microsoft
/
Azure-DCAP-Client
зеркало из https://github.com/microsoft/Azure-DCAP-Client.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Updating the return code for windows in case curl errors out and adding test cases for the same. (#159) 

* Updating the return code for windows in case curl errors out and adding test cases for the same.

* Resolving comments from last iteration.

* Running root command for initial setup of oeapkman tests before sample tests run.

* updating return code range mapping between http return code and Azure Dcap.
This commit is contained in:
msft-gumunjal 2022-07-07 09:42:36 -07:00 коммит произвёл GitHub
Родитель 723a6f38d1
Коммит 13e3a1da21
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
5 изменённых файлов: 70 добавлений и 4 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
.jenkins/Jenkinsfile поставляемый
Просмотреть файл

@ -120,6 +120,7 @@ def ACCTestOeRelease(String label, String version) {
sudo dpkg -i ${WORKSPACE}/src/az-dcap-client_*_amd64.deb sudo dpkg -i ${WORKSPACE}/src/az-dcap-client_*_amd64.deb
sudo apt-get update sudo apt-get update
sudo apt-get install -y open-enclave sudo apt-get install -y open-enclave
/opt/openenclave/bin/oeapkman root
. /opt/openenclave/share/openenclave/openenclaverc . /opt/openenclave/share/openenclave/openenclaverc
cp -r /opt/openenclave/share/openenclave/samples/ ~/samples cp -r /opt/openenclave/share/openenclave/samples/ ~/samples
for DIR in \$(find ~/samples/* -maxdepth 0 -type d); do for DIR in \$(find ~/samples/* -maxdepth 0 -type d); do
@ -135,7 +136,7 @@ def ACCTestOeRelease(String label, String version) {
else else
{ {
dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx:/dev/sgx --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket") dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx:/dev/sgx --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
} }
} }
} }
} }

1
.jenkins/JenkinsfileTestLinuxRelease
Просмотреть файл

@ -87,6 +87,7 @@ def ACCTestOeRelease(String label, String version) {
sudo apt-get upgrade -y az-dcap-client sudo apt-get upgrade -y az-dcap-client
sudo apt-get update sudo apt-get update
sudo apt-get install -y open-enclave sudo apt-get install -y open-enclave
/opt/openenclave/bin/oeapkman root
. /opt/openenclave/share/openenclave/openenclaverc . /opt/openenclave/share/openenclave/openenclaverc
cp -r /opt/openenclave/share/openenclave/samples/ ~/samples cp -r /opt/openenclave/share/openenclave/samples/ ~/samples
for DIR in \$(find ~/samples/* -maxdepth 0 -type d); do for DIR in \$(find ~/samples/* -maxdepth 0 -type d); do

