alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-08 04:02:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d24e09393d12fc548ab8026bfde7aae2e6378d6f
esp-idf/examples/security/tee/tee_attestation/pytest_tee_attestation.py

60 lines
2.1 KiB
Python
Raw Blame History

# SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Unlicense OR CC0-1.0
import hashlib
import json
import logging
from typing import Any
import pytest
from cryptography.hazmat.primitives.asymmetric import utils
from ecdsa.curves import NIST256p
from ecdsa.keys import VerifyingKey
from ecdsa.util import sigdecode_der
from pytest_embedded import Dut
def verify_att_token_signature(att_tk: str) -> Any:
# Parsing the token
tk_info = json.loads(att_tk)
# Fetching the data to be verified
tk_hdr_val = json.dumps(tk_info['header'], separators=(',', ':')).encode('latin-1')
tk_eat_val = json.dumps(tk_info['eat'], separators=(',', ':')).encode('latin-1')
tk_pubkey_val = json.dumps(tk_info['public_key'], separators=(',', ':')).encode('latin-1')
# Pre-hashing the data
ctx = hashlib.new('sha256')
ctx.update(tk_hdr_val)
ctx.update(tk_eat_val)
ctx.update(tk_pubkey_val)
digest = ctx.digest()
# Fetching the public key
tk_pubkey_c = bytes.fromhex(tk_info['public_key']['compressed'])
# Fetching the appended signature
tk_sign_r = bytes.fromhex(tk_info['sign']['r'])
tk_sign_s = bytes.fromhex(tk_info['sign']['s'])
# Construct the signature using the R and S components
signature = utils.encode_dss_signature(int.from_bytes(tk_sign_r, 'big'), int.from_bytes(tk_sign_s, 'big'))
# Uncompress the public key and verify the signature
vk = VerifyingKey.from_string(tk_pubkey_c, NIST256p, hashfunc=hashlib.sha256)
return vk.verify_digest(signature, digest, sigdecode=sigdecode_der)
@pytest.mark.esp32c6
@pytest.mark.generic
def test_example_tee_attestation(dut: Dut) -> None:
# Erase the TEE secure_storage partition
dut.serial.erase_partition('secure_storage')
# Start test
dut.expect('TEE Attestation Service', timeout=30)
dut.expect(r'Attestation token - Length: (\d+)', timeout=30)
att_tk = dut.expect(r"'(.*?)'", timeout=30)[1].decode()
assert verify_att_token_signature(att_tk)
logging.info('Attestation token - Signature verified!')
Reference in New Issue View Git Blame Copy Permalink