dcap-qvl 0.4.0

This crate implements the quote verification logic for DCAP (Data Center Attestation Primitives) in pure Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

"""Tests for async collateral functions.

This file used to be a script-like demo. It is now a pytest-friendly test module.

By default we only test *API surface* (functions exist, are async, and do basic
input validation checks).

To enable real network calls (Intel PCS), set:

  DCAP_QVL_RUN_NETWORK_TESTS=1
"""

from __future__ import annotations

import inspect
import os

import pytest

from ._async_utils import is_async_callable


dcap_qvl = pytest.importorskip("dcap_qvl")

RUN_NETWORK = os.getenv("DCAP_QVL_RUN_NETWORK_TESTS") == "1"


def test_async_functions_are_exported() -> None:
    expected = [
        "get_collateral",
        "get_collateral_from_pcs",
        "get_collateral_and_verify",
    ]

    for name in expected:
        assert hasattr(dcap_qvl, name), f"{name} is not exported"

    # get_collateral is a native PyO3 async binding; the others are
    # Python-level async wrappers around it.
    assert callable(dcap_qvl.get_collateral)
    assert is_async_callable(dcap_qvl.get_collateral_from_pcs, b"short")
    assert is_async_callable(dcap_qvl.get_collateral_and_verify, b"short")


@pytest.mark.asyncio
async def test_get_collateral_returns_awaitable() -> None:
    # PyO3 async builtin requires a running event loop to even create the
    # awaitable. Use an invalid URL and await to completion so no pending
    # task survives interpreter teardown.
    ret = dcap_qvl.get_collateral(
        pccs_url="://invalid-url",
        raw_quote=b"short",
    )
    assert inspect.isawaitable(ret)
    with pytest.raises(ValueError):
        await ret


@pytest.mark.asyncio
async def test_get_collateral_rejects_non_bytes_quote() -> None:
    # PyO3 rejects the str argument at the binding boundary with its own
    # TypeError; we only assert it's a TypeError mentioning raw_quote.
    with pytest.raises(TypeError, match="raw_quote"):
        await dcap_qvl.get_collateral("http://example.com", "not bytes")


@pytest.mark.asyncio
async def test_get_collateral_from_pcs_rejects_invalid_quote() -> None:
    with pytest.raises(ValueError, match="Failed to parse quote"):
        await dcap_qvl.get_collateral_from_pcs(b"short")


@pytest.mark.asyncio
async def test_get_collateral_and_verify_rejects_invalid_quote() -> None:
    with pytest.raises(ValueError, match="Failed to parse quote"):
        await dcap_qvl.get_collateral_and_verify(b"short")


@pytest.mark.asyncio
@pytest.mark.skipif(
    not RUN_NETWORK,
    reason="Network test disabled (set DCAP_QVL_RUN_NETWORK_TESTS=1 to enable)",
)
async def test_get_collateral_from_pcs_network_smoke(sample_sgx_quote_bytes: bytes) -> None:
    # This calls Intel PCS (network). Only do a very light smoke test.
    collateral = await dcap_qvl.get_collateral_from_pcs(sample_sgx_quote_bytes)
    assert collateral is not None


@pytest.fixture
def sample_sgx_quote_bytes() -> bytes:
    # Local sample file (no network)
    with open("sample/sgx_quote", "rb") as f:
        return f.read()