926 lines
32 KiB
C
926 lines
32 KiB
C
#include "amduat/enc/fer1_receipt.h"
|
|
#include "amduat/fer/receipt.h"
|
|
#include "amduat/pel/run.h"
|
|
|
|
#include <stdbool.h>
|
|
#include <stdint.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
static const uint8_t k_expected_receipt_bytes[] = {
|
|
0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x11, 0x11, 0x11, 0x11,
|
|
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
|
|
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
|
|
0x11, 0x11, 0x11, 0x11, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x22, 0x22,
|
|
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
|
|
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
|
|
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01,
|
|
0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
|
|
0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
|
|
0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, 0x06,
|
|
0x74, 0x65, 0x73, 0x74, 0x65, 0x72, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x00, 0x00, 0x00, 0x02,
|
|
0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50,
|
|
0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50,
|
|
0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50,
|
|
0x50, 0x50, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x51, 0x51, 0x51, 0x51,
|
|
0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51,
|
|
0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51,
|
|
0x51, 0x51, 0x51, 0x51, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x22,
|
|
0x00, 0x01, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50,
|
|
0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50,
|
|
0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x00, 0x00,
|
|
0x00, 0x22, 0x00, 0x01, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x60, 0x60, 0x60, 0x60, 0x60,
|
|
0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60,
|
|
0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60,
|
|
0x60, 0x60, 0x60, 0x00, 0x00, 0x00, 0x03, 0xaa, 0xbb, 0xcc, 0x00, 0x00,
|
|
0x00, 0x22, 0x00, 0x01, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51,
|
|
0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51,
|
|
0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51,
|
|
0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14
|
|
};
|
|
|
|
static const uint8_t k_expected_receipt_helper_bytes[] = {
|
|
0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x11, 0x11, 0x11, 0x11,
|
|
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
|
|
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
|
|
0x11, 0x11, 0x11, 0x11, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x22, 0x22,
|
|
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
|
|
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
|
|
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01,
|
|
0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
|
|
0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
|
|
0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, 0x06,
|
|
0x74, 0x65, 0x73, 0x74, 0x65, 0x72, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x00, 0x00, 0x00, 0x01,
|
|
0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50,
|
|
0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50,
|
|
0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50,
|
|
0x50, 0x50, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01,
|
|
0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50,
|
|
0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50,
|
|
