opensource/cocos
1
0
Fork 0
mirror of https://github.com/ultravioletrs/cocos.git synced 2026-06-23 04:10:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
4e8057f481f6a23f70f9b617e388acf04041699c
cocos/pkg/sdk/agent.go
T
Sammy Kerata Oina 4e8057f481
CI / ci (push) Has been cancelled
Details
COCOS-460 - Restore test coverage to 65% (#465) 
* Implement IMAMeasurements method in agentSDK and add corresponding unit tests

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add unit tests for NewIMAMeasurements command in CLI

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add error assertion for command execution in NewIMAMeasurements test

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Fix nil pointer dereference in Close method and update NewCreateVMCmd logic for manager client initialization

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Refactor file permission settings to use octal notation and improve cleanup handling in NewCreateVMCmd test

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add comprehensive unit tests for state machine functionality

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add mock implementation for Algorithm interface and corresponding test cases

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Refactor file permission settings to use octal notation in TestStopComputationIntegration

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Remove redundant reset test cases from TestStateMachine_Reset

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Fix race condition in action call verification in TestStateMachine_HandleEvent

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Enhance state machine with reset functionality and improve thread safety in event handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Improve error handling in state machine start function during tests

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Remove concurrent reset and send event test from state machine tests

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Remove error logging for Start function in transition tests

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add mock implementations for AgentService_IMAMeasurementsClient and Service Shutdown method; enhance progress tests for IMA measurements handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add comprehensive tests for FileStorage functionality including loading, saving, and concurrent access

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Enhance tests by adding dataset and algorithm hashes in handleRunReqChunks; improve error handling in TestFileStorage_ErrorHandling cleanup

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Enhance TestManagerClient_Process by adding new test cases for Agent state and Disconnect requests; update setupMocks to include grpcClient

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Fix graceful shutdown in gRPC server by adding nil checks for health and server instances

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Enhance TestAttestation by adding mock expectations for VTpmAttestation and Attestation methods; update service call to include platform parameter

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Enhance gRPC Server by adding synchronization for start/stop methods; prevent multiple starts and ensure graceful shutdown

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add unit tests for gRPC server methods including VM creation, removal, and info retrieval

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add tests for SEVSNP and TDX host capabilities; remove unused vsock code

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add a newline for better readability in vm_test.go

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add integration tests for gRPC client in cvm_test.go

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Remove unused vsock dependencies and add comprehensive unit tests for GCP attestation functions

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Skip GCP tests if credentials are not set

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add tests for error handling in attestation configuration and GCP commands

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Improve error handling in Azure VM test response writing

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Skip tests in GCP functions if credentials are not set

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add comprehensive unit tests for Azure attestation provider and verifier

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add unit tests for TPM functionality and improve error handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add comprehensive tests for attestation functionality and improve error handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add validation for teeNonce in TeeAttestation and implement comprehensive tests for provider methods

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Refactor error messages in TDX attestation tests for clarity

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Fix error message in TeeAttestation test for valid nonce case

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add MeasurementProvider mock and update mockery configuration

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Add logging for product in parseUints and rename test functions for clarity

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Refactor TestSevsnpverify to reset configuration and improve error logging

