From 2d2385bca34f4b29216a933dc399c9a34c4af707 Mon Sep 17 00:00:00 2001
From: Sean Thomas <seanmthomas@google.com>
Date: Thu, 7 Nov 2024 23:56:03 +0000
Subject: [PATCH] Refactor function signatures to remove mocked IRPC

Test: atest libkeymint_remote_prov_support_test
      atest VtsHalRemotelyProvisionedComponentTargetTest

Change-Id: I8dd47bca149bcef244c223f8e94d3965deb13f13
---
 security/keymint/support/Android.bp           |  1 +
 .../fuzzer/keymint_remote_prov_fuzzer.cpp     |  8 +-
 .../MockIRemotelyProvisionedComponent.h       | 52 -------------
 .../include/remote_prov/remote_prov_utils.h   | 37 ++++-----
 .../keymint/support/remote_prov_utils.cpp     | 76 +++++++++----------
 .../support/remote_prov_utils_test.cpp        | 40 +++-------
 .../VtsRemotelyProvisionedComponentTests.cpp  | 32 ++++----
 7 files changed, 89 insertions(+), 157 deletions(-)
 delete mode 100644 security/keymint/support/include/remote_prov/MockIRemotelyProvisionedComponent.h

diff --git a/security/keymint/support/Android.bp b/security/keymint/support/Android.bp
index f313cf3b72..271e36ce78 100644
--- a/security/keymint/support/Android.bp
+++ b/security/keymint/support/Android.bp
@@ -114,6 +114,7 @@ cc_library {
 
 cc_test {
     name: "libkeymint_remote_prov_support_test",
+    cpp_std: "c++20",
     srcs: ["remote_prov_utils_test.cpp"],
     static_libs: [
         "android.hardware.security.rkp-V3-ndk",
diff --git a/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp b/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp
index 9b74fbba8b..ebccf2587d 100644
--- a/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp
+++ b/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp
@@ -74,16 +74,20 @@ void KeyMintRemoteProv::process() {
     uint8_t challengeSize = mFdp.ConsumeIntegralInRange<uint8_t>(kMinSize, kChallengeSize);
     std::vector<uint8_t> challenge = mFdp.ConsumeBytes<uint8_t>(challengeSize);
 
+    RpcHardwareInfo rpcHardwareInfo;
+    gRPC->getHardwareInfo(&rpcHardwareInfo);
+
     std::vector<uint8_t> csr;
     gRPC->generateCertificateRequestV2(keysToSign, challenge, &csr);
 