0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x00, 0x00, 0x00, 0x22,
|
|
0x00, 0x01, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
|
|
0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14,
|
|
};
|
|
|
|
static void fill_digest(uint8_t *out, uint8_t value) {
|
|
memset(out, value, 32);
|
|
}
|
|
|
|
static amduat_reference_t make_ref(uint8_t value, uint8_t *storage) {
|
|
fill_digest(storage, value);
|
|
return amduat_reference(0x0001, amduat_octets(storage, 32));
|
|
}
|
|
|
|
static bool bytes_equal(amduat_octets_t bytes,
|
|
const uint8_t *expected,
|
|
size_t expected_len) {
|
|
if (bytes.len != expected_len) {
|
|
return false;
|
|
}
|
|
if (bytes.len == 0) {
|
|
return true;
|
|
}
|
|
return memcmp(bytes.data, expected, expected_len) == 0;
|
|
}
|
|
|
|
static int test_receipt_round_trip(void) {
|
|
amduat_fer1_receipt_t receipt;
|
|
amduat_octets_t encoded;
|
|
amduat_octets_t mutated;
|
|
amduat_fer1_receipt_t decoded;
|
|
amduat_reference_t executor_refs[2];
|
|
amduat_fer1_parity_entry_t parity[2];
|
|
uint8_t f0[32], i0[32], e0[32], o0[32];
|
|
uint8_t ex0[32], ex1[32], sb0[32];
|
|
uint8_t digest0[] = {0xaa, 0xbb, 0xcc};
|
|
int exit_code = 1;
|
|
|
|
memset(&receipt, 0, sizeof(receipt));
|
|
receipt.fer1_version = 1;
|
|
receipt.function_ref = make_ref(0x11, f0);
|
|
receipt.input_manifest_ref = make_ref(0x22, i0);
|
|
receipt.environment_ref = make_ref(0x33, e0);
|
|
receipt.evaluator_id = amduat_octets("tester", 6);
|
|
receipt.output_ref = make_ref(0x44, o0);
|
|
receipt.started_at = 10;
|
|
receipt.completed_at = 20;
|
|
|
|
executor_refs[0] = make_ref(0x50, ex0);
|
|
executor_refs[1] = make_ref(0x51, ex1);
|
|
receipt.executor_refs = executor_refs;
|
|
receipt.executor_refs_len = 2;
|
|
|
|
memset(parity, 0, sizeof(parity));
|
|
parity[0].executor_ref = executor_refs[0];
|
|
parity[0].output_ref = receipt.output_ref;
|
|
parity[0].has_sbom_ref = true;
|
|
parity[0].sbom_ref = make_ref(0x60, sb0);
|
|
parity[0].parity_digest = amduat_octets(digest0, sizeof(digest0));
|
|
|
|
parity[1].executor_ref = executor_refs[1];
|
|
parity[1].output_ref = receipt.output_ref;
|
|
parity[1].has_sbom_ref = false;
|
|
parity[1].parity_digest = amduat_octets(NULL, 0);
|
|
|
|
receipt.parity = parity;
|
|
receipt.parity_len = 2;
|
|
|
|
if (!amduat_enc_fer1_receipt_encode_v1(&receipt, &encoded)) {
|
|
fprintf(stderr, "encode failed\n");
|
|
return exit_code;
|
|
}
|
|
|
|
if (!bytes_equal(encoded, k_expected_receipt_bytes,
|
|
sizeof(k_expected_receipt_bytes))) {
|
|
fprintf(stderr, "encoded bytes mismatch\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
if (!amduat_enc_fer1_receipt_decode_v1(encoded, &decoded)) {
|
|
fprintf(stderr, "decode failed\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
if (!amduat_reference_eq(decoded.function_ref, receipt.function_ref) ||
|
|
!amduat_reference_eq(decoded.input_manifest_ref,
|
|
receipt.input_manifest_ref) ||
|
|
!amduat_reference_eq(decoded.environment_ref,
|
|
receipt.environment_ref) ||
|
|
!amduat_reference_eq(decoded.output_ref, receipt.output_ref)) {
|
|
fprintf(stderr, "decoded refs mismatch\n");
|
|
goto cleanup_decoded;
|
|
}
|
|
|
|
if (!amduat_octets_eq(decoded.evaluator_id, receipt.evaluator_id) ||
|
|
decoded.executor_refs_len != 2 || decoded.parity_len != 2 ||
|
|
decoded.started_at != receipt.started_at ||
|
|
decoded.completed_at != receipt.completed_at) {
|
|
fprintf(stderr, "decoded fields mismatch\n");
|
|
goto cleanup_decoded;
|
|
}
|
|
|
|
if (!amduat_reference_eq(decoded.executor_refs[0], executor_refs[0]) ||
|
|
