iat-verifier: Import iat-verifier from tf-m repo
Change-Id: I93446f3f2ce06e73958833ae50d9349cf4acd369
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
diff --git a/iat-verifier/dev_scripts/generate-sample-iat.py b/iat-verifier/dev_scripts/generate-sample-iat.py
new file mode 100755
index 0000000..5b5c56f
--- /dev/null
+++ b/iat-verifier/dev_scripts/generate-sample-iat.py
@@ -0,0 +1,93 @@
+#!/usr/bin/env python3
+# -----------------------------------------------------------------------------
+# Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# -----------------------------------------------------------------------------
+
+import base64
+import struct
+
+import cbor2
+from ecdsa import SigningKey
+from pycose.sign1message import Sign1Message
+
+from iatverifier.util import sign_eat
+
+from iatverifier.verifiers import InstanceIdClaim, ImplementationIdClaim, ChallengeClaim
+from iatverifier.verifiers import ClientIdClaim, SecurityLifecycleClaim, ProfileIdClaim
+from iatverifier.verifiers import BootSeedClaim, SWComponentsClaim, SWComponentTypeClaim
+from iatverifier.verifiers import SignerIdClaim, SwComponentVersionClaim
+from iatverifier.verifiers import MeasurementValueClaim, MeasurementDescriptionClaim
+
+# First byte indicates "GUID"
+GUID = b'\x01' + struct.pack('QQQQ', 0x0001020304050607, 0x08090A0B0C0D0E0F,
+ 0x1011121314151617, 0x18191A1B1C1D1E1F)
+NONCE = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
+ 0X1011121314151617, 0X18191A1B1C1D1E1F)
+ORIGIN = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
+ 0X1011121314151617, 0X18191A1B1C1D1E1F)
+BOOT_SEED = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
+ 0X1011121314151617, 0X18191A1B1C1D1E1F)
+SIGNER_ID = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
+ 0X1011121314151617, 0X18191A1B1C1D1E1F)
+MEASUREMENT = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
+ 0X1011121314151617, 0X18191A1B1C1D1E1F)
+
+token_map = {
+ InstanceIdClaim.get_claim_key(): GUID,
+ ImplementationIdClaim.get_claim_key(): ORIGIN,
+ ChallengeClaim.get_claim_key(): NONCE,
+ ClientIdClaim.get_claim_key(): 2,
+ SecurityLifecycleClaim.get_claim_key(): SecurityLifecycleClaim.SL_SECURED,
+ ProfileIdClaim.get_claim_key(): 'http://example.com',
+ BootSeedClaim.get_claim_key(): BOOT_SEED,
+ SWComponentsClaim.get_claim_key(): [
+ {
+ # bootloader
+ SWComponentTypeClaim.get_claim_key(): 'BL',
+ SignerIdClaim.get_claim_key(): SIGNER_ID,
+ SwComponentVersionClaim.get_claim_key(): '3.4.2',
+ MeasurementValueClaim.get_claim_key(): MEASUREMENT,
+ MeasurementDescriptionClaim.get_claim_key(): 'TF-M_SHA256MemPreXIP',
+ },
+ {
+ # mod1
+ SWComponentTypeClaim.get_claim_key(): 'M1',
+ SignerIdClaim.get_claim_key(): SIGNER_ID,
+ SwComponentVersionClaim.get_claim_key(): '3.4.2',
+ MeasurementValueClaim.get_claim_key(): MEASUREMENT,
+ },
+ {
+ # mod2
+ SWComponentTypeClaim.get_claim_key(): 'M2',
+ SignerIdClaim.get_claim_key(): SIGNER_ID,
+ SwComponentVersionClaim.get_claim_key(): '3.4.2',
+ MeasurementValueClaim.get_claim_key(): MEASUREMENT,
+ },
+ {
+ # mod3
+ SWComponentTypeClaim.get_claim_key(): 'M3',
+ SignerIdClaim.get_claim_key(): SIGNER_ID,
+ SwComponentVersionClaim.get_claim_key(): '3.4.2',
+ MeasurementValueClaim.get_claim_key(): MEASUREMENT,
+ },
+ ],
+}
+
+
+if __name__ == '__main__':
+ import sys
+ if len(sys.argv) != 3:
+ print('Usage: {} KEYFILE OUTFILE'.format(sys.argv[0]))
+ sys.exit(1)
+ keyfile = sys.argv[1]
+ outfile = sys.argv[2]
+
+ sk = SigningKey.from_pem(open(keyfile, 'rb').read())
+ token = cbor2.dumps(token_map)
+ signed_token = sign_eat(token, sk)
+
+ with open(outfile, 'wb') as wfh:
+ wfh.write(signed_token)