Add a unit test for remote_prov_utils am: 7a55bb5cf8

Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15071132 Change-Id: I1995076ea3d87dd7c267a39e10603822d012234a
2026-02-02 23:48:30 +00:00 · 2021-06-25 16:10:07 +00:00
parent 3aa6bf65da 7a55bb5cf8
commit 9e9600a82f
3 changed files with 75 additions and 0 deletions
--- a/security/keymint/support/Android.bp
+++ b/security/keymint/support/Android.bp
@@ -62,3 +62,19 @@ cc_library {
        "libcrypto",
    ],
 }
+
+cc_test {
+    name: "libkeymint_remote_prov_support_test",
+    srcs: ["remote_prov_utils_test.cpp"],
+    static_libs: [
+        "libgmock",
+        "libgtest_main",
+    ],
+    shared_libs: [
+        "libcppbor_external",
+        "libcppcose_rkp",
+        "libcrypto",
+        "libkeymaster_portable",
+        "libkeymint_remote_prov_support",
+    ],
+}
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -31,6 +31,10 @@ bytevec randomBytes(size_t numBytes) {
 }

 ErrMsgOr<EekChain> generateEekChain(size_t length, const bytevec& eekId) {
+    if (length < 2) {
+        return "EEK chain must contain at least 2 certs.";
+    }
+
    auto eekChain = cppbor::Array();

    bytevec prev_priv_key;
--- a/security/keymint/support/remote_prov_utils_test.cpp
+++ b/security/keymint/support/remote_prov_utils_test.cpp
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <gmock/gmock.h>
+#include <gtest/gtest.h>
+#include <keymaster/android_keymaster_utils.h>
+#include <keymaster/remote_provisioning_utils.h>
+#include <openssl/curve25519.h>
+#include <remote_prov/remote_prov_utils.h>
+#include <cstdint>
+
+namespace aidl::android::hardware::security::keymint::remote_prov {
+namespace {
+
+using ::keymaster::KeymasterBlob;
+using ::keymaster::validateAndExtractEekPubAndId;
+using ::testing::ElementsAreArray;
+
+TEST(RemoteProvUtilsTest, GenerateEekChainInvalidLength) {
+    ASSERT_FALSE(generateEekChain(1, /*eekId=*/{}));
+}
+
+TEST(RemoteProvUtilsTest, GenerateEekChain) {
+    bytevec kTestEekId = {'t', 'e', 's', 't', 'I', 'd', 0};
+    for (size_t length : {2, 3, 31}) {
+        auto get_eek_result = generateEekChain(length, kTestEekId);
+        ASSERT_TRUE(get_eek_result) << get_eek_result.message();
+
+        auto& [chain, pubkey, privkey] = *get_eek_result;
+
+        auto validation_result = validateAndExtractEekPubAndId(
+                /*testMode=*/true, KeymasterBlob(chain.data(), chain.size()));
+        ASSERT_TRUE(validation_result.isOk());
+
+        auto& [eekPub, eekId] = *validation_result;
+        EXPECT_THAT(eekId, ElementsAreArray(kTestEekId));
+        EXPECT_THAT(eekPub, ElementsAreArray(pubkey));
+    }
+}
+
+}  // namespace
+}  // namespace aidl::android::hardware::security::keymint::remote_prov