Merge pull request #89 from registreerocks/refactor-ecall-tests

test: clean up ECALL and web API tests

Author: PiDelport

Cargo.lock

@@ -39,6 +39,9 @@ insta = "1.7.1"
 sodalite = "0.4.0"
 uuid = "0.8.2"
 
+# Only for type name references. (This should match the version used by actix-web.)
+actix-http = "3.0.0-beta.6"
+
 [features]
 test = []
 

rtc_data_service/Cargo.toml

@@ -0,0 +1,18 @@
+//! Test ECALL: `local_attestation`
+
+use sgx_types::sgx_status_t;
+
+use crate::helpers;
+
+#[test]
+fn test_local_attestation_success() {
+    let auth_enclave = helpers::init_auth_enclave();
+    let data_enclave = helpers::init_data_enclave();
+
+    let res = data_enclave.local_attestation(auth_enclave.geteid());
+    assert_eq!(res, sgx_status_t::SGX_SUCCESS);
+
+    // TODO: Integration test for message sending
+    // We should consider moving the integration tests for enclave interaction into rtc_uenclave
+    // since these tests does not need anything from the data_service
+}

rtc_data_service/tests/ecalls/local_attestation.rs

@@ -0,0 +1,3 @@
+//! ECALL tests
+
+mod local_attestation;

rtc_data_service/tests/ecalls/mod.rs

@@ -0,0 +1,62 @@
+//! Shared test helpers
+
+mod types;
+
+use std::sync::Arc;
+
+use actix::Actor;
+use actix_web::App;
+
+use rtc_uenclave::{EnclaveConfig, RtcAuthEnclave, RtcDataEnclave};
+
+use rtc_data_service::auth_enclave_actor::AuthEnclaveActor;
+use rtc_data_service::data_enclave_actor::DataEnclaveActor;
+use rtc_data_service::data_upload::upload_file;
+use rtc_data_service::exec_token::req_exec_token;
+use rtc_data_service::handlers;
+
+/// Initialise a data enclave for testing.
+pub(crate) fn init_auth_enclave() -> RtcAuthEnclave<EnclaveConfig> {
+    RtcAuthEnclave::init(EnclaveConfig {
+        lib_path: "/root/rtc-data/rtc_auth_enclave/build/bin/enclave.signed.so".to_string(),
+        ..Default::default()
+    })
+    .unwrap()
+}
+
+/// Initialise a data enclave for testing.
+pub(crate) fn init_data_enclave() -> RtcDataEnclave<EnclaveConfig> {
+    RtcDataEnclave::init(EnclaveConfig {
+        lib_path: "/root/rtc-data/rtc_data_enclave/build/bin/enclave.signed.so".to_string(),
+        ..Default::default()
+    })
+    .unwrap()
+}
+
+/// Initialise an instance of our web API for testing.
+///
+/// This should (roughly) mirror our `HttpServer` definition in `http_server::main`.
+pub(crate) async fn init_rtc_service() -> impl types::WebService {
+    let app = App::new()
+        .data(init_auth_enclave_actor().start())
+        .data(init_data_enclave_actor().start())
+        .service(handlers::auth_enclave_attestation)
+        .service(handlers::data_enclave_attestation)
+        .service(upload_file)
+        .service(req_exec_token);
+    actix_web::test::init_service(app).await
+}
+
+fn init_auth_enclave_actor() -> AuthEnclaveActor {
+    AuthEnclaveActor::new(Arc::new(EnclaveConfig {
+        lib_path: "/root/rtc-data/rtc_auth_enclave/build/bin/enclave.signed.so".to_string(),
+        ..Default::default()
+    }))
+}
+
+fn init_data_enclave_actor() -> DataEnclaveActor {
+    DataEnclaveActor::new(Arc::new(EnclaveConfig {
+        lib_path: "/root/rtc-data/rtc_data_enclave/build/bin/enclave.signed.so".to_string(),
+        ..Default::default()
+    }))
+}

