Blame - iat-verifier/tests/synthetic_token_verifier.py - TF-M/tf-m-tools

blob: a8ac5007302f87cdc5cbfe7cd28a5cc75be9bd87 [file] [log] [blame]

Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	1	# -----------------------------------------------------------------------------
				2	# Copyright (c) 2022, Arm Limited. All rights reserved.
				3	#
				4	# SPDX-License-Identifier: BSD-3-Clause
				5	#
				6	# -----------------------------------------------------------------------------
				7
				8	"""
				9	This module contains a set of tokens that are used for testing features not used by current
				10	token types.
				11	"""
				12
				13	from iatverifier.attest_token_verifier import AttestationTokenVerifier as Verifier
				14	from iatverifier.attest_token_verifier import AttestationClaim as Claim
				15	from tests.synthetic_token_claims import SynClaimInt, SynBoxesClaim, BoxWidthClaim
				16	from tests.synthetic_token_claims import BoxHeightClaim, BoxDepthClaim, BoxColorClaim
				17
				18	class SyntheticTokenVerifier(Verifier):
				19	"""A test token that may contain other tokens"""
				20	def get_claim_key(self=None):
Mate Toth-Pal	f03ea69	2022-07-28 21:49:25 +0200	[diff] [blame^]	21	return None # In case of root tokens the key is not used.
Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	22
				23	def get_claim_name(self=None):
				24	return 'SYNTHETIC_TOKEN'
				25
				26	def _get_p_header(self):
				27	return None
				28
				29	def _get_wrapping_tag(self):
				30	return None
				31
				32	def _parse_p_header(self, msg):
Mate Toth-Pal	138637a	2022-07-28 10:57:06 +0200	[diff] [blame]	33	if (len(msg.protected_header) > 0):
				34	raise ValueError('Unexpected protected header')
Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	35
				36	def __init__(self, *, method, cose_alg, signing_key, configuration, internal_signing_key):
				37	# First prepare the claim hierarchy for this token
				38
				39	# Claims for the internal token:
				40	internal_box_claims = [
				41	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				42	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				43	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				44	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				45	]
				46
				47	internal_verifier_claims = [
				48	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				49	(SynBoxesClaim, {
				50	'verifier': self,
				51	'claims': internal_box_claims,
				52	'is_list': True,
				53	'necessity':Claim.MANDATORY}),
				54	]
				55
				56	# Claims for the 'external' token
				57	box_claims = [
				58	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				59	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				60	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				61	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				62	(SyntheticInternalTokenVerifier, {'necessity': Claim.OPTIONAL,
				63	'method': Verifier.SIGN_METHOD_SIGN1,
				64	'cose_alg': Verifier.COSE_ALG_ES256,
				65	'claims': internal_verifier_claims,
				66	'configuration': configuration,
				67	'signing_key': internal_signing_key}),
				68	]
				69
				70	verifier_claims = [
				71	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				72	(SynBoxesClaim, {
				73	'verifier': self,
				74	'claims': box_claims,
				75	'is_list': True,
				76	'necessity':Claim.MANDATORY}),
				77	]
				78
				79	# initialise the base part of the token
				80	super().__init__(
				81	method=method,
				82	cose_alg=cose_alg,
				83	signing_key=signing_key,
				84	claims=verifier_claims,
				85	configuration=configuration,
				86	necessity=Claim.MANDATORY)
				87
				88	@staticmethod
				89	def check_cross_claim_requirements(verifier, claims):
				90	pass
				91
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	92	class SyntheticTokenVerifier2(Verifier):
				93	"""Another test token that may contain other tokens"""
				94	def get_claim_key(self=None):
Mate Toth-Pal	f03ea69	2022-07-28 21:49:25 +0200	[diff] [blame^]	95	return None # In case of root tokens the key is not used.
