-
Notifications
You must be signed in to change notification settings - Fork 0
/
cmac_attestation.py
41 lines (30 loc) · 1.11 KB
/
cmac_attestation.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
from .base import AttestationBase
class CmacAttestation(AttestationBase):
def __init__(self, secret: bytes, ciphermod=AES):
self._secret = secret
self._mod = ciphermod
if isinstance(ciphermod.key_size, int):
assert len(secret) == ciphermod.key_size
else:
assert len(secret) in ciphermod.key_size
@staticmethod
def load(path, *args, **kwargs):
from pathlib import Path
key = Path(path).read_bytes()
return CmacAttestation(key, *args, **kwargs)
def _common(self, raw: bytes):
return CMAC.new(self._secret, msg=raw, ciphermod=self._mod)
def _generate(self, raw: bytes) -> bytes:
h = self._common(raw)
return h.digest()
def _verify(self, raw: bytes, quote: bytes):
h = self._common(raw)
h.verify(quote)
if __name__ == "__main__":
from pathlib import Path
from Crypto.Random import get_random_bytes
secret = get_random_bytes(AES.key_size[-1])
Path('csecret.bin').write_bytes(secret)
a = CmacAttestation(secret)