Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 1 | #!/usr/bin/env python3 |
| 2 | #------------------------------------------------------------------------------- |
| 3 | # Copyright (c) 2019-2022, Arm Limited. All rights reserved. |
| 4 | # |
| 5 | # SPDX-License-Identifier: BSD-3-Clause |
| 6 | # |
| 7 | #------------------------------------------------------------------------------- |
| 8 | |
Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 9 | """CLI script for decompiling a cbor formatted IAT file""" |
| 10 | |
Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 11 | import argparse |
Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 12 | import logging |
Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 13 | import sys |
| 14 | |
Thomas Fossati | f4e1ca3 | 2024-08-16 16:01:31 +0000 | [diff] [blame^] | 15 | from pycose.algorithms import Es256, Es384 |
Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 16 | import yaml |
Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 17 | from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier |
Tamas Ban | 1e7944a | 2022-07-04 13:09:03 +0200 | [diff] [blame] | 18 | from iatverifier.psa_2_0_0_token_verifier import PSA_2_0_0_TokenVerifier |
Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 19 | from iatverifier.attest_token_verifier import AttestationTokenVerifier |
Mate Toth-Pal | 5ebca51 | 2022-03-24 16:45:51 +0100 | [diff] [blame] | 20 | from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier |
Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 21 | |
| 22 | |
| 23 | if __name__ == '__main__': |
Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 24 | logging.basicConfig(level=logging.INFO) |
Mate Toth-Pal | 6978f7c | 2022-03-30 14:38:55 +0200 | [diff] [blame] | 25 | |
| 26 | token_verifiers = { |
| 27 | "PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier, |
Mate Toth-Pal | 5ebca51 | 2022-03-24 16:45:51 +0100 | [diff] [blame] | 28 | "CCA-token": CCATokenVerifier, |
| 29 | "CCA-plat-token": CCAPlatformTokenVerifier, |
Tamas Ban | 1e7944a | 2022-07-04 13:09:03 +0200 | [diff] [blame] | 30 | "PSA-2.0.0-token": PSA_2_0_0_TokenVerifier, |
Mate Toth-Pal | 6978f7c | 2022-03-30 14:38:55 +0200 | [diff] [blame] | 31 | } |
| 32 | |
Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 33 | parser = argparse.ArgumentParser() |
| 34 | parser.add_argument('source', help='A compiled COSE IAT token.') |
| 35 | parser.add_argument('-o', '--outfile', |
| 36 | help='''Output file for the depompiled claims. If this is not |
| 37 | specified, the claims will be written to standard output.''') |
Mate Toth-Pal | 6978f7c | 2022-03-30 14:38:55 +0200 | [diff] [blame] | 38 | parser.add_argument('-t', '--token-type', |
| 39 | help='''The type of the Token.''', |
| 40 | choices=token_verifiers.keys(), |
| 41 | required=True) |
Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 42 | args = parser.parse_args() |
| 43 | |
Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 44 | verifier_class = token_verifiers[args.token_type] |
| 45 | if verifier_class == PSAIoTProfile1TokenVerifier: |
| 46 | verifier = PSAIoTProfile1TokenVerifier( |
| 47 | method=AttestationTokenVerifier.SIGN_METHOD_SIGN1, |
Thomas Fossati | f4e1ca3 | 2024-08-16 16:01:31 +0000 | [diff] [blame^] | 48 | cose_alg=Es256, |
Mate Toth-Pal | 5ebca51 | 2022-03-24 16:45:51 +0100 | [diff] [blame] | 49 | signing_key=None, |
| 50 | configuration=None) |
| 51 | elif verifier_class == CCATokenVerifier: |
| 52 | realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1 |
| 53 | platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1 |
Thomas Fossati | f4e1ca3 | 2024-08-16 16:01:31 +0000 | [diff] [blame^] | 54 | realm_token_cose_alg = Es384 |
| 55 | platform_token_cose_alg = Es384 |
Mate Toth-Pal | 5ebca51 | 2022-03-24 16:45:51 +0100 | [diff] [blame] | 56 | verifier = CCATokenVerifier( |
| 57 | realm_token_method=realm_token_method, |
| 58 | realm_token_cose_alg=realm_token_cose_alg, |
Mate Toth-Pal | 5ebca51 | 2022-03-24 16:45:51 +0100 | [diff] [blame] | 59 | platform_token_method=platform_token_method, |
| 60 | platform_token_cose_alg=platform_token_cose_alg, |
| 61 | platform_token_key=None, |
| 62 | configuration=None) |
| 63 | elif verifier_class == CCAPlatformTokenVerifier: |
Thomas Fossati | f4e1ca3 | 2024-08-16 16:01:31 +0000 | [diff] [blame^] | 64 | cose_alg = Es384 |
Mate Toth-Pal | 5ebca51 | 2022-03-24 16:45:51 +0100 | [diff] [blame] | 65 | verifier = CCAPlatformTokenVerifier( |
| 66 | method=AttestationTokenVerifier.SIGN_METHOD_SIGN1, |
| 67 | cose_alg=cose_alg, |
| 68 | signing_key=None, |
| 69 | configuration=None, |
| 70 | necessity=None) |
Tamas Ban | 1e7944a | 2022-07-04 13:09:03 +0200 | [diff] [blame] | 71 | elif verifier_class == PSA_2_0_0_TokenVerifier: |
| 72 | verifier = PSA_2_0_0_TokenVerifier( |
| 73 | method=AttestationTokenVerifier.SIGN_METHOD_SIGN1, |
Thomas Fossati | f4e1ca3 | 2024-08-16 16:01:31 +0000 | [diff] [blame^] | 74 | cose_alg=Es256, |
Tamas Ban | 1e7944a | 2022-07-04 13:09:03 +0200 | [diff] [blame] | 75 | signing_key=None, |
| 76 | configuration=None) |
Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 77 | else: |
| 78 | logging.error(f'Invalid token type:{verifier_class}\n\t') |
| 79 | sys.exit(1) |
Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 80 | with open(args.source, 'rb') as fh: |
Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 81 | token_map = verifier.parse_token( |
| 82 | token=fh.read(), |
Mate Toth-Pal | c7404e9 | 2022-07-15 11:11:13 +0200 | [diff] [blame] | 83 | lower_case_key=True).get_token_map() |
Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 84 | |
| 85 | if args.outfile: |
Mate Toth-Pal | b9057ff | 2022-04-29 16:03:21 +0200 | [diff] [blame] | 86 | with open(args.outfile, 'w', encoding="UTF-8") as wfh: |
Mate Toth-Pal | 51b6198 | 2022-03-17 14:19:30 +0100 | [diff] [blame] | 87 | yaml.dump(token_map, wfh) |
| 88 | else: |
| 89 | yaml.dump(token_map, sys.stdout) |