     while (mFdp.remaining_bytes()) {
         auto invokeProvAPI = mFdp.PickValueInArray<const std::function<void()>>({
                 [&]() {
-                    verifyFactoryCsr(cborKeysToSign, csr, gRPC.get(), kServiceName, challenge);
+                    verifyFactoryCsr(cborKeysToSign, csr, rpcHardwareInfo, kServiceName, challenge);
                 },
                 [&]() {
-                    verifyProductionCsr(cborKeysToSign, csr, gRPC.get(), kServiceName, challenge);
+                    verifyProductionCsr(cborKeysToSign, csr, rpcHardwareInfo, kServiceName,
+                                        challenge);
                 },
                 [&]() { isCsrWithProperDiceChain(csr, kServiceName); },
         });
diff --git a/security/keymint/support/include/remote_prov/MockIRemotelyProvisionedComponent.h b/security/keymint/support/include/remote_prov/MockIRemotelyProvisionedComponent.h
deleted file mode 100644
index 4fa39c2a4f..0000000000
--- a/security/keymint/support/include/remote_prov/MockIRemotelyProvisionedComponent.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include <aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.h>
-#include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h>
-#include <android-base/properties.h>
-#include <gmock/gmock.h>
-#include <gtest/gtest.h>
-
-#include <cstdint>
-
-namespace aidl::android::hardware::security::keymint::remote_prov {
-
-using ::ndk::ScopedAStatus;
-
-class MockIRemotelyProvisionedComponent : public IRemotelyProvisionedComponentDefault {
-  public:
-    MOCK_METHOD(ScopedAStatus, getHardwareInfo, (RpcHardwareInfo * _aidl_return), (override));
-    MOCK_METHOD(ScopedAStatus, generateEcdsaP256KeyPair,
-                (bool in_testMode, MacedPublicKey* out_macedPublicKey,
-                 std::vector<uint8_t>* _aidl_return),
-                (override));
-    MOCK_METHOD(ScopedAStatus, generateCertificateRequest,
-                (bool in_testMode, const std::vector<MacedPublicKey>& in_keysToSign,
-                 const std::vector<uint8_t>& in_endpointEncryptionCertChain,
-                 const std::vector<uint8_t>& in_challenge, DeviceInfo* out_deviceInfo,
-                 ProtectedData* out_protectedData, std::vector<uint8_t>* _aidl_return),
-                (override));
-    MOCK_METHOD(ScopedAStatus, generateCertificateRequestV2,
-                (const std::vector<MacedPublicKey>& in_keysToSign,
-                 const std::vector<uint8_t>& in_challenge, std::vector<uint8_t>* _aidl_return),
-                (override));
-    MOCK_METHOD(ScopedAStatus, getInterfaceVersion, (int32_t* _aidl_return), (override));
-    MOCK_METHOD(ScopedAStatus, getInterfaceHash, (std::string * _aidl_return), (override));
-};
-
-}  // namespace aidl::android::hardware::security::keymint::remote_prov
\ No newline at end of file
diff --git a/security/keymint/support/include/remote_prov/remote_prov_utils.h b/security/keymint/support/include/remote_prov/remote_prov_utils.h
index caeb7ffaf3..8a1c43bcfc 100644
--- a/security/keymint/support/include/remote_prov/remote_prov_utils.h
+++ b/security/keymint/support/include/remote_prov/remote_prov_utils.h
@@ -153,7 +153,7 @@ JsonOutput jsonEncodeCsrWithBuild(const std::string& instance_name, const cppbor
  * is parsed in the manufacturing process.
  */
 ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateFactoryDeviceInfo(
-        const std::vector<uint8_t>& deviceInfoBytes, IRemotelyProvisionedComponent* provisionable);
+        const std::vector<uint8_t>& deviceInfoBytes, const RpcHardwareInfo& info);
 
 /**
  * Parses a DeviceInfo structure from the given CBOR data. The parsed data is then validated to
@@ -162,7 +162,7 @@ ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateFactoryDeviceInfo(
  * suitable for the end user.
  */
 ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateProductionDeviceInfo(
-        const std::vector<uint8_t>& deviceInfoBytes, IRemotelyProvisionedComponent* provisionable);
+        const std::vector<uint8_t>& deviceInfoBytes, const RpcHardwareInfo& info);
 
 /**
  * Verify the protected data as if the device is still early in the factory process and may not
@@ -171,36 +171,39 @@ ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateProductionDeviceInfo(
 ErrMsgOr<std::vector<BccEntryData>> verifyFactoryProtectedData(
         const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
         const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
-        const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
-        IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
-        const std::vector<uint8_t>& challenge);
+        const EekChain& eekChain, const std::vector<uint8_t>& eekId, const RpcHardwareInfo& info,
+        const std::string& instanceName, const std::vector<uint8_t>& challenge);
 /**
  * Verify the protected data as if the device is a final production sample.
  */
 ErrMsgOr<std::vector<BccEntryData>> verifyProductionProtectedData(
         const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
         const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
-        const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
-        IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
-        const std::vector<uint8_t>& challenge, bool allowAnyMode = false);
+        const EekChain& eekChain, const std::vector<uint8_t>& eekId, const RpcHardwareInfo& info,
+        const std::string& instanceName, const std::vector<uint8_t>& challenge,
+        bool allowAnyMode = false);
 
