You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by ms...@apache.org on 2020/04/09 06:29:20 UTC

[incubator-teaclave] 03/03: [tests] Fix Python attestation function under DCAP and SW

This is an automated email from the ASF dual-hosted git repository.

mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git

commit 45aa8fb6804f540200fd4f4473b2129dc4b86518
Author: Mingshen Sun <bo...@mssun.me>
AuthorDate: Wed Apr 8 21:47:37 2020 -0700

    [tests] Fix Python attestation function under DCAP and SW
---
 cmake/TeaclaveGenVars.cmake       |  1 +
 tests/scripts/functional_tests.py | 27 ++++++++++++++++++---------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/cmake/TeaclaveGenVars.cmake b/cmake/TeaclaveGenVars.cmake
index d06df48..726b905 100644
--- a/cmake/TeaclaveGenVars.cmake
+++ b/cmake/TeaclaveGenVars.cmake
@@ -115,6 +115,7 @@ set(TEACLAVE_COMMON_ENVS
     TEACLAVE_SYMLINKS=${TEACLAVE_SYMLINKS}
     SGX_SDK=${SGX_SDK}
     SGX_MODE=${SGX_MODE}
+    DCAP=${DCAP}
     ENCLAVE_OUT_DIR=${ENCLAVE_OUT_DIR}
     RUSTUP_TOOLCHAIN=${RUSTUP_TOOLCHAIN}
     RUST_SGX_SDK=${RUST_SGX_SDK}
diff --git a/tests/scripts/functional_tests.py b/tests/scripts/functional_tests.py
index 3a0ae14..1cf4e2b 100755
--- a/tests/scripts/functional_tests.py
+++ b/tests/scripts/functional_tests.py
@@ -20,13 +20,18 @@ HOSTNAME = 'localhost'
 AUTHENTICATION_SERVICE_ADDRESS = (HOSTNAME, 7776)
 CONTEXT = ssl._create_unverified_context()
 
+if os.environ.get('DCAP'):
+    AS_ROOT_CERT_FILENAME = "dcap_root_ca_cert.pem"
+else:
+    AS_ROOT_CERT_FILENAME = "ias_root_ca_cert.pem"
+
 if os.environ.get('TEACLAVE_PROJECT_ROOT'):
-    IAS_ROOT_CA_CERT_PATH = os.environ['TEACLAVE_PROJECT_ROOT'] + \
-        "/keys/ias_root_ca_cert.pem"
+    AS_ROOT_CA_CERT_PATH = os.environ['TEACLAVE_PROJECT_ROOT'] + \
+        "/keys/" + AS_ROOT_CERT_FILENAME
     ENCLAVE_INFO_PATH = os.environ['TEACLAVE_PROJECT_ROOT'] + \
         "/release/tests/enclave_info.toml"
 else:
-    IAS_ROOT_CA_CERT_PATH = "../../keys/ias_root_ca_cert.pem"
+    AS_ROOT_CA_CERT_PATH = "../../keys/" + AS_ROOT_CERT_FILENAME
     ENCLAVE_INFO_PATH = "../../release/tests/enclave_info.toml"
 
 
@@ -44,6 +49,9 @@ def read_message(sock):
 
 
 def verify_report(cert, endpoint_name):
+    if os.environ.get('SGX_MODE') == 'SW':
+        return
+
     cert = x509.load_der_x509_certificate(cert, default_backend())
     ext = json.loads(cert.extensions[0].value.value)
 
@@ -52,13 +60,14 @@ def verify_report(cert, endpoint_name):
     signing_cert = bytes(ext["signing_cert"])
     signing_cert = load_certificate(FILETYPE_ASN1, signing_cert)
 
-    # verify signing cert with IAS root cert
-    with open(IAS_ROOT_CA_CERT_PATH) as f:
-        ias_root_ca_cert = f.read()
-    ias_root_ca_cert = load_certificate(FILETYPE_PEM, ias_root_ca_cert)
+    # verify signing cert with AS root cert
+    with open(AS_ROOT_CA_CERT_PATH) as f:
+        as_root_ca_cert = f.read()
+    as_root_ca_cert = load_certificate(FILETYPE_PEM, as_root_ca_cert)
     store = X509Store()
-    store.add_cert(ias_root_ca_cert)
-    store_ctx = X509StoreContext(store, signing_cert)
+    store.add_cert(as_root_ca_cert)
+    store.add_cert(signing_cert)
+    store_ctx = X509StoreContext(store, as_root_ca_cert)
     store_ctx.verify_certificate()
 
     # verify report's signature


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org