!amduat_reference_eq(decoded.executor_refs[1], executor_refs[1]) ||
|
|
!amduat_reference_eq(decoded.parity[0].executor_ref, executor_refs[0]) ||
|
|
!amduat_reference_eq(decoded.parity[0].output_ref,
|
|
receipt.output_ref) ||
|
|
!decoded.parity[0].has_sbom_ref ||
|
|
!amduat_reference_eq(decoded.parity[0].sbom_ref, parity[0].sbom_ref) ||
|
|
!amduat_octets_eq(decoded.parity[0].parity_digest,
|
|
parity[0].parity_digest) ||
|
|
!amduat_reference_eq(decoded.parity[1].executor_ref, executor_refs[1]) ||
|
|
!amduat_reference_eq(decoded.parity[1].output_ref,
|
|
receipt.output_ref) ||
|
|
decoded.parity[1].has_sbom_ref ||
|
|
decoded.parity[1].parity_digest.len != 0) {
|
|
fprintf(stderr, "decoded parity mismatch\n");
|
|
goto cleanup_decoded;
|
|
}
|
|
|
|
exit_code = 0;
|
|
|
|
cleanup_decoded:
|
|
amduat_enc_fer1_receipt_free(&decoded);
|
|
cleanup:
|
|
free((void *)encoded.data);
|
|
return exit_code;
|
|
}
|
|
|
|
static int test_invalid_receipt_version(void) {
|
|
uint8_t bad_bytes[sizeof(k_expected_receipt_bytes)];
|
|
amduat_octets_t bytes;
|
|
amduat_fer1_receipt_t decoded;
|
|
|
|
memcpy(bad_bytes, k_expected_receipt_bytes, sizeof(bad_bytes));
|
|
bad_bytes[1] = 0x02;
|
|
|
|
bytes = amduat_octets(bad_bytes, sizeof(bad_bytes));
|
|
if (amduat_enc_fer1_receipt_decode_v1(bytes, &decoded)) {
|
|
fprintf(stderr, "invalid receipt version accepted\n");
|
|
amduat_enc_fer1_receipt_free(&decoded);
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int test_receipt_helper(void) {
|
|
amduat_pel_surface_execution_result_t pel_result;
|
|
amduat_artifact_t artifact;
|
|
amduat_reference_t output_ref;
|
|
uint8_t f0[32], i0[32], e0[32], o0[32];
|
|
uint8_t ex0[32];
|
|
|
|
memset(&pel_result, 0, sizeof(pel_result));
|
|
pel_result.pel1_version = 1;
|
|
pel_result.program_ref = make_ref(0x11, f0);
|
|
pel_result.output_refs = &output_ref;
|
|
pel_result.output_refs_len = 1;
|
|
output_ref = make_ref(0x44, o0);
|
|
|
|
if (!amduat_fer1_receipt_from_pel_result(
|
|
&pel_result,
|
|
make_ref(0x22, i0),
|
|
make_ref(0x33, e0),
|
|
amduat_octets("tester", 6),
|
|
make_ref(0x50, ex0),
|
|
false,
|
|
amduat_reference(0, amduat_octets(NULL, 0)),
|
|
amduat_octets(NULL, 0),
|
|
10,
|
|
20,
|
|
&artifact)) {
|
|
fprintf(stderr, "helper failed\n");
|
|
return 1;
|
|
}
|
|
|
|
if (!bytes_equal(artifact.bytes, k_expected_receipt_helper_bytes,
|
|
sizeof(k_expected_receipt_helper_bytes))) {
|
|
fprintf(stderr, "helper bytes mismatch\n");
|
|
amduat_artifact_free(&artifact);
|
|
return 1;
|
|
}
|
|
|
|
amduat_artifact_free(&artifact);
|
|
return 0;
|
|
}
|
|
|
|
static int test_receipt_helper_failed_run(void) {
|
|
amduat_pel_run_result_t pel_run;
|
|
amduat_artifact_t artifact;
|
|
amduat_fer1_receipt_t decoded;
|
|
uint8_t f0[32], i0[32], e0[32], r0[32];
|
|
uint8_t ex0[32];
|
|
int exit_code = 1;
|
|
|
|
memset(&pel_run, 0, sizeof(pel_run));
|
|
pel_run.result_ref = make_ref(0x77, r0);
|
|
pel_run.output_refs = NULL;
|
|
pel_run.output_refs_len = 0;
|
|
pel_run.has_result_value = true;
|
|
pel_run.result_value.pel1_version = 1;
|
|
pel_run.result_value.program_ref = make_ref(0x11, f0);
|
|
|
|
if (!amduat_fer1_receipt_from_pel_run(
|
|
&pel_run,
|
|
make_ref(0x22, i0),
|
|
make_ref(0x33, e0),
|
|
amduat_octets("tester", 6),
|
|
make_ref(0x50, ex0),
|
|
false,
|
|
amduat_reference(0, amduat_octets(NULL, 0)),
|
|
amduat_octets(NULL, 0),
|
|
10,
|
|
20,
|
|
&artifact)) {
|
|
fprintf(stderr, "failed run helper failed\n");
|
|
return exit_code;
|
|
}
|
|
|
|
if (!amduat_enc_fer1_receipt_decode_v1(artifact.bytes, &decoded)) {
|
|
fprintf(stderr, "failed run helper decode failed\n");
