| #!/usr/bin/env python3 |
| #------------------------------------------------------------------------------- |
| # Copyright (c) 2019-2025, Arm Limited. All rights reserved. |
| # |
| # SPDX-License-Identifier: BSD-3-Clause |
| # |
| #------------------------------------------------------------------------------- |
| |
| """CLI script for decompiling a cbor formatted IAT file""" |
| |
| import argparse |
| import logging |
| import sys |
| |
| from pycose.algorithms import Es256, Es384 |
| import yaml |
| from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier |
| from iatverifier.psa_2_0_0_token_verifier import PSA_2_0_0_TokenVerifier |
| from iatverifier.attest_token_verifier import AttestationTokenVerifier |
| from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier |
| |
| |
| if __name__ == '__main__': |
| logging.basicConfig(level=logging.INFO) |
| |
| token_verifiers = { |
| "PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier, |
| "CCA-token": CCATokenVerifier, |
| "CCA-plat-token": CCAPlatformTokenVerifier, |
| "PSA-2.0.0-token": PSA_2_0_0_TokenVerifier, |
| } |
| |
| parser = argparse.ArgumentParser() |
| parser.add_argument('source', help='A compiled COSE IAT token.') |
| parser.add_argument('-o', '--outfile', |
| help='''Output file for the depompiled claims. If this is not |
| specified, the claims will be written to standard output.''') |
| parser.add_argument('-t', '--token-type', |
| help='''The type of the Token.''', |
| choices=token_verifiers.keys(), |
| required=True) |
| parser.add_argument('--expect-token-indicator', |
| help='''Expect token indicator in the cbor.''', |
| action='store_true') |
| args = parser.parse_args() |
| |
| verifier_class = token_verifiers[args.token_type] |
| if verifier_class == PSAIoTProfile1TokenVerifier: |
| verifier = PSAIoTProfile1TokenVerifier( |
| method=AttestationTokenVerifier.SIGN_METHOD_SIGN1, |
| cose_alg=Es256, |
| signing_key=None, |
| configuration=None) |
| elif verifier_class == CCATokenVerifier: |
| realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1 |
| platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1 |
| realm_token_cose_alg = Es384 |
| platform_token_cose_alg = Es384 |
| verifier = CCATokenVerifier( |
| realm_token_method=realm_token_method, |
| realm_token_cose_alg=realm_token_cose_alg, |
| platform_token_method=platform_token_method, |
| platform_token_cose_alg=platform_token_cose_alg, |
| platform_token_key=None, |
| configuration=None) |
| elif verifier_class == CCAPlatformTokenVerifier: |
| cose_alg = Es384 |
| verifier = CCAPlatformTokenVerifier( |
| method=AttestationTokenVerifier.SIGN_METHOD_SIGN1, |
| cose_alg=cose_alg, |
| signing_key=None, |
| configuration=None, |
| necessity=None, |
| has_type_indicator=args.expect_token_indicator) |
| elif verifier_class == PSA_2_0_0_TokenVerifier: |
| verifier = PSA_2_0_0_TokenVerifier( |
| method=AttestationTokenVerifier.SIGN_METHOD_SIGN1, |
| cose_alg=Es256, |
| signing_key=None, |
| configuration=None) |
| else: |
| logging.error(f'Invalid token type:{verifier_class}\n\t') |
| sys.exit(1) |
| with open(args.source, 'rb') as fh: |
| token_map = verifier.parse_token( |
| token=fh.read(), |
| lower_case_key=True).get_token_map() |
| |
| if args.outfile: |
| with open(args.outfile, 'w', encoding="UTF-8") as wfh: |
| yaml.dump(token_map, wfh) |
| else: |
| yaml.dump(token_map, sys.stdout) |