Unify method options accross iat-verifier scripts
Change-Id: I0c37b6eca74b882b4c58a6a4ab7fb43e3dd8fc12
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
diff --git a/iat-verifier/scripts/check_iat b/iat-verifier/scripts/check_iat
index 6994742..ca47e91 100755
--- a/iat-verifier/scripts/check_iat
+++ b/iat-verifier/scripts/check_iat
@@ -57,10 +57,11 @@
help='''
Report failure if unknown claim is encountered.
''')
- parser.add_argument('-m', '--method', choices=['sign', 'mac'], default='sign',
+ parser.add_argument('-m', '--method', choices=['sign', 'mac', 'raw'], default='sign',
help='''
Specify how this token is wrapped -- whether Sign1Message or
- Mac0Message COSE structure is used.
+ Mac0Message COSE structure is used. In case of 'raw' no COSE envelope is
+ expected.
''')
parser.add_argument('-t', '--token-type',
help='''The type of the Token.''',
@@ -74,8 +75,14 @@
config = VerifierConfiguration(keep_going=args.keep_going, strict=args.strict)
if args.method == 'mac':
method = AttestationTokenVerifier.SIGN_METHOD_MAC0
- else:
+ elif args.method == 'raw':
+ if args.key:
+ raise ValueError('A keyfile cannot be specified with --raw.')
+ method = AttestationTokenVerifier.SIGN_METHOD_RAW
+ elif args.method == 'sign':
method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
+ else:
+ assert False
key_checked = False
diff --git a/iat-verifier/scripts/compile_token b/iat-verifier/scripts/compile_token
index e060529..8ac2ccd 100755
--- a/iat-verifier/scripts/compile_token
+++ b/iat-verifier/scripts/compile_token
@@ -47,13 +47,12 @@
help='''Path to the key in PEM format that should be used to
sign the CCA Realm token. If this is not specified, the
token will be unsigned.''')
- group = parser.add_mutually_exclusive_group()
- group.add_argument('-r', '--raw', action='store_true',
- help='''Generate raw CBOR and do not create a signature
- or COSE wrapper.''')
- group.add_argument('-m', '--hmac', action='store_true',
- help='''Generate a token wrapped in a Mac0 rather than
- Sign1 COSE structure.''')
+ parser.add_argument('-m', '--method', choices=['sign', 'mac', 'raw'], default='sign',
+ help='''
+ Specify how this token is to be wrapped -- whether Sign1Message or
+ Mac0Message COSE structure is to be used. In case of 'raw' no COSE envelope is
+ added to the compiled token.
+ ''')
parser.add_argument('-t', '--token-type',
help='''The type of the Token.''',
choices=token_verifiers.keys(),
@@ -61,14 +60,16 @@
args = parser.parse_args()
- if args.hmac:
+ if args.method == 'mac':
METHOD = AttestationTokenVerifier.SIGN_METHOD_MAC0
- elif args.raw:
+ elif args.method == 'raw':
if args.key:
raise ValueError('A keyfile cannot be specified with --raw.')
METHOD = AttestationTokenVerifier.SIGN_METHOD_RAW
- else:
+ elif args.method == 'sign':
METHOD = AttestationTokenVerifier.SIGN_METHOD_SIGN1
+ else:
+ assert False
configuration = VerifierConfiguration(strict=True, keep_going=False)