#!/usr/bin/env python3 #------------------------------------------------------------------------------- # Copyright (c) 2019-2020, Arm Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # #------------------------------------------------------------------------------- import argparse import os import sys import yaml from ecdsa import SigningKey from iatverifier.util import read_token_map, convert_map_to_token if __name__ == '__main__': parser = argparse.ArgumentParser() parser.add_argument('source', help='Token source in YAML format') parser.add_argument('-o', '--outfile', help='''Output file for the compiled token. If this is not specified, the token will be written to standard output.''') parser.add_argument('-k', '--keyfile', help='''Path to the key in PEM format that should be used to sign the token. If this is not specified, the token will be unsigned.''') group = parser.add_mutually_exclusive_group() group.add_argument('-r', '--raw', action='store_true', help='''Generate raw CBOR and do not create a signature or COSE wrapper.''') group.add_argument('-m', '--hmac', action='store_true', help='''Generate a token wrapped in a Mac0 rather than Sign1 COSE structure.''') args = parser.parse_args() signing_key = None if args.hmac: method = 'hmac' if args.keyfile: with open(args.keyfile, 'rb') as fh: signing_key = fh.read() elif args.raw: if args.keyfile: raise ValueError('A keyfile cannot be specified with --raw.') method = 'raw' else: method = 'sign' if args.keyfile: with open(args.keyfile) as fh: signing_key = SigningKey.from_pem(fh.read()) token_map = read_token_map(args.source) if args.outfile: with open(args.outfile, 'wb') as wfh: convert_map_to_token(token_map, signing_key, wfh, method) else: with os.fdopen(sys.stdout.fileno(), 'wb') as wfh: convert_map_to_token(token_map, signing_key, wfh, method)