Skip to content

Commit

Permalink
feat: add cli based verify
Browse files Browse the repository at this point in the history
  • Loading branch information
Leechael committed Nov 9, 2024
1 parent b277e81 commit 2fbc5ea
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 0 deletions.
2 changes: 2 additions & 0 deletions dcap-attestation/src/dcap_attestation/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
from . import crud
from .quote import Quote
from .database import get_db
from .verify import verify_quote_with_collateral


class VerificationResponse(BaseModel):
Expand All @@ -30,6 +31,7 @@ async def verify(file: UploadFile = File(...), db: Session = Depends(get_db)):
succeed, quote = Quote.safeParse(content)
record = VerificationResponse(success=succeed, quote=quote)
if record.success:
quote.verified = verify_quote_with_collateral(content)
row = crud.create_quote(db, quote)
record.checksum = row.checksum
return JSONResponse(content=record.dict())
Expand Down
5 changes: 5 additions & 0 deletions dcap-attestation/src/dcap_attestation/crud.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@ def create_quote(db: Session, quote: schemas.Quote):
checksum = hashlib.sha256(str(quote.dict()).encode()).hexdigest()
exists = db.query(models.QuoteModel).filter(models.QuoteModel.checksum == checksum).first()
if exists:
if exists.verified != quote.verified:
exists.verified = quote.verified
db.add(exists)
db.commit()
db.refresh(exists)
return exists
db_quote = models.QuoteModel(
version=quote.header.version,
Expand Down
23 changes: 23 additions & 0 deletions dcap-attestation/src/dcap_attestation/verify.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
import os
import subprocess
import tempfile

def verify_quote_with_collateral(bin: bytes, dcap_qvl_path: str = "dcap-qvl") -> bool:
try:
with tempfile.NamedTemporaryFile(mode='wb', delete=False) as temp_file:
temp_path = temp_file.name
temp_file.write(bin)
try:
result = subprocess.run(
[dcap_qvl_path, "verify", temp_path],
capture_output=True,
text=True
)
return result.returncode == 0
finally:
if os.path.exists(temp_path):
os.unlink(temp_path)
except FileNotFoundError:
raise FileNotFoundError(f"dcap-qvl is not found: {dcap_qvl_path}")
except Exception as e:
raise Exception(f"Unknown error: {str(e)}")

0 comments on commit 2fbc5ea

Please sign in to comment.