fix: fail closed python tee attestations

Author: ramtamilselvan

sdk/python/tests/test_tee_attestation.py

@@ -13,7 +13,7 @@ def test_defaults(self) -> None:
 
 class TestAttestationVerifier:
     def test_verify_valid(self) -> None:
-        verifier = AttestationVerifier()
+        verifier = AttestationVerifier(signature_verifier=lambda evidence: True)
         verifier.register_trusted_hash(TEEPlatform.SGX, "abc123")
         evidence = AttestationEvidence(
             platform=TEEPlatform.SGX,
@@ -96,7 +96,7 @@ def test_verify_no_trusted_hashes_for_platform(self) -> None:
         assert any("No trusted" in e for e in result.errors)
 
     def test_verify_short_signature(self) -> None:
-        verifier = AttestationVerifier()
+        verifier = AttestationVerifier(signature_verifier=lambda evidence: True)
         verifier.register_trusted_hash(TEEPlatform.SGX, "abc")
         evidence = AttestationEvidence(
             platform=TEEPlatform.SGX,
@@ -108,8 +108,50 @@ def test_verify_short_signature(self) -> None:
         assert result.valid is False
         assert any("too short" in e.lower() for e in result.errors)
 
-    def test_register_trusted_hash_case_insensitive(self) -> None:
+    def test_verify_requires_signature_verifier(self) -> None:
         verifier = AttestationVerifier()
+        verifier.register_trusted_hash(TEEPlatform.SGX, "abc")
+        evidence = AttestationEvidence(
+            platform=TEEPlatform.SGX,
+            enclave_hash="abc",
+            signature="sig123456",
+            certificates=["cert"],
+        )
+        result = verifier.verify(evidence)
+        assert result.valid is False
+        assert any("not configured" in e for e in result.errors)
+
+    def test_verify_rejects_signature_verifier_failure(self) -> None:
+        verifier = AttestationVerifier(signature_verifier=lambda evidence: False)
+        verifier.register_trusted_hash(TEEPlatform.SGX, "abc")
+        evidence = AttestationEvidence(
+            platform=TEEPlatform.SGX,
+            enclave_hash="abc",
+            signature="sig123456",
+            certificates=["cert"],
+        )
+        result = verifier.verify(evidence)
+        assert result.valid is False
+        assert any("signature verification failed" in e.lower() for e in result.errors)
+
+    def test_verify_rejects_signature_verifier_exception(self) -> None:
+        def failing_verifier(evidence: AttestationEvidence) -> bool:
+            raise ValueError("bad chain")
+
+        verifier = AttestationVerifier(signature_verifier=failing_verifier)
+        verifier.register_trusted_hash(TEEPlatform.SGX, "abc")
+        evidence = AttestationEvidence(
+            platform=TEEPlatform.SGX,
+            enclave_hash="abc",
+            signature="sig123456",
+            certificates=["cert"],
+        )
+        result = verifier.verify(evidence)
+        assert result.valid is False
+        assert any("bad chain" in e for e in result.errors)
+
+    def test_register_trusted_hash_case_insensitive(self) -> None:
+        verifier = AttestationVerifier(signature_verifier=lambda evidence: True)
         verifier.register_trusted_hash(TEEPlatform.SGX, "ABC123")
         evidence = AttestationEvidence(
             platform=TEEPlatform.SGX,
@@ -126,7 +168,7 @@ def test_compute_expected_hash(self) -> None:
         assert len(h) == 64  # hex-encoded 32 bytes
 
     def test_register_multiple_hashes(self) -> None:
-        verifier = AttestationVerifier()
+        verifier = AttestationVerifier(signature_verifier=lambda evidence: True)
         verifier.register_trusted_hash(TEEPlatform.SGX, "hash1")
         verifier.register_trusted_hash(TEEPlatform.SGX, "hash2")
         e1 = AttestationEvidence(

sdk/python/zeroid/tee/attestation.py

@@ -7,10 +7,13 @@
 from __future__ import annotations
 
 from dataclasses import dataclass, field
+from typing import Callable
 
 from zeroid.crypto.hashing import keccak256
 from zeroid.tee.types import AttestationEvidence, TEEPlatform
 
+SignatureVerifier = Callable[[AttestationEvidence], bool]
+
 
 @dataclass(frozen=True)
 class AttestationResult:
@@ -36,9 +39,16 @@ class AttestationVerifier:
     attestation evidence against them.
     """
 
-    def __init__(self) -> None:
-        """Initialize the verifier with empty trusted measurements."""
+    def __init__(self, signature_verifier: SignatureVerifier | None = None) -> None:
+        """Initialize the verifier with empty trusted measurements.
+
+        Args:
+            signature_verifier: Platform-specific attestation verifier. It must
+                validate the evidence signature and certificate chain before the
+                attestation can be accepted.
+        """
         self._trusted_hashes: dict[TEEPlatform, set[str]] = {}
+        self._signature_verifier = signature_verifier
 
     def register_trusted_hash(
         self, platform: TEEPlatform, enclave_hash: str
@@ -60,7 +70,8 @@ def verify(self, evidence: AttestationEvidence) -> AttestationResult:
         - Evidence is complete (hash, signature, certificates)
         - Platform is supported (not UNKNOWN)
         - Enclave hash is in the trusted set for the platform
-        - Signature structure is valid (mock check)
+        - Signature and certificate chain are cryptographically verified by the
+          configured platform verifier
 
         Args:
             evidence: The attestation evidence to verify.
@@ -99,10 +110,20 @@ def verify(self, evidence: AttestationEvidence) -> AttestationResult:
         elif evidence.enclave_hash.lower() not in trusted:
             errors.append("Enclave hash not in trusted set")
 
-        # Mock signature verification
         if evidence.signature and len(evidence.signature) < 8:
             errors.append("Signature too short")
 
+        if self._signature_verifier is None:
+            errors.append("TEE attestation signature verifier is not configured")
+        else:
+            try:
+                signature_valid = self._signature_verifier(evidence)
+            except Exception as exc:  # pragma: no cover - exact verifier errors vary
+                errors.append(f"TEE attestation signature verification failed: {exc}")
+            else:
+                if not signature_valid:
+                    errors.append("TEE attestation signature verification failed")
+
         return AttestationResult(
             valid=len(errors) == 0,
             platform=evidence.platform,