Skip to content

Commit

Permalink
Create foundation for integration testing of oak containers attestati…
Browse files Browse the repository at this point in the history 
…on logic

Bug: 347970899
Change-Id: Ibc5ab51fa3fc6e0c36033c3fdabcaf4500d93cad
  • Loading branch information
@jul-sh
jul-sh committed Sep 18, 2024
1 parent a0aca61 commit 9caad4e
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 18 deletions.
2 changes: 2 additions & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions oak_containers_sdk/BUILD
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,10 @@ rust_library(
],
deps = [
"//oak_crypto",
"//oak_dice",
"//oak_proto_rust",
"//oak_proto_rust/grpc",
"//stage0_dice",
"@oak_crates_index//:anyhow",
"@oak_crates_index//:async-stream",
"@oak_crates_index//:prost",
Expand Down
2 changes: 2 additions & 0 deletions oak_containers_sdk/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@ oak_grpc_utils = { workspace = true }
[dependencies]
anyhow = "*"
async-trait = { version = "*", default-features = false }
oak_dice = { workspace = true }
oak_proto_rust = { workspace = true }
oak_grpc = { workspace = true }
oak_crypto = { workspace = true }
oak_stage0_dice = { workspace = true }
prost = "*"
prost-types = "*"
tokio = { version = "*", features = ["rt-multi-thread", "macros", "sync"] }
Expand Down
25 changes: 25 additions & 0 deletions oak_containers_sdk/src/standalone.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,31 @@ use oak_proto_rust::oak::{
pub fn standalone_endorsed_evidence_containing_only_public_keys(
public_key: impl Into<Vec<u8>>,
) -> EndorsedEvidence {
// TODO: b/347970899 - Create mock events and dice data for the subsequent
// layers.
let (mut _mock_event_log, _mock_stage0_dice_data): (
oak_proto_rust::oak::attestation::v1::EventLog,
oak_dice::evidence::Stage0DiceData,
) = {
let mut mock_stage0_measurements = oak_stage0_dice::Measurements::default();
let (mock_event_log, stage0_event_sha2_256_digest) = oak_stage0_dice::generate_event_log(
mock_stage0_measurements.kernel_sha2_256_digest.to_vec(),
mock_stage0_measurements.acpi_sha2_256_digest.to_vec(),
mock_stage0_measurements.memory_map_sha2_256_digest.to_vec(),
mock_stage0_measurements.ram_disk_sha2_256_digest.to_vec(),
mock_stage0_measurements.setup_data_sha2_256_digest.to_vec(),
mock_stage0_measurements.cmdline.clone(),
);
mock_stage0_measurements.event_sha2_256_digest = stage0_event_sha2_256_digest;
let (stage0_dice_data, _) = oak_stage0_dice::generate_dice_data(
&mock_stage0_measurements,
oak_stage0_dice::mock_attestation_report,
oak_stage0_dice::mock_derived_key,
oak_dice::evidence::TeePlatform::None,
oak_proto_rust::oak::attestation::v1::EventLog::default(),
);
(mock_event_log, stage0_dice_data)
};
EndorsedEvidence {
evidence: Some(Evidence {
// TODO: b/347970899 - Create something here that will be compatible with the
Expand Down
39 changes: 21 additions & 18 deletions oak_restricted_kernel_sdk/src/testing.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ use oak_crypto::{
encryption_key::{EncryptionKey, EncryptionKeyHandle},
hpke::RecipientContext,
};
use oak_dice::evidence::{Evidence, RestrictedKernelDiceData, TeePlatform};
use oak_dice::evidence::{Evidence, RestrictedKernelDiceData, Stage0DiceData, TeePlatform};
use oak_proto_rust::oak::{
attestation::v1::{ApplicationLayerData, EventLog},
crypto::v1::Signature,
Expand All @@ -48,23 +48,26 @@ lazy_static::lazy_static! {
}

fn get_mock_dice_data_and_event_log() -> (RestrictedKernelDiceData, Vec<u8>) {
let mut mock_stage0_measurements = oak_stage0_dice::Measurements::default();
let (mut mock_event_log, stage0_event_sha2_256_digest) = oak_stage0_dice::generate_event_log(
mock_stage0_measurements.kernel_sha2_256_digest.to_vec(),
mock_stage0_measurements.acpi_sha2_256_digest.to_vec(),
mock_stage0_measurements.memory_map_sha2_256_digest.to_vec(),
mock_stage0_measurements.ram_disk_sha2_256_digest.to_vec(),
mock_stage0_measurements.setup_data_sha2_256_digest.to_vec(),
mock_stage0_measurements.cmdline.clone(),
);
mock_stage0_measurements.event_sha2_256_digest = stage0_event_sha2_256_digest;
let (stage0_dice_data, _) = oak_stage0_dice::generate_dice_data(
&mock_stage0_measurements,
oak_stage0_dice::mock_attestation_report,
oak_stage0_dice::mock_derived_key,
TeePlatform::None,
EventLog::default(),
);
let (mut mock_event_log, stage0_dice_data): (EventLog, Stage0DiceData) = {
let mut mock_stage0_measurements = oak_stage0_dice::Measurements::default();
let (mock_event_log, stage0_event_sha2_256_digest) = oak_stage0_dice::generate_event_log(
mock_stage0_measurements.kernel_sha2_256_digest.to_vec(),
mock_stage0_measurements.acpi_sha2_256_digest.to_vec(),
mock_stage0_measurements.memory_map_sha2_256_digest.to_vec(),
mock_stage0_measurements.ram_disk_sha2_256_digest.to_vec(),
mock_stage0_measurements.setup_data_sha2_256_digest.to_vec(),
mock_stage0_measurements.cmdline.clone(),
);
mock_stage0_measurements.event_sha2_256_digest = stage0_event_sha2_256_digest;
let (stage0_dice_data, _) = oak_stage0_dice::generate_dice_data(
&mock_stage0_measurements,
oak_stage0_dice::mock_attestation_report,
oak_stage0_dice::mock_derived_key,
TeePlatform::None,
EventLog::default(),
);
(mock_event_log, stage0_dice_data)
};

let application_digest = oak_restricted_kernel_dice::DigestSha2_256::default();
let application_event = oak_proto_rust::oak::attestation::v1::Event {
Expand Down

0 comments on commit 9caad4e

Please sign in to comment.