Blame - tools/iat-verifier/dev_scripts/generate-sample-iat.py - TF-M/trusted-firmware-m.git

blob: 3d69a12ecd5b6315496f0fb99c4d03b9185f3357 [file] [log] [blame]

Sergei Trofimov	998a09a	2019-04-11 09:13:20 +0100	[diff] [blame^]	1	#!/usr/bin/env python3
				2	#-------------------------------------------------------------------------------
				3	# Copyright (c) 2019, Arm Limited. All rights reserved.
				4	#
				5	# SPDX-License-Identifier: BSD-3-Clause
				6	#
				7	#-------------------------------------------------------------------------------
				8
				9	import base64
				10	import struct
				11
				12	import cbor
				13	from ecdsa import SigningKey
				14	from pycose.sign1message import Sign1Message
				15
				16	from iatverifier import const
				17	from iatverifier.util import sign_eat
				18
				19
				20	# First byte indicates "GUID"
				21	GUID = b'\x01' + struct.pack('QQQQ', 0x0001020304050607, 0x08090A0B0C0D0E0F,
				22	0x1011121314151617, 0x18191A1B1C1D1E1F)
				23	NONCE = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				24	0X1011121314151617, 0X18191A1B1C1D1E1F)
				25	ORIGIN = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				26	0X1011121314151617, 0X18191A1B1C1D1E1F)
				27	BOOT_SEED = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				28	0X1011121314151617, 0X18191A1B1C1D1E1F)
				29	SIGNER_ID = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				30	0X1011121314151617, 0X18191A1B1C1D1E1F)
				31	MEASUREMENT = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				32	0X1011121314151617, 0X18191A1B1C1D1E1F)
				33
				34	token_map = {
				35	const.INSTANCE_ID: GUID,
				36	const.IMPLEMENTATION_ID: ORIGIN,
				37	const.CHALLENGE: NONCE,
				38	const.CLIENT_ID: 2,
				39	const.SECURITY_LIFECYCLE: const.SL_PROVISIONED,
				40	const.PROFILE_ID: 'http://example.com',
				41	const.BOOT_SEED: BOOT_SEED,
				42	const.SW_COMPONENTS: [
				43	{
				44	# bootloader
				45	const.SW_COMPONENT_TYPE: 'BL',
				46	const.SIGNER_ID: SIGNER_ID,
				47	const.SW_COMPONENT_VERSION: '3.4.2',
				48	const.EPOCH: 1,
				49	const.MEASUREMENT_VALUE: MEASUREMENT,
				50	const.MEASUREMENT_DESCRIPTION: 'TF-M_SHA256MemPreXIP',
				51	},
				52	{
				53	# mod1
				54	const.SW_COMPONENT_TYPE: 'M1',
				55	const.SIGNER_ID: SIGNER_ID,
				56	const.SW_COMPONENT_VERSION: '3.4.2',
				57	const.EPOCH: 1,
				58	const.MEASUREMENT_VALUE: MEASUREMENT,
				59	},
				60	{
				61	# mod2
				62	const.SW_COMPONENT_TYPE: 'M2',
				63	const.SIGNER_ID: SIGNER_ID,
				64	const.SW_COMPONENT_VERSION: '3.4.2',
				65	const.EPOCH: 1,
				66	const.MEASUREMENT_VALUE: MEASUREMENT,
				67	},
				68	{
				69	# mod3
				70	const.SW_COMPONENT_TYPE: 'M3',
				71	const.SIGNER_ID: SIGNER_ID,
				72	const.SW_COMPONENT_VERSION: '3.4.2',
				73	const.EPOCH: 1,
				74	const.MEASUREMENT_VALUE: MEASUREMENT,
				75	},
				76	],
				77	}
				78
				79
				80	if __name__ == '__main__':
				81	import sys
				82	keyfile = sys.argv[1]
				83	outfile = sys.argv[2]
				84
				85	sk = SigningKey.from_pem(open(keyfile, 'rb').read())
				86	token = cbor.dumps(token_map)
				87	signed_token = sign_eat(token, sk)
				88
				89	with open(outfile, 'wb') as wfh:
				90	wfh.write(signed_token)