diff --git a/.github/.license_check.ini b/.github/.license_check.ini new file mode 100644 index 0000000..b1e3270 --- /dev/null +++ b/.github/.license_check.ini @@ -0,0 +1,29 @@ +# Authorized and unauthorized licenses in LOWER CASE +[Licenses] +authorized_licenses: + 3-clause bsd + apache + apache 2.0 + apache software + apache software license + apache-2.0 + bsd + bsd license + GNU Lesser General Public License v2 or later (LGPLv2+) + gnu lgpl + isc license + isc license (iscl) + lgpl with exceptions or zpl + mit + mit license + mozilla public license 2.0 (mpl 2.0) + MPL-2.0 + new bsd + new bsd license + python software foundation + python software foundation license + simplified bsd + zpl 2.1 + +unauthorized_licenses: + gpl v3 diff --git a/.github/cspell.json b/.github/cspell.json new file mode 100644 index 0000000..7bfe1fd --- /dev/null +++ b/.github/cspell.json @@ -0,0 +1,54 @@ +{ + "version": "0.2", + "ignorepaths": [ + ".github/", + ".git/" + ], + "ignorewords": [], + "ignoreRegExpList": [ + "/```[\\s\\S]*?```/g", + "/`[\\s\\S]*?`/g" + ], + "import": [], + "dictionarydefinitions": [], + "dictionaries": [], + "words": [ + "authkey", + "ccnp", + "cctrusted", + "cmdline", + "commandline", + "containerd", + "daemonset", + "distro", + "Eventlog", + "grpcurl", + "GHCI", + "kustomization", + "LASA", + "netplan", + "NFD", + "OVMF", + "proto", + "qcow", + "quoteserver", + "RTMR", + "TDREPORT", + "TDVF", + "TDVM", + "udev", + "PCCS", + "DCAP", + "distros", + "PCKID", + "pccs", + "pckcache", + "sysfs", + "UEFI", + "ACPI", + "MRTD", + "CCEL", + "Bootloader", + "VMSDK" + ] +} diff --git a/.github/pylintrc b/.github/pylintrc new file mode 100644 index 0000000..c6947b4 --- /dev/null +++ b/.github/pylintrc @@ -0,0 +1,624 @@ +[MAIN] + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Load and enable all available extensions. Use --list-extensions to see a list +# all available extensions. +#enable-all-extensions= + +# In error mode, messages with a category besides ERROR or FATAL are +# suppressed, and no reports are done by default. Error mode is compatible with +# disabling specific errors. +#errors-only= + +# Always return a 0 (non-error) status code, even if lint errors are found. +# This is primarily useful in continuous integration scripts. +#exit-zero= + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. +extension-pkg-allow-list= + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. (This is an alternative name to extension-pkg-allow-list +# for backward compatibility.) +extension-pkg-whitelist= + +# Return non-zero exit code if any of these messages/categories are detected, +# even if score is above --fail-under value. Syntax same as enable. Messages +# specified are enabled, while categories only check already-enabled messages. +fail-on= + +# Specify a score threshold under which the program will exit with error. +fail-under=10 + +# Interpret the stdin as a python script, whose filename needs to be passed as +# the module_or_package argument. +#from-stdin= + +# Files or directories to be skipped. They should be base names, not paths. +ignore=CVS + +# Add files or directories matching the regular expressions patterns to the +# ignore-list. The regex matches against paths and can be in Posix or Windows +# format. Because '\' represents the directory delimiter on Windows systems, it +# can't be used as an escape character. +ignore-paths=cnap/core/generated + +# Files or directories matching the regular expression patterns are skipped. +# The regex matches against base names, not paths. The default value ignores +# Emacs file locks +ignore-patterns=^\.# + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis). It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the +# number of processors available to use, and will cap the count on Windows to +# avoid hangs. +jobs=1 + +# Control the amount of potential inferred values when inferring a single +# object. This can help the performance when dealing with large functions or +# complex, nested conditions. +limit-inference-results=100 + +# List of plugins (as comma separated values of python module names) to load, +# usually to register additional checkers. +load-plugins= + +# Pickle collected data for later comparisons. +persistent=yes + +# Minimum Python version to use for version dependent checks. Will default to +# the version used to run pylint. +py-version=3.10 + +# Discover python modules and packages in the file system subtree. +recursive=no + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages. +suggestion-mode=yes + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + +# In verbose mode, extra non-checker-related info will be displayed. +#verbose= + + +[BASIC] + +# Naming style matching correct argument names. +argument-naming-style=snake_case + +# Regular expression matching correct argument names. Overrides argument- +# naming-style. If left empty, argument names will be checked with the set +# naming style. +#argument-rgx= + +# Naming style matching correct attribute names. +attr-naming-style=snake_case + +# Regular expression matching correct attribute names. Overrides attr-naming- +# style. If left empty, attribute names will be checked with the set naming +# style. +#attr-rgx= + +# Bad variable names which should always be refused, separated by a comma. +bad-names=foo, + bar, + baz, + toto, + tutu, + tata + +# Bad variable names regexes, separated by a comma. If names match any regex, +# they will always be refused +bad-names-rgxs= + +# Naming style matching correct class attribute names. +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names. Overrides class- +# attribute-naming-style. If left empty, class attribute names will be checked +# with the set naming style. +#class-attribute-rgx= + +# Naming style matching correct class constant names. +class-const-naming-style=UPPER_CASE + +# Regular expression matching correct class constant names. Overrides class- +# const-naming-style. If left empty, class constant names will be checked with +# the set naming style. +#class-const-rgx= + +# Naming style matching correct class names. +class-naming-style=PascalCase + +# Regular expression matching correct class names. Overrides class-naming- +# style. If left empty, class names will be checked with the set naming style. +#class-rgx= + +# Naming style matching correct constant names. +const-naming-style=UPPER_CASE + +# Regular expression matching correct constant names. Overrides const-naming- +# style. If left empty, constant names will be checked with the set naming +# style. +#const-rgx= + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# Naming style matching correct function names. +function-naming-style=snake_case + +# Regular expression matching correct function names. Overrides function- +# naming-style. If left empty, function names will be checked with the set +# naming style. +#function-rgx= + +# Good variable names which should always be accepted, separated by a comma. +good-names=i, + j, + k, + ex, + Run, + _ + +# Good variable names regexes, separated by a comma. If names match any regex, +# they will always be accepted +good-names-rgxs= + +# Include a hint for the correct naming format with invalid-name. +include-naming-hint=no + +# Naming style matching correct inline iteration names. +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names. Overrides +# inlinevar-naming-style. If left empty, inline iteration names will be checked +# with the set naming style. +#inlinevar-rgx= + +# Naming style matching correct method names. +method-naming-style=snake_case + +# Regular expression matching correct method names. Overrides method-naming- +# style. If left empty, method names will be checked with the set naming style. +#method-rgx= + +# Naming style matching correct module names. +module-naming-style=snake_case + +# Regular expression matching correct module names. Overrides module-naming- +# style. If left empty, module names will be checked with the set naming style. +#module-rgx= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. +# These decorators are taken in consideration only for invalid-name. +property-classes=abc.abstractproperty + +# Regular expression matching correct type variable names. If left empty, type +# variable names will be checked with the set naming style. +#typevar-rgx= + +# Naming style matching correct variable names. +variable-naming-style=snake_case + +# Regular expression matching correct variable names. Overrides variable- +# naming-style. If left empty, variable names will be checked with the set +# naming style. +#variable-rgx= + + +[CLASSES] + +# Warn about protected attribute access inside special methods +check-protected-access-in-special-methods=no + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__, + __new__, + setUp, + __post_init__ + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict, + _fields, + _replace, + _source, + _make + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=cls + + +[DESIGN] + +# List of regular expressions of class ancestor names to ignore when counting +# public methods (see