| Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 1 | #!/usr/bin/env python3 |
| 2 | # ----------------------------------------------------------------------------- |
| Mate Toth-Pal | 916a3de | 2024-05-03 09:34:41 +0200 | [diff] [blame] | 3 | # Copyright (c) 2019-2024, Arm Limited. All rights reserved. |
| Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 4 | # |
| 5 | # SPDX-License-Identifier: BSD-3-Clause |
| 6 | # |
| 7 | # ----------------------------------------------------------------------------- |
| 8 | |
| Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 9 | """ |
| 10 | Generate a sample token, signing it with the specified key, and writing |
| 11 | the output to the specified file. |
| 12 | |
| 13 | This script is deprecated - use ``compile_token`` (see above) instead. |
| 14 | """ |
| Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 15 | import struct |
| 16 | |
| Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 17 | from iatverifier.util import convert_map_to_token, read_keyfile |
| 18 | from iatverifier.attest_token_verifier import AttestationTokenVerifier |
| 19 | from iatverifier.psa_iot_profile1_token_claims import InstanceIdClaim, ImplementationIdClaim |
| 20 | from iatverifier.psa_iot_profile1_token_claims import ChallengeClaim, ClientIdClaim |
| 21 | from iatverifier.psa_iot_profile1_token_claims import SecurityLifecycleClaim, ProfileIdClaim |
| 22 | from iatverifier.psa_iot_profile1_token_claims import BootSeedClaim, SWComponentsClaim |
| 23 | from iatverifier.psa_iot_profile1_token_claims import SWComponentTypeClaim, SignerIdClaim |
| 24 | from iatverifier.psa_iot_profile1_token_claims import SwComponentVersionClaim |
| 25 | from iatverifier.psa_iot_profile1_token_claims import MeasurementValueClaim |
| 26 | from iatverifier.psa_iot_profile1_token_claims import MeasurementDescriptionClaim |
| Mate Toth-Pal | a7a9717 | 2022-03-24 16:43:22 +0100 | [diff] [blame] | 27 | from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier |
| Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 28 | |
| 29 | # First byte indicates "GUID" |
| 30 | GUID = b'\x01' + struct.pack('QQQQ', 0x0001020304050607, 0x08090A0B0C0D0E0F, |
| 31 | 0x1011121314151617, 0x18191A1B1C1D1E1F) |
| 32 | NONCE = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F, |
| 33 | 0X1011121314151617, 0X18191A1B1C1D1E1F) |
| 34 | ORIGIN = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F, |
| 35 | 0X1011121314151617, 0X18191A1B1C1D1E1F) |
| 36 | BOOT_SEED = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F, |
| 37 | 0X1011121314151617, 0X18191A1B1C1D1E1F) |
| 38 | SIGNER_ID = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F, |
| 39 | 0X1011121314151617, 0X18191A1B1C1D1E1F) |
| 40 | MEASUREMENT = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F, |
| 41 | 0X1011121314151617, 0X18191A1B1C1D1E1F) |
| 42 | |
| 43 | token_map = { |
| 44 | InstanceIdClaim.get_claim_key(): GUID, |
| 45 | ImplementationIdClaim.get_claim_key(): ORIGIN, |
| 46 | ChallengeClaim.get_claim_key(): NONCE, |
| 47 | ClientIdClaim.get_claim_key(): 2, |
| Mate Toth-Pal | 916a3de | 2024-05-03 09:34:41 +0200 | [diff] [blame] | 48 | SecurityLifecycleClaim.get_claim_key(): 0x1000, |
| Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 49 | ProfileIdClaim.get_claim_key(): 'http://example.com', |
| 50 | BootSeedClaim.get_claim_key(): BOOT_SEED, |
| 51 | SWComponentsClaim.get_claim_key(): [ |
| 52 | { |
| 53 | # bootloader |
| 54 | SWComponentTypeClaim.get_claim_key(): 'BL', |
| 55 | SignerIdClaim.get_claim_key(): SIGNER_ID, |
| 56 | SwComponentVersionClaim.get_claim_key(): '3.4.2', |
| 57 | MeasurementValueClaim.get_claim_key(): MEASUREMENT, |
| 58 | MeasurementDescriptionClaim.get_claim_key(): 'TF-M_SHA256MemPreXIP', |
| 59 | }, |
| 60 | { |
| 61 | # mod1 |
| 62 | SWComponentTypeClaim.get_claim_key(): 'M1', |
| 63 | SignerIdClaim.get_claim_key(): SIGNER_ID, |
| 64 | SwComponentVersionClaim.get_claim_key(): '3.4.2', |
| 65 | MeasurementValueClaim.get_claim_key(): MEASUREMENT, |
| 66 | }, |
| 67 | { |
| 68 | # mod2 |
| 69 | SWComponentTypeClaim.get_claim_key(): 'M2', |
| 70 | SignerIdClaim.get_claim_key(): SIGNER_ID, |
| 71 | SwComponentVersionClaim.get_claim_key(): '3.4.2', |
| 72 | MeasurementValueClaim.get_claim_key(): MEASUREMENT, |
| 73 | }, |
| 74 | { |
| 75 | # mod3 |
| 76 | SWComponentTypeClaim.get_claim_key(): 'M3', |
| 77 | SignerIdClaim.get_claim_key(): SIGNER_ID, |
| 78 | SwComponentVersionClaim.get_claim_key(): '3.4.2', |
| 79 | MeasurementValueClaim.get_claim_key(): MEASUREMENT, |
| 80 | }, |
| 81 | ], |
| 82 | } |
| 83 | |
| 84 | |
| 85 | if __name__ == '__main__': |
| 86 | import sys |
| 87 | if len(sys.argv) != 3: |
| Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 88 | print(f'Usage: {sys.argv[0]} KEYFILE OUTFILE') |
| Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 89 | sys.exit(1) |
| 90 | keyfile = sys.argv[1] |
| 91 | outfile = sys.argv[2] |
| 92 | |
| Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 93 | key = read_keyfile(keyfile, |
| 94 | method=AttestationTokenVerifier.SIGN_METHOD_SIGN1) |
| 95 | verifier = PSAIoTProfile1TokenVerifier(signing_key=key, |
| 96 | method=AttestationTokenVerifier.SIGN_METHOD_SIGN1, |
| 97 | cose_alg=AttestationTokenVerifier.COSE_ALG_ES256, |
| 98 | configuration=None) |
| Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 99 | with open(outfile, 'wb') as wfh: |
| Mate Toth-Pal | e305e55 | 2022-10-07 14:04:53 +0200 | [diff] [blame] | 100 | convert_map_to_token(token_map, verifier, wfh, |
| Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 101 | name_as_key=False, parse_raw_value=False) |