TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / tf-m-tools / b9057ffa3289ec3cb4fef23e0ecfa9d1a7cdb27d^! / . / iat-verifier / scripts / decompile_token
commitb9057ffa3289ec3cb4fef23e0ecfa9d1a7cdb27d[log] [tgz]
authorMate Toth-Pal <mate.toth-pal@arm.com>Fri Apr 29 16:03:21 2022 +0200
committerMate Toth-Pal <mate.toth-pal@arm.com>Wed Jul 13 16:20:26 2022 +0200
treea89581cda462047e65ae9084d4d41e9e0d1852f1
parentd10a914d82424154266420fc7052d04a46c135b8 [diff] [blame]
Refactor token and map parsing

The aim of this change is to make it possible to verify nested EATs.
This requires finer grade control over how the token structure is
parsed, as CBOR envelopes can now be present inside the tree.

So this change makes the parsing the token and the map a recursive
operation, calling the necessary methods of the objects at each level.

Change-Id: I4c1e29deae7b238f2d82a73bd95c533f89492d40
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>

diff --git a/iat-verifier/scripts/decompile_token b/iat-verifier/scripts/decompile_token
index d61247f..b64fa59 100755
--- a/iat-verifier/scripts/decompile_token
+++ b/iat-verifier/scripts/decompile_token

@@ -6,15 +6,19 @@
 #
 #-------------------------------------------------------------------------------
 
+"""CLI script for decompiling a cbor formatted IAT file"""
+
 import argparse
+import logging
 import sys
 
 import yaml
-from iatverifier.util import convert_token_to_map
 from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
+from iatverifier.attest_token_verifier import AttestationTokenVerifier
 
 
 if __name__ == '__main__':
+    logging.basicConfig(level=logging.INFO)
 
     token_verifiers = {
         "PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier,
@@ -31,14 +35,24 @@
                         required=True)
     args = parser.parse_args()
 
-    verifier = token_verifiers[args.token_type].get_verifier()
+    verifier_class = token_verifiers[args.token_type]
+    if verifier_class == PSAIoTProfile1TokenVerifier:
+        verifier = PSAIoTProfile1TokenVerifier(
+            method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
+            cose_alg=AttestationTokenVerifier.COSE_ALG_ES256,
+            signing_key=None, configuration=None)
+    else:
+        logging.error(f'Invalid token type:{verifier_class}\n\t')
+        sys.exit(1)
     with open(args.source, 'rb') as fh:
-        token_map = convert_token_to_map(fh.read(), verifier)
+        token_map = verifier.parse_token(
+            token=fh.read(),
+            verify=False,
+            check_p_header=False,
+            lower_case_key=True)
 
     if args.outfile:
-        with open(args.outfile, 'w') as wfh:
+        with open(args.outfile, 'w', encoding="UTF-8") as wfh:
             yaml.dump(token_map, wfh)
     else:
         yaml.dump(token_map, sys.stdout)
-
-