R0903) +exclude-too-few-public-methods= + +# List of qualified class names to ignore when counting class parents (see +# R0901) +ignored-parents= + +# Maximum number of arguments for function / method. +max-args=15 + +# Maximum number of attributes for a class (see R0902). +max-attributes=15 + +# Maximum number of boolean expressions in an if statement (see R0916). +max-bool-expr=5 + +# Maximum number of branch for function / method body. +max-branches=15 + +# Maximum number of locals for function / method body. +max-locals=25 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of return / yield for function / method body. +max-returns=6 + +# Maximum number of statements in function / method body. +max-statements=50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when caught. +overgeneral-exceptions=builtins.BaseException, + builtins.Exception + + +[FORMAT] + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Maximum number of characters on a single line. +max-line-length=100 + +# Maximum number of lines in a module. +max-module-lines=1000 + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + + +[IMPORTS] + +# List of modules that can be imported at any level, not just the top level +# one. +allow-any-import-level= + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Deprecated modules which should not be used, separated by a comma. +deprecated-modules= + +# Output a graph (.gv or any supported image format) of external dependencies +# to the given file (report RP0402 must not be disabled). +ext-import-graph= + +# Output a graph (.gv or any supported image format) of all (i.e. internal and +# external) dependencies to the given file (report RP0402 must not be +# disabled). +import-graph= + +# Output a graph (.gv or any supported image format) of internal dependencies +# to the given file (report RP0402 must not be disabled). +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + +# Couples of modules and preferred modules, separated by a comma. +preferred-modules= + + +[LOGGING] + +# The type of string formatting that logging methods do. `old` means using % +# formatting, `new` is for `{}` formatting. +logging-format-style=old + +# Logging modules to check that the string format arguments are in logging +# function parameter format. +logging-modules=logging + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE, +# UNDEFINED. +confidence=HIGH, + INFERENCE, + INFERENCE_FAILURE, + UNDEFINED + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once). You can also use "--disable=all" to +# disable everything first and then re-enable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use "--disable=all --enable=classes +# --disable=W". +disable=raw-checker-failed, + bad-inline-option, + locally-disabled, + file-ignored, + suppressed-message, + useless-suppression, + deprecated-pragma, + use-symbolic-message-instead, + bare-except, + missing-class-docstring, + unused-argument, + too-few-public-methods, + invalid-name, + fixme, + useless-parent-delegation + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable=c-extension-no-member + + +[METHOD_ARGS] + +# List of qualified names (i.e., library.method) which require a timeout +# parameter e.g. 'requests.api.get,requests.api.post' +timeout-methods=requests.api.delete,requests.api.get,requests.api.head,requests.api.options,requests.api.patch,requests.api.post,requests.api.put,requests.api.request + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME, + XXX, + TODO + +# Regular expression of note tags to take in consideration. +notes-rgx= + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=sys.exit,argparse.parse_error + + +[REPORTS] + +# Python expression which should return a score less than or equal to 10. You +# have access to the variables 'fatal', 'error', 'warning', 'refactor', +# 'convention', and 'info' which contain the number of messages in each +# category, as well as 'statement' which is the total number of statements +# analyzed. This score is used by the global evaluation report (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details. +msg-template= + +# Set the output format. Available formats are text, parseable, colorized, json +# and msvs (visual studio). You can also give a reporter class, e.g. +# mypackage.mymodule.MyReporterClass. +#output-format= + +# Tells whether to display a full report or only the messages. +reports=no + +# Activate the evaluation score. +score=yes + + +[SIMILARITIES] + +# Comments are removed from the similarity computation +ignore-comments=yes + +# Docstrings are