Python package to verify Intel SGX ECDSA-based quotes

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mithrilsecuritysas from gravatar.com mithrilsecuritysas

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache-2.0

Author: Mithril Security

Requires: Python >=3.7

Project description

SGX DCAP quote verify for Python

This package provides a Python binding to the SGX Quote Verification Library (QVL), which is the reference implementation of ECDSA-based SGX quote verification. It allows you to verify ECDSA-based quotes generated by the Intel provided Quoting Enclave in Python.

Usage

import sgx_dcap_quote_verify

from pathlib import Path
from datetime import datetime

# You can download the trusted root CA in PEM format directly from Intel at :
# <https://certificates.trustedservices.intel.com/Intel_SGX_Provisioning_Certification_RootCA.pem>
trusted_root_ca_certificate = Path("path/to/root_ca_certificate.pem").read_text()

# Get the quote and the collateral from the service you want to attest
pck_certificate = Path("path/to/pck_certificate.pem").read_text()
pck_signing_chain = Path("path/to/pck_signing_chain.pem").read_text()
root_ca_crl = Path("/path/to/root_ca_crl.pem").read_text()
intermediate_ca_crl = Path("/path/to/intermediate_ca_crl.pem").read_text()
tcb_info = Path("/path/to/tcb_info.json").read_text()
tcb_signing_chain = Path("/path/to/tcb_signing_chain.pem").read_text()
quote = Path("/path/to/quote.dat").read_bytes()
qe_identity = Path("/path/to/qe_identity.json").read_text()

# Set the date used to check if the collateral (certificates,CRLs...) is still valid
# Except for test purposes it should be set to the current time as is done below
expiration_date = datetime.now()

# Use the package to check the validity of the quote
attestation_result = sgx_dcap_quote_verify.verify(
    trusted_root_ca_certificate,
    pck_certificate,
    pck_signing_chain,
    root_ca_crl,
    intermediate_ca_crl,
    tcb_info,
    tcb_signing_chain,
    quote,
    qe_identity,
    expiration_date,
)

assert attestation_result.ok
assert (
    attestation_result.pck_certificate_status
    == sgx_dcap_quote_verify.VerificationStatus.STATUS_OK
)
assert (
    attestation_result.tcb_info_status
    == sgx_dcap_quote_verify.VerificationStatus.STATUS_OK
)
assert (
    attestation_result.qe_identity_status
    == sgx_dcap_quote_verify.VerificationStatus.STATUS_OK
)
assert (
    attestation_result.quote_status
    == sgx_dcap_quote_verify.VerificationStatus.STATUS_OK
)

# The attestation result contains the report data, which includes the MR_ENCLAVE
print("mr_enclave =", attestation_result.enclave_report.mr_enclave)

Disclaimer : This package is not endorsed by Intel Corporation. It is provided as is, use it at your own risk.

License

The source code of the binding is provided under Apache-2.0 license.

This software also uses the SGX Quote Verification Library, which is licensed under BSD license. Distribution of the software as a whole, including the external library, may be subject to the terms of the external library's license.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mithrilsecuritysas from gravatar.com mithrilsecuritysas

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache-2.0

Author: Mithril Security

Requires: Python >=3.7


Release history Release notifications | RSS feed

This version

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sgx-dcap-quote-verify-python-0.0.3.tar.gz (705.4 kB view hashes)

Uploaded Source

Built Distributions

sgx_dcap_quote_verify_python-0.0.3-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.6 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ x86-64

sgx_dcap_quote_verify_python-0.0.3-pp39-pypy39_pp73-macosx_10_9_x86_64.whl (1.3 MB view hashes)

Uploaded PyPy macOS 10.9+ x86-64

sgx_dcap_quote_verify_python-0.0.3-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.6 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ x86-64

sgx_dcap_quote_verify_python-0.0.3-pp38-pypy38_pp73-macosx_10_9_x86_64.whl (1.3 MB view hashes)

Uploaded PyPy macOS 10.9+ x86-64

sgx_dcap_quote_verify_python-0.0.3-pp37-pypy37_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.6 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ x86-64

sgx_dcap_quote_verify_python-0.0.3-pp37-pypy37_pp73-macosx_10_9_x86_64.whl (1.3 MB view hashes)

Uploaded PyPy macOS 10.9+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp311-cp311-musllinux_1_1_x86_64.whl (2.1 MB view hashes)

Uploaded CPython 3.11 musllinux: musl 1.1+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.6 MB view hashes)

Uploaded CPython 3.11 manylinux: glibc 2.17+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp311-cp311-macosx_10_9_x86_64.whl (1.4 MB view hashes)

Uploaded CPython 3.11 macOS 10.9+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp310-cp310-musllinux_1_1_x86_64.whl (2.1 MB view hashes)

Uploaded CPython 3.10 musllinux: musl 1.1+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.6 MB view hashes)

Uploaded CPython 3.10 manylinux: glibc 2.17+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp310-cp310-macosx_10_9_x86_64.whl (1.4 MB view hashes)

Uploaded CPython 3.10 macOS 10.9+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp39-cp39-musllinux_1_1_x86_64.whl (2.1 MB view hashes)

Uploaded CPython 3.9 musllinux: musl 1.1+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.6 MB view hashes)

Uploaded CPython 3.9 manylinux: glibc 2.17+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp39-cp39-macosx_10_9_x86_64.whl (1.4 MB view hashes)

Uploaded CPython 3.9 macOS 10.9+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp38-cp38-musllinux_1_1_x86_64.whl (2.1 MB view hashes)

Uploaded CPython 3.8 musllinux: musl 1.1+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.6 MB view hashes)

Uploaded CPython 3.8 manylinux: glibc 2.17+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp38-cp38-macosx_10_9_x86_64.whl (1.3 MB view hashes)

Uploaded CPython 3.8 macOS 10.9+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp37-cp37m-musllinux_1_1_x86_64.whl (2.1 MB view hashes)

Uploaded CPython 3.7m musllinux: musl 1.1+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.6 MB view hashes)

Uploaded CPython 3.7m manylinux: glibc 2.17+ x86-64

sgx_dcap_quote_verify_python-0.0.3-cp37-cp37m-macosx_10_9_x86_64.whl (1.3 MB view hashes)

Uploaded CPython 3.7m macOS 10.9+ x86-64

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page