From 62dfb9defcb8968f2509ded7543e0eceb376a8e0 Mon Sep 17 00:00:00 2001
From: Rustam Ismayilov <rustam.ismayilov@arm.com>
Date: Fri, 15 Dec 2023 13:25:36 +0100
Subject: [PATCH] imgtool: Add verification tests for hex files

Added tests for verification of hex files
Extract common assertions to a separate function

Signed-off-by: Rustam Ismayilov <rustam.ismayilov@arm.com>
Change-Id: Ia20fcbec81c0fea22f7cfe4af7a8927a6dbbbc74
---
 .../images/signed/hex/zero_hex-addr_0.hex     | 88 +++++++++++++++++++
 .../images/signed/hex/zero_hex-addr_16.hex    | 88 +++++++++++++++++++
 .../images/signed/hex/zero_hex-addr_35.hex    | 88 +++++++++++++++++++
 scripts/tests/test_verify.py                  | 76 ++++++++++------
 4 files changed, 311 insertions(+), 29 deletions(-)
 create mode 100644 scripts/tests/images/signed/hex/zero_hex-addr_0.hex
 create mode 100644 scripts/tests/images/signed/hex/zero_hex-addr_16.hex
 create mode 100644 scripts/tests/images/signed/hex/zero_hex-addr_35.hex

