Use single command line option for keys in check_iat
Change-Id: Id957bfa54ec17f132ef18a591da04cac0410faac
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
diff --git a/iat-verifier/README.rst b/iat-verifier/README.rst
index 9c26b78..e3e8d0e 100644
--- a/iat-verifier/README.rst
+++ b/iat-verifier/README.rst
@@ -66,7 +66,7 @@
::
- $ check_iat -t PSA-IoT-Profile1-token --psa-iot-profile1-keyfile sample/key.pem sample/cbor/iat.cbor
+ $ check_iat -t PSA-IoT-Profile1-token -k sample/key.pem sample/cbor/iat.cbor
Signature OK
Token format OK
@@ -121,7 +121,7 @@
.. code:: bash
- $ compile_token -t PSA-IoT-Profile1-token --psa-iot-profile1-keyfile sample/key.pem sample/yaml/iat.yaml > sample_token.cbor
+ $ compile_token -t PSA-IoT-Profile1-token -k sample/key.pem sample/yaml/iat.yaml > sample_token.cbor
*No validation* is performed as part of this, so there is no guarantee that a
valid IAT will be produced.
@@ -194,7 +194,7 @@
::
- $ check_iat -t PSA-IoT-Profile1-token -m mac --psa-iot-profile1-keyfile sample/hmac.key sample/iat-hmac.cbor
+ $ check_iat -t PSA-IoT-Profile1-token -m mac -k sample/hmac.key sample/iat-hmac.cbor
Signature OK
Token format OK
diff --git a/iat-verifier/scripts/check_iat b/iat-verifier/scripts/check_iat
index f3c41d0..ccea2a4 100755
--- a/iat-verifier/scripts/check_iat
+++ b/iat-verifier/scripts/check_iat
@@ -37,14 +37,10 @@
that the signature is valid, the token contian the required
fields, and those fields are in a valid format.
''')
- parser.add_argument('--psa-iot-profile1-keyfile',
+ parser.add_argument('-k', '--key',
help='''Path to the key in PEM format that should be used to
verify the token. If this is not specified, the token signature
will not be checked.''')
- parser.add_argument('--cca-platform-token-keyfile',
- help='''Path to the key in PEM format that should be used to
- verify the CCA platform token. If this is not specified, the
- token signature will not be checked.''')
parser.add_argument('tokenfile',
help='''
path to a file containing a signed IAT.
@@ -89,8 +85,8 @@
verifier_class = token_verifiers[args.token_type]
if verifier_class == PSAIoTProfile1TokenVerifier:
- key_checked = args.psa_iot_profile1_keyfile
- key = read_keyfile(keyfile=args.psa_iot_profile1_keyfile, method=method)
+ key_checked = args.key
+ key = read_keyfile(keyfile=args.key, method=method)
if method == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES256)
else:
@@ -104,8 +100,8 @@
if method != AttestationTokenVerifier.SIGN_METHOD_SIGN1:
logger.error('Only sign1 method is supported by this token type.\n\t'.format(verifier_class))
sys.exit(1)
- key_checked = args.cca_platform_token_keyfile
- platform_token_key = read_keyfile(args.cca_platform_token_keyfile, method)
+ key_checked = args.key
+ platform_token_key = read_keyfile(args.key, method)
realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
realm_token_cose_alg = get_cose_alg_from_key(
@@ -122,8 +118,8 @@
platform_token_key=platform_token_key,
configuration=config)
elif verifier_class == CCAPlatformTokenVerifier:
- key_checked = args.cca_platform_token_keyfile
- key = read_keyfile(args.cca_platform_token_keyfile, method)
+ key_checked = args.key
+ key = read_keyfile(args.key, method)
cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES384)
verifier = CCAPlatformTokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
@@ -132,8 +128,8 @@
configuration=config,
necessity=None)
elif verifier_class == PSA_2_0_0_TokenVerifier:
- key_checked = args.psa_iot_profile1_keyfile
- key = read_keyfile(keyfile=args.psa_iot_profile1_keyfile, method=method)
+ key_checked = args.key
+ key = read_keyfile(keyfile=args.key, method=method)
if method == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES256)
else:
diff --git a/iat-verifier/scripts/compile_token b/iat-verifier/scripts/compile_token
index 647ed0d..ef49961 100755
--- a/iat-verifier/scripts/compile_token
+++ b/iat-verifier/scripts/compile_token
@@ -35,15 +35,15 @@
parser.add_argument('-o', '--outfile',
help='''Output file for the compiled token. If this is not
specified, the token will be written to standard output.''')
- parser.add_argument('--psa-iot-profile1-keyfile',
+ parser.add_argument('-k', '--key',
help='''Path to the key in PEM format that should be used to
sign the token. If this is not specified, the token will be
unsigned.''')
- parser.add_argument('--cca-platform-token-keyfile',
+ parser.add_argument('--platform-key',
help='''Path to the key in PEM format that should be used to
sign the CCA platform token. If this is not specified,
the token will be unsigned.''')
- parser.add_argument('--cca-realm-token-keyfile',
+ parser.add_argument('--realm-key',
help='''Path to the key in PEM format that should be used to
sign the CCA Realm token. If this is not specified, the
token will be unsigned.''')
@@ -68,7 +68,7 @@
if args.hmac:
METHOD = AttestationTokenVerifier.SIGN_METHOD_MAC0
elif args.raw:
- if args.psa_iot_profile1_keyfile:
+ if args.key:
raise ValueError('A keyfile cannot be specified with --raw.')
METHOD = AttestationTokenVerifier.SIGN_METHOD_RAW
else:
@@ -78,7 +78,7 @@
verifier_class = token_verifiers[args.token_type]
if verifier_class == PSAIoTProfile1TokenVerifier:
- key = read_keyfile(args.psa_iot_profile1_keyfile, METHOD)
+ key = read_keyfile(args.key, METHOD)
if METHOD == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
cose_alg = get_cose_alg_from_key(
key,
@@ -94,8 +94,8 @@
if METHOD != AttestationTokenVerifier.SIGN_METHOD_SIGN1:
logging.error('Only sign1 method is supported by this token type.\n\t')
sys.exit(1)
- platform_token_key = read_keyfile(args.cca_platform_token_keyfile, METHOD)
- realm_token_key = read_keyfile(args.cca_realm_token_keyfile, METHOD)
+ platform_token_key = read_keyfile(args.platform_key, METHOD)
+ realm_token_key = read_keyfile(args.realm_key, METHOD)
realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
realm_token_cose_alg = get_cose_alg_from_key(
@@ -113,8 +113,8 @@
platform_token_key=platform_token_key,
configuration=configuration)
elif verifier_class == CCAPlatformTokenVerifier:
- key_checked = args.cca_platform_token_keyfile
- key = read_keyfile(args.cca_platform_token_keyfile, METHOD)
+ key_checked = args.platform_key
+ key = read_keyfile(args.platform_key, METHOD)
cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES384)
verifier = CCAPlatformTokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
@@ -123,8 +123,8 @@
configuration=configuration,
necessity=None)
elif verifier_class == PSA_2_0_0_TokenVerifier:
- key_checked = args.psa_iot_profile1_keyfile
- key = read_keyfile(keyfile=args.psa_iot_profile1_keyfile, method=METHOD)
+ key_checked = args.key
+ key = read_keyfile(keyfile=args.key, method=METHOD)
if METHOD == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES256)
else: