Coverage for adm_sgx.py: 83%

52 statements  

« prev     ^ index     » next       coverage.py v7.5.3, created at 2025-07-10 13:43 +0000

1# The MIT License (MIT) 

2# 

3# Copyright (c) 2021 RSK Labs Ltd 

4# 

5# Permission is hereby granted, free of charge, to any person obtaining a copy of 

6# this software and associated documentation files (the "Software"), to deal in 

7# the Software without restriction, including without limitation the rights to 

8# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 

9# of the Software, and to permit persons to whom the Software is furnished to do 

10# so, subject to the following conditions: 

11# 

12# The above copyright notice and this permission notice shall be included in all 

13# copies or substantial portions of the Software. 

14# 

15# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 

16# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 

17# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 

18# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 

19# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 

20# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 

21# SOFTWARE. 

22 

23import sys 

24from argparse import ArgumentParser 

25import logging 

26from ledger.hsm2dongle import HSM2DongleError 

27from comm.platform import Platform 

28from admin.misc import not_implemented, info, AdminError, DEFAULT_ATT_UD_SOURCE 

29from admin.unlock import do_unlock 

30from admin.onboard import do_onboard 

31from admin.pubkeys import do_get_pubkeys 

32from admin.changepin import do_changepin 

33from admin.sgx_attestation import do_attestation 

34from admin.verify_sgx_attestation import do_verify_attestation 

35from admin.migrate_db import do_migrate_db 

36 

37 

38def main(): 

39 logging.disable(logging.CRITICAL) 

40 

41 actions = { 

42 "unlock": do_unlock, 

43 "onboard": do_onboard, 

44 "pubkeys": do_get_pubkeys, 

45 "changepin": do_changepin, 

46 "attestation": do_attestation, 

47 "verify_attestation": do_verify_attestation, 

48 "migrate_db": do_migrate_db, 

49 } 

50 

51 parser = ArgumentParser(description="SGX powHSM Administrative tool") 

52 parser.add_argument("operation", choices=list(actions.keys())) 

53 parser.add_argument( 

54 "-p", 

55 "--port", 

56 dest="sgx_port", 

57 help="SGX powHSM listening port (default 7777)", 

58 type=int, 

59 default=7777, 

60 ) 

61 parser.add_argument( 

62 "-s", 

63 "--host", 

64 dest="sgx_host", 

65 help="SGX powHSM host. (default 'localhost')", 

66 default="localhost", 

67 ) 

68 parser.add_argument("-P", "--pin", dest="pin", help="PIN.") 

69 parser.add_argument( 

70 "-n", 

71 "--newpin", 

72 dest="new_pin", 

73 help="New PIN (only valid for 'changepin' operation).", 

74 ) 

75 parser.add_argument( 

76 "-a", 

77 "--anypin", 

78 dest="any_pin", 

79 action="store_const", 

80 help="Allow any pin (only valid for 'changepin' operation).", 

81 default=False, 

82 const=True, 

83 ) 

84 parser.add_argument( 

85 "-o", 

86 "--output", 

87 dest="output_file_path", 

88 help="Output file (only valid for 'onboard', 'pubkeys' and 'attestation' " 

89 "operations).", 

90 ) 

91 parser.add_argument( 

92 "-u", 

93 "--nounlock", 

94 dest="no_unlock", 

95 action="store_const", 

96 help="Do not attempt to unlock (only valid for 'changepin' and 'pubkeys' " 

97 "operations).", 

98 default=False, 

99 const=True, 

100 ) 

101 parser.add_argument( 

102 "--attudsource", 

103 dest="attestation_ud_source", 

104 default=DEFAULT_ATT_UD_SOURCE, 

105 help="JSON-RPC endpoint used to retrieve the latest RSK block hash used " 

106 "as the user defined value for the attestation (defaults to " 

107 f"{DEFAULT_ATT_UD_SOURCE}). Can also specify a 32-byte hex string to use as" 

108 " the value.", 

109 ) 

110 parser.add_argument( 

111 "-t", 

112 "--attcert", 

113 dest="attestation_certificate_file_path", 

114 help="Attestation key certificate file (only valid for " 

115 "'verify_attestation' operation).", 

116 ) 

117 parser.add_argument( 

118 "-r", 

119 "--root", 

120 dest="root_authority", 

121 help="Root attestation authority (only valid for 'verify_attestation' " 

122 "operation). Defaults to Intel SGX's root authority.", 

123 ) 

124 parser.add_argument( 

125 "-b", 

126 "--pubkeys", 

127 dest="pubkeys_file_path", 

128 help="Public keys file (only valid for 'verify_attestation' operation).", 

129 ) 

130 parser.add_argument( 

131 "--dest-port", 

132 dest="destination_sgx_port", 

133 help="Destination SGX powHSM listening port (default 3333) " 

134 "(only valid for 'migrate_db' operations)", 

135 type=int, 

136 default=3333, 

137 ) 

138 parser.add_argument( 

139 "--dest-host", 

140 dest="destination_sgx_host", 

141 help="Destination SGX powHSM host. (default 'localhost') " 

142 "(only valid for 'migrate_db' operations)", 

143 default="localhost", 

144 ) 

145 parser.add_argument( 

146 "-z", 

147 "--migauth", 

148 dest="migration_authorization_file_path", 

149 help="Migration authorization file (only valid for 'migrate_db' " 

150 "operation).", 

151 ) 

152 parser.add_argument( 

153 "-v", 

154 "--verbose", 

155 dest="verbose", 

156 action="store_const", 

157 help="Enable verbose mode", 

158 default=False, 

159 const=True, 

160 ) 

161 

162 try: 

163 options = parser.parse_args() 

164 Platform.set(Platform.SGX, { 

165 "sgx_host": options.sgx_host, 

166 "sgx_port": options.sgx_port, 

167 }) 

168 actions.get(options.operation, not_implemented)(options) 

169 sys.exit(0) 

170 except AdminError as e: 

171 info(str(e)) 

172 sys.exit(1) 

173 except HSM2DongleError as e: 

174 info(str(e)) 

175 sys.exit(2) 

176 except KeyboardInterrupt: 

177 info("Interrupted by user!") 

178 sys.exit(3) 

179 except Exception as e: 

180 info(str(e)) 

181 sys.exit(4) 

182 

183 

184if __name__ == "__main__": 

185 main()