|
|
amduat_artifact_free(&artifact);
|
|
return exit_code;
|
|
}
|
|
|
|
if (!amduat_reference_eq(decoded.output_ref, pel_run.result_ref) ||
|
|
!amduat_reference_eq(decoded.function_ref,
|
|
pel_run.result_value.program_ref)) {
|
|
fprintf(stderr, "failed run helper decoded refs mismatch\n");
|
|
goto cleanup_decoded;
|
|
}
|
|
|
|
exit_code = 0;
|
|
|
|
cleanup_decoded:
|
|
amduat_enc_fer1_receipt_free(&decoded);
|
|
amduat_artifact_free(&artifact);
|
|
return exit_code;
|
|
}
|
|
|
|
static int test_receipt_round_trip_v1_1(void) {
|
|
amduat_fer1_receipt_t receipt;
|
|
amduat_octets_t encoded;
|
|
amduat_fer1_receipt_t decoded;
|
|
amduat_octets_t mutated;
|
|
amduat_reference_t executor_refs[1];
|
|
amduat_fer1_parity_entry_t parity[1];
|
|
amduat_fer1_log_entry_t logs[2];
|
|
uint8_t f0[32], i0[32], e0[32], o0[32];
|
|
uint8_t ex0[32], fp0[32], lr0[32], lr1[32];
|
|
uint8_t digest0[] = {0xaa, 0xbb, 0xcc};
|
|
uint8_t run_id[] = {0x01, 0x02, 0x03, 0x04};
|
|
uint8_t rng_seed[] = {0x09, 0x08, 0x07};
|
|
uint8_t signature[] = {0xde, 0xad, 0xbe, 0xef};
|
|
int exit_code = 1;
|
|
|
|
memset(&receipt, 0, sizeof(receipt));
|
|
receipt.fer1_version = AMDUAT_FER1_VERSION_1_1;
|
|
receipt.function_ref = make_ref(0x11, f0);
|
|
receipt.input_manifest_ref = make_ref(0x22, i0);
|
|
receipt.environment_ref = make_ref(0x33, e0);
|
|
receipt.evaluator_id = amduat_octets("tester", 6);
|
|
receipt.output_ref = make_ref(0x44, o0);
|
|
receipt.started_at = 10;
|
|
receipt.completed_at = 20;
|
|
|
|
executor_refs[0] = make_ref(0x50, ex0);
|
|
receipt.executor_refs = executor_refs;
|
|
receipt.executor_refs_len = 1;
|
|
|
|
memset(parity, 0, sizeof(parity));
|
|
parity[0].executor_ref = executor_refs[0];
|
|
parity[0].output_ref = receipt.output_ref;
|
|
parity[0].has_sbom_ref = false;
|
|
parity[0].parity_digest = amduat_octets(digest0, sizeof(digest0));
|
|
receipt.parity = parity;
|
|
receipt.parity_len = 1;
|
|
|
|
receipt.has_executor_fingerprint_ref = true;
|
|
receipt.executor_fingerprint_ref = make_ref(0x66, fp0);
|
|
receipt.has_run_id = true;
|
|
receipt.run_id = amduat_octets(run_id, sizeof(run_id));
|
|
receipt.has_limits = true;
|
|
receipt.limits.cpu_ms = 1;
|
|
receipt.limits.wall_ms = 2;
|
|
receipt.limits.max_rss_kib = 3;
|
|
receipt.limits.io_reads = 4;
|
|
receipt.limits.io_writes = 5;
|
|
|
|
memset(logs, 0, sizeof(logs));
|
|
logs[0].kind = 1;
|
|
logs[0].log_ref = make_ref(0x70, lr0);
|
|
logs[0].sha256 = amduat_octets(digest0, sizeof(digest0));
|
|
logs[1].kind = 2;
|
|
logs[1].log_ref = make_ref(0x71, lr1);
|
|
logs[1].sha256 = amduat_octets(NULL, 0);
|
|
receipt.logs = logs;
|
|
receipt.logs_len = 2;
|
|
receipt.has_determinism = true;
|
|
receipt.determinism_level = 2;
|
|
receipt.has_rng_seed = true;
|
|
receipt.rng_seed = amduat_octets(rng_seed, sizeof(rng_seed));
|
|
receipt.has_signature = true;
|
|
receipt.signature = amduat_octets(signature, sizeof(signature));
|
|
|
|
if (!amduat_enc_fer1_receipt_encode_v1_1(&receipt, &encoded)) {
|
|
fprintf(stderr, "encode v1.1 failed\n");
|
|
return exit_code;
|
|
}
|
|
|
|
if (!amduat_enc_fer1_receipt_decode_v1_1(encoded, &decoded)) {
|
|
fprintf(stderr, "decode v1.1 failed\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
if (decoded.fer1_version != AMDUAT_FER1_VERSION_1_1 ||
|
|
!amduat_reference_eq(decoded.function_ref, receipt.function_ref) ||
|
|
!amduat_reference_eq(decoded.input_manifest_ref,
|
|
receipt.input_manifest_ref) ||
|
|
!amduat_reference_eq(decoded.environment_ref,
|
|
receipt.environment_ref) ||
|
|