 /**
  * Verify the CSR as if the device is still early in the factory process and may not
  * have all device identifiers provisioned yet.
  */
-ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyFactoryCsr(
-        const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
-        IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
-        const std::vector<uint8_t>& challenge, bool allowDegenerate = true,
-        bool requireUdsCerts = false);
+ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyFactoryCsr(const cppbor::Array& keysToSign,
+                                                          const std::vector<uint8_t>& csr,
+                                                          const RpcHardwareInfo& info,
+                                                          const std::string& instanceName,
+                                                          const std::vector<uint8_t>& challenge,
+                                                          bool allowDegenerate = true,
+                                                          bool requireUdsCerts = false);
 
 /**
  * Verify the CSR as if the device is a final production sample.
  */
-ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(
-        const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
-        IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
-        const std::vector<uint8_t>& challenge, bool allowAnyMode = false);
+ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(const cppbor::Array& keysToSign,
+                                                             const std::vector<uint8_t>& csr,
+                                                             const RpcHardwareInfo& info,
+                                                             const std::string& instanceName,
+                                                             const std::vector<uint8_t>& challenge,
+                                                             bool allowAnyMode = false);
 
 /** Checks whether the CSR has a proper DICE chain. */
 ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr,
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 464d91233d..9fb05e75fb 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -483,7 +483,7 @@ bool isTeeDeviceInfo(const cppbor::Map& devInfo) {
 }
 
 ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateDeviceInfo(
-        const std::vector<uint8_t>& deviceInfoBytes, IRemotelyProvisionedComponent* provisionable,
+        const std::vector<uint8_t>& deviceInfoBytes, const RpcHardwareInfo& rpcHardwareInfo,
         bool isFactory) {
     const cppbor::Array kValidVbStates = {"green", "yellow", "orange"};
     const cppbor::Array kValidBootloaderStates = {"locked", "unlocked"};
@@ -530,9 +530,7 @@ ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateDeviceInfo(
         return "DeviceInfo ordering is non-canonical.";
     }
 
-    RpcHardwareInfo info;
-    provisionable->getHardwareInfo(&info);
-    if (info.versionNumber < 3) {
+    if (rpcHardwareInfo.versionNumber < 3) {
         const std::unique_ptr<cppbor::Item>& version = parsed->get("version");
         if (!version) {
             return "Device info is missing version";
@@ -540,10 +538,10 @@ ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateDeviceInfo(
         if (!version->asUint()) {
             return "version must be an unsigned integer";
         }
-        if (version->asUint()->value() != info.versionNumber) {
+        if (version->asUint()->value() != rpcHardwareInfo.versionNumber) {
             return "DeviceInfo version (" + std::to_string(version->asUint()->value()) +
                    ") does not match the remotely provisioned component version (" +
-                   std::to_string(info.versionNumber) + ").";
+                   std::to_string(rpcHardwareInfo.versionNumber) + ").";
         }
     }
     // Bypasses the device info validation since the device info in AVF is currently
@@ -552,14 +550,14 @@ ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateDeviceInfo(
     // TODO(b/300911665): This check is temporary and will be replaced once the markers
     // on the DICE chain become available. We need to determine if the CSR is from the
     // RKP VM using the markers on the DICE chain.
-    if (info.uniqueId == "AVF Remote Provisioning 1") {
+    if (rpcHardwareInfo.uniqueId == "AVF Remote Provisioning 1") {
         return std::move(parsed);
     }
 
     std::string error;
     std::string tmp;
     std::set<std::string_view> previousKeys;
-    switch (info.versionNumber) {
+    switch (rpcHardwareInfo.versionNumber) {
         case 3:
             if (isTeeDeviceInfo(*parsed) && parsed->size() != kNumTeeDeviceInfoEntries) {
                 error += fmt::format(
@@ -626,7 +624,7 @@ ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateDeviceInfo(
                                    kValidAttIdStates);
             break;
         default:
-            return "Unrecognized version: " + std::to_string(info.versionNumber);
+            return "Unrecognized version: " + std::to_string(rpcHardwareInfo.versionNumber);
     }
 
     if (!error.empty()) {
@@ -637,13 +635,13 @@ ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateDeviceInfo(
 }
 
 ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateFactoryDeviceInfo(
-        const std::vector<uint8_t>& deviceInfoBytes, IRemotelyProvisionedComponent* provisionable) {
-    return parseAndValidateDeviceInfo(deviceInfoBytes, provisionable, /*isFactory=*/true);
+        const std::vector<uint8_t>& deviceInfoBytes, const RpcHardwareInfo& rpcHardwareInfo) {
+    return parseAndValidateDeviceInfo(deviceInfoBytes, rpcHardwareInfo, /*isFactory=*/true);
 }
 
 ErrMsgOr<std::unique_ptr<cppbor::Map>> parseAndValidateProductionDeviceInfo(
-        const std::vector<uint8_t>& deviceInfoBytes, IRemotelyProvisionedComponent* provisionable) {
-    return parseAndValidateDeviceInfo(deviceInfoBytes, provisionable, /*isFactory=*/false);
+        const std::vector<uint8_t>& deviceInfoBytes, const RpcHardwareInfo& rpcHardwareInfo) {
+    return parseAndValidateDeviceInfo(deviceInfoBytes, rpcHardwareInfo, /*isFactory=*/false);
 }
 
 ErrMsgOr<bytevec> getSessionKey(ErrMsgOr<std::pair<bytevec, bytevec>>& senderPubkey,
@@ -661,8 +659,8 @@ ErrMsgOr<bytevec> getSessionKey(ErrMsgOr<std::pair<bytevec, bytevec>>& senderPub
 ErrMsgOr<std::vector<BccEntryData>> verifyProtectedData(
         const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
         const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
-        const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
-        IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+        const EekChain& eekChain, const std::vector<uint8_t>& eekId,
+        const RpcHardwareInfo& rpcHardwareInfo, const std::string& instanceName,
         const std::vector<uint8_t>& challenge, bool isFactory, bool allowAnyMode = false) {
     auto [parsedProtectedData, _, protDataErrMsg] = cppbor::parse(protectedData.protectedData);
     if (!parsedProtectedData) {
@@ -685,7 +683,7 @@ ErrMsgOr<std::vector<BccEntryData>> verifyProtectedData(
         return "The COSE_encrypt recipient does not match the expected EEK identifier";
     }
 
-    auto sessionKey = getSessionKey(senderPubkey, eekChain, supportedEekCurve);
+    auto sessionKey = getSessionKey(senderPubkey, eekChain, rpcHardwareInfo.supportedEekCurve);
     if (!sessionKey) {
         return sessionKey.message();
     }
@@ -726,7 +724,7 @@ ErrMsgOr<std::vector<BccEntryData>> verifyProtectedData(
     }
 
     auto deviceInfoResult =
-            parseAndValidateDeviceInfo(deviceInfo.deviceInfo, provisionable, isFactory);
+            parseAndValidateDeviceInfo(deviceInfo.deviceInfo, rpcHardwareInfo, isFactory);
     if (!deviceInfoResult) {
         return deviceInfoResult.message();
     }
@@ -762,22 +760,22 @@ ErrMsgOr<std::vector<BccEntryData>> verifyProtectedData(
 ErrMsgOr<std::vector<BccEntryData>> verifyFactoryProtectedData(
         const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
         const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
-        const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
-        IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+        const EekChain& eekChain, const std::vector<uint8_t>& eekId,
+        const RpcHardwareInfo& rpcHardwareInfo, const std::string& instanceName,
         const std::vector<uint8_t>& challenge) {
     return verifyProtectedData(deviceInfo, keysToSign, keysToSignMac, protectedData, eekChain,
-                               eekId, supportedEekCurve, provisionable, instanceName, challenge,
+                               eekId, rpcHardwareInfo, instanceName, challenge,
                                /*isFactory=*/true);
 }
 
