Blame - iat-verifier/dev_scripts/generate-sample-iat.py - TF-M/tf-m-tools

blob: 5b5c56fb409e78c79f913cfb8fd4950341dd58b6 [file] [log] [blame]

Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame^]	1	#!/usr/bin/env python3
				2	# -----------------------------------------------------------------------------
				3	# Copyright (c) 2019-2022, Arm Limited. All rights reserved.
				4	#
				5	# SPDX-License-Identifier: BSD-3-Clause
				6	#
				7	# -----------------------------------------------------------------------------
				8
				9	import base64
				10	import struct
				11
				12	import cbor2
				13	from ecdsa import SigningKey
				14	from pycose.sign1message import Sign1Message
				15
				16	from iatverifier.util import sign_eat
				17
				18	from iatverifier.verifiers import InstanceIdClaim, ImplementationIdClaim, ChallengeClaim
				19	from iatverifier.verifiers import ClientIdClaim, SecurityLifecycleClaim, ProfileIdClaim
				20	from iatverifier.verifiers import BootSeedClaim, SWComponentsClaim, SWComponentTypeClaim
				21	from iatverifier.verifiers import SignerIdClaim, SwComponentVersionClaim
				22	from iatverifier.verifiers import MeasurementValueClaim, MeasurementDescriptionClaim
				23
				24	# First byte indicates "GUID"
				25	GUID = b'\x01' + struct.pack('QQQQ', 0x0001020304050607, 0x08090A0B0C0D0E0F,
				26	0x1011121314151617, 0x18191A1B1C1D1E1F)
				27	NONCE = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				28	0X1011121314151617, 0X18191A1B1C1D1E1F)
				29	ORIGIN = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				30	0X1011121314151617, 0X18191A1B1C1D1E1F)
				31	BOOT_SEED = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				32	0X1011121314151617, 0X18191A1B1C1D1E1F)
				33	SIGNER_ID = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				34	0X1011121314151617, 0X18191A1B1C1D1E1F)
				35	MEASUREMENT = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				36	0X1011121314151617, 0X18191A1B1C1D1E1F)
				37
				38	token_map = {
				39	InstanceIdClaim.get_claim_key(): GUID,
				40	ImplementationIdClaim.get_claim_key(): ORIGIN,
				41	ChallengeClaim.get_claim_key(): NONCE,
				42	ClientIdClaim.get_claim_key(): 2,
				43	SecurityLifecycleClaim.get_claim_key(): SecurityLifecycleClaim.SL_SECURED,
				44	ProfileIdClaim.get_claim_key(): 'http://example.com',
				45	BootSeedClaim.get_claim_key(): BOOT_SEED,
				46	SWComponentsClaim.get_claim_key(): [
				47	{
				48	# bootloader
				49	SWComponentTypeClaim.get_claim_key(): 'BL',
				50	SignerIdClaim.get_claim_key(): SIGNER_ID,
				51	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				52	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				53	MeasurementDescriptionClaim.get_claim_key(): 'TF-M_SHA256MemPreXIP',
				54	},
				55	{
				56	# mod1
				57	SWComponentTypeClaim.get_claim_key(): 'M1',
				58	SignerIdClaim.get_claim_key(): SIGNER_ID,
				59	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				60	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				61	},
				62	{
				63	# mod2
				64	SWComponentTypeClaim.get_claim_key(): 'M2',
				65	SignerIdClaim.get_claim_key(): SIGNER_ID,
				66	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				67	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				68	},
				69	{
				70	# mod3
				71	SWComponentTypeClaim.get_claim_key(): 'M3',
				72	SignerIdClaim.get_claim_key(): SIGNER_ID,
				73	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				74	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				75	},
				76	],
				77	}
				78
				79
				80	if __name__ == '__main__':
				81	import sys
				82	if len(sys.argv) != 3:
				83	print('Usage: {} KEYFILE OUTFILE'.format(sys.argv[0]))
				84	sys.exit(1)
				85	keyfile = sys.argv[1]
				86	outfile = sys.argv[2]
				87
				88	sk = SigningKey.from_pem(open(keyfile, 'rb').read())
				89	token = cbor2.dumps(token_map)
				90	signed_token = sign_eat(token, sk)
				91
				92	with open(outfile, 'wb') as wfh:
				93	wfh.write(signed_token)