Blame - iat-verifier/tests/synthetic_token_verifier.py - TF-M/tf-m-tools

blob: f44c87d60f294c7a11ae207dec0f6557226932bd [file] [log] [blame]

Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	1	# -----------------------------------------------------------------------------
				2	# Copyright (c) 2022, Arm Limited. All rights reserved.
				3	#
				4	# SPDX-License-Identifier: BSD-3-Clause
				5	#
				6	# -----------------------------------------------------------------------------
				7
				8	"""
				9	This module contains a set of tokens that are used for testing features not used by current
				10	token types.
				11	"""
				12
				13	from iatverifier.attest_token_verifier import AttestationTokenVerifier as Verifier
				14	from iatverifier.attest_token_verifier import AttestationClaim as Claim
				15	from tests.synthetic_token_claims import SynClaimInt, SynBoxesClaim, BoxWidthClaim
				16	from tests.synthetic_token_claims import BoxHeightClaim, BoxDepthClaim, BoxColorClaim
				17
				18	class SyntheticTokenVerifier(Verifier):
				19	"""A test token that may contain other tokens"""
				20	def get_claim_key(self=None):
				21	return 0x54a14e11 #TODO: some made up claim. Change claim indexing to use name
				22	# and this should return None
				23
				24	def get_claim_name(self=None):
				25	return 'SYNTHETIC_TOKEN'
				26
				27	def _get_p_header(self):
				28	return None
				29
				30	def _get_wrapping_tag(self):
				31	return None
				32
				33	def _parse_p_header(self, msg):
Mate Toth-Pal	138637a	2022-07-28 10:57:06 +0200	[diff] [blame^]	34	if (len(msg.protected_header) > 0):
				35	raise ValueError('Unexpected protected header')
Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	36
				37	def __init__(self, *, method, cose_alg, signing_key, configuration, internal_signing_key):
				38	# First prepare the claim hierarchy for this token
				39
				40	# Claims for the internal token:
				41	internal_box_claims = [
				42	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				43	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				44	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				45	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				46	]
				47
				48	internal_verifier_claims = [
				49	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				50	(SynBoxesClaim, {
				51	'verifier': self,
				52	'claims': internal_box_claims,
				53	'is_list': True,
				54	'necessity':Claim.MANDATORY}),
				55	]
				56
				57	# Claims for the 'external' token
				58	box_claims = [
				59	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				60	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				61	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				62	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				63	(SyntheticInternalTokenVerifier, {'necessity': Claim.OPTIONAL,
				64	'method': Verifier.SIGN_METHOD_SIGN1,
				65	'cose_alg': Verifier.COSE_ALG_ES256,
				66	'claims': internal_verifier_claims,
				67	'configuration': configuration,
				68	'signing_key': internal_signing_key}),
				69	]
				70
				71	verifier_claims = [
				72	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				73	(SynBoxesClaim, {
				74	'verifier': self,
				75	'claims': box_claims,
				76	'is_list': True,
				77	'necessity':Claim.MANDATORY}),
				78	]
				79
				80	# initialise the base part of the token
				81	super().__init__(
				82	method=method,
				83	cose_alg=cose_alg,
				84	signing_key=signing_key,
				85	claims=verifier_claims,
				86	configuration=configuration,
				87	necessity=Claim.MANDATORY)
				88
				89	@staticmethod
				90	def check_cross_claim_requirements(verifier, claims):
				91	pass
				92
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	93	class SyntheticTokenVerifier2(Verifier):
				94	"""Another test token that may contain other tokens"""
				95	def get_claim_key(self=None):
				96	return 0x54a14e11 #TODO: some made up claim. Change claim indexing to use name
				97	# and this should return None
				98
				99	def get_claim_name(self=None):
				100	return 'SYNTHETIC_TOKEN_2'
				101
				102	def _get_p_header(self):
				103	return {'alg': self.cose_alg}
				104
				105	def _parse_p_header(self, msg):
				106	alg = self._get_cose_alg()
				107	try:
				108	msg_alg = msg.protected_header['alg']
				109	except KeyError as exc:
				110	raise ValueError(f'Missing alg from protected header (expected {alg})') from exc
				111	if alg != msg_alg:
				112	raise ValueError('Unexpected alg in protected header ' +
				113	f'(expected {alg} instead of {msg_alg})')
				114
				115	def _get_wrapping_tag(self):
				116	return 0xaabb
				117
				118	def __init__(self, *, method, cose_alg, signing_key, configuration, internal_signing_key):