diff --git a/scripts/tests/images/signed/hex/zero_hex-addr_0.hex b/scripts/tests/images/signed/hex/zero_hex-addr_0.hex
new file mode 100644
index 0000000000..6f70b811b1
--- /dev/null
+++ b/scripts/tests/images/signed/hex/zero_hex-addr_0.hex
@@ -0,0 +1,88 @@
+:100000003DB8F3960000000020000000FF03000050
+:1000100000000000010000000000000000000000DF
+:1000200001010101010101010101010101010101C0
+:1000300001010101010101010101010101010101B0
+:1000400001010101010101010101010101010101A0
+:100050000101010101010101010101010101010190
+:100060000101010101010101010101010101010180
+:100070000101010101010101010101010101010170
+:100080000101010101010101010101010101010160
+:100090000101010101010101010101010101010150
+:1000A0000101010101010101010101010101010140
+:1000B0000101010101010101010101010101010130
+:1000C0000101010101010101010101010101010120
+:1000D0000101010101010101010101010101010110
+:1000E0000101010101010101010101010101010100
+:1000F00001010101010101010101010101010101F0
+:1001000001010101010101010101010101010101DF
+:1001100001010101010101010101010101010101CF
+:1001200001010101010101010101010101010101BF
+:1001300001010101010101010101010101010101AF
+:10014000010101010101010101010101010101019F
+:10015000010101010101010101010101010101018F
+:10016000010101010101010101010101010101017F
+:10017000010101010101010101010101010101016F
+:10018000010101010101010101010101010101015F
+:10019000010101010101010101010101010101014F
+:1001A000010101010101010101010101010101013F
+:1001B000010101010101010101010101010101012F
+:1001C000010101010101010101010101010101011F
+:1001D000010101010101010101010101010101010F
+:1001E00001010101010101010101010101010101FF
+:1001F00001010101010101010101010101010101EF
+:1002000001010101010101010101010101010101DE
+:1002100001010101010101010101010101010101CE
+:1002200001010101010101010101010101010101BE
+:1002300001010101010101010101010101010101AE
+:10024000010101010101010101010101010101019E
+:10025000010101010101010101010101010101018E
+:10026000010101010101010101010101010101017E
+:10027000010101010101010101010101010101016E
+:10028000010101010101010101010101010101015E
+:10029000010101010101010101010101010101014E
+:1002A000010101010101010101010101010101013E
+:1002B000010101010101010101010101010101012E
+:1002C000010101010101010101010101010101011E
+:1002D000010101010101010101010101010101010E
+:1002E00001010101010101010101010101010101FE
+:1002F00001010101010101010101010101010101EE
+:1003000001010101010101010101010101010101DD
+:1003100001010101010101010101010101010101CD
+:1003200001010101010101010101010101010101BD
+:1003300001010101010101010101010101010101AD
+:10034000010101010101010101010101010101019D
+:10035000010101010101010101010101010101018D
+:10036000010101010101010101010101010101017D
+:10037000010101010101010101010101010101016D
+:10038000010101010101010101010101010101015D
+:10039000010101010101010101010101010101014D
+:1003A000010101010101010101010101010101013D
+:1003B000010101010101010101010101010101012D
+:1003C000010101010101010101010101010101011D
+:1003D000010101010101010101010101010101010D
+:1003E00001010101010101010101010101010101FD
+:1003F00001010101010101010101010101010101ED
+:1004000001010101010101010101010101010101DC
+:1004100001010101010101010101010101010107C6
+:100420006950011000200034E38DD5950696DF9EBB
+:10043000E843F3857825F27DAA652686898B3231DB
+:1004400030DF88657666D701002000ACBE8D1B7258
+:100450003E1A8D47471D15D84D14A98FF71C62DD34
+:10046000F1EF34C3F71C724B8E20462000000120B0
+:1004700026407977596FE45645D988435802087E5B
+:1004800068A2FA1DAA56818D8647444EE0C56B8648
+:100490005B7411B94A5C9177F035C88D3C63A7C68F
+:1004A0000AA6D76DD20DE37A0DF6A8739FB16776D1
+:1004B0004F319BE664F6AA3D9434FA5AB7D14A8A82
+:1004C00020FF56580AA80B859603420A5EA1822196
+:1004D00060BD99A7027D6A787C0E1B44740F84F37B
+:1004E000AD9BDF6D7777BF0AF08D918882482675C6
+:1004F000A9B083CDED31C3FD9582ECD240543C0CC4
+:100500007256C0A1E75AE5BBF3B101753499E81BF7
+:10051000D7184411709F13BDC5417BDD6F8CF26904
+:1005200069C1025A15D6E5C191B70F9DB522FF9852
+:100530003A3C68A2E00470AA9AAA15D77D4E538D62
+:100540000240AB3003888CA2EA5BA6E9B5621E9A32
+:10055000FD9F1F74FB7786EC19D97D571C527B0CCD
+:0F0560000F2336A4684349944EF10AC97C8DC21B
+:00000001FF
diff --git a/scripts/tests/images/signed/hex/zero_hex-addr_16.hex b/scripts/tests/images/signed/hex/zero_hex-addr_16.hex
