chore(iatverifier): update pycose (0.0.1->1.1.0)
This change is in preparation for updating the CCA realm token to encode
the RAK as COSE_Key.
Change-Id: I745207a8d2d1d20e36503cbbc4ad38b6379e3a28
Co-authored-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Co-authored-by: Thomas Fossati <thomas.fossati@linaro.org>
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
diff --git a/iat-verifier/scripts/check_iat b/iat-verifier/scripts/check_iat
index ca47e91..5cd1e81 100755
--- a/iat-verifier/scripts/check_iat
+++ b/iat-verifier/scripts/check_iat
@@ -13,6 +13,8 @@
import logging
import sys
+from pycose.algorithms import Es256, Es384, HMAC256
+
from iatverifier.util import recursive_bytes_to_strings, read_keyfile, get_cose_alg_from_key
from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
from iatverifier.psa_2_0_0_token_verifier import PSA_2_0_0_TokenVerifier
@@ -91,9 +93,9 @@
key_checked = args.key
key = read_keyfile(keyfile=args.key, method=method)
if method == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
- cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES256)
+ cose_alg = get_cose_alg_from_key(key, Es256)
else:
- cose_alg = AttestationTokenVerifier.COSE_ALG_HS256
+ cose_alg = HMAC256
verifier = PSAIoTProfile1TokenVerifier(
method=method,
cose_alg=cose_alg,
@@ -107,12 +109,8 @@
platform_token_key = read_keyfile(args.key, method)
realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
- realm_token_cose_alg = get_cose_alg_from_key(
- None,
- AttestationTokenVerifier.COSE_ALG_ES384)
- platform_token_cose_alg = get_cose_alg_from_key(
- platform_token_key,
- AttestationTokenVerifier.COSE_ALG_ES384)
+ realm_token_cose_alg = get_cose_alg_from_key(None, Es384)
+ platform_token_cose_alg = get_cose_alg_from_key(platform_token_key, Es384)
verifier = CCATokenVerifier(
realm_token_method=realm_token_method,
realm_token_cose_alg=realm_token_cose_alg,
@@ -123,7 +121,7 @@
elif verifier_class == CCAPlatformTokenVerifier:
key_checked = args.key
key = read_keyfile(args.key, method)
- cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES384)
+ cose_alg = get_cose_alg_from_key(key, Es384)
verifier = CCAPlatformTokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
cose_alg=cose_alg,
@@ -134,9 +132,9 @@
key_checked = args.key
key = read_keyfile(keyfile=args.key, method=method)
if method == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
- cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES256)
+ cose_alg = get_cose_alg_from_key(key, Es256)
else:
- cose_alg = AttestationTokenVerifier.COSE_ALG_HS256
+ cose_alg = HMAC256
verifier = PSA_2_0_0_TokenVerifier(method=method, cose_alg=cose_alg, signing_key=key, configuration=config)
else:
logger.error(f'Invalid token type:{verifier_class}\n\t')
diff --git a/iat-verifier/scripts/compile_token b/iat-verifier/scripts/compile_token
index 8ac2ccd..34ec781 100755
--- a/iat-verifier/scripts/compile_token
+++ b/iat-verifier/scripts/compile_token
@@ -13,6 +13,8 @@
import os
import sys
+from pycose.algorithms import Es256, Es384, HMAC256
+
from iatverifier.util import read_token_map, convert_map_to_token, read_keyfile
from iatverifier.util import get_cose_alg_from_key
from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
@@ -77,11 +79,9 @@
if verifier_class == PSAIoTProfile1TokenVerifier:
key = read_keyfile(args.key, METHOD)
if METHOD == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
- cose_alg = get_cose_alg_from_key(
- key,
- AttestationTokenVerifier.COSE_ALG_ES256)
+ cose_alg = get_cose_alg_from_key(key, Es256)
else:
- cose_alg = AttestationTokenVerifier.COSE_ALG_HS256
+ cose_alg = HMAC256
verifier = PSAIoTProfile1TokenVerifier(
method=METHOD,
cose_alg=cose_alg,
@@ -95,12 +95,8 @@
realm_token_key = read_keyfile(args.realm_key, METHOD)
realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
- realm_token_cose_alg = get_cose_alg_from_key(
- realm_token_key,
- AttestationTokenVerifier.COSE_ALG_ES384)
- platform_token_cose_alg = get_cose_alg_from_key(
- platform_token_key,
- AttestationTokenVerifier.COSE_ALG_ES384)
+ realm_token_cose_alg = get_cose_alg_from_key(realm_token_key, Es384)
+ platform_token_cose_alg = get_cose_alg_from_key(platform_token_key, Es384)
verifier = CCATokenVerifier(
realm_token_method=realm_token_method,
realm_token_cose_alg=realm_token_cose_alg,
@@ -112,7 +108,7 @@
elif verifier_class == CCAPlatformTokenVerifier:
key_checked = args.platform_key
key = read_keyfile(args.platform_key, METHOD)
- cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES384)
+ cose_alg = get_cose_alg_from_key(key, Es384)
verifier = CCAPlatformTokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
cose_alg=cose_alg,
@@ -123,9 +119,9 @@
key_checked = args.key
key = read_keyfile(keyfile=args.key, method=METHOD)
if METHOD == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
- cose_alg = get_cose_alg_from_key(key, AttestationTokenVerifier.COSE_ALG_ES256)
+ cose_alg = get_cose_alg_from_key(key, Es256)
else:
- cose_alg = AttestationTokenVerifier.COSE_ALG_HS256
+ cose_alg = HMAC256
verifier = PSA_2_0_0_TokenVerifier(
method=METHOD,
cose_alg=cose_alg,
diff --git a/iat-verifier/scripts/decompile_token b/iat-verifier/scripts/decompile_token
index ae75053..6bcb26f 100755
--- a/iat-verifier/scripts/decompile_token
+++ b/iat-verifier/scripts/decompile_token
@@ -12,6 +12,7 @@
import logging
import sys
+from pycose.algorithms import Es256, Es384
import yaml
from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
from iatverifier.psa_2_0_0_token_verifier import PSA_2_0_0_TokenVerifier
@@ -44,14 +45,14 @@
if verifier_class == PSAIoTProfile1TokenVerifier:
verifier = PSAIoTProfile1TokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
- cose_alg=AttestationTokenVerifier.COSE_ALG_ES256,
+ cose_alg=Es256,
signing_key=None,
configuration=None)
elif verifier_class == CCATokenVerifier:
realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
- realm_token_cose_alg = AttestationTokenVerifier.COSE_ALG_ES384
- platform_token_cose_alg = AttestationTokenVerifier.COSE_ALG_ES384
+ realm_token_cose_alg = Es384
+ platform_token_cose_alg = Es384
verifier = CCATokenVerifier(
realm_token_method=realm_token_method,
realm_token_cose_alg=realm_token_cose_alg,
@@ -60,7 +61,7 @@
platform_token_key=None,
configuration=None)
elif verifier_class == CCAPlatformTokenVerifier:
- cose_alg = AttestationTokenVerifier.COSE_ALG_ES384
+ cose_alg = Es384
verifier = CCAPlatformTokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
cose_alg=cose_alg,
@@ -70,7 +71,7 @@
elif verifier_class == PSA_2_0_0_TokenVerifier:
verifier = PSA_2_0_0_TokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
- cose_alg=AttestationTokenVerifier.COSE_ALG_ES256,
+ cose_alg=Es256,
signing_key=None,
configuration=None)
else: