Blame - iat-verifier/scripts/decompile_token - TF-M/tf-m-tools

blob: 6bcb26fc7c00180faada947c3fa5f24694ce2d09 [file] [log] [blame]

Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	1	#!/usr/bin/env python3
				2	#-------------------------------------------------------------------------------
				3	# Copyright (c) 2019-2022, Arm Limited. All rights reserved.
				4	#
				5	# SPDX-License-Identifier: BSD-3-Clause
				6	#
				7	#-------------------------------------------------------------------------------
				8
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	9	"""CLI script for decompiling a cbor formatted IAT file"""
				10
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	11	import argparse
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	12	import logging
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	13	import sys
				14
Thomas Fossati	f4e1ca3	2024-08-16 16:01:31 +0000	[diff] [blame^]	15	from pycose.algorithms import Es256, Es384
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	16	import yaml
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	17	from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
Tamas Ban	1e7944a	2022-07-04 13:09:03 +0200	[diff] [blame]	18	from iatverifier.psa_2_0_0_token_verifier import PSA_2_0_0_TokenVerifier
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	19	from iatverifier.attest_token_verifier import AttestationTokenVerifier
Mate Toth-Pal	5ebca51	2022-03-24 16:45:51 +0100	[diff] [blame]	20	from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	21
				22
				23	if __name__ == '__main__':
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	24	logging.basicConfig(level=logging.INFO)
Mate Toth-Pal	6978f7c	2022-03-30 14:38:55 +0200	[diff] [blame]	25
				26	token_verifiers = {
				27	"PSA-IoT-Profile1-token": PSAIoTProfile1TokenVerifier,
Mate Toth-Pal	5ebca51	2022-03-24 16:45:51 +0100	[diff] [blame]	28	"CCA-token": CCATokenVerifier,
				29	"CCA-plat-token": CCAPlatformTokenVerifier,
Tamas Ban	1e7944a	2022-07-04 13:09:03 +0200	[diff] [blame]	30	"PSA-2.0.0-token": PSA_2_0_0_TokenVerifier,
Mate Toth-Pal	6978f7c	2022-03-30 14:38:55 +0200	[diff] [blame]	31	}
				32
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	33	parser = argparse.ArgumentParser()
				34	parser.add_argument('source', help='A compiled COSE IAT token.')
				35	parser.add_argument('-o', '--outfile',
				36	help='''Output file for the depompiled claims. If this is not
				37	specified, the claims will be written to standard output.''')
Mate Toth-Pal	6978f7c	2022-03-30 14:38:55 +0200	[diff] [blame]	38	parser.add_argument('-t', '--token-type',
				39	help='''The type of the Token.''',
				40	choices=token_verifiers.keys(),
				41	required=True)
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	42	args = parser.parse_args()
				43
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	44	verifier_class = token_verifiers[args.token_type]
				45	if verifier_class == PSAIoTProfile1TokenVerifier:
				46	verifier = PSAIoTProfile1TokenVerifier(
				47	method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
Thomas Fossati	f4e1ca3	2024-08-16 16:01:31 +0000	[diff] [blame^]	48	cose_alg=Es256,
Mate Toth-Pal	5ebca51	2022-03-24 16:45:51 +0100	[diff] [blame]	49	signing_key=None,
				50	configuration=None)
				51	elif verifier_class == CCATokenVerifier:
				52	realm_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
				53	platform_token_method = AttestationTokenVerifier.SIGN_METHOD_SIGN1
Thomas Fossati	f4e1ca3	2024-08-16 16:01:31 +0000	[diff] [blame^]	54	realm_token_cose_alg = Es384
				55	platform_token_cose_alg = Es384
Mate Toth-Pal	5ebca51	2022-03-24 16:45:51 +0100	[diff] [blame]	56	verifier = CCATokenVerifier(
				57	realm_token_method=realm_token_method,
				58	realm_token_cose_alg=realm_token_cose_alg,
Mate Toth-Pal	5ebca51	2022-03-24 16:45:51 +0100	[diff] [blame]	59	platform_token_method=platform_token_method,
				60	platform_token_cose_alg=platform_token_cose_alg,
				61	platform_token_key=None,
				62	configuration=None)
				63	elif verifier_class == CCAPlatformTokenVerifier:
Thomas Fossati	f4e1ca3	2024-08-16 16:01:31 +0000	[diff] [blame^]	64	cose_alg = Es384
Mate Toth-Pal	5ebca51	2022-03-24 16:45:51 +0100	[diff] [blame]	65	verifier = CCAPlatformTokenVerifier(
				66	method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
				67	cose_alg=cose_alg,
				68	signing_key=None,
				69	configuration=None,
				70	necessity=None)
Tamas Ban	1e7944a	2022-07-04 13:09:03 +0200	[diff] [blame]	71	elif verifier_class == PSA_2_0_0_TokenVerifier:
				72	verifier = PSA_2_0_0_TokenVerifier(
				73	method=AttestationTokenVerifier.SIGN_METHOD_SIGN1,
Thomas Fossati	f4e1ca3	2024-08-16 16:01:31 +0000	[diff] [blame^]	74	cose_alg=Es256,
Tamas Ban	1e7944a	2022-07-04 13:09:03 +0200	[diff] [blame]	75	signing_key=None,
				76	configuration=None)
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	77	else:
				78	logging.error(f'Invalid token type:{verifier_class}\n\t')
				79	sys.exit(1)
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	80	with open(args.source, 'rb') as fh:
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	81	token_map = verifier.parse_token(
				82	token=fh.read(),
Mate Toth-Pal	c7404e9	2022-07-15 11:11:13 +0200	[diff] [blame]	83	lower_case_key=True).get_token_map()
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	84
				85	if args.outfile:
Mate Toth-Pal	b9057ff	2022-04-29 16:03:21 +0200	[diff] [blame]	86	with open(args.outfile, 'w', encoding="UTF-8") as wfh:
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	87	yaml.dump(token_map, wfh)
				88	else:
				89	yaml.dump(token_map, sys.stdout)