new file mode 100644
index 0000000000..c36e7849ef
--- /dev/null
+++ b/scripts/tests/images/signed/hex/zero_hex-addr_16.hex
@@ -0,0 +1,88 @@
+:100010003DB8F3960000000020000000FF03000040
+:1000200000000000010000000000000000000000CF
+:1000300001010101010101010101010101010101B0
+:1000400001010101010101010101010101010101A0
+:100050000101010101010101010101010101010190
+:100060000101010101010101010101010101010180
+:100070000101010101010101010101010101010170
+:100080000101010101010101010101010101010160
+:100090000101010101010101010101010101010150
+:1000A0000101010101010101010101010101010140
+:1000B0000101010101010101010101010101010130
+:1000C0000101010101010101010101010101010120
+:1000D0000101010101010101010101010101010110
+:1000E0000101010101010101010101010101010100
+:1000F00001010101010101010101010101010101F0
+:1001000001010101010101010101010101010101DF
+:1001100001010101010101010101010101010101CF
+:1001200001010101010101010101010101010101BF
+:1001300001010101010101010101010101010101AF
+:10014000010101010101010101010101010101019F
+:10015000010101010101010101010101010101018F
+:10016000010101010101010101010101010101017F
+:10017000010101010101010101010101010101016F
+:10018000010101010101010101010101010101015F
+:10019000010101010101010101010101010101014F
+:1001A000010101010101010101010101010101013F
+:1001B000010101010101010101010101010101012F
+:1001C000010101010101010101010101010101011F
+:1001D000010101010101010101010101010101010F
+:1001E00001010101010101010101010101010101FF
+:1001F00001010101010101010101010101010101EF
+:1002000001010101010101010101010101010101DE
+:1002100001010101010101010101010101010101CE
+:1002200001010101010101010101010101010101BE
+:1002300001010101010101010101010101010101AE
+:10024000010101010101010101010101010101019E
+:10025000010101010101010101010101010101018E
+:10026000010101010101010101010101010101017E
+:10027000010101010101010101010101010101016E
+:10028000010101010101010101010101010101015E
+:10029000010101010101010101010101010101014E
+:1002A000010101010101010101010101010101013E
+:1002B000010101010101010101010101010101012E
+:1002C000010101010101010101010101010101011E
+:1002D000010101010101010101010101010101010E
+:1002E00001010101010101010101010101010101FE
+:1002F00001010101010101010101010101010101EE
+:1003000001010101010101010101010101010101DD
+:1003100001010101010101010101010101010101CD
+:1003200001010101010101010101010101010101BD
+:1003300001010101010101010101010101010101AD
+:10034000010101010101010101010101010101019D
+:10035000010101010101010101010101010101018D
+:10036000010101010101010101010101010101017D
+:10037000010101010101010101010101010101016D
+:10038000010101010101010101010101010101015D
+:10039000010101010101010101010101010101014D
+:1003A000010101010101010101010101010101013D
+:1003B000010101010101010101010101010101012D
+:1003C000010101010101010101010101010101011D
+:1003D000010101010101010101010101010101010D
+:1003E00001010101010101010101010101010101FD
+:1003F00001010101010101010101010101010101ED
+:1004000001010101010101010101010101010101DC
+:1004100001010101010101010101010101010101CC
+:1004200001010101010101010101010101010107B6
+:100430006950011000200034E38DD5950696DF9EAB
+:10044000E843F3857825F27DAA652686898B3231CB
+:1004500030DF88657666D701002000ACBE8D1B7248
+:100460003E1A8D47471D15D84D14A98FF71C62DD24
+:10047000F1EF34C3F71C724B8E2046200000019D23
+:1004800068458A1A3EFF5B9C5765B3ECF9609EBED7
+:10049000736E2429860007387BA6DF2086BEAF82D4
+:1004A000C3D771F0EFC128C7BB96D97CD92EF5868A
+:1004B000751CEF59B1ED98FD03C9008D1A49635DB4
+:1004C0009E65DF1B526AA09D631A2FE8961074E4A4
+:1004D000FF684382FBAE86B1EA222297EC16B0E9B0
+:1004E0006EEAD60FAB8173BB3040FDBD1C5884262D
+:1004F00071630BCB07513811304B6391D97DA92A19
+:10050000BBD25F6ECF1CC066991C524251C3B6F07D
+:10051000406E43862BD66BE0A4102D6C5E754FF4B5
+:10052000198460107E2E197B65EA94F848D49C6388
+:10053000ADA12B7F01639D922CD11548BB3EDC956C
+:100540002FC2C924006FD5C7B20E4620FB5D48A854
+:1005500068055D49D58D3A4F4FFD86852E7DD9665C
+:1005600070AFEFE9FB2FB4F71A4E3EFEBE94931F17
+:0F057000F2BB6D8B96403FA14413682358D572A0
+:00000001FF
diff --git a/scripts/tests/images/signed/hex/zero_hex-addr_35.hex b/scripts/tests/images/signed/hex/zero_hex-addr_35.hex
new file mode 100644
index 0000000000..9954f22099
--- /dev/null
