commit e305e55b3a70b4796bb2f90f3173bf1e93fa4301
author Mate Toth-Pal <mate.toth-pal@arm.com> Fri Oct 07 14:04:53 2022 +0200
committer Mate Toth-Pal <mate.toth-pal@arm.com> Wed Nov 30 11:51:06 2022 +0100
tree dab964843372669d3185fab1a2833b32820d0fcc
parent c941766b099b1faeb1f64f18cb619e7a7215a6ae

Make protected header mandatory

This means that the common iat-verifier logic always call the protected
header checker in the verifier classes. In case of token compilation it
also includes the protected header returned by the verifier class in
the resulting token.

It is still possible for a verifier to make the protected header
optional by implementing _get_p_header and _parse_p_header accordingly.

Change-Id: Ib802e4e30c4c9d2c85addcb7311ab92da3962b99
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>

iat-verifier/iatverifier/util.py

diff --git a/iat-verifier/iatverifier/util.py b/iat-verifier/iatverifier/util.py
index bc78aad..9350979 100644
--- a/iat-verifier/iatverifier/util.py
+++ b/iat-verifier/iatverifier/util.py
@@ -25,7 +25,7 @@
     "NIST521p": AttestationTokenVerifier.COSE_ALG_ES512,
 }
 
-def convert_map_to_token(token_map, verifier, wfh, *, add_p_header, name_as_key, parse_raw_value):
+def convert_map_to_token(token_map, verifier, wfh, *, name_as_key, parse_raw_value):
     """
     Convert a map to token and write the result to a file.
     """
@@ -33,7 +33,6 @@
     verifier.convert_map_to_token(
         encoder,
         token_map,
-        add_p_header=add_p_header,
         name_as_key=name_as_key,
         parse_raw_value=parse_raw_value,
         root=True)