TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / tf-m-tools / f4e1ca341cf7fdb45b79fa4ce975766f80672e67 / . / iat-verifier / scripts / decompile_token
blob: 6bcb26fc7c00180faada947c3fa5f24694ce2d09 [file] [log] [blame]
#!/usr/bin/env python3
#-------------------------------------------------------------------------------
# Copyright (c) 2019-2022, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
"""CLI script for decompiling a cbor formatted IAT file"""
import argparse
import logging
import sys
from pycose.algorithms import Es256, Es384
import yaml
from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
from iatverifier.psa_2_0_0_token_verifier import PSA_2_0_0_TokenVerifier
from iatverifier.attest_token_verifier import AttestationTokenVerifier
from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier
if __name__ == '__main__':
logging.basicConfig(level=logging.INFO)
token_verifiers = {
"PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier,
"CCA-token": CCATokenVerifier,
"CCA-plat-token": CCAPlatformTokenVerifier,
"PSA-2.0.0-token": PSA_2_0_0_TokenVerifier,
}
parser = argparse.ArgumentParser()
parser.add_argument('source', help='A compiled COSE IAT token.')
parser.add_argument('-o', '--outfile',
help='''Output file for the depompiled claims. If this is not
specified, the claims will be written to standard output.''')
parser.add_argument('-t', '--token-type',
help='''The type of the Token.''',
choices=token_verifiers.keys(),
required=True)
args = parser.parse_args()
verifier_class = token_verifiers[args.token_type]
if verifier_class == PSAIoTProfile1TokenVerifier:
verifier = PSAIoTProfile1TokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
cose_alg=Es256,
signing_key=None,
configuration=None)
elif verifier_class == CCATokenVerifier:
realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
realm_token_cose_alg = Es384
platform_token_cose_alg = Es384
verifier = CCATokenVerifier(
realm_token_method=realm_token_method,
realm_token_cose_alg=realm_token_cose_alg,
platform_token_method=platform_token_method,
platform_token_cose_alg=platform_token_cose_alg,
platform_token_key=None,
configuration=None)
elif verifier_class == CCAPlatformTokenVerifier:
cose_alg = Es384
verifier = CCAPlatformTokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
cose_alg=cose_alg,
signing_key=None,
configuration=None,
necessity=None)
elif verifier_class == PSA_2_0_0_TokenVerifier:
verifier = PSA_2_0_0_TokenVerifier(
method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
cose_alg=Es256,
signing_key=None,
configuration=None)
else:
logging.error(f'Invalid token type:{verifier_class}\n\t')
sys.exit(1)
with open(args.source, 'rb') as fh:
token_map = verifier.parse_token(
token=fh.read(),
lower_case_key=True).get_token_map()
if args.outfile:
with open(args.outfile, 'w', encoding="UTF-8") as wfh:
yaml.dump(token_map, wfh)
else:
yaml.dump(token_map, sys.stdout)