mkm: use INI instead of TOML for config file format

The Python standard library module `tomllib` is only available in 3.11 and newer, but our CI currently uses an older version.
GaloisInc · Feb 7, 2025 · a4708e8 · a4708e8
1 parent fd1adf4
commit a4708e8
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 16 deletions.
diff --git a/components/mission_key_management/README.md b/components/mission_key_management/README.md
@@ -24,17 +24,17 @@ make TARGET=aarch64
 ## Configuration
 
 The MKM server takes a config file describing which keys it should distribute
-to which other components.  The config is initially written as a TOML file (a
+to which other components.  The config is initially written as an INI file (a
 text-based format), then converted to a binary format that's easier for the
 `mkm` binary to parse.
 
 To produce a binary config file for testing:
 
 ```sh
-python3 convert_config.py test_config.toml test_config.bin
+python3 convert_config.py test_config.ini test_config.bin
 ```
 
-This will read `test_config.toml`, which is the config file used for MKM's
+This will read `test_config.ini`, which is the config file used for MKM's
 automated tests, and will output `test_config.bin`.
 
 

diff --git a/components/mission_key_management/convert_config.py b/components/mission_key_management/convert_config.py
@@ -1,6 +1,7 @@
 '''
 Convert an MKM policy configuration from text to binary format.  The text
-format is TOML with sections like this:
+format is INI (as handled by Python's `configparser` module) with sections like
+this:
 
     [00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff]
     key0 = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
@@ -11,8 +12,8 @@
 `bbbb...`.
 '''
 import argparse
+import configparser
 import struct
-import tomllib
 
 MEASURE_SIZE = 32
 KEY_ID_SIZE = 1
@@ -23,8 +24,8 @@
 
 def parse_args():
     ap = argparse.ArgumentParser()
-    ap.add_argument('toml_path',
-        help='path to the input file in text/TOML format')
+    ap.add_argument('ini_path',
+        help='path to the input file in text/INI format')
     ap.add_argument('bin_path',
         help='path to the output file in binary format')
     return ap.parse_args()
@@ -38,10 +39,16 @@ def parse_hex(s):
 
 def main():
     args = parse_args()
-    t = tomllib.load(open(args.toml_path, 'rb'))
+
+    cfg = configparser.ConfigParser()
+    cfg.read_file(open(args.ini_path))
+
     f = open(args.bin_path, 'wb')
 
-    for measure_str, keys in t.items():
+    for measure_str, keys in cfg.items():
+        if measure_str == 'DEFAULT' and len(keys) == 0:
+            continue
+
         measure = parse_hex(measure_str)
         assert len(measure) == MEASURE_SIZE, \
                 'expected measure to be %d bytes, but got %r (%d bytes)' \

diff --git a/components/mission_key_management/run_tests.py b/components/mission_key_management/run_tests.py
@@ -205,8 +205,8 @@ def run_test(test_func, client, results):
 
 
 def main():
-    print('converting test_config.toml...')
-    subprocess.run((sys.executable, 'convert_config.py', 'test_config.toml', 'test_config.bin'),
+    print('converting test_config.ini...')
+    subprocess.run((sys.executable, 'convert_config.py', 'test_config.ini', 'test_config.bin'),
         check=True)
 
     port = random.randrange(48 * 1024, 64 * 1024)

diff --git a/...s/mission_key_management/test_config.toml → ...ts/mission_key_management/test_config.ini b/...s/mission_key_management/test_config.toml → ...ts/mission_key_management/test_config.ini
@@ -1,16 +1,16 @@
 # "measurement of valid client code"
 [6d6561737572656d656e74206f662076616c696420636c69656e7420636f6465]
 # "key for encrypting secret things"
-key0 = "6b657920666f7220656e6372797074696e6720736563726574207468696e6773"
+key0 = 6b657920666f7220656e6372797074696e6720736563726574207468696e6773
 # "another secret cryptographic key"
-key1 = "616e6f74686572207365637265742063727970746f67726170686963206b6579"
+key1 = 616e6f74686572207365637265742063727970746f67726170686963206b6579
 
 # Measurement of `test_attest_helper.py`
 [d2813a46b2a071670fca308762ec34a76a61d67a321b43cb7d252fe4cc1d92a7]
 # "extra key for test_attest to use"
-key0 = "6578747261206b657920666f7220746573745f61747465737420746f20757365"
+key0 = 6578747261206b657920666f7220746573745f61747465737420746f20757365
 
 # Measurement of `mkm_client`'s `run_client.sh` script
 [5bfaa5e5eddcc36e155bde859ac55e5277936791761a34b2c6bcb5da81b4746b]
 # "mkm_client uses this key to test"
-key0 = "6d6b6d5f636c69656e7420757365732074686973206b657920746f2074657374"
+key0 = 6d6b6d5f636c69656e7420757365732074686973206b657920746f2074657374
diff --git a/components/mkm_client/run_tests.sh b/components/mkm_client/run_tests.sh
@@ -3,7 +3,7 @@ set -euo pipefail
 
 (
     cd ../mission_key_management
-    python3 convert_config.py test_config.toml test_config.bin
+    python3 convert_config.py test_config.ini test_config.bin
     ./mkm &
 )
 key=$(../platform_crypto/shave_trusted_boot/trusted_boot ./run_client.sh)