 ErrMsgOr<std::vector<BccEntryData>> verifyProductionProtectedData(
         const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
         const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
-        const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
-        IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+        const EekChain& eekChain, const std::vector<uint8_t>& eekId,
+        const RpcHardwareInfo& rpcHardwareInfo, const std::string& instanceName,
         const std::vector<uint8_t>& challenge, bool allowAnyMode) {
     return verifyProtectedData(deviceInfo, keysToSign, keysToSignMac, protectedData, eekChain,
-                               eekId, supportedEekCurve, provisionable, instanceName, challenge,
+                               eekId, rpcHardwareInfo, instanceName, challenge,
                                /*isFactory=*/false, allowAnyMode);
 }
 
@@ -912,7 +910,7 @@ std::optional<std::string> validateUdsCerts(const cppbor::Map& udsCerts,
 
 ErrMsgOr<std::unique_ptr<cppbor::Array>> parseAndValidateCsrPayload(
         const cppbor::Array& keysToSign, const std::vector<uint8_t>& csrPayload,
-        IRemotelyProvisionedComponent* provisionable, bool isFactory) {
+        const RpcHardwareInfo& rpcHardwareInfo, bool isFactory) {
     auto [parsedCsrPayload, _, errMsg] = cppbor::parse(csrPayload);
     if (!parsedCsrPayload) {
         return errMsg;
@@ -949,7 +947,8 @@ ErrMsgOr<std::unique_ptr<cppbor::Array>> parseAndValidateCsrPayload(
         return "Keys must be an Array.";
     }
 
-    auto result = parseAndValidateDeviceInfo(signedDeviceInfo->encode(), provisionable, isFactory);
+    auto result =
+            parseAndValidateDeviceInfo(signedDeviceInfo->encode(), rpcHardwareInfo, isFactory);
     if (!result) {
         return result.message();
     }
@@ -1100,13 +1099,12 @@ ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t
 
 ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyCsr(
         const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
-        IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+        const RpcHardwareInfo& rpcHardwareInfo, const std::string& instanceName,
         const std::vector<uint8_t>& challenge, bool isFactory, bool allowAnyMode = false,
         bool allowDegenerate = true, bool requireUdsCerts = false) {
-    RpcHardwareInfo info;
-    provisionable->getHardwareInfo(&info);
-    if (info.versionNumber != 3) {
-        return "Remotely provisioned component version (" + std::to_string(info.versionNumber) +
+    if (rpcHardwareInfo.versionNumber != 3) {
+        return "Remotely provisioned component version (" +
+               std::to_string(rpcHardwareInfo.versionNumber) +
                ") does not match expected version (3).";
     }
 
@@ -1117,22 +1115,24 @@ ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyCsr(
         return csrPayload.message();
     }
 
-    return parseAndValidateCsrPayload(keysToSign, *csrPayload, provisionable, isFactory);
+    return parseAndValidateCsrPayload(keysToSign, *csrPayload, rpcHardwareInfo, isFactory);
 }
 
 ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyFactoryCsr(
         const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
-        IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+        const RpcHardwareInfo& rpcHardwareInfo, const std::string& instanceName,
         const std::vector<uint8_t>& challenge, bool allowDegenerate, bool requireUdsCerts) {
-    return verifyCsr(keysToSign, csr, provisionable, instanceName, challenge, /*isFactory=*/true,
+    return verifyCsr(keysToSign, csr, rpcHardwareInfo, instanceName, challenge, /*isFactory=*/true,
                      /*allowAnyMode=*/false, allowDegenerate, requireUdsCerts);
 }
 
-ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(
-        const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
-        IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
-        const std::vector<uint8_t>& challenge, bool allowAnyMode) {
-    return verifyCsr(keysToSign, csr, provisionable, instanceName, challenge, /*isFactory=*/false,
+ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(const cppbor::Array& keysToSign,
+                                                             const std::vector<uint8_t>& csr,
+                                                             const RpcHardwareInfo& rpcHardwareInfo,
+                                                             const std::string& instanceName,
+                                                             const std::vector<uint8_t>& challenge,
+                                                             bool allowAnyMode) {
+    return verifyCsr(keysToSign, csr, rpcHardwareInfo, instanceName, challenge, /*isFactory=*/false,
                      allowAnyMode);
 }
 
diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp
index 8ffb149bd7..45f8457061 100644
--- a/security/keymint/support/remote_prov_utils_test.cpp
+++ b/security/keymint/support/remote_prov_utils_test.cpp
@@ -25,7 +25,6 @@
 #include <keymaster/logger.h>
 #include <keymaster/remote_provisioning_utils.h>
 #include <openssl/curve25519.h>
-#include <remote_prov/MockIRemotelyProvisionedComponent.h>
 #include <remote_prov/remote_prov_utils.h>
 
 #include <algorithm>
@@ -328,6 +327,8 @@ inline const std::vector<uint8_t> kCsrWithoutUdsCerts{
         0xa7, 0xb6, 0xc2, 0x40, 0x06, 0x65, 0xc5, 0xff, 0x19, 0xc5, 0xcd, 0x1c, 0xd5, 0x78, 0x01,
         0xd4, 0xb8};
 
+const RpcHardwareInfo kRpcHardwareInfo = {.versionNumber = 3};
+
 inline bool equal_byte_views(const byte_view& view1, const byte_view& view2) {
     return std::equal(view1.begin(), view1.end(), view2.begin(), view2.end());
 }
@@ -561,15 +562,10 @@ TEST(RemoteProvUtilsTest, requireUdsCertsWhenPresent) {
     auto [keysToSignPtr, _, errMsg] = cppbor::parse(kKeysToSignForCsrWithUdsCerts);
     ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
 
-    auto mockRpc = SharedRefBase::make<MockIRemotelyProvisionedComponent>();
-    EXPECT_CALL(*mockRpc, getHardwareInfo(NotNull())).WillRepeatedly([](RpcHardwareInfo* hwInfo) {
-        hwInfo->versionNumber = 3;
-        return ScopedAStatus::ok();
-    });
-
     const auto keysToSign = keysToSignPtr->asArray();
-    auto csr = verifyFactoryCsr(*keysToSign, kCsrWithUdsCerts, mockRpc.get(), "default", kChallenge,
-                                /*allowDegenerate=*/false, /*requireUdsCerts=*/true);
+    auto csr =
+            verifyFactoryCsr(*keysToSign, kCsrWithUdsCerts, kRpcHardwareInfo, "default", kChallenge,
+                             /*allowDegenerate=*/false, /*requireUdsCerts=*/true);
     ASSERT_TRUE(csr) << csr.message();
 }
 
@@ -577,27 +573,15 @@ TEST(RemoteProvUtilsTest, dontRequireUdsCertsWhenPresent) {
     auto [keysToSignPtr, _, errMsg] = cppbor::parse(kKeysToSignForCsrWithUdsCerts);
     ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
 
-    auto mockRpc = SharedRefBase::make<MockIRemotelyProvisionedComponent>();
-    EXPECT_CALL(*mockRpc, getHardwareInfo(NotNull())).WillRepeatedly([](RpcHardwareInfo* hwInfo) {
-        hwInfo->versionNumber = 3;
-        return ScopedAStatus::ok();
-    });
-
     const auto* keysToSign = keysToSignPtr->asArray();
-    auto csr = verifyFactoryCsr(*keysToSign, kCsrWithUdsCerts, mockRpc.get(), DEFAULT_INSTANCE_NAME,
-                                kChallenge,
+    auto csr = verifyFactoryCsr(*keysToSign, kCsrWithUdsCerts, kRpcHardwareInfo,
+                                DEFAULT_INSTANCE_NAME, kChallenge,
                                 /*allowDegenerate=*/false, /*requireUdsCerts=*/false);
     ASSERT_TRUE(csr) << csr.message();
 }
 