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	96
				97	def get_claim_name(self=None):
				98	return 'SYNTHETIC_TOKEN_2'
				99
				100	def _get_p_header(self):
				101	return {'alg': self.cose_alg}
				102
				103	def _parse_p_header(self, msg):
				104	alg = self._get_cose_alg()
				105	try:
				106	msg_alg = msg.protected_header['alg']
				107	except KeyError as exc:
				108	raise ValueError(f'Missing alg from protected header (expected {alg})') from exc
				109	if alg != msg_alg:
				110	raise ValueError('Unexpected alg in protected header ' +
				111	f'(expected {alg} instead of {msg_alg})')
				112
				113	def _get_wrapping_tag(self):
				114	return 0xaabb
				115
				116	def __init__(self, *, method, cose_alg, signing_key, configuration, internal_signing_key):
				117	# First prepare the claim hierarchy for this token
				118
				119	# Claims for the internal token:
				120	internal_box_claims = [
				121	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				122	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				123	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				124	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				125	]
				126
				127	internal_verifier_claims = [
				128	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				129	(SynBoxesClaim, {
				130	'verifier': self,
				131	'claims': internal_box_claims,
				132	'is_list': True,
				133	'necessity':Claim.MANDATORY}),
				134	]
				135
				136	# Claims for the 'external' token
				137	box_claims = [
				138	(BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				139	(BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				140	(BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
				141	(BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
				142	(SyntheticInternalTokenVerifier2, {'necessity': Claim.OPTIONAL,
				143	'method': Verifier.SIGN_METHOD_SIGN1,
				144	'cose_alg': Verifier.COSE_ALG_ES256,
				145	'claims': internal_verifier_claims,
				146	'configuration': configuration,
				147	'signing_key': internal_signing_key}),
				148	]
				149
				150	verifier_claims = [
				151	(SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
				152	(SynBoxesClaim, {
				153	'verifier': self,
				154	'claims': box_claims,
				155	'is_list': True,
				156	'necessity':Claim.MANDATORY}),
				157	]
				158
				159	# initialise the base part of the token
				160	super().__init__(
				161	method=method,
				162	cose_alg=cose_alg,
				163	signing_key=signing_key,
				164	claims=verifier_claims,
				165	configuration=configuration,
				166	necessity=Claim.MANDATORY)
				167
				168	@staticmethod
				169	def check_cross_claim_requirements(verifier, claims):
				170	pass
				171
Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	172	class SyntheticInternalTokenVerifier(Verifier):
				173	"""A Test token that is intended to use inside another token"""
				174
				175	def get_claim_key(self=None):
Mate Toth-Pal	f03ea69	2022-07-28 21:49:25 +0200	[diff] [blame^]	176	return 0x54a14e12
Mate Toth-Pal	b2508d5	2022-04-30 14:10:06 +0200	[diff] [blame]	177
				178	def get_claim_name(self=None):
				179	return 'SYNTHETIC_INTERNAL_TOKEN'
				180
				181	def _get_p_header(self):
				182	return {'alg': self.cose_alg}
				183
				184	def _parse_p_header(self, msg):
				185	alg = self._get_cose_alg()
				186	try:
				187	msg_alg = msg.protected_header['alg']
				188	except KeyError as exc:
				189	raise ValueError(f'Missing alg from protected header (expected {alg})') from exc
				190	if alg != msg_alg:
				191	raise ValueError('Unexpected alg in protected header ' +
				192	f'(expected {alg} instead of {msg_alg})')
				193
				194
				195	def _get_wrapping_tag(self):
				196	return None
				197
				198	def __init__(
				199	self,
				200	*, method,
				201	cose_alg,
				202	signing_key,
				203	claims,
				204	configuration=None,
				205	necessity=Claim.MANDATORY):
				206	super().__init__(
				207	method=method,
				208	cose_alg=cose_alg,
				209	signing_key=signing_key,
				210	claims=claims,
				211	configuration=configuration,
				212	necessity=necessity)
				213
				214	@staticmethod
				215	def check_cross_claim_requirements(verifier, claims):
				216	pass
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	217
				218
				219	class SyntheticInternalTokenVerifier2(Verifier):
				220	"""Another Test token that is intended to use inside another token"""
				221
				222	def get_claim_key(self=None):
Mate Toth-Pal	f03ea69	2022-07-28 21:49:25 +0200	[diff] [blame^]	223	return 0x54a14e13
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	224
				225	def get_claim_name(self=None):
				226	return 'SYNTHETIC_INTERNAL_TOKEN_2'
				227
				228	def _get_p_header(self):
				229	return None
				230
				231	def _parse_p_header(self, msg):
Mate Toth-Pal	138637a	2022-07-28 10:57:06 +0200	[diff] [blame]	232	if (len(msg.protected_header) > 0):
				233	raise ValueError('Unexpected protected header')
Mate Toth-Pal	e589c45	2022-07-27 22:02:40 +0200	[diff] [blame]	234
				235	def _get_wrapping_tag(self):
				236	return 0xbbaa
				237
				238	def __init__(
				239	self,
				240	*, method,
				241	cose_alg,
				242	signing_key,
				243	claims,
				244	configuration=None,
				245	necessity=Claim.MANDATORY):
				246	super().__init__(
				247	method=method,
				248	cose_alg=cose_alg,
				249	signing_key=signing_key,
				250	claims=claims,
				251	configuration=configuration,
				252	necessity=necessity)
				253
				254	@staticmethod
				255	def check_cross_claim_requirements(verifier, claims):
				256	pass