You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by ms...@apache.org on 2020/04/09 06:29:20 UTC
[incubator-teaclave] 03/03: [tests] Fix Python attestation function
under DCAP and SW
This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
commit 45aa8fb6804f540200fd4f4473b2129dc4b86518
Author: Mingshen Sun <bo...@mssun.me>
AuthorDate: Wed Apr 8 21:47:37 2020 -0700
[tests] Fix Python attestation function under DCAP and SW
---
cmake/TeaclaveGenVars.cmake | 1 +
tests/scripts/functional_tests.py | 27 ++++++++++++++++++---------
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/cmake/TeaclaveGenVars.cmake b/cmake/TeaclaveGenVars.cmake
index d06df48..726b905 100644
--- a/cmake/TeaclaveGenVars.cmake
+++ b/cmake/TeaclaveGenVars.cmake
@@ -115,6 +115,7 @@ set(TEACLAVE_COMMON_ENVS
TEACLAVE_SYMLINKS=${TEACLAVE_SYMLINKS}
SGX_SDK=${SGX_SDK}
SGX_MODE=${SGX_MODE}
+ DCAP=${DCAP}
ENCLAVE_OUT_DIR=${ENCLAVE_OUT_DIR}
RUSTUP_TOOLCHAIN=${RUSTUP_TOOLCHAIN}
RUST_SGX_SDK=${RUST_SGX_SDK}
diff --git a/tests/scripts/functional_tests.py b/tests/scripts/functional_tests.py
index 3a0ae14..1cf4e2b 100755
--- a/tests/scripts/functional_tests.py
+++ b/tests/scripts/functional_tests.py
@@ -20,13 +20,18 @@ HOSTNAME = 'localhost'
AUTHENTICATION_SERVICE_ADDRESS = (HOSTNAME, 7776)
CONTEXT = ssl._create_unverified_context()
+if os.environ.get('DCAP'):
+ AS_ROOT_CERT_FILENAME = "dcap_root_ca_cert.pem"
+else:
+ AS_ROOT_CERT_FILENAME = "ias_root_ca_cert.pem"
+
if os.environ.get('TEACLAVE_PROJECT_ROOT'):
- IAS_ROOT_CA_CERT_PATH = os.environ['TEACLAVE_PROJECT_ROOT'] + \
- "/keys/ias_root_ca_cert.pem"
+ AS_ROOT_CA_CERT_PATH = os.environ['TEACLAVE_PROJECT_ROOT'] + \
+ "/keys/" + AS_ROOT_CERT_FILENAME
ENCLAVE_INFO_PATH = os.environ['TEACLAVE_PROJECT_ROOT'] + \
"/release/tests/enclave_info.toml"
else:
- IAS_ROOT_CA_CERT_PATH = "../../keys/ias_root_ca_cert.pem"
+ AS_ROOT_CA_CERT_PATH = "../../keys/" + AS_ROOT_CERT_FILENAME
ENCLAVE_INFO_PATH = "../../release/tests/enclave_info.toml"
@@ -44,6 +49,9 @@ def read_message(sock):
def verify_report(cert, endpoint_name):
+ if os.environ.get('SGX_MODE') == 'SW':
+ return
+
cert = x509.load_der_x509_certificate(cert, default_backend())
ext = json.loads(cert.extensions[0].value.value)
@@ -52,13 +60,14 @@ def verify_report(cert, endpoint_name):
signing_cert = bytes(ext["signing_cert"])
signing_cert = load_certificate(FILETYPE_ASN1, signing_cert)
- # verify signing cert with IAS root cert
- with open(IAS_ROOT_CA_CERT_PATH) as f:
- ias_root_ca_cert = f.read()
- ias_root_ca_cert = load_certificate(FILETYPE_PEM, ias_root_ca_cert)
+ # verify signing cert with AS root cert
+ with open(AS_ROOT_CA_CERT_PATH) as f:
+ as_root_ca_cert = f.read()
+ as_root_ca_cert = load_certificate(FILETYPE_PEM, as_root_ca_cert)
store = X509Store()
- store.add_cert(ias_root_ca_cert)
- store_ctx = X509StoreContext(store, signing_cert)
+ store.add_cert(as_root_ca_cert)
+ store.add_cert(signing_cert)
+ store_ctx = X509StoreContext(store, as_root_ca_cert)
store_ctx.verify_certificate()
# verify report's signature
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org