rtc_data_service/tests/exec_token.rs

@@ -0,0 +1,17 @@
+//! Helper type definitions
+
+use actix_http::body::Body;
+use actix_http::error::Error;
+use actix_http::Request;
+use actix_web::dev::{Service, ServiceResponse};
+
+/// Shorthand for the complicated [`Service`] type returned by [`actix_web::test::init_service`].
+///
+/// This uses the "trait aliasing" technique described here:
+/// <https://www.worthe-it.co.za/blog/2017-01-15-aliasing-traits-in-rust.html>
+pub(crate) trait WebService:
+    Service<Request, Response = ServiceResponse<Body>, Error = Error>
+{
+}
+
+impl<S> WebService for S where S: Service<Request, Response = ServiceResponse<Body>, Error = Error> {}

rtc_data_service/tests/helpers/mod.rs

@@ -0,0 +1,6 @@
+//! Top-level test module
+
+mod helpers;
+
+mod ecalls;
+mod web_api;

rtc_data_service/tests/helpers/types.rs

@@ -0,0 +1,25 @@
+use actix_web::test;
+
+use crate::helpers;
+
+#[actix_rt::test]
+async fn auth_service_attestation_ok() {
+    attestation_ok("/auth/attest").await;
+}
+
+#[actix_rt::test]
+async fn data_service_attestation_ok() {
+    attestation_ok("/data/attest").await;
+}
+
+async fn attestation_ok(uri_path: &str) {
+    let app = helpers::init_rtc_service().await;
+
+    let req = test::TestRequest::get().uri(uri_path).to_request();
+    let resp = test::call_service(&app, req).await;
+
+    insta::assert_debug_snapshot!(resp);
+
+    let body = test::read_body(resp).await;
+    insta::assert_debug_snapshot!(body);
+}

rtc_data_service/tests/main.rs

@@ -1,18 +1,16 @@
 //! Tests for [`rtc_data_service::data_upload`]
 
-use actix::Actor;
-use actix_web::{
-    test::{self, read_body},
-    App,
-};
-use rtc_data_service::data_enclave_actor::*;
-use rtc_data_service::data_upload::*;
-use rtc_uenclave::EnclaveConfig;
+use std::convert::TryInto;
+use std::path::Path;
+
 use sgx_types::sgx_target_info_t;
-use sodalite;
+
+use actix_web::test;
 use uuid::Uuid;
 
-use std::{convert::TryInto, path::Path, sync::Arc};
+use rtc_data_service::data_upload::models;
+
+use crate::helpers;
 
 // See rtc_tenclave/src/crypto.rs
 const CRYPTO_BOX_ZEROBYTES: usize = 32;
@@ -21,28 +19,11 @@ const CRYPTO_BOX_BOXZEROBYTES: usize = 16;
 /// Upload some data, decrypt and check the result.
 #[actix_rt::test]
 async fn data_service_data_upload_ok() {
-    // TODO: Split this test into re-usable components
-    let mut app = test::init_service(
-        App::new()
-            .data(
-                DataEnclaveActor::new(Arc::new(EnclaveConfig {
-                    lib_path: "/root/rtc-data/rtc_data_enclave/build/bin/enclave.signed.so"
-                        .to_string(),
-                    ..Default::default()
-                }))
-                .start(),
-            )
-            .service(upload_file),
-    )
-    .await;
+    let app = helpers::init_rtc_service().await;
 
     // TODO: Add a test that can run inside of the enclave and use the JWT token to get
     // the enclave key
-    let enclave = rtc_uenclave::RtcDataEnclave::init(EnclaveConfig {
-        lib_path: "/root/rtc-data/rtc_data_enclave/build/bin/enclave.signed.so".to_string(),
-        ..Default::default()
-    })
-    .unwrap();
+    let enclave = helpers::init_data_enclave();
 
     let enclave_pubkey = enclave
         .create_report(&sgx_target_info_t::default())
@@ -80,11 +61,11 @@ async fn data_service_data_upload_ok() {
         .set_json(&req_body)
         .to_request();
 
-    let resp = test::call_service(&mut app, req).await;
+    let resp = test::call_service(&app, req).await;
 
     assert!(resp.status().is_success());
 
-    let body: models::ResponseBody = serde_json::from_slice(&read_body(resp).await).unwrap();
+    let body: models::ResponseBody = serde_json::from_slice(&test::read_body(resp).await).unwrap();
 
     // NOTE: re-add padding since sodalite supports the C-style nacl api
     let mut m = vec![0_u8; body.ciphertext.len() + CRYPTO_BOX_BOXZEROBYTES];