+++ b/scripts/tests/images/signed/hex/zero_hex-addr_35.hex
@@ -0,0 +1,88 @@
+:100023003DB8F3960000000020000000FF0300002D
+:1000330000000000010000000000000000000000BC
+:10004300010101010101010101010101010101019D
+:10005300010101010101010101010101010101018D
+:10006300010101010101010101010101010101017D
+:10007300010101010101010101010101010101016D
+:10008300010101010101010101010101010101015D
+:10009300010101010101010101010101010101014D
+:1000A300010101010101010101010101010101013D
+:1000B300010101010101010101010101010101012D
+:1000C300010101010101010101010101010101011D
+:1000D300010101010101010101010101010101010D
+:1000E30001010101010101010101010101010101FD
+:1000F30001010101010101010101010101010101ED
+:1001030001010101010101010101010101010101DC
+:1001130001010101010101010101010101010101CC
+:1001230001010101010101010101010101010101BC
+:1001330001010101010101010101010101010101AC
+:10014300010101010101010101010101010101019C
+:10015300010101010101010101010101010101018C
+:10016300010101010101010101010101010101017C
+:10017300010101010101010101010101010101016C
+:10018300010101010101010101010101010101015C
+:10019300010101010101010101010101010101014C
+:1001A300010101010101010101010101010101013C
+:1001B300010101010101010101010101010101012C
+:1001C300010101010101010101010101010101011C
+:1001D300010101010101010101010101010101010C
+:1001E30001010101010101010101010101010101FC
+:1001F30001010101010101010101010101010101EC
+:1002030001010101010101010101010101010101DB
+:1002130001010101010101010101010101010101CB
+:1002230001010101010101010101010101010101BB
+:1002330001010101010101010101010101010101AB
+:10024300010101010101010101010101010101019B
+:10025300010101010101010101010101010101018B
+:10026300010101010101010101010101010101017B
+:10027300010101010101010101010101010101016B
+:10028300010101010101010101010101010101015B
+:10029300010101010101010101010101010101014B
+:1002A300010101010101010101010101010101013B
+:1002B300010101010101010101010101010101012B
+:1002C300010101010101010101010101010101011B
+:1002D300010101010101010101010101010101010B
+:1002E30001010101010101010101010101010101FB
+:1002F30001010101010101010101010101010101EB
+:1003030001010101010101010101010101010101DA
+:1003130001010101010101010101010101010101CA
+:1003230001010101010101010101010101010101BA
+:1003330001010101010101010101010101010101AA
+:10034300010101010101010101010101010101019A
+:10035300010101010101010101010101010101018A
+:10036300010101010101010101010101010101017A
+:10037300010101010101010101010101010101016A
+:10038300010101010101010101010101010101015A
+:10039300010101010101010101010101010101014A
+:1003A300010101010101010101010101010101013A
+:1003B300010101010101010101010101010101012A
+:1003C300010101010101010101010101010101011A
+:1003D300010101010101010101010101010101010A
+:1003E30001010101010101010101010101010101FA
+:1003F30001010101010101010101010101010101EA
+:1004030001010101010101010101010101010101D9
+:1004130001010101010101010101010101010101C9
+:1004230001010101010101010101010101010101B9
+:1004330001010101010101010101010101010107A3
+:100443006950011000200034E38DD5950696DF9E98
+:10045300E843F3857825F27DAA652686898B3231B8
+:1004630030DF88657666D701002000ACBE8D1B7235
+:100473003E1A8D47471D15D84D14A98FF71C62DD11
+:10048300F1EF34C3F71C724B8E204620000001624B
+:100493000C085DF7F51FA1EC60386FDB5AFE1759A6
+:1004A3009103B96CC6887010413CC925524FD45C86
+:1004B300F708EF57A4F234A2B21E635B6EBA9277C9
+:1004C300D9566B452C7E6FBC0B9273CDE306A8C146
+:1004D300F3F85B52F806D82A01FEB7BC7F8D982C3F
+:1004E300BD6F5F97E93B7C49B05806EAFD07640A94
+:1004F300EC54A2AF45F613C74E8666C6062E678E2A
+:100503007EF6D79B1FB252E485D77750D4D7C9E77D
+:10051300D9283DDB2D7DF5467E8DE4CEE06A19F8C2
+:10052300FB499767772636B0D8C6D97C25A159EF02
+:10053300F5237FDD4ED26296B1C4EE3471A4991FC8
+:1005430088617DD545BDAD005F8C69F306B1CDAA49
+:100553006EDE73FD2430C4697136FB6855F2A783E0
+:100563002C199DE3F1F5032DD62B89639AB7BC595A
+:100573004E3C2B9B4728218CF904C7B510E12A195F
+:0F0583007AE0FB58627856A4F6F5EA20C0F7ED4F
+:00000001FF
diff --git a/scripts/tests/test_verify.py b/scripts/tests/test_verify.py
index 9633768e6e..70d1d68018 100644
--- a/scripts/tests/test_verify.py
+++ b/scripts/tests/test_verify.py
@@ -20,12 +20,20 @@
 from imgtool.main import imgtool
 from tests.constants import KEY_TYPES, GEN_KEY_EXT, tmp_name, signed_images_dir
 
