commit 5ebca5131a0d0a78f273897cde2112c18939f032
author Mate Toth-Pal <mate.toth-pal@arm.com> Thu Mar 24 16:45:51 2022 +0100
committer Anton Komlev <Anton.Komlev@arm.com> Wed Oct 05 17:46:05 2022 +0200
tree 0ac3fda325cf34a54d7efe0b50a0c8f18885738c
parent 1709b14264daeae8b0e71daf17006448b0c68642

Add CCA attestation token verifier

This commit adds classes to verify CCA attestation token. A CCA
attestation token is defined by the document DEN0137 Realm Management
Monitor specification found here:
https://developer.arm.com/documentation/den0137/a/?lang=en

The commit
* Adds claim classes for CCA attestation token claims.
* Adds verifier classes CCA attestation token
* Adds CCA tokens to CLI scripts and change parameters to be possible to
  specify multiple signing keys
* Adds sample cbor and yaml and key files to demonstrate CCA attestation
  token

Change-Id: Ia88a5ce4af334143452e87d29975826165502409
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>

iat-verifier/iatverifier/attest_token_verifier.py

diff --git a/iat-verifier/iatverifier/attest_token_verifier.py b/iat-verifier/iatverifier/attest_token_verifier.py
index 3bd82ac..92b303a 100644
--- a/iat-verifier/iatverifier/attest_token_verifier.py
+++ b/iat-verifier/iatverifier/attest_token_verifier.py
@@ -292,6 +292,8 @@
                     msg = 'Unexpected {} claim: {}'
                     self.verifier.error(msg.format(self.get_claim_name(), key))
                 else:
+                    msg = 'Unexpected {} claim: {}, skipping.'
+                    self.verifier.warning(msg.format(self.get_claim_name(), key))
                     continue
             try:
                 claim = claims[key]
@@ -427,7 +429,7 @@
         return None
 
     def get_claim_name(self=None):
-        return None
+        return "TOKEN_CLAIM"
 
 # This class inherits from NonVerifiedClaim. The actual claims in the token are
 # checked by the AttestTokenRootClaims object owned by this verifier. The