 TEST(RemoteProvUtilsTest, requireUdsCertsWhenNotPresent) {
-    auto mockRpc = SharedRefBase::make<MockIRemotelyProvisionedComponent>();
-    EXPECT_CALL(*mockRpc, getHardwareInfo(NotNull())).WillRepeatedly([](RpcHardwareInfo* hwInfo) {
-        hwInfo->versionNumber = 3;
-        return ScopedAStatus::ok();
-    });
-
-    auto csr = verifyFactoryCsr(/*keysToSign=*/Array(), kCsrWithoutUdsCerts, mockRpc.get(),
+    auto csr = verifyFactoryCsr(/*keysToSign=*/Array(), kCsrWithoutUdsCerts, kRpcHardwareInfo,
                                 DEFAULT_INSTANCE_NAME, kChallenge, /*allowDegenerate=*/false,
                                 /*requireUdsCerts=*/true);
     ASSERT_FALSE(csr);
@@ -610,14 +594,8 @@ TEST(RemoteProvUtilsTest, dontRequireUdsCertsWhenNotPresent) {
             kKeysToSignForCsrWithoutUdsCerts.data() + kKeysToSignForCsrWithoutUdsCerts.size());
     ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
 
-    auto mockRpc = SharedRefBase::make<MockIRemotelyProvisionedComponent>();
-    EXPECT_CALL(*mockRpc, getHardwareInfo(NotNull())).WillRepeatedly([](RpcHardwareInfo* hwInfo) {
-        hwInfo->versionNumber = 3;
-        return ScopedAStatus::ok();
-    });
-
     const auto* keysToSign = keysToSignPtr->asArray();
-    auto csr = verifyFactoryCsr(*keysToSign, kCsrWithoutUdsCerts, mockRpc.get(),
+    auto csr = verifyFactoryCsr(*keysToSign, kCsrWithoutUdsCerts, kRpcHardwareInfo,
                                 DEFAULT_INSTANCE_NAME, kChallenge,
                                 /*allowDegenerate=*/false, /*requireUdsCerts=*/false);
     ASSERT_TRUE(csr) << csr.message();
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 8f918af6ec..bb0c790c16 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -489,9 +489,9 @@ TEST_P(CertificateRequestTest, EmptyRequest_testMode) {
                 &protectedData, &keysToSignMac);
         ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-        auto result = verifyProductionProtectedData(
-                deviceInfo, cppbor::Array(), keysToSignMac, protectedData, testEekChain_, eekId_,
-                rpcHardwareInfo.supportedEekCurve, provisionable_.get(), GetParam(), challenge_);
+        auto result = verifyProductionProtectedData(deviceInfo, cppbor::Array(), keysToSignMac,
+                                                    protectedData, testEekChain_, eekId_,
+                                                    rpcHardwareInfo, GetParam(), challenge_);
         ASSERT_TRUE(result) << result.message();
     }
 }
@@ -516,8 +516,7 @@ TEST_P(CertificateRequestTest, NewKeyPerCallInTestMode) {
 
     auto firstBcc = verifyProductionProtectedData(deviceInfo, /*keysToSign=*/cppbor::Array(),
                                                   keysToSignMac, protectedData, testEekChain_,
-                                                  eekId_, rpcHardwareInfo.supportedEekCurve,
-                                                  provisionable_.get(), GetParam(), challenge_);
+                                                  eekId_, rpcHardwareInfo, GetParam(), challenge_);
     ASSERT_TRUE(firstBcc) << firstBcc.message();
 
     status = provisionable_->generateCertificateRequest(
@@ -527,8 +526,7 @@ TEST_P(CertificateRequestTest, NewKeyPerCallInTestMode) {
 
     auto secondBcc = verifyProductionProtectedData(deviceInfo, /*keysToSign=*/cppbor::Array(),
                                                    keysToSignMac, protectedData, testEekChain_,
-                                                   eekId_, rpcHardwareInfo.supportedEekCurve,
-                                                   provisionable_.get(), GetParam(), challenge_);
+                                                   eekId_, rpcHardwareInfo, GetParam(), challenge_);
     ASSERT_TRUE(secondBcc) << secondBcc.message();
 