+KEY_TYPE_MISMATCH_TLV = "Key type does not match TLV record"
+NO_SIG_FOR_KEY = "No signature found for the given key"
+
 try:
     KEY_TYPES.remove("x25519")  # x25519 is not used for signing, so directory does not contain any such image
 except ValueError:
     pass
 
 
+def assert_valid(result):
+    assert result.exit_code == 0
+    assert "Image was correctly validated" in result.stdout
+
+
 class TestVerify:
     image = None
     image_signed = None
@@ -64,9 +72,7 @@ def test_verify_basic(self, key_type, tmp_path_persistent):
                 str(self.image_signed),
             ],
         )
-        print(result.stdout)
-        assert result.exit_code == 0
-        assert "Image was correctly validated" in result.stdout
+        assert_valid(result)
 
     @pytest.mark.parametrize("key_type", KEY_TYPES)
     def test_verify_wrong_key(self, key_type, tmp_path_persistent):
@@ -84,7 +90,7 @@ def test_verify_wrong_key(self, key_type, tmp_path_persistent):
             ],
         )
         assert result.exit_code != 0
-        assert "No signature found for the given key" in result.stdout
+        assert NO_SIG_FOR_KEY in result.stdout
 
     @pytest.mark.parametrize("key_type", KEY_TYPES)
     def test_verify_key_not_exists(self, key_type, tmp_path_persistent):
@@ -206,8 +212,7 @@ def test_verify_encrypted_clear(self, key_type, tmp_path_persistent):
                 str(self.image_signed),
             ],
         )
-        assert result.exit_code == 0
-        assert "Image was correctly validated" in result.stdout
+        assert_valid(result)
 
     @pytest.mark.parametrize("key_type", KEY_TYPES)
     def test_verify_encrypted_clear_wrong_key(self, key_type, tmp_path_persistent):
@@ -225,7 +230,7 @@ def test_verify_encrypted_clear_wrong_key(self, key_type, tmp_path_persistent):
             ],
         )
         assert result.exit_code != 0
-        assert "No signature found for the given key" in result.stdout
+        assert NO_SIG_FOR_KEY in result.stdout
 
 
 class TestVerifyCustomTLV(TestVerify):
@@ -256,8 +261,7 @@ def test_verify_custom_tlv(self, key_type, tmp_path_persistent):
                 str(self.image_signed),
             ],
         )
-        assert result.exit_code == 0
-        assert "Image was correctly validated" in result.stdout
+        assert_valid(result)
 
