Blame - iat-verifier/dev_scripts/generate-sample-iat.py - TF-M/tf-m-tools

blob: 7350575ae7d2017fdd8f55fe24ce563bd3329f44 [file] [log] [blame]

Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	1	#!/usr/bin/env python3
				2	# -----------------------------------------------------------------------------
				3	# Copyright (c) 2019-2022, Arm Limited. All rights reserved.
				4	#
				5	# SPDX-License-Identifier: BSD-3-Clause
				6	#
				7	# -----------------------------------------------------------------------------
				8
				9	import base64
				10	import struct
				11
				12	import cbor2
				13	from ecdsa import SigningKey
				14	from pycose.sign1message import Sign1Message
				15
				16	from iatverifier.util import sign_eat
				17
Mate Toth-Pal	bb187d0	2022-04-26 16:01:51 +0200	[diff] [blame]	18	from iatverifier.psa_iot_profile1_token_claims import InstanceIdClaim, ImplementationIdClaim, ChallengeClaim
				19	from iatverifier.psa_iot_profile1_token_claims import ClientIdClaim, SecurityLifecycleClaim, ProfileIdClaim
				20	from iatverifier.psa_iot_profile1_token_claims import BootSeedClaim, SWComponentsClaim, SWComponentTypeClaim
				21	from iatverifier.psa_iot_profile1_token_claims import SignerIdClaim, SwComponentVersionClaim
				22	from iatverifier.psa_iot_profile1_token_claims import MeasurementValueClaim, MeasurementDescriptionClaim
Mate Toth-Pal	a7a9717	2022-03-24 16:43:22 +0100	[diff] [blame]	23	from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	24
				25	# First byte indicates "GUID"
				26	GUID = b'\x01' + struct.pack('QQQQ', 0x0001020304050607, 0x08090A0B0C0D0E0F,
				27	0x1011121314151617, 0x18191A1B1C1D1E1F)
				28	NONCE = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				29	0X1011121314151617, 0X18191A1B1C1D1E1F)
				30	ORIGIN = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				31	0X1011121314151617, 0X18191A1B1C1D1E1F)
				32	BOOT_SEED = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				33	0X1011121314151617, 0X18191A1B1C1D1E1F)
				34	SIGNER_ID = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				35	0X1011121314151617, 0X18191A1B1C1D1E1F)
				36	MEASUREMENT = struct.pack('QQQQ', 0X0001020304050607, 0X08090A0B0C0D0E0F,
				37	0X1011121314151617, 0X18191A1B1C1D1E1F)
				38
				39	token_map = {
				40	InstanceIdClaim.get_claim_key(): GUID,
				41	ImplementationIdClaim.get_claim_key(): ORIGIN,
				42	ChallengeClaim.get_claim_key(): NONCE,
				43	ClientIdClaim.get_claim_key(): 2,
				44	SecurityLifecycleClaim.get_claim_key(): SecurityLifecycleClaim.SL_SECURED,
				45	ProfileIdClaim.get_claim_key(): 'http://example.com',
				46	BootSeedClaim.get_claim_key(): BOOT_SEED,
				47	SWComponentsClaim.get_claim_key(): [
				48	{
				49	# bootloader
				50	SWComponentTypeClaim.get_claim_key(): 'BL',
				51	SignerIdClaim.get_claim_key(): SIGNER_ID,
				52	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				53	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				54	MeasurementDescriptionClaim.get_claim_key(): 'TF-M_SHA256MemPreXIP',
				55	},
				56	{
				57	# mod1
				58	SWComponentTypeClaim.get_claim_key(): 'M1',
				59	SignerIdClaim.get_claim_key(): SIGNER_ID,
				60	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				61	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				62	},
				63	{
				64	# mod2
				65	SWComponentTypeClaim.get_claim_key(): 'M2',
				66	SignerIdClaim.get_claim_key(): SIGNER_ID,
				67	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				68	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				69	},
				70	{
				71	# mod3
				72	SWComponentTypeClaim.get_claim_key(): 'M3',
				73	SignerIdClaim.get_claim_key(): SIGNER_ID,
				74	SwComponentVersionClaim.get_claim_key(): '3.4.2',
				75	MeasurementValueClaim.get_claim_key(): MEASUREMENT,
				76	},
				77	],
				78	}
				79
				80
				81	if __name__ == '__main__':
				82	import sys
				83	if len(sys.argv) != 3:
				84	print('Usage: {} KEYFILE OUTFILE'.format(sys.argv[0]))
				85	sys.exit(1)
				86	keyfile = sys.argv[1]
				87	outfile = sys.argv[2]
				88
				89	sk = SigningKey.from_pem(open(keyfile, 'rb').read())
				90	token = cbor2.dumps(token_map)
Mate Toth-Pal	a7a9717	2022-03-24 16:43:22 +0100	[diff] [blame]	91	verifier = PSAIoTProfile1TokenVerifier.get_verifier()
Mate Toth-Pal	bdb475e	2022-04-24 12:11:22 +0200	[diff] [blame]	92	signed_token = sign_eat(token, verifier, add_p_header=False, key=sk)
Mate Toth-Pal	51b6198	2022-03-17 14:19:30 +0100	[diff] [blame]	93
				94	with open(outfile, 'wb') as wfh:
				95	wfh.write(signed_token)