mirror of
https://github.com/ultravioletrs/cocos.git
synced 2026-06-23 04:10:25 +00:00
Jovan Djukic
27db9b29eb
CI / lint (push) Has been cancelled
CI / test (agent) (push) Has been cancelled
CI / test (cli) (push) Has been cancelled
CI / test (cmd) (push) Has been cancelled
CI / test (internal) (push) Has been cancelled
CI / test (manager, true) (push) Has been cancelled
CI / test (pkg) (push) Has been cancelled
CI / upload-coverage (push) Has been cancelled
* Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commitd81d67e73d. * Revert "Bug" This reverts commit5e566d53c1. * Revert "Possible bug" This reverts commit47d13fe583. * Revert "Possible IGVM script bug" This reverts commit3fb1b79537. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commitf9f11ed183. * Revert "Added command for installing all services" This reverts commit5dcf7a5c0a. * NOISSUE - Enforce binding label check (#589) * NOISSUE - Implement extensible resource downloader framework with support for S3, GCS, and OCI sources (#590) * feat: implement extensible resource downloader framework with support for S3, GCS, and OCI sources Signed-off-by: SammyOina <sammyoina@gmail.com> * refactor: improve resource URL parsing and add support for bare OCI image references Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix: add empty string check and slash requirement for OCI image inference, and update python unit tests with event mock expectations Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: introduce OCIClient interface, add test coverage for decryption, and improve resource download error handling Signed-off-by: Sammy Oina <sammyoina@gmail.com> * chore: remove trailing whitespace in OCI downloader and HTTP tests Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: SammyOina <sammyoina@gmail.com> Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Refactored baed on comments * Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commitd81d67e73d. * Revert "Bug" This reverts commit5e566d53c1. * Revert "Possible bug" This reverts commit47d13fe583. * Revert "Possible IGVM script bug" This reverts commit3fb1b79537. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commitf9f11ed183. * Revert "Added command for installing all services" This reverts commit5dcf7a5c0a. * Refactored baed on comments * fixed lint error * fixed tests * Fixed according to comments * COCOS-584 - Support multiple kbs (#587) * feat: Implement per-resource KBS configuration, allowing algorithms and datasets to specify individual KBS URLs. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: Encapsulate CLI error handling and CVM certificate paths within the CLI struct, and add algorithm type to agent's algorithm structure. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * style: Remove blank lines and fix indentation in CLI commands. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: Update downloadAndDecryptGenericResource to accept KBS URL as a parameter and adjust related tests Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: group CLI configuration into structured types and simplify skopeo decryption key handling Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commitd81d67e73d. * Revert "Bug" This reverts commit5e566d53c1. * Revert "Possible bug" This reverts commit47d13fe583. * Revert "Possible IGVM script bug" This reverts commit3fb1b79537. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commitf9f11ed183. * Revert "Added command for installing all services" This reverts commit5dcf7a5c0a. * Refactored baed on comments * Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commitd81d67e73d. * Revert "Bug" This reverts commit5e566d53c1. * Revert "Possible bug" This reverts commit47d13fe583. * Revert "Possible IGVM script bug" This reverts commit3fb1b79537. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commitf9f11ed183. * Revert "Added command for installing all services" This reverts commit5dcf7a5c0a. * Refactored baed on comments * fixed lint error * fixed tests * Fixed according to comments --------- Signed-off-by: SammyOina <sammyoina@gmail.com> Signed-off-by: Sammy Oina <sammyoina@gmail.com> Co-authored-by: Danko Miladinovic <72250944+danko-miladinovic@users.noreply.github.com> Co-authored-by: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com>
84 lines
2.2 KiB
Go
84 lines
2.2 KiB
Go
// Copyright (c) Ultraviolet
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"io"
|
|
"log/slog"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
attestationpb "github.com/ultravioletrs/cocos/internal/proto/attestation/v1"
|
|
"github.com/ultravioletrs/cocos/pkg/attestation"
|
|
attestationgpu "github.com/ultravioletrs/cocos/pkg/attestation/gpu"
|
|
)
|
|
|
|
func TestRequestNonce(t *testing.T) {
|
|
req := &attestationpb.AttestationRequest{
|
|
ReportData: []byte("report"),
|
|
Nonce: []byte("nonce"),
|
|
}
|
|
|
|
assert.Equal(t, []byte("nonce"), requestNonce(req))
|
|
|
|
req.Nonce = nil
|
|
assert.Equal(t, []byte("report"), requestNonce(req))
|
|
}
|
|
|
|
func TestDeriveComponentNonce(t *testing.T) {
|
|
sessionNonce := []byte("session-nonce")
|
|
|
|
gpuNonce := deriveComponentNonce(sessionNonce, "gpu")
|
|
gpuNonceAgain := deriveComponentNonce(sessionNonce, "gpu")
|
|
teeNonce := deriveComponentNonce(sessionNonce, "tee")
|
|
|
|
assert.Len(t, gpuNonce, 32)
|
|
assert.Equal(t, gpuNonce, gpuNonceAgain)
|
|
assert.NotEqual(t, gpuNonce, teeNonce)
|
|
}
|
|
|
|
func TestShouldCollectGPU(t *testing.T) {
|
|
assert.True(t, shouldCollectGPU(attestation.SNP))
|
|
assert.True(t, shouldCollectGPU(attestation.SNPvTPM))
|
|
assert.True(t, shouldCollectGPU(attestation.TDX))
|
|
assert.False(t, shouldCollectGPU(attestation.VTPM))
|
|
assert.False(t, shouldCollectGPU(attestation.NoCC))
|
|
}
|
|
|
|
func TestNewGPUCollector(t *testing.T) {
|
|
collector, err := newGPUCollector(config{})
|
|
assert.NoError(t, err)
|
|
assert.Nil(t, collector)
|
|
|
|
collector, err = newGPUCollector(config{
|
|
GPUHelperPath: "/tmp/helper",
|
|
GPUHelperTimeout: 0,
|
|
})
|
|
assert.NoError(t, err)
|
|
assert.NotNil(t, collector)
|
|
}
|
|
|
|
func TestClaimOptions_SkipsOptionalGPUFailure(t *testing.T) {
|
|
svc := &service{
|
|
logger: slog.New(slog.NewTextHandler(io.Discard, nil)),
|
|
gpuCollector: failingCollector{},
|
|
}
|
|
|
|
req := &attestationpb.AttestationRequest{
|
|
ReportData: []byte("report-data"),
|
|
Nonce: []byte("nonce-data"),
|
|
}
|
|
|
|
opts, err := svc.claimOptions(context.Background(), req, attestation.TDX)
|
|
assert.NoError(t, err)
|
|
assert.Empty(t, opts)
|
|
}
|
|
|
|
type failingCollector struct{}
|
|
|
|
func (failingCollector) Collect(context.Context, []byte) (*attestationgpu.Evidence, error) {
|
|
return nil, assert.AnError
|
|
}
|