1 /*
2  * Copyright (C) 2023 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 //! Unit tests.
17 
18 use super::*;
19 use alloc::vec;
20 use coset::CborSerializable;
21 use secretkeeper_core::ta::bootloader as bl;
22 use test::{expect, skip};
23 use tipc::Handle;
24 use trusty_std::ffi::{CString, FallibleCString};
25 
26 test::init!();
27 
port_connect(port_name: &str, secure: SecureConnections)28 fn port_connect(port_name: &str, secure: SecureConnections) {
29     let port = CString::try_new(port_name).unwrap();
30     let result = Handle::connect(port.as_c_str());
31     // The test app generates secure connections, so only secure ports should work.
32     if secure.0 {
33         expect!(result.is_ok(), "failed to connect to secure {port_name}: {result:?}");
34     } else {
35         expect!(
36             result.is_err(),
37             "unexpected success connecting to nonsecure {port_name}: {result:?}"
38         );
39     }
40 }
41 
42 #[test]
secretkeeper_connection_test()43 fn secretkeeper_connection_test() {
44     if !cfg!(secretkeeper_enabled) {
45         skip!("Secretkeeper TA not configured");
46     }
47 
48     port_connect(AG_PORT_NAME, SecureConnections(false));
49     port_connect(SK_PORT_NAME, SecureConnections(false));
50     port_connect(BL_PORT_NAME, SecureConnections(true));
51 }
52 
53 #[test]
bootloader_retrieve_key()54 fn bootloader_retrieve_key() {
55     if !cfg!(secretkeeper_enabled) {
56         skip!("Secretkeeper TA not configured");
57     }
58 
59     let port = CString::try_new(BL_PORT_NAME).unwrap();
60     let session = Handle::connect(port.as_c_str()).unwrap();
61 
62     // Manually build a `GetIdentityKey` request.
63     let req = SkMessage(vec![0x00, 0x00, 0x00, 0x01]);
64 
65     session.send(&req).unwrap();
66     let mut buf = [0; MAX_MSG_SIZE];
67     let rsp: SkMessage = session.recv(&mut buf).unwrap();
68 
69     let rsp = bl::Response::from_slice(&rsp.0).unwrap();
70     expect!(matches!(rsp, bl::Response::IdentityKey(_)));
71     if let bl::Response::IdentityKey(key) = rsp {
72         // Check the key parses as a COSE_Key.
73         expect!(coset::CoseKey::from_slice(&key).is_ok());
74     }
75 }
76