Add CCA attestation token verifier
This commit adds classes to verify CCA attestation token. A CCA
attestation token is defined by the document DEN0137 Realm Management
Monitor specification found here:
https://developer.arm.com/documentation/den0137/a/?lang=en
The commit
* Adds claim classes for CCA attestation token claims.
* Adds verifier classes CCA attestation token
* Adds CCA tokens to CLI scripts and change parameters to be possible to
specify multiple signing keys
* Adds sample cbor and yaml and key files to demonstrate CCA attestation
token
Change-Id: Ia88a5ce4af334143452e87d29975826165502409
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
diff --git a/iat-verifier/scripts/decompile_token b/iat-verifier/scripts/decompile_token
index b64fa59..58bc9cf 100755
--- a/iat-verifier/scripts/decompile_token
+++ b/iat-verifier/scripts/decompile_token
@@ -15,6 +15,7 @@
import yaml
from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
from iatverifier.attest_token_verifier import AttestationTokenVerifier
+from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier
if __name__ == '__main__':
@@ -22,6 +23,8 @@
token_verifiers = {
"PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier,
+ "CCA-token": CCATokenVerifier,
+ "CCA-plat-token": CCAPlatformTokenVerifier,
}
parser = argparse.ArgumentParser()
@@ -40,7 +43,29 @@
verifier = PSAIoTProfile1TokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
cose_alg=AttestationTokenVerifier.COSE_ALG_ES256,
- signing_key=None, configuration=None)
+ signing_key=None,
+ configuration=None)
+ elif verifier_class == CCATokenVerifier:
+ realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
+ platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
+ realm_token_cose_alg = AttestationTokenVerifier.COSE_ALG_ES384
+ platform_token_cose_alg = AttestationTokenVerifier.COSE_ALG_ES384
+ verifier = CCATokenVerifier(
+ realm_token_method=realm_token_method,
+ realm_token_cose_alg=realm_token_cose_alg,
+ realm_token_key=None,
+ platform_token_method=platform_token_method,
+ platform_token_cose_alg=platform_token_cose_alg,
+ platform_token_key=None,
+ configuration=None)
+ elif verifier_class == CCAPlatformTokenVerifier:
+ cose_alg = AttestationTokenVerifier.COSE_ALG_ES384
+ verifier = CCAPlatformTokenVerifier(
+ method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
+ cose_alg=cose_alg,
+ signing_key=None,
+ configuration=None,
+ necessity=None)
else:
logging.error(f'Invalid token type:{verifier_class}\n\t')
sys.exit(1)