TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / tf-m-tools / 1e7944a910c4d2c80306dcb86ea471a026e7247b / . / iat-verifier / tests / test_synthetic.py
blob: 9f6eaa7fbb0ea0603dac8294898709ae391cbc3b [file] [log] [blame]
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]1#-------------------------------------------------------------------------------
2# Copyright (c) 2022, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
8"""
9This test is used to test features that are not used by the PSA IoT profile1
10tokens
11"""
12
13import os
14import unittest
15
16from iatverifier.util import read_token_map, read_keyfile
17from iatverifier.attest_token_verifier import VerifierConfiguration, AttestationTokenVerifier
18from tests.synthetic_token_verifier import SyntheticTokenVerifier
19from test_utils import create_and_read_iat, convert_map_to_token_bytes, bytes_equal_to_file
20
21
22THIS_DIR = os.path.dirname(__file__)
23
24DATA_DIR = os.path.join(THIS_DIR, 'synthetic_data')
25KEY_DIR = os.path.join(THIS_DIR, 'data')
26KEYFILE = os.path.join(KEY_DIR, 'key.pem')
27KEYFILE_ALT = os.path.join(KEY_DIR, 'key-alt.pem')
28
29class TestSynthetic(unittest.TestCase):
30 """Test iat-verifier's nested IAT feature"""
31 def setUp(self):
32 self.config = VerifierConfiguration()
33
34 def test_composite(self):
35 """Test cross claim checking in composite claim"""
36 method=AttestationTokenVerifier.SIGN_METHOD_SIGN1
37 cose_alg=AttestationTokenVerifier.COSE_ALG_ES256
38 signing_key = read_keyfile(KEYFILE, method)
39
40 create_and_read_iat(
41 DATA_DIR,
42 'synthetic_token.yaml',
43 SyntheticTokenVerifier(
44 method=method,
45 cose_alg=cose_alg,
46 signing_key=signing_key,
47 configuration=self.config,
48 internal_signing_key=signing_key))
49
50 with self.assertRaises(ValueError) as test_ctx:
51 create_and_read_iat(
52 DATA_DIR,
53 'synthetic_token_missing_box_dim.yaml',
54 SyntheticTokenVerifier(
55 method=method,
56 cose_alg=cose_alg,
57 signing_key=signing_key,
58 configuration=self.config,
59 internal_signing_key=signing_key))
60 self.assertIn(
61 'Invalid IAT: Box size must have all 3 dimensions', test_ctx.exception.args[0])
62
63 create_and_read_iat(
64 DATA_DIR,
65 'synthetic_token_another_token.yaml',
66 SyntheticTokenVerifier(
67 method=method,
68 cose_alg=cose_alg,
69 signing_key=signing_key,
70 configuration=self.config,
71 internal_signing_key=signing_key))
72
73 with self.assertRaises(ValueError) as test_ctx:
74 create_and_read_iat(
75 DATA_DIR,
76 'synthetic_token_another_token_missing_box_dim.yaml',
77 SyntheticTokenVerifier(method=method,
78 cose_alg=cose_alg,
79 signing_key=signing_key,
80 configuration=self.config,
81 internal_signing_key=signing_key))
82 self.assertIn(
83 'Invalid IAT: Box size must have all 3 dimensions', test_ctx.exception.args[0])
84
85 def test_protected_header(self):
86 """Test protected header detection"""
87 source_path = os.path.join(DATA_DIR, 'synthetic_token_another_token.yaml')
88 token_map = read_token_map(source_path)
89
90 method=AttestationTokenVerifier.SIGN_METHOD_SIGN1
91 cose_alg=AttestationTokenVerifier.COSE_ALG_ES256
92 signing_key = read_keyfile(KEYFILE, method)
93
94 verifier = SyntheticTokenVerifier(
95 method=method,
96 cose_alg=cose_alg,
97 signing_key=signing_key,
98 configuration=self.config,
99 internal_signing_key=signing_key)
100
101 token_p_header = convert_map_to_token_bytes(token_map, verifier, add_p_header=True)
102 token_no_p_header = convert_map_to_token_bytes(token_map, verifier, add_p_header=False)
103
104 self.assertTrue(
105 bytes_equal_to_file(token_p_header, os.path.join(DATA_DIR, 'p_header_on.cbor')))
106 self.assertTrue(
107 bytes_equal_to_file(token_no_p_header, os.path.join(DATA_DIR, 'p_header_off.cbor')))