| Mate Toth-Pal | b2508d5 | 2022-04-30 14:10:06 +0200 | [diff] [blame] | 1 | # ----------------------------------------------------------------------------- |
| 2 | # Copyright (c) 2022, Arm Limited. All rights reserved. |
| 3 | # |
| 4 | # SPDX-License-Identifier: BSD-3-Clause |
| 5 | # |
| 6 | # ----------------------------------------------------------------------------- |
| 7 | |
| 8 | """ |
| 9 | This module contains a set of tokens that are used for testing features not used by current |
| 10 | token types. |
| 11 | """ |
| 12 | |
| 13 | from iatverifier.attest_token_verifier import AttestationTokenVerifier as Verifier |
| 14 | from iatverifier.attest_token_verifier import AttestationClaim as Claim |
| 15 | from tests.synthetic_token_claims import SynClaimInt, SynBoxesClaim, BoxWidthClaim |
| 16 | from tests.synthetic_token_claims import BoxHeightClaim, BoxDepthClaim, BoxColorClaim |
| 17 | |
| 18 | class SyntheticTokenVerifier(Verifier): |
| 19 | """A test token that may contain other tokens""" |
| 20 | def get_claim_key(self=None): |
| 21 | return 0x54a14e11 #TODO: some made up claim. Change claim indexing to use name |
| 22 | # and this should return None |
| 23 | |
| 24 | def get_claim_name(self=None): |
| 25 | return 'SYNTHETIC_TOKEN' |
| 26 | |
| 27 | def _get_p_header(self): |
| 28 | return None |
| 29 | |
| 30 | def _get_wrapping_tag(self): |
| 31 | return None |
| 32 | |
| 33 | def _parse_p_header(self, msg): |
| 34 | pass |
| 35 | |
| 36 | def __init__(self, *, method, cose_alg, signing_key, configuration, internal_signing_key): |
| 37 | # First prepare the claim hierarchy for this token |
| 38 | |
| 39 | # Claims for the internal token: |
| 40 | internal_box_claims = [ |
| 41 | (BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 42 | (BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 43 | (BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 44 | (BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}), |
| 45 | ] |
| 46 | |
| 47 | internal_verifier_claims = [ |
| 48 | (SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}), |
| 49 | (SynBoxesClaim, { |
| 50 | 'verifier': self, |
| 51 | 'claims': internal_box_claims, |
| 52 | 'is_list': True, |
| 53 | 'necessity':Claim.MANDATORY}), |
| 54 | ] |
| 55 | |
| 56 | # Claims for the 'external' token |
| 57 | box_claims = [ |
| 58 | (BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 59 | (BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 60 | (BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 61 | (BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}), |
| 62 | (SyntheticInternalTokenVerifier, {'necessity': Claim.OPTIONAL, |
| 63 | 'method': Verifier.SIGN_METHOD_SIGN1, |
| 64 | 'cose_alg': Verifier.COSE_ALG_ES256, |
| 65 | 'claims': internal_verifier_claims, |
| 66 | 'configuration': configuration, |
| 67 | 'signing_key': internal_signing_key}), |
| 68 | ] |
| 69 | |
| 70 | verifier_claims = [ |
| 71 | (SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}), |
| 72 | (SynBoxesClaim, { |
| 73 | 'verifier': self, |
| 74 | 'claims': box_claims, |
| 75 | 'is_list': True, |
| 76 | 'necessity':Claim.MANDATORY}), |
| 77 | ] |
| 78 | |
| 79 | # initialise the base part of the token |
| 80 | super().__init__( |
| 81 | method=method, |
| 82 | cose_alg=cose_alg, |
| 83 | signing_key=signing_key, |
| 84 | claims=verifier_claims, |
| 85 | configuration=configuration, |
| 86 | necessity=Claim.MANDATORY) |
| 87 | |
| 88 | @staticmethod |
| 89 | def check_cross_claim_requirements(verifier, claims): |
| 90 | pass |
| 91 | |
| Mate Toth-Pal | e589c45 | 2022-07-27 22:02:40 +0200 | [diff] [blame^] | 92 | class SyntheticTokenVerifier2(Verifier): |
| 93 | """Another test token that may contain other tokens""" |
| 94 | def get_claim_key(self=None): |
| 95 | return 0x54a14e11 #TODO: some made up claim. Change claim indexing to use name |
| 96 | # and this should return None |
| 97 | |
| 98 | def get_claim_name(self=None): |
| 99 | return 'SYNTHETIC_TOKEN_2' |
| 100 | |
| 101 | def _get_p_header(self): |
| 102 | return {'alg': self.cose_alg} |
| 103 | |
| 104 | def _parse_p_header(self, msg): |
| 105 | alg = self._get_cose_alg() |
| 106 | try: |
| 107 | msg_alg = msg.protected_header['alg'] |
| 108 | except KeyError as exc: |
| 109 | raise ValueError(f'Missing alg from protected header (expected {alg})') from exc |
| 110 | if alg != msg_alg: |
| 111 | raise ValueError('Unexpected alg in protected header ' + |
| 112 | f'(expected {alg} instead of {msg_alg})') |
| 113 | |
| 114 | def _get_wrapping_tag(self): |
| 115 | return 0xaabb |
| 116 | |
| 117 | def __init__(self, *, method, cose_alg, signing_key, configuration, internal_signing_key): |
| 118 | # First prepare the claim hierarchy for this token |
| 119 | |
| 120 | # Claims for the internal token: |