!amduat_reference_eq(decoded.output_ref, receipt.output_ref)) {
|
|
fprintf(stderr, "decoded v1.1 refs mismatch\n");
|
|
goto cleanup_decoded;
|
|
}
|
|
|
|
if (!decoded.has_executor_fingerprint_ref ||
|
|
!amduat_reference_eq(decoded.executor_fingerprint_ref,
|
|
receipt.executor_fingerprint_ref) ||
|
|
!decoded.has_run_id ||
|
|
!amduat_octets_eq(decoded.run_id, receipt.run_id) ||
|
|
!decoded.has_determinism ||
|
|
decoded.determinism_level != receipt.determinism_level ||
|
|
!decoded.has_rng_seed ||
|
|
!amduat_octets_eq(decoded.rng_seed, receipt.rng_seed) ||
|
|
!decoded.has_signature ||
|
|
!amduat_octets_eq(decoded.signature, receipt.signature) ||
|
|
!decoded.has_limits ||
|
|
decoded.limits.cpu_ms != receipt.limits.cpu_ms ||
|
|
decoded.limits.wall_ms != receipt.limits.wall_ms ||
|
|
decoded.limits.max_rss_kib != receipt.limits.max_rss_kib ||
|
|
decoded.limits.io_reads != receipt.limits.io_reads ||
|
|
decoded.limits.io_writes != receipt.limits.io_writes) {
|
|
fprintf(stderr, "decoded v1.1 fields mismatch\n");
|
|
goto cleanup_decoded;
|
|
}
|
|
|
|
if (decoded.logs_len != receipt.logs_len ||
|
|
!amduat_reference_eq(decoded.logs[0].log_ref, logs[0].log_ref) ||
|
|
decoded.logs[0].kind != logs[0].kind ||
|
|
!amduat_octets_eq(decoded.logs[0].sha256, logs[0].sha256) ||
|
|
!amduat_reference_eq(decoded.logs[1].log_ref, logs[1].log_ref) ||
|
|
decoded.logs[1].kind != logs[1].kind ||
|
|
decoded.logs[1].sha256.len != 0) {
|
|
fprintf(stderr, "decoded v1.1 logs mismatch\n");
|
|
goto cleanup_decoded;
|
|
}
|
|
|
|
exit_code = 0;
|
|
|
|
cleanup_decoded:
|
|
amduat_enc_fer1_receipt_free(&decoded);
|
|
cleanup:
|
|
free((void *)encoded.data);
|
|
return exit_code;
|
|
}
|
|
|
|
static int test_receipt_v1_1_reject_duplicate_tag(void) {
|
|
amduat_fer1_receipt_t receipt;
|
|
amduat_octets_t encoded;
|
|
amduat_fer1_receipt_t decoded;
|
|
amduat_octets_t mutated;
|
|
amduat_reference_t executor_refs[1];
|
|
amduat_fer1_parity_entry_t parity[1];
|
|
amduat_fer1_log_entry_t logs[1];
|
|
uint8_t f0[32], i0[32], e0[32], o0[32];
|
|
uint8_t ex0[32], fp0[32], lr0[32];
|
|
uint8_t digest0[] = {0xaa, 0xbb, 0xcc};
|
|
uint8_t run_id[] = {0x01, 0x02, 0x03, 0x04};
|
|
size_t offset = 0;
|
|
size_t ext_len = 0;
|
|
size_t ext_offset = 0;
|
|
size_t tlv_offset = 0;
|
|
uint32_t len_u32 = 0;
|
|
size_t count = 0;
|
|
size_t i = 0;
|
|
int exit_code = 1;
|
|
|
|
memset(&receipt, 0, sizeof(receipt));
|
|
receipt.fer1_version = AMDUAT_FER1_VERSION_1_1;
|
|
receipt.function_ref = make_ref(0x11, f0);
|
|
receipt.input_manifest_ref = make_ref(0x22, i0);
|
|
receipt.environment_ref = make_ref(0x33, e0);
|
|
receipt.evaluator_id = amduat_octets("tester", 6);
|
|
receipt.output_ref = make_ref(0x44, o0);
|
|
receipt.started_at = 10;
|
|
receipt.completed_at = 20;
|
|
|
|
executor_refs[0] = make_ref(0x50, ex0);
|
|
receipt.executor_refs = executor_refs;
|
|
receipt.executor_refs_len = 1;
|
|
|
|
memset(parity, 0, sizeof(parity));
|
|
parity[0].executor_ref = executor_refs[0];
|
|
parity[0].output_ref = receipt.output_ref;
|
|
parity[0].has_sbom_ref = false;
|
|
parity[0].parity_digest = amduat_octets(digest0, sizeof(digest0));
|
|
receipt.parity = parity;
|
|
receipt.parity_len = 1;
|
|
|
|
receipt.has_executor_fingerprint_ref = true;
|
|
receipt.executor_fingerprint_ref = make_ref(0x66, fp0);
|
|
receipt.has_run_id = true;
|
|
receipt.run_id = amduat_octets(run_id, sizeof(run_id));
|
|
receipt.has_limits = true;
|
|
receipt.limits.cpu_ms = 1;
|
|
receipt.limits.wall_ms = 2;
|
|
receipt.limits.max_rss_kib = 3;
|
|
receipt.limits.io_reads = 4;
|
|
