TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / tf-m-tools / f4e1ca341cf7fdb45b79fa4ce975766f80672e67 / . / iat-verifier / tests / synthetic_token_verifier.py
blob: 80d9f8ac432109a59d94c54b42506383f306c923 [file] [log] [blame]
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]1# -----------------------------------------------------------------------------
2# Copyright (c) 2022, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6# -----------------------------------------------------------------------------
7
8"""
9This module contains a set of tokens that are used for testing features not used by current
10token types.
11"""
12
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]13from pycose.headers import Algorithm
14from pycose.algorithms import Es256
15
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]16from iatverifier.attest_token_verifier import AttestationTokenVerifier as Verifier
17from iatverifier.attest_token_verifier import AttestationClaim as Claim
18from tests.synthetic_token_claims import SynClaimInt, SynBoxesClaim, BoxWidthClaim
19from tests.synthetic_token_claims import BoxHeightClaim, BoxDepthClaim, BoxColorClaim
20
21class SyntheticTokenVerifier(Verifier):
22 """A test token that may contain other tokens"""
23 def get_claim_key(self=None):
Mate Toth-Palf03ea692022-07-28 21:49:25 +0200[diff] [blame]24 return None # In case of root tokens the key is not used.
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]25
26 def get_claim_name(self=None):
27 return 'SYNTHETIC_TOKEN'
28
29 def _get_p_header(self):
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]30 return {Algorithm: self._get_cose_alg()}
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]31
32 def _get_wrapping_tag(self):
33 return None
34
35 def _parse_p_header(self, msg):
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]36 alg = self._get_cose_alg()
37 try:
38 msg_alg = msg.get_attr(Algorithm)
39 except AttributeError:
40 raise ValueError('Missing alg from protected header (expected {})'.format(alg))
41 if alg != msg_alg:
42 raise ValueError('Unexpected alg in protected header (expected {} instead of {})'.format(alg, msg_alg))
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]43
44 def __init__(self, *, method, cose_alg, signing_key, configuration, internal_signing_key):
45 # First prepare the claim hierarchy for this token
46
47 # Claims for the internal token:
48 internal_box_claims = [
49 (BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
50 (BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
51 (BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
52 (BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
53 ]
54
55 internal_verifier_claims = [
56 (SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
57 (SynBoxesClaim, {
58 'verifier': self,
59 'claims': internal_box_claims,
60 'is_list': True,
61 'necessity':Claim.MANDATORY}),
62 ]
63
64 # Claims for the 'external' token
65 box_claims = [
66 (BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
67 (BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
68 (BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
69 (BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
70 (SyntheticInternalTokenVerifier, {'necessity': Claim.OPTIONAL,
71 'method': Verifier.SIGN_METHOD_SIGN1,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]72 'cose_alg': Es256,
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]73 'claims': internal_verifier_claims,
74 'configuration': configuration,
75 'signing_key': internal_signing_key}),
76 ]
77
78 verifier_claims = [
79 (SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
80 (SynBoxesClaim, {
81 'verifier': self,
82 'claims': box_claims,
83 'is_list': True,
84 'necessity':Claim.MANDATORY}),
85 ]
86
87 # initialise the base part of the token
88 super().__init__(
89 method=method,
90 cose_alg=cose_alg,
91 signing_key=signing_key,
92 claims=verifier_claims,
93 configuration=configuration,
94 necessity=Claim.MANDATORY)
95
Mate Toth-Pale589c452022-07-27 22:02:40 +0200[diff] [blame]96class SyntheticTokenVerifier2(Verifier):
97 """Another test token that may contain other tokens"""
98 def get_claim_key(self=None):
Mate Toth-Palf03ea692022-07-28 21:49:25 +0200[diff] [blame]99 return None # In case of root tokens the key is not used.