| 121 | internal_box_claims = [ |
| 122 | (BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 123 | (BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 124 | (BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 125 | (BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}), |
| 126 | ] |
| 127 | |
| 128 | internal_verifier_claims = [ |
| 129 | (SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}), |
| 130 | (SynBoxesClaim, { |
| 131 | 'verifier': self, |
| 132 | 'claims': internal_box_claims, |
| 133 | 'is_list': True, |
| 134 | 'necessity':Claim.MANDATORY}), |
| 135 | ] |
| 136 | |
| 137 | # Claims for the 'external' token |
| 138 | box_claims = [ |
| 139 | (BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 140 | (BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 141 | (BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}), |
| 142 | (BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}), |
| 143 | (SyntheticInternalTokenVerifier2, {'necessity': Claim.OPTIONAL, |
| 144 | 'method': Verifier.SIGN_METHOD_SIGN1, |
| 145 | 'cose_alg': Verifier.COSE_ALG_ES256, |
| 146 | 'claims': internal_verifier_claims, |
| 147 | 'configuration': configuration, |
| 148 | 'signing_key': internal_signing_key}), |
| 149 | ] |
| 150 | |
| 151 | verifier_claims = [ |
| 152 | (SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}), |
| 153 | (SynBoxesClaim, { |
| 154 | 'verifier': self, |
| 155 | 'claims': box_claims, |
| 156 | 'is_list': True, |
| 157 | 'necessity':Claim.MANDATORY}), |
| 158 | ] |
| 159 | |
| 160 | # initialise the base part of the token |
| 161 | super().__init__( |
| 162 | method=method, |
| 163 | cose_alg=cose_alg, |
| 164 | signing_key=signing_key, |
| 165 | claims=verifier_claims, |
| 166 | configuration=configuration, |
| 167 | necessity=Claim.MANDATORY) |
| 168 | |
| 169 | @staticmethod |
| 170 | def check_cross_claim_requirements(verifier, claims): |
| 171 | pass |
| 172 | |
| Mate Toth-Pal | b2508d5 | 2022-04-30 14:10:06 +0200 | [diff] [blame] | 173 | class SyntheticInternalTokenVerifier(Verifier): |
| 174 | """A Test token that is intended to use inside another token""" |
| 175 | |
| 176 | def get_claim_key(self=None): |
| 177 | return 0x54a14e12 #TODO: some made up claim. Change claim indexing to use name |
| 178 | # and this should return None |
| 179 | |
| 180 | def get_claim_name(self=None): |
| 181 | return 'SYNTHETIC_INTERNAL_TOKEN' |
| 182 | |
| 183 | def _get_p_header(self): |
| 184 | return {'alg': self.cose_alg} |
| 185 | |
| 186 | def _parse_p_header(self, msg): |
| 187 | alg = self._get_cose_alg() |
| 188 | try: |
| 189 | msg_alg = msg.protected_header['alg'] |
| 190 | except KeyError as exc: |
| 191 | raise ValueError(f'Missing alg from protected header (expected {alg})') from exc |
| 192 | if alg != msg_alg: |
| 193 | raise ValueError('Unexpected alg in protected header ' + |
| 194 | f'(expected {alg} instead of {msg_alg})') |
| 195 | |
| 196 | |
| 197 | def _get_wrapping_tag(self): |
| 198 | return None |
| 199 | |
| 200 | def __init__( |
| 201 | self, |
| 202 | *, method, |
| 203 | cose_alg, |
| 204 | signing_key, |
| 205 | claims, |
| 206 | configuration=None, |
| 207 | necessity=Claim.MANDATORY): |
| 208 | super().__init__( |
| 209 | method=method, |
| 210 | cose_alg=cose_alg, |
| 211 | signing_key=signing_key, |
| 212 | claims=claims, |
| 213 | configuration=configuration, |
| 214 | necessity=necessity) |
| 215 | |
| 216 | @staticmethod |
| 217 | def check_cross_claim_requirements(verifier, claims): |
| 218 | pass |
| Mate Toth-Pal | e589c45 | 2022-07-27 22:02:40 +0200 | [diff] [blame^] | 219 | |
| 220 | |
| 221 | class SyntheticInternalTokenVerifier2(Verifier): |
| 222 | """Another Test token that is intended to use inside another token""" |
| 223 | |
| 224 | def get_claim_key(self=None): |
| 225 | return 0x54a14e12 #TODO: some made up claim. Change claim indexing to use name |
| 226 | # and this should return None |
| 227 | |
| 228 | def get_claim_name(self=None): |
| 229 | return 'SYNTHETIC_INTERNAL_TOKEN_2' |
| 230 | |
| 231 | def _get_p_header(self): |
| 232 | return None |
| 233 | |
| 234 | def _parse_p_header(self, msg): |
| 235 | pass |
| 236 | |
| 237 | |
| 238 | def _get_wrapping_tag(self): |
| 239 | return 0xbbaa |
| 240 | |
| 241 | def __init__( |
| 242 | self, |
| 243 | *, method, |
| 244 | cose_alg, |
| 245 | signing_key, |
| 246 | claims, |
| 247 | configuration=None, |
| 248 | necessity=Claim.MANDATORY): |
| 249 | super().__init__( |
| 250 | method=method, |
| 251 | cose_alg=cose_alg, |
| 252 | signing_key=signing_key, |
| 253 | claims=claims, |
| 254 | configuration=configuration, |
| 255 | necessity=necessity) |
| 256 | |
| 257 | @staticmethod |
| 258 | def check_cross_claim_requirements(verifier, claims): |
| 259 | pass |