commit 5ebca5131a0d0a78f273897cde2112c18939f032
author Mate Toth-Pal <mate.toth-pal@arm.com> Thu Mar 24 16:45:51 2022 +0100
committer Anton Komlev <Anton.Komlev@arm.com> Wed Oct 05 17:46:05 2022 +0200
tree 0ac3fda325cf34a54d7efe0b50a0c8f18885738c
parent 1709b14264daeae8b0e71daf17006448b0c68642

Add CCA attestation token verifier

This commit adds classes to verify CCA attestation token. A CCA
attestation token is defined by the document DEN0137 Realm Management
Monitor specification found here:
https://developer.arm.com/documentation/den0137/a/?lang=en

The commit
* Adds claim classes for CCA attestation token claims.
* Adds verifier classes CCA attestation token
* Adds CCA tokens to CLI scripts and change parameters to be possible to
  specify multiple signing keys
* Adds sample cbor and yaml and key files to demonstrate CCA attestation
  token

Change-Id: Ia88a5ce4af334143452e87d29975826165502409
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>

iat-verifier/scripts/decompile_token

diff --git a/iat-verifier/scripts/decompile_token b/iat-verifier/scripts/decompile_token
index b64fa59..58bc9cf 100755
--- a/iat-verifier/scripts/decompile_token
+++ b/iat-verifier/scripts/decompile_token
@@ -15,6 +15,7 @@
 import yaml
 from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
 from iatverifier.attest_token_verifier import AttestationTokenVerifier
+from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier
 
 
 if __name__ == '__main__':
@@ -22,6 +23,8 @@
 
     token_verifiers = {
         "PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier,
+        "CCA-token": CCATokenVerifier,
+        "CCA-plat-token": CCAPlatformTokenVerifier,
     }
 
     parser = argparse.ArgumentParser()
@@ -40,7 +43,29 @@
         verifier = PSAIoTProfile1TokenVerifier(
             method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
             cose_alg=AttestationTokenVerifier.COSE_ALG_ES256,
-            signing_key=None, configuration=None)
+            signing_key=None,
+            configuration=None)
+    elif verifier_class == CCATokenVerifier:
+        realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
+        platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
+        realm_token_cose_alg = AttestationTokenVerifier.COSE_ALG_ES384
+        platform_token_cose_alg = AttestationTokenVerifier.COSE_ALG_ES384
+        verifier = CCATokenVerifier(
+            realm_token_method=realm_token_method,
+            realm_token_cose_alg=realm_token_cose_alg,
+            realm_token_key=None,
+            platform_token_method=platform_token_method,
+            platform_token_cose_alg=platform_token_cose_alg,
+            platform_token_key=None,
+            configuration=None)
+    elif verifier_class == CCAPlatformTokenVerifier:
+        cose_alg = AttestationTokenVerifier.COSE_ALG_ES384
+        verifier = CCAPlatformTokenVerifier(
+            method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
+            cose_alg=cose_alg,
+            signing_key=None,
+            configuration=None,
+            necessity=None)
     else:
         logging.error(f'Invalid token type:{verifier_class}\n\t')
         sys.exit(1)