = [0u8;120]; + let mut decoder = der::Decoder::new(&buffer).unwrap(); + let res = SubjectPublicKeyInfo::decode(&mut decoder); + print!("res is {}\n",res.is_err()); + } + +} \ No newline at end of file