aboutsummaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorsetrofim <setrofim@gmail.com>2020-10-27 09:23:47 +0000
committerTamas Ban <tamas.ban@arm.com>2020-10-29 13:49:42 +0000
commit03c7ba6c4c1a6428bf87957803340e25df94e0c3 (patch)
tree98c491ca53d58be7c3e49b324dee82139f7fa163 /tools
parent6b4101ecc7630af757b3da525b7f6c3b89f40a3a (diff)
downloadtrusted-firmware-m-03c7ba6c4c1a6428bf87957803340e25df94e0c3.tar.gz
Tools: iat-verifier fixes
- key was not being returned by read_sign1_key(), resulting in an automatic success on key verification. Return it so that the signature is actually verified. - convert_map_to_token_files() was still passing the now non-existent "raw" parameter to convert_map_to_token(), instead of "method" that "raw" was replaced with. Update the parameter name. - The underlying CBOR library's decoder has become more tolerant, and is able to decode the slightly tweaked "malformed.cbor" test file. Tweak it further, so that it continues to fail to decode. Change-Id: I597d19c1109a432c451f27eb1fc1cf8e26d8675a Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Diffstat (limited to 'tools')
-rw-r--r--tools/iat-verifier/iatverifier/util.py3
-rw-r--r--tools/iat-verifier/tests/data/malformed.cborbin654 -> 654 bytes
2 files changed, 2 insertions, 1 deletions
diff --git a/tools/iat-verifier/iatverifier/util.py b/tools/iat-verifier/iatverifier/util.py
index 148582e93..4f321d47a 100644
--- a/tools/iat-verifier/iatverifier/util.py
+++ b/tools/iat-verifier/iatverifier/util.py
@@ -47,7 +47,7 @@ def convert_map_to_token_files(mapfile, keyfile, outfile, method='sign'):
signing_key = fh.read()
with open(outfile, 'wb') as wfh:
- convert_map_to_token(token_map, signing_key, wfh, raw)
+ convert_map_to_token(token_map, signing_key, wfh, method)
def convert_map_to_token(token_map, signing_key, wfh, method='sign'):
@@ -172,6 +172,7 @@ def read_sign1_key(keyfile):
msg = 'Bad key file "{}":\n\tpubkey error: {}\n\tprikey error: {}'
raise ValueError(msg.format(keyfile, verifying_key_error, signing_key_error))
+ return key
def read_hmac_key(keyfile):
diff --git a/tools/iat-verifier/tests/data/malformed.cbor b/tools/iat-verifier/tests/data/malformed.cbor
index ac144ed8f..ff094d41c 100644
--- a/tools/iat-verifier/tests/data/malformed.cbor
+++ b/tools/iat-verifier/tests/data/malformed.cbor
Binary files differ