Blame - iat-verifier/dev_scripts/generate-sample-iat.py - TF-M/tf-m-tools - TrustedFirmware Git Browser

blob: 7e616054965808e7924a219b177e956069f55a32 [file] [log] [blame]

Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	1	#!/usr/bin/env python3
				2	# -----------------------------------------------------------------------------
Mate Toth-Pal	916a3de	2024-05-03 09:34:41 +0200	[diff] [blame]	3	# Copyright (c) 2019-2024, Arm Limited. All rights reserved.
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	4	#
				5	# SPDX-License-Identifier: BSD-3-Clause
				6	#
				7	# -----------------------------------------------------------------------------
				8
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	9	"""
				10	Generate a sample token, signing it with the specified key, and writing
				11	the output to the specified file.
				12
				13	This script is deprecated - use ``compile_token`` (see above) instead.
				14	"""
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	15	import struct
				16
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	17	from iatverifier.util import convert_map_to_token, read_keyfile
				18	from iatverifier.attest_token_verifier import AttestationTokenVerifier
				19	from iatverifier.psa_iot_profile1_token_claims import InstanceIdClaim, ImplementationIdClaim
				20	from iatverifier.psa_iot_profile1_token_claims import ChallengeClaim, ClientIdClaim
				21	from iatverifier.psa_iot_profile1_token_claims import SecurityLifecycleClaim, ProfileIdClaim
				22	from iatverifier.psa_iot_profile1_token_claims import BootSeedClaim, SWComponentsClaim
				23	from iatverifier.psa_iot_profile1_token_claims import SWComponentTypeClaim, SignerIdClaim
				24	from iatverifier.psa_iot_profile1_token_claims import SwComponentVersionClaim
				25	from iatverifier.psa_iot_profile1_token_claims import MeasurementValueClaim
				26	from iatverifier.psa_iot_profile1_token_claims import MeasurementDescriptionClaim
Mate Toth-Pal	a7a9717	2022-03-24 16:43:22 +0100	[diff] [blame]	27	from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
Thomas Fossati	f4e1ca3	2024-08-16 16:01:31 +0000	[diff] [blame^]	28	from pycose.algorithms import Es256, Es384, Es512
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	29
				30	# First byte indicates "GUID"
				31	GUID = b'\x01' + struct.pack('QQQQ', 0x0001020304050607, 0x08090A0B0C0D0E0F,
				32	0x1011121314151617, 0x18191A1B1C1D1E1F)
				33	NONCE = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				34	0X1011121314151617, 0X18191A1B1C1D1E1F)
				35	ORIGIN = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				36	0X1011121314151617, 0X18191A1B1C1D1E1F)
				37	BOOT_SEED = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				38	0X1011121314151617, 0X18191A1B1C1D1E1F)
				39	SIGNER_ID = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				40	0X1011121314151617, 0X18191A1B1C1D1E1F)
				41	MEASUREMENT = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				42	0X1011121314151617, 0X18191A1B1C1D1E1F)
				43
				44	token_map = {
				45	InstanceIdClaim.get_claim_key(): GUID,
				46	ImplementationIdClaim.get_claim_key(): ORIGIN,
				47	ChallengeClaim.get_claim_key(): NONCE,
				48	ClientIdClaim.get_claim_key(): 2,
Mate Toth-Pal	916a3de	2024-05-03 09:34:41 +0200	[diff] [blame]	49	SecurityLifecycleClaim.get_claim_key(): 0x1000,
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	50	ProfileIdClaim.get_claim_key(): 'http://example.com',
				51	BootSeedClaim.get_claim_key(): BOOT_SEED,
				52	SWComponentsClaim.get_claim_key(): [
				53	{
				54	# bootloader
				55	SWComponentTypeClaim.get_claim_key(): 'BL',
				56	SignerIdClaim.get_claim_key(): SIGNER_ID,
				57	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				58	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				59	MeasurementDescriptionClaim.get_claim_key(): 'TF-M_SHA256MemPreXIP',
				60	},
				61	{
				62	# mod1
				63	SWComponentTypeClaim.get_claim_key(): 'M1',
				64	SignerIdClaim.get_claim_key(): SIGNER_ID,
				65	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				66	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				67	},
				68	{
				69	# mod2
				70	SWComponentTypeClaim.get_claim_key(): 'M2',
				71	SignerIdClaim.get_claim_key(): SIGNER_ID,
				72	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				73	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				74	},
				75	{
				76	# mod3
				77	SWComponentTypeClaim.get_claim_key(): 'M3',
				78	SignerIdClaim.get_claim_key(): SIGNER_ID,
				79	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				80	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				81	},
				82	],
				83	}
				84
				85
				86	if __name__ == '__main__':
				87	import sys
				88	if len(sys.argv) != 3:
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	89	print(f'Usage: {sys.argv[0]} KEYFILE OUTFILE')
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	90	sys.exit(1)
				91	keyfile = sys.argv[1]
				92	outfile = sys.argv[2]
				93
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	94	key = read_keyfile(keyfile,
				95	method=AttestationTokenVerifier.SIGN_METHOD_SIGN1)
				96	verifier = PSAIoTProfile1TokenVerifier(signing_key=key,
				97	method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
Thomas Fossati	f4e1ca3	2024-08-16 16:01:31 +0000	[diff] [blame^]	98	cose_alg=Es256,
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	99	configuration=None)
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	100	with open(outfile, 'wb') as wfh:
Mate Toth-Pal	e305e55	2022-10-07 14:04:53 +0200	[diff] [blame]	101	convert_map_to_token(token_map, verifier, wfh,
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	102	name_as_key=False, parse_raw_value=False)