receipt.limits.io_writes = 5;
|
|
|
|
memset(logs, 0, sizeof(logs));
|
|
logs[0].kind = 1;
|
|
logs[0].log_ref = make_ref(0x70, lr0);
|
|
logs[0].sha256 = amduat_octets(digest0, sizeof(digest0));
|
|
receipt.logs = logs;
|
|
receipt.logs_len = 1;
|
|
|
|
if (!amduat_enc_fer1_receipt_encode_v1_1(&receipt, &encoded)) {
|
|
fprintf(stderr, "encode v1.1 failed\n");
|
|
return exit_code;
|
|
}
|
|
|
|
if (encoded.len < 2) {
|
|
fprintf(stderr, "encoded v1.1 too short\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
mutated = amduat_octets(NULL, 0u);
|
|
if (encoded.len != 0) {
|
|
uint8_t *buffer = (uint8_t *)malloc(encoded.len);
|
|
if (buffer == NULL) {
|
|
fprintf(stderr, "encoded v1.1 alloc failed\n");
|
|
goto cleanup;
|
|
}
|
|
memcpy(buffer, encoded.data, encoded.len);
|
|
mutated = amduat_octets(buffer, encoded.len);
|
|
}
|
|
|
|
if (mutated.data == NULL || mutated.len != encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 clone failed\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
if (encoded.len - offset < 2) {
|
|
fprintf(stderr, "encoded v1.1 header too short\n");
|
|
goto cleanup;
|
|
}
|
|
offset += 2;
|
|
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 function_ref missing\n");
|
|
goto cleanup;
|
|
}
|
|
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4 + len_u32;
|
|
if (offset > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 function_ref truncated\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 input_manifest_ref missing\n");
|
|
goto cleanup;
|
|
}
|
|
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4 + len_u32;
|
|
if (offset > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 input_manifest_ref truncated\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 environment_ref missing\n");
|
|
goto cleanup;
|
|
}
|
|
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4 + len_u32;
|
|
if (offset > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 environment_ref truncated\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 evaluator_id missing\n");
|
|
goto cleanup;
|
|
}
|
|
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4 + len_u32;
|
|
if (offset > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 evaluator_id truncated\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 output_ref missing\n");
|
|
goto cleanup;
|
|
}
|
|
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4 + len_u32;
|
|
if (offset > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 output_ref truncated\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 executor_count missing\n");
|
|
goto cleanup;
|
|
}
|
|
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4;
|
|
count = (size_t)len_u32;
|
|
for (i = 0; i < count; ++i) {
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 executor_ref missing\n");
|
|
goto cleanup;
|
|
}
|
|
uint32_t ref_len = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4 + ref_len;
|
|
if (offset > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 executor_ref truncated\n");
|
|
goto cleanup;
|
|
}
|
|
}
|
|
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 parity_count missing\n");
|
|
goto cleanup;
|
|
}
|
|
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4;
|
|
count = (size_t)len_u32;
|
|
for (i = 0; i < count; ++i) {
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 parity executor_ref missing\n");
|
|
goto cleanup;
|
|
}
|
|
uint32_t ref_len = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4 + ref_len;
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 parity output_ref missing\n");
|
|
goto cleanup;
|
|
}
|
|
