commit a7a9717e6835a2cf8c3c7b0a0338f64e50ab5f82
author Mate Toth-Pal <mate.toth-pal@arm.com> Thu Mar 24 16:43:22 2022 +0100
committer Mate Toth-Pal <mate.toth-pal@arm.com> Thu Mar 24 16:43:44 2022 +0100
tree ab60d06b93374057bbdd41dd9b8ce8b8027beeba
parent c164d5e6d58befefaf20925a9262f0e89fc9098b

Pass cose alg to the Sign1 signing algorithm

Change-Id: I0eeb38227f3f5f5da92d049f9e26c58dd6917697
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>

iat-verifier/dev_scripts/generate-sample-iat.py

diff --git a/iat-verifier/dev_scripts/generate-sample-iat.py b/iat-verifier/dev_scripts/generate-sample-iat.py
index 5b5c56f..5c9d35b 100755
--- a/iat-verifier/dev_scripts/generate-sample-iat.py
+++ b/iat-verifier/dev_scripts/generate-sample-iat.py
@@ -20,6 +20,7 @@
 from iatverifier.verifiers import BootSeedClaim, SWComponentsClaim, SWComponentTypeClaim
 from iatverifier.verifiers import SignerIdClaim, SwComponentVersionClaim
 from iatverifier.verifiers import MeasurementValueClaim, MeasurementDescriptionClaim
+from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
 
 # First byte indicates "GUID"
 GUID = b'\x01' + struct.pack('QQQQ', 0x0001020304050607, 0x08090A0B0C0D0E0F,
@@ -87,7 +88,8 @@
 
     sk = SigningKey.from_pem(open(keyfile, 'rb').read())
     token = cbor2.dumps(token_map)
-    signed_token = sign_eat(token, sk)
+    verifier = PSAIoTProfile1TokenVerifier.get_verifier()
+    signed_token = sign_eat(token, verifier, sk)
 
     with open(outfile, 'wb') as wfh:
         wfh.write(signed_token)

iat-verifier/iatverifier/util.py

diff --git a/iat-verifier/iatverifier/util.py b/iat-verifier/iatverifier/util.py
index aa4e0ba..45bce73 100644
--- a/iat-verifier/iatverifier/util.py
+++ b/iat-verifier/iatverifier/util.py
@@ -20,18 +20,18 @@
 
 _logger = logging.getLogger("util")
 
-def sign_eat(token, key=None):
+def sign_eat(token, verifier, key=None):
     signed_msg = Sign1Message()
     signed_msg.payload = token
     if key:
         signed_msg.key = key
-        signed_msg.signature = signed_msg.compute_signature()
+        signed_msg.signature = signed_msg.compute_signature(alg=verifier.cose_alg)
     return signed_msg.encode()
 
 
 def hmac_eat(token, verifier, key=None):
     hmac_msg = Mac0Message(payload=token, key=key)
-    hmac_msg.compute_auth_tag(verifier.cose_alg)
+    hmac_msg.compute_auth_tag(alg=verifier.cose_alg)
     return hmac_msg.encode()
 
 
@@ -59,7 +59,7 @@
     if verifier.method == AttestationTokenVerifier.SIGN_METHOD_RAW:
         signed_token = token
     elif verifier.method == AttestationTokenVerifier.SIGN_METHOD_SIGN1:
-        signed_token = sign_eat(token, signing_key)
+        signed_token = sign_eat(token, verifier, signing_key)
     elif verifier.method == AttestationTokenVerifier.SIGN_METHOD_MAC0:
         signed_token = hmac_eat(token, verifier, signing_key)
     else: