e2e/policy: ensure that modified policy hash is valid hex

The policy hash is hex-encoded and unfortunately, XORing 1 into hex digits doesn't always yield valid hex digits: >>> [chr(ord(hex(i)[2:])^1) for i in range(16)] ['1', '0', '3', '2', '5', '4', '7', '6', '9', '8', '`', 'c', 'b', 'e', 'd', 'g'] Instead, decode the hex-encoded hash and XOR 1 into that.
edgelesssys · Oct 16, 2024 · a6d2b38 · a6d2b38
1 parent 0662a2e
commit a6d2b38
Showing 1 changed file with 11 additions and 5 deletions.
diff --git a/e2e/policy/policy_test.go b/e2e/policy/policy_test.go
@@ -7,6 +7,7 @@ package policy
 
 import (
 	"context"
+	"encoding/hex"
 	"encoding/json"
 	"flag"
 	"os"
@@ -141,19 +142,24 @@ func TestPolicy(t *testing.T) {
 	t.Run("cli does not verify coordinator with unexpected policy hash", func(t *testing.T) {
 		require := require.New(t)
 
-		// change expected coordinator policy hash
-		policyHash, err := os.ReadFile(path.Join(ct.WorkDir, "coordinator-policy.sha256"))
+		// read expected coordinator policy hash
+		policyHashBytes, err := os.ReadFile(path.Join(ct.WorkDir, "coordinator-policy.sha256"))
+		require.NoError(err)
+		require.NotEmpty(policyHashBytes)
+		policyHash := make([]byte, len(policyHashBytes)/2)
+		_, err = hex.Decode(policyHash, policyHashBytes)
 		require.NoError(err)
-		require.NotEmpty(policyHash)
+
+		// change expected coordinator policy hash
 		policyHash[0] ^= 1
-		require.NoError(os.WriteFile(path.Join(ct.WorkDir, "coordinator-policy.sha256"), policyHash, 0o644))
+		require.NoError(os.WriteFile(path.Join(ct.WorkDir, "coordinator-policy.sha256"), []byte(hex.EncodeToString(policyHash)), 0o644))
 
 		// verification should fail
 		require.ErrorContains(ct.RunVerify(), "validating report")
 
 		// restore correct coordinator policy hash
 		policyHash[0] ^= 1
-		require.NoError(os.WriteFile(path.Join(ct.WorkDir, "coordinator-policy.sha256"), policyHash, 0o644))
+		require.NoError(os.WriteFile(path.Join(ct.WorkDir, "coordinator-policy.sha256"), []byte(hex.EncodeToString(policyHash)), 0o644))
 	})
 }