ref_len = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4 + ref_len;
|
|
if (offset >= encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 parity truncated\n");
|
|
goto cleanup;
|
|
}
|
|
if (encoded.data[offset] == 0x01u) {
|
|
offset += 1;
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 parity sbom missing\n");
|
|
goto cleanup;
|
|
}
|
|
ref_len = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4 + ref_len;
|
|
} else {
|
|
offset += 1;
|
|
}
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 parity digest missing\n");
|
|
goto cleanup;
|
|
}
|
|
uint32_t digest_len = (uint32_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
offset += 4 + digest_len;
|
|
if (offset > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 parity digest truncated\n");
|
|
goto cleanup;
|
|
}
|
|
}
|
|
|
|
if (offset + 16 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 timestamps missing\n");
|
|
goto cleanup;
|
|
}
|
|
offset += 16;
|
|
|
|
if (offset + 4 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 ext_len missing\n");
|
|
goto cleanup;
|
|
}
|
|
ext_len = (size_t)((encoded.data[offset] << 24) |
|
|
(encoded.data[offset + 1] << 16) |
|
|
(encoded.data[offset + 2] << 8) |
|
|
encoded.data[offset + 3]);
|
|
ext_offset = offset + 4;
|
|
if (ext_offset + ext_len > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 ext payload truncated\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
tlv_offset = ext_offset;
|
|
if (tlv_offset + 6 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 tlv header missing\n");
|
|
goto cleanup;
|
|
}
|
|
tlv_offset += 2;
|
|
len_u32 = (uint32_t)((encoded.data[tlv_offset] << 24) |
|
|
(encoded.data[tlv_offset + 1] << 16) |
|
|
(encoded.data[tlv_offset + 2] << 8) |
|
|
encoded.data[tlv_offset + 3]);
|
|
tlv_offset += 4 + len_u32;
|
|
if (tlv_offset + 2 > encoded.len) {
|
|
fprintf(stderr, "encoded v1.1 second tlv missing\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
((uint8_t *)mutated.data)[tlv_offset] = 0x00u;
|
|
((uint8_t *)mutated.data)[tlv_offset + 1] = 0x01u;
|
|
|
|
if (amduat_enc_fer1_receipt_decode_v1_1(mutated, &decoded)) {
|
|
fprintf(stderr, "duplicate tlv accepted\n");
|
|
amduat_enc_fer1_receipt_free(&decoded);
|
|
goto cleanup;
|
|
}
|
|
|
|
exit_code = 0;
|
|
|
|
cleanup:
|
|
if (mutated.data != NULL) {
|
|
free((void *)mutated.data);
|
|
}
|
|
free((void *)encoded.data);
|
|
return exit_code;
|
|
}
|
|
|
|
static int test_receipt_helper_v1_1(void) {
|
|
amduat_pel_run_result_t pel_run;
|
|
amduat_artifact_t artifact;
|
|
amduat_fer1_receipt_t decoded;
|
|
amduat_fer1_log_entry_t log_entry;
|
|
amduat_fer1_limits_t limits;
|
|
uint8_t f0[32], i0[32], e0[32], o0[32], ex0[32], fp0[32], lr0[32];
|
|
uint8_t run_id[] = {0x01, 0x02, 0x03, 0x04};
|
|
uint8_t rng_seed[] = {0x09, 0x08, 0x07};
|
|
uint8_t signature[] = {0xde, 0xad, 0xbe, 0xef};
|
|
uint8_t digest0[] = {0xaa, 0xbb, 0xcc};
|
|
int exit_code = 1;
|
|
|
|
memset(&pel_run, 0, sizeof(pel_run));
|
|
pel_run.result_ref = make_ref(0x77, o0);
|
|
pel_run.output_refs = &pel_run.result_ref;
|
|
pel_run.output_refs_len = 1;
|
|
pel_run.has_result_value = true;
|
|
pel_run.result_value.pel1_version = 1;
|
|
pel_run.result_value.program_ref = make_ref(0x11, f0);
|
|
|
|
memset(&limits, 0, sizeof(limits));
|
|
limits.cpu_ms = 1;
|
|
limits.wall_ms = 2;
|
|
limits.max_rss_kib = 3;
|
|
limits.io_reads = 4;
|
|
limits.io_writes = 5;
|
|
|
|
memset(&log_entry, 0, sizeof(log_entry));
|
|
log_entry.kind = 1;
|
|
log_entry.log_ref = make_ref(0x70, lr0);
|
|
log_entry.sha256 = amduat_octets(digest0, sizeof(digest0));
