Add PSA 2.0.0 profile An updated version of the PSA IoT Profile is available: - https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html - Profile name: PSA_2_0_0 Signed-off-by: Tamas Ban <tamas.ban@arm.com> Change-Id: Ifb64f39b0b7965d3af408e52289916e487f560fb

commit: 1e7944a910c4d2c80306dcb86ea471a026e7247b [log] [tgz]
author: Tamas Ban <tamas.ban@arm.com> Mon Jul 04 13:09:03 2022 +0200
committer: Anton Komlev <Anton.Komlev@arm.com> Wed Oct 05 17:46:05 2022 +0200
tree: 199e48dc3cec50600561eb34901d7bc13b332f78
parent: 5ebca5131a0d0a78f273897cde2112c18939f032 [diff]
diff --git a/iat-verifier/scripts/check_iat b/iat-verifier/scripts/check_iat
index e9adf48..80a1dfc 100755
--- a/iat-verifier/scripts/check_iat
+++ b/iat-verifier/scripts/check_iat

@@ -13,9 +13,9 @@
 import logging
 import sys
 
-from iatverifier.attest_token_verifier import AttestationClaim as Claim
 from iatverifier.util import recursive_bytes_to_strings, read_keyfile, get_cose_alg_from_key
 from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
+from iatverifier.psa_2_0_0_token_verifier import PSA_2_0_0_TokenVerifier
 from iatverifier.attest_token_verifier import VerifierConfiguration, AttestationTokenVerifier
 from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier
 
@@ -28,6 +28,7 @@
         "PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier,
         "CCA-token": CCATokenVerifier,
         "CCA-plat-token": CCAPlatformTokenVerifier,
+        "PSA-2.0.0-token": PSA_2_0_0_TokenVerifier,
     }
 
     parser = argparse.ArgumentParser(
@@ -136,6 +137,14 @@
             signing_key=key,
             configuration=config,
             necessity=None)
+    elif verifier_class == PSA_2_0_0_TokenVerifier:
+        key_checked = args.psa_iot_profile1_keyfile
+        key = read_keyfile(keyfile=args.psa_iot_profile1_keyfile, method=method)
+        if method == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
+            cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES256)
+        else:
+            cose_alg = AttestationTokenVerifier.COSE_ALG_HS256
+        verifier = PSA_2_0_0_TokenVerifier(method=method, cose_alg=cose_alg, signing_key=key, configuration=config)
     else:
         logger.error(f'Invalid token type:{verifier_class}\n\t')
         sys.exit(1)

diff --git a/iat-verifier/scripts/compile_token b/iat-verifier/scripts/compile_token
index 2783cf6..647ed0d 100755
--- a/iat-verifier/scripts/compile_token
+++ b/iat-verifier/scripts/compile_token

@@ -16,6 +16,7 @@
 from iatverifier.util import read_token_map, convert_map_to_token, read_keyfile
 from iatverifier.util import get_cose_alg_from_key
 from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
+from iatverifier.psa_2_0_0_token_verifier import PSA_2_0_0_TokenVerifier
 from iatverifier.attest_token_verifier import AttestationTokenVerifier, VerifierConfiguration
 from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier
 
@@ -26,6 +27,7 @@
         "PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier,
         "CCA-token": CCATokenVerifier,
         "CCA-plat-token": CCAPlatformTokenVerifier,
+        "PSA-2.0.0-token": PSA_2_0_0_TokenVerifier,
     }
 
     parser = argparse.ArgumentParser()
@@ -120,6 +122,18 @@
             signing_key=key,
             configuration=configuration,
             necessity=None)
+    elif verifier_class == PSA_2_0_0_TokenVerifier:
+        key_checked = args.psa_iot_profile1_keyfile
+        key = read_keyfile(keyfile=args.psa_iot_profile1_keyfile, method=METHOD)
+        if METHOD == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
+            cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES256)
+        else:
+            cose_alg = AttestationTokenVerifier.COSE_ALG_HS256
+        verifier = PSA_2_0_0_TokenVerifier(
+            method=METHOD,
+            cose_alg=cose_alg,
+            signing_key=key,
+            configuration=configuration)
     else:
         logging.error(f'Invalid token type:{verifier_class}\n\t')
         sys.exit(1)

diff --git a/iat-verifier/scripts/decompile_token b/iat-verifier/scripts/decompile_token
index 58bc9cf..c9b7f37 100755
--- a/iat-verifier/scripts/decompile_token
+++ b/iat-verifier/scripts/decompile_token

@@ -14,6 +14,7 @@
 
 import yaml
 from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
+from iatverifier.psa_2_0_0_token_verifier import PSA_2_0_0_TokenVerifier
 from iatverifier.attest_token_verifier import AttestationTokenVerifier
 from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier
 
@@ -25,6 +26,7 @@
         "PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier,
         "CCA-token": CCATokenVerifier,
         "CCA-plat-token": CCAPlatformTokenVerifier,
+        "PSA-2.0.0-token": PSA_2_0_0_TokenVerifier,
     }
 
     parser = argparse.ArgumentParser()
@@ -66,6 +68,12 @@
             signing_key=None,
             configuration=None,
             necessity=None)
+    elif verifier_class == PSA_2_0_0_TokenVerifier:
+        verifier = PSA_2_0_0_TokenVerifier(
+            method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
+            cose_alg=AttestationTokenVerifier.COSE_ALG_ES256,
+            signing_key=None,
+            configuration=None)
     else:
         logging.error(f'Invalid token type:{verifier_class}\n\t')
         sys.exit(1)
commit	1e7944a910c4d2c80306dcb86ea471a026e7247b	[log] [tgz]
author	Tamas Ban <tamas.ban@arm.com>	Mon Jul 04 13:09:03 2022 +0200
committer	Anton Komlev <Anton.Komlev@arm.com>	Wed Oct 05 17:46:05 2022 +0200
tree	199e48dc3cec50600561eb34901d7bc13b332f78
parent	5ebca5131a0d0a78f273897cde2112c18939f032 [diff]