				119	# First prepare the claim hierarchy for this token
				120
				121	# Claims for the internal token:
				122	internal_box_claims = [
				123	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				124	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				125	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				126	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				127	]
				128
				129	internal_verifier_claims = [
				130	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				131	(SynBoxesClaim, {
				132	'verifier': self,
				133	'claims': internal_box_claims,
				134	'is_list': True,
				135	'necessity':Claim.MANDATORY}),
				136	]
				137
				138	# Claims for the 'external' token
				139	box_claims = [
				140	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				141	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				142	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				143	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				144	(SyntheticInternalTokenVerifier2, {'necessity': Claim.OPTIONAL,
				145	'method': Verifier.SIGN_METHOD_SIGN1,
				146	'cose_alg': Verifier.COSE_ALG_ES256,
				147	'claims': internal_verifier_claims,
				148	'configuration': configuration,
				149	'signing_key': internal_signing_key}),
				150	]
				151
				152	verifier_claims = [
				153	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				154	(SynBoxesClaim, {
				155	'verifier': self,
				156	'claims': box_claims,
				157	'is_list': True,
				158	'necessity':Claim.MANDATORY}),
				159	]
				160
				161	# initialise the base part of the token
				162	super().__init__(
				163	method=method,
				164	cose_alg=cose_alg,
				165	signing_key=signing_key,
				166	claims=verifier_claims,
				167	configuration=configuration,
				168	necessity=Claim.MANDATORY)
				169
				170	@staticmethod
				171	def check_cross_claim_requirements(verifier, claims):
				172	pass
				173
Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	174	class SyntheticInternalTokenVerifier(Verifier):
				175	"""A Test token that is intended to use inside another token"""
				176
				177	def get_claim_key(self=None):
				178	return 0x54a14e12 #TODO: some made up claim. Change claim indexing to use name
				179	# and this should return None
				180
				181	def get_claim_name(self=None):
				182	return 'SYNTHETIC_INTERNAL_TOKEN'
				183
				184	def _get_p_header(self):
				185	return {'alg': self.cose_alg}
				186
				187	def _parse_p_header(self, msg):
				188	alg = self._get_cose_alg()
				189	try:
				190	msg_alg = msg.protected_header['alg']
				191	except KeyError as exc:
				192	raise ValueError(f'Missing alg from protected header (expected {alg})') from exc
				193	if alg != msg_alg:
				194	raise ValueError('Unexpected alg in protected header ' +
				195	f'(expected {alg} instead of {msg_alg})')
				196
				197
				198	def _get_wrapping_tag(self):
				199	return None
				200
				201	def __init__(
				202	self,
				203	*, method,
				204	cose_alg,
				205	signing_key,
				206	claims,
				207	configuration=None,
				208	necessity=Claim.MANDATORY):
				209	super().__init__(
				210	method=method,
				211	cose_alg=cose_alg,
				212	signing_key=signing_key,
				213	claims=claims,
				214	configuration=configuration,
				215	necessity=necessity)
				216
				217	@staticmethod
				218	def check_cross_claim_requirements(verifier, claims):
				219	pass
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	220
				221
				222	class SyntheticInternalTokenVerifier2(Verifier):
				223	"""Another Test token that is intended to use inside another token"""
				224
				225	def get_claim_key(self=None):
				226	return 0x54a14e12 #TODO: some made up claim. Change claim indexing to use name
				227	# and this should return None
				228
				229	def get_claim_name(self=None):
				230	return 'SYNTHETIC_INTERNAL_TOKEN_2'
				231
				232	def _get_p_header(self):
				233	return None
				234
				235	def _parse_p_header(self, msg):
Mate Toth-Pal	138637a	2022-07-28 10:57:06 +0200	[diff] [blame^]	236	if (len(msg.protected_header) > 0):
				237	raise ValueError('Unexpected protected header')
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	238
				239	def _get_wrapping_tag(self):
				240	return 0xbbaa
				241
				242	def __init__(
				243	self,
				244	*, method,
				245	cose_alg,
				246	signing_key,
				247	claims,
				248	configuration=None,
				249	necessity=Claim.MANDATORY):
				250	super().__init__(
				251	method=method,
				252	cose_alg=cose_alg,
				253	signing_key=signing_key,
				254	claims=claims,
				255	configuration=configuration,
				256	necessity=necessity)
				257
				258	@staticmethod
				259	def check_cross_claim_requirements(verifier, claims):
				260	pass