     @pytest.mark.parametrize("key_type", KEY_TYPES)
     def test_verify_custom_tlv_no_key(self, key_type, tmp_path_persistent):
@@ -272,9 +276,7 @@ def test_verify_custom_tlv_no_key(self, key_type, tmp_path_persistent):
                 str(self.image_signed),
             ],
         )
-        print(result.stdout)
-        assert result.exit_code == 0
-        assert "Image was correctly validated" in result.stdout
+        assert_valid(result)
 
 
 class TestVerifyNoKey(TestVerify):
@@ -294,9 +296,7 @@ def test_verify_no_key(self):
                 str(self.image_signed),
             ],
         )
-        print(result.stdout)
-        assert result.exit_code == 0
-        assert "Image was correctly validated" in result.stdout
+        assert_valid(result)
 
     def test_verify_no_key_image_with_key(self):
         """Test verify image signed without key, attempt to verify with a key should fail on signature check"""
@@ -313,9 +313,8 @@ def test_verify_no_key_image_with_key(self):
                 str(self.image_signed),
             ],
         )
-        print(result.stdout)
         assert result.exit_code != 0
-        assert "No signature found for the given key" in result.stdout
+        assert NO_SIG_FOR_KEY in result.stdout
 
     def test_verify_no_key_image_with_wrong_key(self):
         """Test verify image signed without key, attempt to verify with wrong key should fail on hash check"""
@@ -332,9 +331,8 @@ def test_verify_no_key_image_with_wrong_key(self):
                 str(self.image_signed),
             ],
         )
-        print(result.stdout)
         assert result.exit_code != 0
-        assert "Key type does not match TLV record" in result.stdout
+        assert KEY_TYPE_MISMATCH_TLV in result.stdout
 
 
 class TestVerifyPubKey(TestVerify):
@@ -364,9 +362,7 @@ def test_verify_no_key(self, key_type):
                 str(self.image_signed),
             ],
         )
-        print(result.stdout)
-        assert result.exit_code == 0
-        assert "Image was correctly validated" in result.stdout
+        assert_valid(result)
 
     @pytest.mark.parametrize("key_type", ("ecdsa-p384",))
     def test_verify_384_key(self, key_type):
@@ -381,9 +377,7 @@ def test_verify_384_key(self, key_type):
                 str(self.image_signed),
             ],
         )
-        print(result.stdout)
-        assert result.exit_code == 0
-        assert "Image was correctly validated" in result.stdout
+        assert_valid(result)
 
     @pytest.mark.parametrize("key_type", KEY_TYPES[:-2])
     def test_verify_key_not_matching(self, key_type, tmp_path_persistent):
@@ -401,9 +395,8 @@ def test_verify_key_not_matching(self, key_type, tmp_path_persistent):
                 str(self.image_signed),
             ],
         )
-        print(result.stdout)
         assert result.exit_code != 0
-        assert "Key type does not match TLV record" in result.stdout
+        assert KEY_TYPE_MISMATCH_TLV in result.stdout
 
     @pytest.mark.parametrize("key_type", ("ecdsa-p256",))
     def test_verify_key_not_matching_384(self, key_type, tmp_path_persistent):
@@ -420,6 +413,31 @@ def test_verify_key_not_matching_384(self, key_type, tmp_path_persistent):
                 str(self.image_signed),
             ],
         )
-        print(result.stdout)
         assert result.exit_code != 0
-        assert "Key type does not match TLV record" in result.stdout
+        assert KEY_TYPE_MISMATCH_TLV in result.stdout
+
+
+class TestVerifyHex(TestVerify):
+    key = None
+    test_signed_images_dir = signed_images_dir + "/hex/"
+
+    @pytest.fixture(autouse=True)
+    def setup(self, request, tmp_path_persistent, key_type="rsa-2048"):
+        self.key = "./keys/" + key_type + ".key"
+
+    @pytest.mark.parametrize("hex_addr", ("0", "16", "35"))
+    def test_verify_basic(self, hex_addr, tmp_path_persistent):
+        """Test verify basic image"""
+
+        self.image_signed = self.test_signed_images_dir + f"zero_hex-addr_{hex_addr}" + ".hex"
+
+        result = self.runner.invoke(
+            imgtool,
+            [
+                "verify",
+                "--key",
+                str(self.key),
+                str(self.image_signed),
+            ],
+        )
+        assert_valid(result)