removed from the similarity computation +ignore-docstrings=yes + +# Imports are removed from the similarity computation +ignore-imports=yes + +# Signatures are removed from the similarity computation +ignore-signatures=yes + +# Minimum lines number of a similarity. +min-similarity-lines=4 + + +[SPELLING] + +# Limits count of emitted suggestions for spelling mistakes. +max-spelling-suggestions=4 + +# Spelling dictionary name. Available dictionaries: none. To make it work, +# install the 'python-enchant' package. +spelling-dict= + +# List of comma separated words that should be considered directives if they +# appear at the beginning of a comment and should not be checked. +spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy: + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains the private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to the private dictionary (see the +# --spelling-private-dict-file option) instead of raising a message. +spelling-store-unknown-words=no + + +[STRING] + +# This flag controls whether inconsistent-quotes generates a warning when the +# character used as a quote delimiter is used inconsistently within a module. +check-quote-consistency=no + +# This flag controls whether the implicit-str-concat should generate a warning +# on implicit string concatenation in sequences defined over several lines. +check-str-concat-over-line-jumps=no + + +[TYPECHECK] + +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators=contextlib.contextmanager + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + +# Tells whether to warn about missing members when the owner of the attribute +# is inferred to be None. +ignore-none=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# List of symbolic message names to ignore for Mixin members. +ignored-checks-for-mixins=no-member, + not-async-context-manager, + not-context-manager, + attribute-defined-outside-init + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=optparse.Values,thread._local,_thread._local,argparse.Namespace + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + +# Regex pattern to define which classes are considered mixins. +mixin-class-rgx=.*[Mm]ixin + +# List of decorators that change the signature of a decorated function. +signature-mutators= + + +[VARIABLES] + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid defining new builtins when possible. +additional-builtins= + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of names allowed to shadow builtins +allowed-redefined-builtins= + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_, + _cb + +# A regular expression matching the name of dummy variables (i.e. expected to +# not be used). +dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ + +# Argument names that match this expression will be ignored. +ignored-argument-names=_.*|^ignored_|^unused_ + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io diff --git a/.github/workflows/doclint.yaml b/.github/workflows/doclint.yaml new file mode 100644 index 0000000..0ed5b28 --- /dev/null +++ b/.github/workflows/doclint.yaml @@ -0,0 +1,22 @@ +name: Document Scan + +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +jobs: + scan_doc: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: streetsidesoftware/cspell-action@v2 + with: + files: | + **/*.md + *.md + config: .github/cspell.json + verbose: true + incremental_files_only: false diff --git a/.github/workflows/pr-check-rust.yaml b/.github/workflows/pr-check-rust.yaml new file mode 100644 index 0000000..9f38b84 --- /dev/null +++ b/.github/workflows/pr-check-rust.yaml @@ -0,0 +1,41 @@ +name: Rust Code Scan + +on: + push: + branches: + - main + paths: + - 'src/rust/cctrusted_vm/src/**.rs' + - 'src/rust/sample/src/**.rs' + - '.github/workflows/pr-check-rust.yaml' + pull_request: + paths: + - 'src/rust/cctrusted_vm/src/**.rs' + - 'src/rust/sample/src/**.rs' + - '.github/workflows/pr-check-rust.yaml' + workflow_dispatch: + +jobs: + codescan: + runs-on: ubuntu-latest + steps: + - name: Checkout PR + uses: actions/checkout@v3 + + - name: Set up Rust action + uses: actions-rs/toolchain@v1 + with: + toolchain: 1.70.0 + + - name: Install dependencies + run: | + sudo apt update && yes | DEBIAN_FRONTEND=noninteractive sudo apt install -y libcryptsetup-dev clang protobuf-compiler protobuf-c-compiler libprotobuf-c-dev libprotobuf-c1 build-essential pkg-config libssl-dev + + - name: Run cargo check for VM SDK + run: | + cd src/rust/cctrusted_vm/ + cargo check + cargo fmt -- --check + cargo clippy + cargo install --locked cargo-deny + cargo deny check diff --git a/.github/workflows/pylicense.yaml b/.github/workflows/pylicense.yaml new file mode 100644 index 0000000..65b931c --- /dev/null +++ b/.github/workflows/pylicense.yaml @@ -0,0 +1,23 @@ +name: Python License Check + +on: + pull_request: + paths: + - 'src/**/*.py' + workflow_dispatch: + +jobs: + python-license-scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + - name: License Check + run: | + set -ex + sudo su -c 'source setupenv.sh && \ + python3 -m pip install liccheck && \ + for f in $(find -type f -name "requirements.txt"); do + python3 -m pip install -r $f; + liccheck -s .github/.license_check.ini -r $f; + done' diff --git a/.github/workflows/pylint.yaml b/.github/workflows/pylint.yaml new file mode 100644 index 0000000..5208836 --- /dev/null +++ b/.github/workflows/pylint.yaml @@ -0,0 +1,37 @@ +name: Python Code Scan + +on: + push: + branches: + - main + paths: + - 'src/**/*.py' + pull_request: + paths: + - 'src/**/*.py' + workflow_dispatch: + +jobs: + codescan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - uses: actions/setup-python@v4 + + - name: Analyze python code + run: | + set -ex + sudo su -c 'source setupenv.sh && \ + python3 -m pip install --upgrade pip && \ + python3 -m pip install pylint pydocstyle && \ + for f in $(find -type f -name "requirements.txt" -not -path "./venv/*"); do + python3 -m pip install -r $f; + done && \ + python_files=$(find ./ -name "*.py" -not -path "./venv/*" -print) && \ + if [[ -n "$python_files" ]]; then + echo "$python_files" | xargs -n 1 python3 -m pylint --rcfile=.github/pylintrc + #echo "$python_files" | xargs -n 1 python3 -m pydocstyle --convention=google + else + echo "No python files found." + fi' diff --git a/src/rust/README.md b/src/rust/README.md index 0c46df1..6eb8d31 100644 --- a/src/rust/README.md +++ b/src/rust/README.md @@ -19,7 +19,7 @@ cargo run --bin cc-sample-eventlog cargo run --bin cc-sample-quote ``` -Or, after build successfuly, we can also run the CLIs directly: +Or, after build successfully, we can also run the CLIs directly: ```bash cd sample @@ -44,4 +44,4 @@ The test is simple: ```bash cd cctrusted_vm cargo test -``` \ No newline at end of file +``` diff --git a/src/rust/cctrusted_vm/src/sdk.rs b/src/rust/cctrusted_vm/src/sdk.rs index 04bd575..a41d973 100644 --- a/src/rust/cctrusted_vm/src/sdk.rs +++ b/src/rust/cctrusted_vm/src/sdk.rs @@ -141,13 +141,13 @@ mod sdk_api_tests { return replay_results; } - fn _check_quote_rtmr(quote: & TdxQuote) { + fn _check_quote_rtmr(quote: &TdxQuote) { let replay_results = _replay_eventlog(); let rtmrs: [[u8; 48]; 4] = [ quote.body.rtmr0, quote.body.rtmr1, quote.body.rtmr2, - quote.body.rtmr3 + quote.body.rtmr3, ]; for r in replay_results { for digest in &r.digests { @@ -184,13 +184,14 @@ mod sdk_api_tests { let nonce = base64::encode(rand::thread_rng().gen::<[u8; 32]>()); let data = base64::encode(rand::thread_rng().gen::<[u8; 32]>()); - let expected_report_data = match Tdx::generate_tdx_report_data(Some(nonce.clone()), Some(data.clone())) { - Ok(r) => r, - Err(e) => { - assert_eq!(true, format!("{:?}", e).is_empty()); - return; - } - }; + let expected_report_data = + match Tdx::generate_tdx_report_data(Some(nonce.clone()), Some(data.clone())) { + Ok(r) => r, + Err(e) => { + assert_eq!(true, format!("{:?}", e).is_empty()); + return; + } + }; let report = match API::get_cc_report(Some(nonce.clone()), Some(data.clone()), ExtraArgs {}) { @@ -571,7 +572,10 @@ mod sdk_api_tests { ); let mut rng = rand::thread_rng(); let idx_max = usize::try_from(std::u32::MAX).unwrap(); - let idx: u32 = rng.gen_range(number_of_eventlogs + 1..idx_max).try_into().unwrap(); + let idx: u32 = rng + .gen_range(number_of_eventlogs + 1..idx_max) + .try_into() + .unwrap(); invalid_start = Some(idx); event_log = match API::get_cc_eventlog(invalid_start, None) { Ok(q) => q, @@ -712,8 +716,16 @@ mod sdk_api_tests { assert_ne!(replay_results.len(), 0); for r in replay_results { for digest in &r.digests { - assert!(r.imr_index < measure_count.into(), "{} out of range!", r.imr_index); - _check_imr(r.imr_index.try_into().unwrap(), digest.algo_id, &digest.hash) + assert!( + r.imr_index < measure_count.into(), + "{} out of range!", + r.imr_index + ); + _check_imr( + r.imr_index.try_into().unwrap(), + digest.algo_id, + &digest.hash, + ) } } } @@ -761,6 +773,9 @@ mod sdk_api_tests { return; } }; - assert!(replay_results.len() == 0, "Invalid event log should not be replayed!"); + assert!( + replay_results.len() == 0, + "Invalid event log should not be replayed!" + ); } }