|
|
|
|
if (!amduat_fer1_receipt_from_pel_run_v1_1(
|
|
&pel_run,
|
|
make_ref(0x22, i0),
|
|
make_ref(0x33, e0),
|
|
amduat_octets("tester", 6),
|
|
make_ref(0x50, ex0),
|
|
false,
|
|
amduat_reference(0, amduat_octets(NULL, 0)),
|
|
amduat_octets(NULL, 0),
|
|
10,
|
|
20,
|
|
true,
|
|
make_ref(0x66, fp0),
|
|
true,
|
|
amduat_octets(run_id, sizeof(run_id)),
|
|
true,
|
|
limits,
|
|
&log_entry,
|
|
1,
|
|
true,
|
|
2,
|
|
true,
|
|
amduat_octets(rng_seed, sizeof(rng_seed)),
|
|
true,
|
|
amduat_octets(signature, sizeof(signature)),
|
|
&artifact)) {
|
|
fprintf(stderr, "v1.1 helper failed\n");
|
|
return exit_code;
|
|
}
|
|
|
|
if (!amduat_enc_fer1_receipt_decode_v1_1(artifact.bytes, &decoded)) {
|
|
fprintf(stderr, "v1.1 helper decode failed\n");
|
|
amduat_artifact_free(&artifact);
|
|
return exit_code;
|
|
}
|
|
|
|
if (!decoded.has_run_id || !decoded.has_limits || !decoded.has_determinism ||
|
|
!decoded.has_signature ||
|
|
!amduat_reference_eq(decoded.output_ref, pel_run.result_ref)) {
|
|
fprintf(stderr, "v1.1 helper decoded fields mismatch\n");
|
|
goto cleanup_decoded;
|
|
}
|
|
|
|
exit_code = 0;
|
|
|
|
cleanup_decoded:
|
|
amduat_enc_fer1_receipt_free(&decoded);
|
|
amduat_artifact_free(&artifact);
|
|
return exit_code;
|
|
}
|
|
|
|
static int test_receipt_helper_v1_1_failed_run(void) {
|
|
amduat_pel_run_result_t pel_run;
|
|
amduat_artifact_t artifact;
|
|
amduat_fer1_receipt_t decoded;
|
|
uint8_t f0[32], i0[32], e0[32], r0[32], ex0[32];
|
|
int exit_code = 1;
|
|
|
|
memset(&pel_run, 0, sizeof(pel_run));
|
|
pel_run.result_ref = make_ref(0x77, r0);
|
|
pel_run.output_refs = NULL;
|
|
pel_run.output_refs_len = 0;
|
|
pel_run.has_result_value = true;
|
|
pel_run.result_value.pel1_version = 1;
|
|
pel_run.result_value.program_ref = make_ref(0x11, f0);
|
|
|
|
if (!amduat_fer1_receipt_from_pel_run_v1_1(
|
|
&pel_run,
|
|
make_ref(0x22, i0),
|
|
make_ref(0x33, e0),
|
|
amduat_octets("tester", 6),
|
|
make_ref(0x50, ex0),
|
|
false,
|
|
amduat_reference(0, amduat_octets(NULL, 0)),
|
|
amduat_octets(NULL, 0),
|
|
10,
|
|
20,
|
|
false,
|
|
amduat_reference(0, amduat_octets(NULL, 0)),
|
|
false,
|
|
amduat_octets(NULL, 0),
|
|
false,
|
|
(amduat_fer1_limits_t){0},
|
|
NULL,
|
|
0,
|
|
false,
|
|
0,
|
|
false,
|
|
amduat_octets(NULL, 0),
|
|
false,
|
|
amduat_octets(NULL, 0),
|
|
&artifact)) {
|
|
fprintf(stderr, "v1.1 failed run helper failed\n");
|
|
return exit_code;
|
|
}
|
|
|
|
if (!amduat_enc_fer1_receipt_decode_v1_1(artifact.bytes, &decoded)) {
|
|
fprintf(stderr, "v1.1 failed run helper decode failed\n");
|
|
amduat_artifact_free(&artifact);
|
|
return exit_code;
|
|
}
|
|
|
|
if (!amduat_reference_eq(decoded.output_ref, pel_run.result_ref)) {
|
|
fprintf(stderr, "v1.1 failed run output_ref mismatch\n");
|
|
goto cleanup_decoded;
|
|
}
|
|
|
|
exit_code = 0;
|
|
|
|
cleanup_decoded:
|
|
amduat_enc_fer1_receipt_free(&decoded);
|
|
amduat_artifact_free(&artifact);
|
|
return exit_code;
|
|
}
|
|
|
|
int main(void) {
|
|
if (test_receipt_round_trip() != 0) {
|
|
return 1;
|
|
}
|
|
if (test_invalid_receipt_version() != 0) {
|
|
return 1;
|
|
}
|
|
if (test_receipt_helper() != 0) {
|
|
return 1;
|
|
}
|
|
if (test_receipt_helper_failed_run() != 0) {
|
|
return 1;
|
|
}
|
|
if (test_receipt_round_trip_v1_1() != 0) {
|
|
return 1;
|
|
}
|
|
if (test_receipt_v1_1_reject_duplicate_tag() != 0) {
|
|
return 1;
|
|
}
|
|
if (test_receipt_helper_v1_1() != 0) {
|
|
return 1;
|
|
}
|
|
if (test_receipt_helper_v1_1_failed_run() != 0) {
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|