tests.rs - trusty/app/secretkeeper - Git at Google

 /*
  * Copyright (C) 2023 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 //! Unit tests.

 use super::*;
 use alloc::vec;
 use coset::CborSerializable;
 use secretkeeper_core::ta::bootloader as bl;
 use test::{expect, skip};
 use tipc::Handle;
 use trusty_std::ffi::{CString, FallibleCString};

 test::init!();

 fn port_connect(port_name: &str, secure: SecureConnections) {
     let port = CString::try_new(port_name).unwrap();
     let result = Handle::connect(port.as_c_str());
     // The test app generates secure connections, so only secure ports should work.
     if secure.0 {
         expect!(result.is_ok(), "failed to connect to secure {port_name}: {result:?}");
     } else {
         expect!(
             result.is_err(),
             "unexpected success connecting to nonsecure {port_name}: {result:?}"
         );
     }
 }

 #[test]
 fn secretkeeper_connection_test() {
     if !cfg!(secretkeeper_enabled) {
         skip!("Secretkeeper TA not configured");
     }

     port_connect(AG_PORT_NAME, SecureConnections(false));
     port_connect(SK_PORT_NAME, SecureConnections(false));
     port_connect(BL_PORT_NAME, SecureConnections(true));
 }

 #[test]
 fn bootloader_retrieve_key() {
     if !cfg!(secretkeeper_enabled) {
         skip!("Secretkeeper TA not configured");
     }

     let port = CString::try_new(BL_PORT_NAME).unwrap();
     let session = Handle::connect(port.as_c_str()).unwrap();

     // Manually build a `GetIdentityKey` request.
     let req = SkMessage(vec![0x00, 0x00, 0x00, 0x01]);

     session.send(&req).unwrap();
     let mut buf = [0; MAX_MSG_SIZE];
     let rsp: SkMessage = session.recv(&mut buf).unwrap();

     let rsp = bl::Response::from_slice(&rsp.0).unwrap();
     expect!(matches!(rsp, bl::Response::IdentityKey(_)));
     if let bl::Response::IdentityKey(key) = rsp {
         // Check the key parses as a COSE_Key.
         expect!(coset::CoseKey::from_slice(&key).is_ok());
     }
 }
	/*
	* Copyright (C) 2023 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	//! Unit tests.

	use super::*;
	use alloc::vec;
	use coset::CborSerializable;
	use secretkeeper_core::ta::bootloader as bl;
	use test::{expect, skip};
	use tipc::Handle;
	use trusty_std::ffi::{CString, FallibleCString};

	test::init!();

	fn port_connect(port_name: &str, secure: SecureConnections) {
	let port = CString::try_new(port_name).unwrap();
	let result = Handle::connect(port.as_c_str());
	// The test app generates secure connections, so only secure ports should work.
	if secure.0 {
	expect!(result.is_ok(), "failed to connect to secure {port_name}: {result:?}");
	} else {
	expect!(
	result.is_err(),
	"unexpected success connecting to nonsecure {port_name}: {result:?}"
	);
	}
	}

	#[test]
	fn secretkeeper_connection_test() {
	if !cfg!(secretkeeper_enabled) {
	skip!("Secretkeeper TA not configured");
	}

	port_connect(AG_PORT_NAME, SecureConnections(false));
	port_connect(SK_PORT_NAME, SecureConnections(false));
	port_connect(BL_PORT_NAME, SecureConnections(true));
	}

	#[test]
	fn bootloader_retrieve_key() {
	if !cfg!(secretkeeper_enabled) {
	skip!("Secretkeeper TA not configured");
	}

	let port = CString::try_new(BL_PORT_NAME).unwrap();
	let session = Handle::connect(port.as_c_str()).unwrap();

	// Manually build a `GetIdentityKey` request.
	let req = SkMessage(vec![0x00, 0x00, 0x00, 0x01]);

	session.send(&req).unwrap();
	let mut buf = [0; MAX_MSG_SIZE];
	let rsp: SkMessage = session.recv(&mut buf).unwrap();

	let rsp = bl::Response::from_slice(&rsp.0).unwrap();
	expect!(matches!(rsp, bl::Response::IdentityKey(_)));
	if let bl::Response::IdentityKey(key) = rsp {
	// Check the key parses as a COSE_Key.
	expect!(coset::CoseKey::from_slice(&key).is_ok());
	}
	}