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
2025-07-25 15:35:37 +02:00

240 lines
6.0 KiB
Go
Raw Blame History

// Copyright (c) Ultraviolet
// SPDX-License-Identifier: Apache-2.0
package sdk
import (
"context"
"crypto"
"crypto/ecdsa"
"crypto/ed25519"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"encoding/base64"
"os"
"strconv"
"github.com/absmach/magistrala/pkg/errors"
"github.com/ultravioletrs/cocos/agent"
"github.com/ultravioletrs/cocos/agent/api/grpc"
"github.com/ultravioletrs/cocos/agent/auth"
"github.com/ultravioletrs/cocos/pkg/progressbar"
"google.golang.org/grpc/metadata"
)
type SDK interface {
Algo(ctx context.Context, algorithm, requirements *os.File, privKey any) error
Data(ctx context.Context, dataset *os.File, filename string, privKey any) error
Result(ctx context.Context, privKey any, resultFile *os.File) error
Attestation(ctx context.Context, reportData [size64]byte, nonce [size32]byte, attType int, attestationFile *os.File) error
IMAMeasurements(ctx context.Context, resultFile *os.File) ([]byte, error)
AttestationResult(ctx context.Context, nonce [size32]byte, attType int, attestationFile *os.File) error
}
const (
size64 = 64
size32 = 32
algoProgressBarDescription = "Uploading algorithm"
dataProgressBarDescription = "Uploading data"
resultProgressDescription = "Downloading result"
attestationProgressDescription = "Downloading attestation"
imaMeasurementsProgressDescription = "Downloading Linux IMA measurements"
)
type agentSDK struct {
client agent.AgentServiceClient
}
func NewAgentSDK(agentClient agent.AgentServiceClient) SDK {
return &agentSDK{
client: agentClient,
}
}
func (sdk *agentSDK) Algo(ctx context.Context, algorithm, requirements *os.File, privKey any) error {
md, err := generateMetadata(string(auth.AlgorithmProviderRole), privKey)
if err != nil {
return err
}
for k, v := range md {
ctx = metadata.AppendToOutgoingContext(ctx, k, v[0])
}
stream, err := sdk.client.Algo(ctx)
if err != nil {
return err
}
pb := progressbar.New(false)
return pb.SendAlgorithm(algoProgressBarDescription, algorithm, requirements, stream)
}
func (sdk *agentSDK) Data(ctx context.Context, dataset *os.File, filename string, privKey any) error {
md, err := generateMetadata(string(auth.DataProviderRole), privKey)
if err != nil {
return err
}
for k, v := range md {
ctx = metadata.AppendToOutgoingContext(ctx, k, v[0])
}
stream, err := sdk.client.Data(ctx)
if err != nil {
return err
}
pb := progressbar.New(false)
return pb.SendData(dataProgressBarDescription, filename, dataset, stream)
}
func (sdk *agentSDK) Result(ctx context.Context, privKey any, resultFile *os.File) error {
request := &agent.ResultRequest{}
md, err := generateMetadata(string(auth.ConsumerRole), privKey)
if err != nil {
return err
}
ctx = metadata.NewOutgoingContext(ctx, md)
stream, err := sdk.client.Result(ctx, request)
if err != nil {
return err
}
incomingmd, err := stream.Header()
if err != nil {
return err
}
fileSizeStr := incomingmd.Get(grpc.FileSizeKey)
if len(fileSizeStr) == 0 {
fileSizeStr = append(fileSizeStr, "0")
}
fileSize, err := strconv.Atoi(fileSizeStr[0])
if err != nil {
return err
}
pb := progressbar.New(true)
return pb.ReceiveResult(resultProgressDescription, fileSize, stream, resultFile)
}
func (sdk *agentSDK) Attestation(ctx context.Context, reportData [size64]byte, nonce [size32]byte, attType int, attestationFile *os.File) error {
request := &agent.AttestationRequest{
TeeNonce: reportData[:],
VtpmNonce: nonce[:],
Type: int32(attType),
}
stream, err := sdk.client.Attestation(ctx, request)
if err != nil {
return err
}
incomingmd, err := stream.Header()
if err != nil {
return err
}
fileSizeStr := incomingmd.Get(grpc.FileSizeKey)
if len(fileSizeStr) == 0 {
fileSizeStr = append(fileSizeStr, "0")
}
fileSize, err := strconv.Atoi(fileSizeStr[0])
if err != nil {
return err
}
pb := progressbar.New(true)
return pb.ReceiveAttestation(attestationProgressDescription, fileSize, stream, attestationFile)
}
func (sdk *agentSDK) AttestationResult(ctx context.Context, nonce [size32]byte, attType int, attestationResultFile *os.File) error {
request := &agent.AttestationResultRequest{
TokenNonce: nonce[:],
Type: int32(attType),
}
result, err := sdk.client.AttestationResult(ctx, request)
if err != nil {
return errors.Wrap(errors.New("failed to fetch attestation token"), err)
}
_, err = attestationResultFile.Write(result.GetFile())
if err != nil {
return errors.Wrap(errors.New("failed to write attestation result to file"), err)
}
return nil
}
func (sdk *agentSDK) IMAMeasurements(ctx context.Context, resultFile *os.File) ([]byte, error) {
request := &agent.IMAMeasurementsRequest{}
stream, err := sdk.client.IMAMeasurements(ctx, request)
if err != nil {
return nil, err
}
incomingmd, err := stream.Header()
if err != nil {
return nil, err
}
fileSizeStr := incomingmd.Get(grpc.FileSizeKey)
if len(fileSizeStr) == 0 {
fileSizeStr = append(fileSizeStr, "0")
}
fileSize, err := strconv.Atoi(fileSizeStr[0])
if err != nil {
return nil, err
}
pb := progressbar.New(true)
return pb.ReceiveIMAMeasurements(imaMeasurementsProgressDescription, fileSize, stream, resultFile)
}
func signData(userID string, privKey crypto.Signer) ([]byte, error) {
var signature []byte
var err error
switch k := privKey.(type) {
case ed25519.PrivateKey:
signature, err = k.Sign(rand.Reader, []byte(userID), crypto.Hash(0))
case *rsa.PrivateKey, *ecdsa.PrivateKey:
hash := sha256.Sum256([]byte(userID))
signature, err = privKey.Sign(rand.Reader, hash[:], crypto.SHA256)
default:
return nil, errors.New("unsupported key type")
}
if err != nil {
return nil, err
}
return signature, nil
}
func generateMetadata(userID string, privateKey crypto.PrivateKey) (metadata.MD, error) {
signature, err := signData(userID, privateKey.(crypto.Signer))
if err != nil {
return nil, err
}
kv := make(map[string]string)
kv[auth.UserMetadataKey] = userID
kv[auth.SignatureMetadataKey] = base64.StdEncoding.EncodeToString(signature)
return metadata.New(kv), nil
}
Reference in New Issue View Git Blame Copy Permalink