Mate Toth-Pale589c452022-07-27 22:02:40 +0200[diff] [blame]100
101 def get_claim_name(self=None):
102 return 'SYNTHETIC_TOKEN_2'
103
104 def _get_p_header(self):
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]105 return {Algorithm: self._get_cose_alg()}
Mate Toth-Pale589c452022-07-27 22:02:40 +0200[diff] [blame]106
107 def _parse_p_header(self, msg):
108 alg = self._get_cose_alg()
109 try:
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]110 msg_alg = msg.get_attr(Algorithm)
111 except AttributeError as exc:
Mate Toth-Pale589c452022-07-27 22:02:40 +0200[diff] [blame]112 raise ValueError(f'Missing alg from protected header (expected {alg})') from exc
113 if alg != msg_alg:
114 raise ValueError('Unexpected alg in protected header ' +
115 f'(expected {alg} instead of {msg_alg})')
116
117 def _get_wrapping_tag(self):
118 return 0xaabb
119
120 def __init__(self, *, method, cose_alg, signing_key, configuration, internal_signing_key):
121 # First prepare the claim hierarchy for this token
122
123 # Claims for the internal token:
124 internal_box_claims = [
125 (BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
126 (BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
127 (BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
128 (BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
129 ]
130
131 internal_verifier_claims = [
132 (SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
133 (SynBoxesClaim, {
134 'verifier': self,
135 'claims': internal_box_claims,
136 'is_list': True,
137 'necessity':Claim.MANDATORY}),
138 ]
139
140 # Claims for the 'external' token
141 box_claims = [
142 (BoxWidthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
143 (BoxHeightClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
144 (BoxDepthClaim, {'verifier': self, 'necessity': Claim.OPTIONAL}),
145 (BoxColorClaim, {'verifier': self, 'necessity': Claim.MANDATORY}),
146 (SyntheticInternalTokenVerifier2, {'necessity': Claim.OPTIONAL,
147 'method': Verifier.SIGN_METHOD_SIGN1,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]148 'cose_alg': Es256,
Mate Toth-Pale589c452022-07-27 22:02:40 +0200[diff] [blame]149 'claims': internal_verifier_claims,
150 'configuration': configuration,
151 'signing_key': internal_signing_key}),
152 ]
153
154 verifier_claims = [
155 (SynClaimInt, {'verifier': self, 'necessity':Claim.MANDATORY}),
156 (SynBoxesClaim, {
157 'verifier': self,
158 'claims': box_claims,
159 'is_list': True,
160 'necessity':Claim.MANDATORY}),
161 ]
162
163 # initialise the base part of the token
164 super().__init__(
165 method=method,
166 cose_alg=cose_alg,
167 signing_key=signing_key,
168 claims=verifier_claims,
169 configuration=configuration,
170 necessity=Claim.MANDATORY)
171
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]172class SyntheticInternalTokenVerifier(Verifier):
173 """A Test token that is intended to use inside another token"""
174
175 def get_claim_key(self=None):
Mate Toth-Palf03ea692022-07-28 21:49:25 +0200[diff] [blame]176 return 0x54a14e12
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]177
178 def get_claim_name(self=None):
179 return 'SYNTHETIC_INTERNAL_TOKEN'
180
181 def _get_p_header(self):
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]182 return {Algorithm: self._get_cose_alg()}
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]183
184 def _parse_p_header(self, msg):
185 alg = self._get_cose_alg()
186 try:
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]187 msg_alg = msg.get_attr(Algorithm)
188 except AttributeError as exc:
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]189 raise ValueError(f'Missing alg from protected header (expected {alg})') from exc
190 if alg != msg_alg:
191 raise ValueError('Unexpected alg in protected header ' +
192 f'(expected {alg} instead of {msg_alg})')
193
194
195 def _get_wrapping_tag(self):
196 return None
197
198 def __init__(
199 self,
200 *, method,
201 cose_alg,
202 signing_key,
203 claims,
204 configuration=None,
205 necessity=Claim.MANDATORY):
206 super().__init__(
207 method=method,
208 cose_alg=cose_alg,
209 signing_key=signing_key,
210 claims=claims,
211 configuration=configuration,
212 necessity=necessity)
213
Mate Toth-Pale589c452022-07-27 22:02:40 +0200[diff] [blame]214class SyntheticInternalTokenVerifier2(Verifier):
215 """Another Test token that is intended to use inside another token"""
216
217 def get_claim_key(self=None):
Mate Toth-Palf03ea692022-07-28 21:49:25 +0200[diff] [blame]218 return 0x54a14e13
Mate Toth-Pale589c452022-07-27 22:02:40 +0200[diff] [blame]219
220 def get_claim_name(self=None):
221 return 'SYNTHETIC_INTERNAL_TOKEN_2'
222
223 def _get_p_header(self):
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]224 return {Algorithm: self._get_cose_alg()}
Mate Toth-Pale589c452022-07-27 22:02:40 +0200[diff] [blame]225
226 def _parse_p_header(self, msg):
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame^]227 alg = self._get_cose_alg()
228 try:
229 msg_alg = msg.get_attr(Algorithm)
230 except AttributeError:
231 raise ValueError('Missing alg from protected header (expected {})'.format(alg))
232 if alg != msg_alg:
233 raise ValueError('Unexpected alg in protected header (expected {} instead of {})'.format(alg, msg_alg))
Mate Toth-Pale589c452022-07-27 22:02:40 +0200[diff] [blame]234
235 def _get_wrapping_tag(self):
236 return 0xbbaa
237
238 def __init__(
239 self,
240 *, method,
241 cose_alg,
242 signing_key,
243 claims,
244 configuration=None,
245 necessity=Claim.MANDATORY):
246 super().__init__(
247 method=method,
248 cose_alg=cose_alg,
249 signing_key=signing_key,
250 claims=claims,
251 configuration=configuration,
252 necessity=necessity)