59
src/UnitTest/test_quote_prov.cpp
Просмотреть файл

@ -114,6 +114,9 @@ const uint16_t custom_param_length = 45;
const char *custom_param = "tcbEvaluationDataNumber=11;region=us central"; const char *custom_param = "tcbEvaluationDataNumber=11;region=us central";
std::string tcbEvaluationDataNumber = "11"; std::string tcbEvaluationDataNumber = "11";
const uint16_t incorrect_custom_param_length = 24;
const char* incorrect_custom_param = "tcbEvaluationDataNum=11";
// Test input (choose an arbitrary Azure server) // Test input (choose an arbitrary Azure server)
static uint8_t qe_id[16] = { static uint8_t qe_id[16] = {
0x00, 0x00,
@ -598,6 +601,25 @@ static void GetVerificationCollateralTestWithParams()
VerifyCollateral(collateral); VerifyCollateral(collateral);
} }
//
// Validates the return code if curl request to the THIM service failed.
//
static void GetVerificationCollateralTestWithIncorrectParams()
{
// Test input (choose an arbitrary Azure server)
sgx_ql_qve_collateral_t* collateral = nullptr;
nlohmann::json json_body;
quote3_error_t result = sgx_ql_get_quote_verification_collateral_with_params(
TEST_FMSPC,
sizeof(TEST_FMSPC),
"processor",
incorrect_custom_param,
incorrect_custom_param_length,
&collateral);
ASSERT_TRUE(SGX_QL_NO_QUOTE_COLLATERAL_DATA == result);
}
// //
// Fetches and validates verification APIs of QPL // Fetches and validates verification APIs of QPL
// //
@ -645,6 +667,22 @@ static void GetVerificationCollateralTestICXV3WithParams()
VerifyCollateral(collateral); VerifyCollateral(collateral);
} }
//
// Validates the return code if curl request to the THIM service failed.
//
static void GetVerificationCollateralTestICXV3WithIncorrectParams()
{
sgx_ql_qve_collateral_t* collateral = nullptr;
quote3_error_t result = sgx_ql_get_quote_verification_collateral_with_params(
ICX_TEST_FMSPC,
sizeof(ICX_TEST_FMSPC),
"platform",
incorrect_custom_param,
incorrect_custom_param_length,
&collateral);
ASSERT_TRUE(SGX_QL_NO_QUOTE_COLLATERAL_DATA == result);
}
static boolean GetQveIdentityTest() static boolean GetQveIdentityTest()
{ {
boolean TEST_SUCCESS = false; boolean TEST_SUCCESS = false;
@ -1153,6 +1191,7 @@ TEST(testQuoteProv, quoteProviderTestsV2DataFromService)
SetupEnvironment("v2"); SetupEnvironment("v2");
SetupEnvironmentToReachSecondary(); SetupEnvironmentToReachSecondary();
ASSERT_TRUE(RunQuoteProviderTests()); ASSERT_TRUE(RunQuoteProviderTests());
ASSERT_TRUE(RunQuoteProviderTestsWithCustomParams());
ASSERT_TRUE(GetQveIdentityTest()); ASSERT_TRUE(GetQveIdentityTest());
#if defined __LINUX__ #if defined __LINUX__
@ -1172,6 +1211,7 @@ TEST(testQuoteProv, quoteProviderTestsV2Data)
// //
SetupEnvironment("v2"); SetupEnvironment("v2");
ASSERT_TRUE(RunQuoteProviderTests()); ASSERT_TRUE(RunQuoteProviderTests());
ASSERT_TRUE(RunQuoteProviderTestsWithCustomParams());
ASSERT_TRUE(GetQveIdentityTest()); ASSERT_TRUE(GetQveIdentityTest());
#if defined __LINUX__ #if defined __LINUX__
@ -1224,6 +1264,25 @@ TEST(testQuoteProv, quoteProviderTestsV3Data)
#endif #endif
} }
TEST(testQuoteProv, quoteProviderTestsWithIncorrectCustomParam)
{
libary_type_t library = LoadFunctions();
ASSERT_TRUE(SGX_PLAT_ERROR_OK == sgx_ql_set_logging_function(Log));
//
// Get the data from the service
//
SetupEnvironment("v2");
GetVerificationCollateralTestWithIncorrectParams();
SetupEnvironment("v3");
GetVerificationCollateralTestICXV3WithIncorrectParams();
#if defined __LINUX__
dlclose(library);
#else
FreeLibrary(library);
#endif
}
TEST(testQuoteProv, testWithoutLogging) TEST(testQuoteProv, testWithoutLogging)
{ {
libary_type_t library = LoadFunctions(); libary_type_t library = LoadFunctions();

3
src/Windows/curl_easy.cpp
Просмотреть файл

@ -309,8 +309,7 @@ void curl_easy::perform() const
} }
DWORD response_code = get_response_code(); DWORD response_code = get_response_code();
if (response_code >= HTTP_STATUS_BAD_REQUEST && if (response_code >= HTTP_STATUS_BAD_REQUEST)
response_code <= HTTP_STATUS_SERVER_ERROR)
{ {
log(SGX_QL_LOG_INFO, log(SGX_QL_LOG_INFO,
"HTTP Error (%d) on curl->perform() request", "HTTP Error (%d) on curl->perform() request",

8
src/dcap_provider.cpp
Просмотреть файл

@ -1255,9 +1255,15 @@ static quote3_error_t get_collateral(
"curl error thrown, error code: %x: %s", "curl error thrown, error code: %x: %s",
error.code, error.code,
error.what()); error.what());
return error.code == CURLE_HTTP_RETURNED_ERROR #ifdef __LINUX__
return error.code == CURLE_HTTP_RETURNED_ERROR
? SGX_QL_NO_QUOTE_COLLATERAL_DATA ? SGX_QL_NO_QUOTE_COLLATERAL_DATA
: SGX_QL_NETWORK_ERROR; : SGX_QL_NETWORK_ERROR;
#else
return error.code == WINHTTP_ERROR_BASE
? SGX_QL_NO_QUOTE_COLLATERAL_DATA
: SGX_QL_NETWORK_ERROR;
#endif
} }
} }