Metadata-Version: 2.4
Name: dk-tee-attestation
Version: 0.3.1
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: System :: Hardware
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Rust
Requires-Dist: cryptography>=46.0.0
Requires-Dist: requests>=2.32.0
Summary: TEE attestation library for AMD SEV-SNP and Intel TDX platforms
Keywords: tee,attestation,sev-snp,tdx,confidential-computing,amd,intel
Author: DataKrypto
Requires-Python: >=3.8
Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
Project-URL: Documentation, https://docs.datakrypto.ai
Project-URL: Homepage, https://datakrypto.ai
Project-URL: Repository, https://devops.datakrypto.com/DataKrypto/_git/fhenom_tee_attestation

# FHEnom TEE Attestation Library

A Python library for generating and verifying TEE (Trusted Execution Environment) attestation reports across different hardware platforms.

## Features

- **Multi-Platform Support**: AMD SEV-SNP and Intel TDX
- **Unified API**: Single interface for all TEE platforms
- **Cryptographic Verification**: Full certificate chain validation
- **Production Ready**: Used in FHEnom AI confidential computing platform

## Supported Platforms

- ✅ **AMD SEV-SNP** (Secure Encrypted Virtualization - Secure Nested Paging)
- 🚧 **Intel TDX** (Trust Domain Extensions) - Coming soon

## Basic Installation (Python API only)

```bash
pip install dk-tee-attestation
```

## Quick Start

### Generate an Attestation Report (Inside TEE)

```python
from dk_tee_attestation import AttestationEngineFactory, AttestationEngineType

# Create AMD SEV-SNP engine
engine = AttestationEngineFactory.get(AttestationEngineType.AMD_SEV_SNP)

# Generate report with nonce (must be 64 bytes)
nonce = b"your_nonce_here" + b"\x00" * (64 - len(b"your_nonce_here"))
report_bytes = engine.get_report(nonce)

# Save for verification
with open("attestation_report.bin", "wb") as f:
    f.write(report_bytes)
```

### Verify an Attestation Report (Verifier Side)

```python
from dk_tee_attestation import AttestationEngineFactory, AttestationEngineType

# Create engine
engine = AttestationEngineFactory.get(AttestationEngineType.AMD_SEV_SNP)

# Load report
with open("attestation_report.bin", "rb") as f:
    report_bytes = f.read()

# Verify (raises exception on failure)
nonce = b"your_nonce_here" + b"\x00" * (64 - len(b"your_nonce_here"))
try:
    engine.verify_report(report_bytes, nonce)
    print("✓ Attestation verified successfully!")
except Exception as e:
    print(f"✗ Verification failed: {e}")
```

## API Reference

### `AttestationEngine`

Base interface for TEE attestation engines.

---

### `get_report(report_data: bytes) -> bytes`

Generate a TEE attestation report.

**Parameters**
- `report_data` (`bytes`): Nonce / challenge. **Must be exactly 64 bytes**.

**Returns**
- `bytes`: Raw attestation report.

**Raises**
- `AttestationError`: If report generation fails.

---

### `verify_report(report_bytes: bytes, expected_report_data: bytes) -> None`

Verify a TEE attestation report.

**Parameters**
- `report_bytes` (`bytes`): Raw attestation report to verify.
- `expected_report_data` (`bytes`): Expected nonce. **Must be exactly 64 bytes**.

**Returns**
- `None`: Verification succeeded.

**Raises**
- `AttestationError`: If verification fails.

## Verification Process

### AMD SEV-SNP Verification Steps

1. **Parse Report**: Extract structured data from raw bytes
2. **Validate Nonce**: Ensure nonce matches expected value
3. **Fetch Certificates**: Retrieve ARK, ASK, and VCEK from AMD KDS
4. **Verify Chain**: Validate certificate chain signatures
5. **Check Metadata**: Ensure TCB and hardware ID match
6. **Verify Signature**: Validate report signature with VCEK

### INTEL-TDX Verification Steps
🚧 - Coming soon

## Platform-Specific Notes

### AMD SEV-SNP

- Requires access to `/dev/sev-guest` device for report generation
- Fetches certificates from AMD Key Distribution Service (KDS)
- Supports Milan, Genoa, and Turin processor families

### Intel TDX

- 🚧 Coming soon

## Integration with FHEnom AI

This library is integrated into the [FHEnom AI SDK](https://pypi.org/project/fhenomai/):

```bash
# Install FHEnom AI with attestation support
pip install fhenomai

# Use via FHEnom AI client
from fhenomai import FHEnomClient

client = FHEnomClient.from_config()
result = client.admin.verify_attestation(report_bytes, nonce_hex)
```

## Requirements

- Python >= 3.8
- cryptography >= 46.0.0
- requests >= 2.32.0

## Use Cases

- **Remote Attestation**: Prove code runs in genuine TEE
- **Zero-Trust Security**: Establish trust before sensitive operations
- **Compliance**: Demonstrate hardware-backed security
- **Confidential Computing**: Verify encrypted model execution

## License

TBD

