Blame - iat-verifier/tests/synthetic_token_verifier.py - TF-M/tf-m-tools

blob: 96d9a8c16ba5417875928ee1dceba09af92df6fc [file] [log] [blame]

Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	1	# -----------------------------------------------------------------------------
				2	# Copyright (c) 2022, Arm Limited. All rights reserved.
				3	#
				4	# SPDX-License-Identifier: BSD-3-Clause
				5	#
				6	# -----------------------------------------------------------------------------
				7
				8	"""
				9	This module contains a set of tokens that are used for testing features not used by current
				10	token types.
				11	"""
				12
				13	from iatverifier.attest_token_verifier import AttestationTokenVerifier as Verifier
				14	from iatverifier.attest_token_verifier import AttestationClaim as Claim
				15	from tests.synthetic_token_claims import SynClaimInt, SynBoxesClaim, BoxWidthClaim
				16	from tests.synthetic_token_claims import BoxHeightClaim, BoxDepthClaim, BoxColorClaim
				17
				18	class SyntheticTokenVerifier(Verifier):
				19	"""A test token that may contain other tokens"""
				20	def get_claim_key(self=None):
Mate Toth-Pal	f03ea69	2022-07-28 21:49:25 +0200	[diff] [blame]	21	return None # In case of root tokens the key is not used.
Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	22
				23	def get_claim_name(self=None):
				24	return 'SYNTHETIC_TOKEN'
				25
				26	def _get_p_header(self):
				27	return None
				28
				29	def _get_wrapping_tag(self):
				30	return None
				31
				32	def _parse_p_header(self, msg):
Mate Toth-Pal	138637a	2022-07-28 10:57:06 +0200	[diff] [blame]	33	if (len(msg.protected_header) > 0):
				34	raise ValueError('Unexpected protected header')
Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	35
				36	def __init__(self, *, method, cose_alg, signing_key, configuration, internal_signing_key):
				37	# First prepare the claim hierarchy for this token
				38
				39	# Claims for the internal token:
				40	internal_box_claims = [
				41	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				42	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				43	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				44	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				45	]
				46
				47	internal_verifier_claims = [
				48	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				49	(SynBoxesClaim, {
				50	'verifier': self,
				51	'claims': internal_box_claims,
				52	'is_list': True,
				53	'necessity':Claim.MANDATORY}),
				54	]
				55
				56	# Claims for the 'external' token
				57	box_claims = [
				58	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				59	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				60	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				61	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				62	(SyntheticInternalTokenVerifier, {'necessity': Claim.OPTIONAL,
				63	'method': Verifier.SIGN_METHOD_SIGN1,
				64	'cose_alg': Verifier.COSE_ALG_ES256,
				65	'claims': internal_verifier_claims,
				66	'configuration': configuration,
				67	'signing_key': internal_signing_key}),
				68	]
				69
				70	verifier_claims = [
				71	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				72	(SynBoxesClaim, {
				73	'verifier': self,
				74	'claims': box_claims,
				75	'is_list': True,
				76	'necessity':Claim.MANDATORY}),
				77	]
				78
				79	# initialise the base part of the token
				80	super().__init__(
				81	method=method,
				82	cose_alg=cose_alg,
				83	signing_key=signing_key,
				84	claims=verifier_claims,
				85	configuration=configuration,
				86	necessity=Claim.MANDATORY)
				87
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	88	class SyntheticTokenVerifier2(Verifier):
				89	"""Another test token that may contain other tokens"""
				90	def get_claim_key(self=None):
Mate Toth-Pal	f03ea69	2022-07-28 21:49:25 +0200	[diff] [blame]	91	return None # In case of root tokens the key is not used.
