sim: Actually test invalid signatures Currently, the tests that appear to be testing for invalid signatures are actually just testing that images aren't used if the entire TLV block is missing. Fix this by being more subtle about our corruptions. If there is no signature, corrupt that data being used to generate the hash. Otherwise, modify the data before it goes into the signature, but generate a valid SHA256 in the TLV. This way, we exercise the signature itself being corrupt. Signed-off-by: David Brown <david.brown@linaro.org>

commit: e90b13f9a997eb5f8369aa79e17c5899d17979d8 [log] [tgz]
author: David Brown <david.brown@linaro.org> Fri Dec 06 15:04:00 2019 -0700
committer: David Brown <davidb@davidb.org> Mon Dec 09 09:54:15 2019 -0700
tree: b6d53b8a2f9be6e8dcb6112814a67fb48bb2aa84
parent: 4fae8b87437a8698d568c5d5fc3b5604383c2b5f [diff] [blame]
diff --git a/sim/src/image.rs b/sim/src/image.rs
index bc4c444..cfb5198 100644
--- a/sim/src/image.rs
+++ b/sim/src/image.rs

@@ -1149,12 +1149,10 @@
     }
 
     // Build the TLV itself.
-    let mut b_tlv = if bad_sig {
-        let good_sig = &mut tlv.make_tlv();
-        vec![0; good_sig.len()]
-    } else {
-        tlv.make_tlv()
-    };
+    if bad_sig {
+        tlv.corrupt_sig();
+    }
+    let mut b_tlv = tlv.make_tlv();
 
     let dev = flash.get_mut(&dev_id).unwrap();
commit	e90b13f9a997eb5f8369aa79e17c5899d17979d8	[log] [tgz]
author	David Brown <david.brown@linaro.org>	Fri Dec 06 15:04:00 2019 -0700
committer	David Brown <davidb@davidb.org>	Mon Dec 09 09:54:15 2019 -0700
tree	b6d53b8a2f9be6e8dcb6112814a67fb48bb2aa84
parent	4fae8b87437a8698d568c5d5fc3b5604383c2b5f [diff] [blame]