From 722a7ba92dd01b4cc601da527de7902b8cc9532b Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar Date: Mon, 24 Jun 2024 10:07:53 +0100 Subject: [PATCH] e2e_tests: Add logging tests This test case covers mitigation 3 of the threat model. https://parallaxsecond.github.io/parsec-book/parsec_security/parsec_threat_model/threat_model.html It's ignored by default so that local testing is unaffected by it. On the CI we explicity run the test after diverting the parsec service logs to a log file. Signed-off-by: Gowtham Suresh Kumar --- ci.sh | 12 ++++++++ e2e_tests/tests/all_providers/logging.rs | 38 ++++++++++++++++++++++++ e2e_tests/tests/all_providers/mod.rs | 1 + 3 files changed, 51 insertions(+) create mode 100644 e2e_tests/tests/all_providers/logging.rs diff --git a/ci.sh b/ci.sh index 1f8f30c8..e8c12073 100755 --- a/ci.sh +++ b/ci.sh @@ -21,6 +21,7 @@ cleanup () { rm -f "NVChip" rm -f "e2e_tests/provider_cfg/tmp_config.toml" rm -f "parsec.sock" + rm -f parsec_logging.txt if [ -z "$NO_CARGO_CLEAN" ]; then cargo clean; fi } @@ -451,6 +452,17 @@ if [ "$PROVIDER_NAME" = "all" ]; then # Last test as it changes the service configuration echo "Execute all-providers config tests" RUST_BACKTRACE=1 cargo test $TEST_FEATURES --manifest-path ./e2e_tests/Cargo.toml all_providers::config -- --test-threads=1 + + stop_service + rm -rf mappings/ + rm -rf kim-mappings/ + rm -f *.psa_its + + # Redirect the parsec service logs to parsec_logging.txt and run "check_log_source" test to ensure that the + # logs contain the source module path. + RUST_LOG=info RUST_BACKTRACE=1 cargo run --release $FEATURES -- --config ./e2e_tests/provider_cfg/mbed-crypto/config.toml > parsec_logging.txt 2>&1 & + wait_for_service + RUST_BACKTRACE=1 cargo test $TEST_FEATURES --manifest-path ./e2e_tests/Cargo.toml all_providers::logging -- --ignored check_log_source else setup_mappings ondisk # Add the fake mappings for the key mappings test as well. The test will check that diff --git a/e2e_tests/tests/all_providers/logging.rs b/e2e_tests/tests/all_providers/logging.rs new file mode 100644 index 00000000..a0d759e1 --- /dev/null +++ b/e2e_tests/tests/all_providers/logging.rs @@ -0,0 +1,38 @@ +// Copyright 2024 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use e2e_tests::TestClient; +use parsec_client::core::interface::requests::ProviderId; +use std::fs; + +// Ignore this test case for manual test runs. This is executed on the CI after the parsec service logs are +// redirected to a log file (parsec_logging.txt) for testing purpose. +#[ignore] +#[test] +fn check_log_source() { + let mut client = TestClient::new(); + + // Perform key generation and encryption to generate expected logs + client.set_provider(ProviderId::MbedCrypto); + client.set_default_auth(Some("logging".to_string())); + client + .generate_rsa_sign_key(String::from("test_key")) + .unwrap(); + let _ = client + .asymmetric_encrypt_message_with_rsapkcs1v15(String::from("test_key"), vec![0xa5; 16]) + .unwrap_err(); + + // Read parsec log file contents + let logs: String = + fs::read_to_string("/tmp/parsec/parsec_logging.txt").expect("Failure in reading the file"); + + // Ensure logs contains INFO, WARN and ERROR message arising from different modules and crates + assert!(logs.contains( + "[INFO parsec_service::front::front_end] New request received without authentication" + )); + assert!(logs + .contains("[WARN parsec_service::key_info_managers::on_disk_manager] Saving Key Triple")); + assert!(logs.contains( + "[ERROR psa_crypto::types::key] Key attributes do not permit encrypting messages." + )); +} diff --git a/e2e_tests/tests/all_providers/mod.rs b/e2e_tests/tests/all_providers/mod.rs index ed8749d6..9b153cdf 100644 --- a/e2e_tests/tests/all_providers/mod.rs +++ b/e2e_tests/tests/all_providers/mod.rs @@ -3,5 +3,6 @@ mod config; mod cross; +mod logging; mod multitenancy; mod normal;