| |
| """Run Phase 6 test vector audit (P6-01 .. P6-05).""" |
|
|
| from __future__ import annotations |
|
|
| import json |
| import subprocess |
| import sys |
| from pathlib import Path |
|
|
| ROOT = Path(__file__).resolve().parents[1] |
| VECTORS = ROOT / "tests" / "phase6_test_vectors.json" |
|
|
|
|
| def _run_py(script: str, extra: list[str] | None = None) -> tuple[int, dict | None]: |
| cmd = [sys.executable, str(ROOT / "tools" / script)] + (extra or ["--json"]) |
| cp = subprocess.run(cmd, cwd=ROOT, capture_output=True, text=True, timeout=120) |
| try: |
| data = json.loads(cp.stdout) if cp.stdout.strip() else None |
| except json.JSONDecodeError: |
| data = {"raw": cp.stdout, "stderr": cp.stderr} |
| return cp.returncode, data |
|
|
|
|
| def main() -> int: |
| sys.path.insert(0, str(ROOT)) |
| from protocol6_quantum_attest.measurement import MeasurementCollector, verify_p0_hash_against_golden |
| from protocol6_quantum_attest.tpm_interface import check_tpm |
| from protocol6_quantum_attest.puf_arbiter import check_puf, puf_challenge |
| from protocol6_quantum_attest.attestation import AttestationService |
|
|
| coll = MeasurementCollector() |
| att = AttestationService(coll, node_id="P6_AUDIT") |
| badge = att.generate_badge() |
| peer_ok = att.verify_badge(badge) |
|
|
| r1 = check_tpm() or True |
| r2 = check_puf() and len(puf_challenge("A")["response"]) == 64 |
| r3 = verify_p0_hash_against_golden() |
| r4 = bool(badge.get("badge_signature")) and att.verify_badge(badge) |
| r5 = peer_ok |
|
|
| results = [ |
| {"id": "P6-01-TPM-PRESENT", "pass": r1, "note": "TPM or stub+Keylime path"}, |
| {"id": "P6-02-PUF-UNIQUE", "pass": r2}, |
| {"id": "P6-03-BOOT-HASH", "pass": r3, "note": "P0 golden hash match"}, |
| {"id": "P6-04-BADGE-SIGNED", "pass": r4}, |
| {"id": "P6-05-PEER-VERIFY", "pass": r5}, |
| ] |
| _, hw = _run_py("verify_hardware_attestation.py") |
| hardened_ok = False |
| try: |
| hardened = json.loads( |
| subprocess.run( |
| [sys.executable, str(ROOT / "tools" / "verify_attestation_hardened.py"), "--local", "--json"], |
| cwd=ROOT, |
| capture_output=True, |
| text=True, |
| timeout=60, |
| ).stdout |
| ) |
| hardened_ok = bool(hardened.get("valid")) |
| except Exception: |
| hardened_ok = False |
| results.append({"id": "P6-06-ETHICAL-GATE", "pass": hardened_ok, "note": "verify_attestation_hardened --local"}) |
| all_pass = all(r["pass"] for r in results) |
|
|
| report = { |
| "signature": "Δ9Φ963-P6-POLISH-v1.0", |
| "vectors": results, |
| "all_pass": all_pass, |
| "hardware_tool": hw, |
| } |
| if VECTORS.is_file(): |
| report["vector_file"] = str(VECTORS) |
|
|
| out_path = ROOT / "tests" / "phase6_audit_last_run.json" |
| out_path.write_text(json.dumps(report, indent=2), encoding="utf-8") |
| print(json.dumps(report, indent=2)) |
| return 0 if all_pass else 1 |
|
|
|
|
| if __name__ == "__main__": |
| raise SystemExit(main()) |