blob: 6bcb26fc7c00180faada947c3fa5f24694ce2d09 [file] [log] [blame]
Mate Toth-Pal51b61982022-03-17 14:19:30 +01001#!/usr/bin/env python3
2#-------------------------------------------------------------------------------
3# Copyright (c) 2019-2022, Arm Limited. All rights reserved.
4#
5# SPDX-License-Identifier: BSD-3-Clause
6#
7#-------------------------------------------------------------------------------
8
Mate Toth-Palb9057ff2022-04-29 16:03:21 +02009"""CLI script for decompiling a cbor formatted IAT file"""
10
Mate Toth-Pal51b61982022-03-17 14:19:30 +010011import argparse
Mate Toth-Palb9057ff2022-04-29 16:03:21 +020012import logging
Mate Toth-Pal51b61982022-03-17 14:19:30 +010013import sys
14
Thomas Fossatif4e1ca32024-08-16 16:01:31 +000015from pycose.algorithms import Es256, Es384
Mate Toth-Pal51b61982022-03-17 14:19:30 +010016import yaml
Mate Toth-Pal51b61982022-03-17 14:19:30 +010017from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
Tamas Ban1e7944a2022-07-04 13:09:03 +020018from iatverifier.psa_2_0_0_token_verifier import PSA_2_0_0_TokenVerifier
Mate Toth-Palb9057ff2022-04-29 16:03:21 +020019from iatverifier.attest_token_verifier import AttestationTokenVerifier
Mate Toth-Pal5ebca512022-03-24 16:45:51 +010020from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier
Mate Toth-Pal51b61982022-03-17 14:19:30 +010021
22
23if __name__ == '__main__':
Mate Toth-Palb9057ff2022-04-29 16:03:21 +020024 logging.basicConfig(level=logging.INFO)
Mate Toth-Pal6978f7c2022-03-30 14:38:55 +020025
26 token_verifiers = {
27 "PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier,
Mate Toth-Pal5ebca512022-03-24 16:45:51 +010028 "CCA-token": CCATokenVerifier,
29 "CCA-plat-token": CCAPlatformTokenVerifier,
Tamas Ban1e7944a2022-07-04 13:09:03 +020030 "PSA-2.0.0-token": PSA_2_0_0_TokenVerifier,
Mate Toth-Pal6978f7c2022-03-30 14:38:55 +020031 }
32
Mate Toth-Pal51b61982022-03-17 14:19:30 +010033 parser = argparse.ArgumentParser()
34 parser.add_argument('source', help='A compiled COSE IAT token.')
35 parser.add_argument('-o', '--outfile',
36 help='''Output file for the depompiled claims. If this is not
37 specified, the claims will be written to standard output.''')
Mate Toth-Pal6978f7c2022-03-30 14:38:55 +020038 parser.add_argument('-t', '--token-type',
39 help='''The type of the Token.''',
40 choices=token_verifiers.keys(),
41 required=True)
Mate Toth-Pal51b61982022-03-17 14:19:30 +010042 args = parser.parse_args()
43
Mate Toth-Palb9057ff2022-04-29 16:03:21 +020044 verifier_class = token_verifiers[args.token_type]
45 if verifier_class == PSAIoTProfile1TokenVerifier:
46 verifier = PSAIoTProfile1TokenVerifier(
47 method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +000048 cose_alg=Es256,
Mate Toth-Pal5ebca512022-03-24 16:45:51 +010049 signing_key=None,
50 configuration=None)
51 elif verifier_class == CCATokenVerifier:
52 realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
53 platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
Thomas Fossatif4e1ca32024-08-16 16:01:31 +000054 realm_token_cose_alg = Es384
55 platform_token_cose_alg = Es384
Mate Toth-Pal5ebca512022-03-24 16:45:51 +010056 verifier = CCATokenVerifier(
57 realm_token_method=realm_token_method,
58 realm_token_cose_alg=realm_token_cose_alg,
Mate Toth-Pal5ebca512022-03-24 16:45:51 +010059 platform_token_method=platform_token_method,
60 platform_token_cose_alg=platform_token_cose_alg,
61 platform_token_key=None,
62 configuration=None)
63 elif verifier_class == CCAPlatformTokenVerifier:
Thomas Fossatif4e1ca32024-08-16 16:01:31 +000064 cose_alg = Es384
Mate Toth-Pal5ebca512022-03-24 16:45:51 +010065 verifier = CCAPlatformTokenVerifier(
66 method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
67 cose_alg=cose_alg,
68 signing_key=None,
69 configuration=None,
70 necessity=None)
Tamas Ban1e7944a2022-07-04 13:09:03 +020071 elif verifier_class == PSA_2_0_0_TokenVerifier:
72 verifier = PSA_2_0_0_TokenVerifier(
73 method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +000074 cose_alg=Es256,
Tamas Ban1e7944a2022-07-04 13:09:03 +020075 signing_key=None,
76 configuration=None)
Mate Toth-Palb9057ff2022-04-29 16:03:21 +020077 else:
78 logging.error(f'Invalid token type:{verifier_class}\n\t')
79 sys.exit(1)
Mate Toth-Pal51b61982022-03-17 14:19:30 +010080 with open(args.source, 'rb') as fh:
Mate Toth-Palb9057ff2022-04-29 16:03:21 +020081 token_map = verifier.parse_token(
82 token=fh.read(),
Mate Toth-Palc7404e92022-07-15 11:11:13 +020083 lower_case_key=True).get_token_map()
Mate Toth-Pal51b61982022-03-17 14:19:30 +010084
85 if args.outfile:
Mate Toth-Palb9057ff2022-04-29 16:03:21 +020086 with open(args.outfile, 'w', encoding="UTF-8") as wfh:
Mate Toth-Pal51b61982022-03-17 14:19:30 +010087 yaml.dump(token_map, wfh)
88 else:
89 yaml.dump(token_map, sys.stdout)