     // Verify that none of the keys in the first BCC are repeated in the second one.
@@ -576,9 +574,9 @@ TEST_P(CertificateRequestTest, NonEmptyRequest_testMode) {
                 &keysToSignMac);
         ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-        auto result = verifyProductionProtectedData(
-                deviceInfo, cborKeysToSign_, keysToSignMac, protectedData, testEekChain_, eekId_,
-                rpcHardwareInfo.supportedEekCurve, provisionable_.get(), GetParam(), challenge_);
+        auto result = verifyProductionProtectedData(deviceInfo, cborKeysToSign_, keysToSignMac,
+                                                    protectedData, testEekChain_, eekId_,
+                                                    rpcHardwareInfo, GetParam(), challenge_);
         ASSERT_TRUE(result) << result.message();
     }
 }
@@ -766,7 +764,7 @@ TEST_P(CertificateRequestV2Test, EmptyRequest) {
                 provisionable_->generateCertificateRequestV2({} /* keysToSign */, challenge, &csr);
         ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-        auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), GetParam(),
+        auto result = verifyProductionCsr(cppbor::Array(), csr, rpcHardwareInfo, GetParam(),
                                           challenge, isRkpVmInstance_);
         ASSERT_TRUE(result) << result.message();
     }
@@ -788,7 +786,7 @@ TEST_P(CertificateRequestV2Test, NonEmptyRequest) {
         auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge, &csr);
         ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-        auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), GetParam(),
+        auto result = verifyProductionCsr(cborKeysToSign_, csr, rpcHardwareInfo, GetParam(),
                                           challenge, isRkpVmInstance_);
         ASSERT_TRUE(result) << result.message();
     }
@@ -819,14 +817,14 @@ TEST_P(CertificateRequestV2Test, NonEmptyRequestReproducible) {
     auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
     ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-    auto firstCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), GetParam(),
+    auto firstCsr = verifyProductionCsr(cborKeysToSign_, csr, rpcHardwareInfo, GetParam(),
                                         challenge_, isRkpVmInstance_);
     ASSERT_TRUE(firstCsr) << firstCsr.message();
 
     status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
     ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-    auto secondCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), GetParam(),
+    auto secondCsr = verifyProductionCsr(cborKeysToSign_, csr, rpcHardwareInfo, GetParam(),
                                          challenge_, isRkpVmInstance_);
     ASSERT_TRUE(secondCsr) << secondCsr.message();
 
@@ -845,8 +843,8 @@ TEST_P(CertificateRequestV2Test, NonEmptyRequestMultipleKeys) {
     auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
     ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-    auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), GetParam(),
-                                      challenge_, isRkpVmInstance_);
+    auto result = verifyProductionCsr(cborKeysToSign_, csr, rpcHardwareInfo, GetParam(), challenge_,
+                                      isRkpVmInstance_);
     ASSERT_TRUE(result) << result.message();
 }
 
@@ -977,7 +975,7 @@ TEST_P(CertificateRequestV2Test, DeviceInfo) {
     ASSERT_TRUE(irpcStatus.isOk()) << irpcStatus.getDescription();
 
     auto result =
-            verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), GetParam(), challenge_);
+            verifyProductionCsr(cppbor::Array(), csr, rpcHardwareInfo, GetParam(), challenge_);
     ASSERT_TRUE(result) << result.message();
 
     std::unique_ptr<cppbor::Array> csrPayload = std::move(*result);