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	92
				93	def get_claim_name(self=None):
				94	return 'SYNTHETIC_TOKEN_2'
				95
				96	def _get_p_header(self):
				97	return {'alg': self.cose_alg}
				98
				99	def _parse_p_header(self, msg):
				100	alg = self._get_cose_alg()
				101	try:
				102	msg_alg = msg.protected_header['alg']
				103	except KeyError as exc:
				104	raise ValueError(f'Missing alg from protected header (expected {alg})') from exc
				105	if alg != msg_alg:
				106	raise ValueError('Unexpected alg in protected header ' +
				107	f'(expected {alg} instead of {msg_alg})')
				108
				109	def _get_wrapping_tag(self):
				110	return 0xaabb
				111
				112	def __init__(self, *, method, cose_alg, signing_key, configuration, internal_signing_key):
				113	# First prepare the claim hierarchy for this token
				114
				115	# Claims for the internal token:
				116	internal_box_claims = [
				117	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				118	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				119	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				120	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				121	]
				122
				123	internal_verifier_claims = [
				124	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				125	(SynBoxesClaim, {
				126	'verifier': self,
				127	'claims': internal_box_claims,
				128	'is_list': True,
				129	'necessity':Claim.MANDATORY}),
				130	]
				131
				132	# Claims for the 'external' token
				133	box_claims = [
				134	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				135	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				136	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				137	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				138	(SyntheticInternalTokenVerifier2, {'necessity': Claim.OPTIONAL,
				139	'method': Verifier.SIGN_METHOD_SIGN1,
				140	'cose_alg': Verifier.COSE_ALG_ES256,
				141	'claims': internal_verifier_claims,
				142	'configuration': configuration,
				143	'signing_key': internal_signing_key}),
				144	]
				145
				146	verifier_claims = [
				147	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				148	(SynBoxesClaim, {
				149	'verifier': self,
				150	'claims': box_claims,
				151	'is_list': True,
				152	'necessity':Claim.MANDATORY}),
				153	]
				154
				155	# initialise the base part of the token
				156	super().__init__(
				157	method=method,
				158	cose_alg=cose_alg,
				159	signing_key=signing_key,
				160	claims=verifier_claims,
				161	configuration=configuration,
				162	necessity=Claim.MANDATORY)
				163
Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	164	class SyntheticInternalTokenVerifier(Verifier):
				165	"""A Test token that is intended to use inside another token"""
				166
				167	def get_claim_key(self=None):
Mate Toth-Pal	f03ea69	2022-07-28 21:49:25 +0200	[diff] [blame]	168	return 0x54a14e12
Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	169
				170	def get_claim_name(self=None):
				171	return 'SYNTHETIC_INTERNAL_TOKEN'
				172
				173	def _get_p_header(self):
				174	return {'alg': self.cose_alg}
				175
				176	def _parse_p_header(self, msg):
				177	alg = self._get_cose_alg()
				178	try:
				179	msg_alg = msg.protected_header['alg']
				180	except KeyError as exc:
				181	raise ValueError(f'Missing alg from protected header (expected {alg})') from exc
				182	if alg != msg_alg:
				183	raise ValueError('Unexpected alg in protected header ' +
				184	f'(expected {alg} instead of {msg_alg})')
				185
				186
				187	def _get_wrapping_tag(self):
				188	return None
				189
				190	def __init__(
				191	self,
				192	*, method,
				193	cose_alg,
				194	signing_key,
				195	claims,
				196	configuration=None,
				197	necessity=Claim.MANDATORY):
				198	super().__init__(
				199	method=method,
				200	cose_alg=cose_alg,
				201	signing_key=signing_key,
				202	claims=claims,
				203	configuration=configuration,
				204	necessity=necessity)
				205
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	206	class SyntheticInternalTokenVerifier2(Verifier):
				207	"""Another Test token that is intended to use inside another token"""
				208
				209	def get_claim_key(self=None):
Mate Toth-Pal	f03ea69	2022-07-28 21:49:25 +0200	[diff] [blame]	210	return 0x54a14e13
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	211
				212	def get_claim_name(self=None):
				213	return 'SYNTHETIC_INTERNAL_TOKEN_2'
				214
				215	def _get_p_header(self):
				216	return None
				217
				218	def _parse_p_header(self, msg):
Mate Toth-Pal	138637a	2022-07-28 10:57:06 +0200	[diff] [blame]	219	if (len(msg.protected_header) > 0):
				220	raise ValueError('Unexpected protected header')
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	221
				222	def _get_wrapping_tag(self):
				223	return 0xbbaa
				224
				225	def __init__(
				226	self,
				227	*, method,
				228	cose_alg,
				229	signing_key,
				230	claims,
				231	configuration=None,
				232	necessity=Claim.MANDATORY):
				233	super().__init__(
				234	method=method,
				235	cose_alg=cose_alg,
				236	signing_key=signing_key,
				237	claims=claims,
				238	configuration=configuration,
				239	necessity=necessity)