1 #include <memory>
2 
3 #include "gtest/gtest.h"
4 #include "avb_tools.h"
5 #include "nugget_tools.h"
6 #include "nugget/app/avb/avb.pb.h"
7 #include "nugget/app/keymaster/keymaster.pb.h"
8 #include "Keymaster.client.h"
9 #include <application.h>
10 #include <keymaster.h>
11 #include <nos/AppClient.h>
12 #include <nos/NuggetClientInterface.h>
13 #include "util.h"
14 
15 #include <openssl/bio.h>
16 #include <openssl/evp.h>
17 #include <openssl/pem.h>
18 
19 using std::cout;
20 using std::string;
21 using std::unique_ptr;
22 
23 using namespace nugget::app::avb;
24 using namespace nugget::app::keymaster;
25 
26 namespace {
27 
28 class KeymasterProvisionTest: public testing::Test {
29  protected:
30   static unique_ptr<nos::NuggetClientInterface> client;
31   static unique_ptr<test_harness::TestHarness> uart_printer;
32 
33   static void SetUpTestCase();
34   static void TearDownTestCase();
35 
36   virtual void SetUp(void);
37 
38   virtual void PopulateDefaultRequest(ProvisionDeviceIdsRequest *request);
39 };
40 
41 unique_ptr<nos::NuggetClientInterface> KeymasterProvisionTest::client;
42 unique_ptr<test_harness::TestHarness> KeymasterProvisionTest::uart_printer;
43 
SetUpTestCase()44 void KeymasterProvisionTest::SetUpTestCase() {
45   uart_printer = test_harness::TestHarness::MakeUnique();
46 
47   client = nugget_tools::MakeNuggetClient();
48   client->Open();
49   EXPECT_TRUE(client->IsOpen()) << "Unable to connect";
50 }
51 
TearDownTestCase()52 void KeymasterProvisionTest::TearDownTestCase() {
53   client->Close();
54   client = unique_ptr<nos::NuggetClientInterface>();
55 
56   uart_printer = nullptr;
57 }
58 
SetUp(void)59 void KeymasterProvisionTest::SetUp(void) {
60   avb_tools::ResetProduction(client.get());
61 }
62 
PopulateDefaultRequest(ProvisionDeviceIdsRequest * request)63 void KeymasterProvisionTest::PopulateDefaultRequest(
64     ProvisionDeviceIdsRequest *request) {
65   request->set_product_brand("Pixel");
66   request->set_product_device("3");
67   request->set_product_name("Pixel");
68   request->set_serialno("12345678");
69   request->set_product_manufacturer("Google");
70   request->set_product_model("3");
71   request->set_imei("12345678");
72   request->set_meid("12345678");
73 }
74 
75 // Tests
76 
TEST_F(KeymasterProvisionTest,ProvisionDeviceIdsSuccess)77 TEST_F(KeymasterProvisionTest, ProvisionDeviceIdsSuccess) {
78   ProvisionDeviceIdsRequest request;
79   ProvisionDeviceIdsResponse response;
80 
81   PopulateDefaultRequest(&request);
82 
83   Keymaster service(*client);
84   ASSERT_NO_ERROR(service.ProvisionDeviceIds(request, &response), "");
85   ASSERT_EQ((ErrorCode)response.error_code(), ErrorCode::OK);
86 }
87 
TEST_F(KeymasterProvisionTest,ReProvisionDeviceIdsSuccess)88 TEST_F(KeymasterProvisionTest, ReProvisionDeviceIdsSuccess) {
89   ProvisionDeviceIdsRequest request;
90   ProvisionDeviceIdsResponse response;
91 
92   PopulateDefaultRequest(&request);
93 
94   Keymaster service(*client);
95 
96   // First instance.
97   ASSERT_NO_ERROR(service.ProvisionDeviceIds(request, &response), "");
98   ASSERT_EQ((ErrorCode)response.error_code(), ErrorCode::OK);
99 
100   // Second ...
101   ASSERT_NO_ERROR(service.ProvisionDeviceIds(request, &response), "");
102   ASSERT_EQ((ErrorCode)response.error_code(), ErrorCode::OK);
103 }
104 
TEST_F(KeymasterProvisionTest,ProductionModeProvisionFails)105 TEST_F(KeymasterProvisionTest, ProductionModeProvisionFails) {
106   ProvisionDeviceIdsRequest request;
107   ProvisionDeviceIdsResponse response;
108 
109   PopulateDefaultRequest(&request);
110 
111   Keymaster service(*client);
112 
113   // Set production bit.
114   avb_tools::SetProduction(client.get(), true, NULL, 0);
115 
116   // Provisioning is now disallowed.
117   ASSERT_NO_ERROR(service.ProvisionDeviceIds(request, &response), "");
118   ASSERT_EQ((ErrorCode)response.error_code(),
119             ErrorCode::PRODUCTION_MODE_PROVISIONING);
120 }
121 
TEST_F(KeymasterProvisionTest,InvalidDeviceIdFails)122 TEST_F(KeymasterProvisionTest, InvalidDeviceIdFails) {
123 
124   ProvisionDeviceIdsRequest request;
125   ProvisionDeviceIdsResponse response;
126 
127   PopulateDefaultRequest(&request);
128 
129   string bad_serialno(KM_MNF_MAX_ENTRY_SIZE + 1, '5');
130   request.set_serialno(bad_serialno);
131 
132   Keymaster service(*client);
133 
134   ASSERT_NO_ERROR(service.ProvisionDeviceIds(request, &response), "");
135   ASSERT_EQ((ErrorCode)response.error_code(),
136             ErrorCode::INVALID_DEVICE_IDS);
137 }
138 
TEST_F(KeymasterProvisionTest,MaxDeviceIdSuccess)139 TEST_F(KeymasterProvisionTest, MaxDeviceIdSuccess) {
140 
141   ProvisionDeviceIdsRequest request;
142   ProvisionDeviceIdsResponse response;
143 
144   PopulateDefaultRequest(&request);
145 
146   string max_serialno(KM_MNF_MAX_ENTRY_SIZE, '5');
147   request.set_serialno(max_serialno);
148 
149   Keymaster service(*client);
150 
151   ASSERT_NO_ERROR(service.ProvisionDeviceIds(request, &response), "");
152   ASSERT_EQ((ErrorCode)response.error_code(), ErrorCode::OK);
153 }
154 
155 // Regression test for b/77830050#comment6
TEST_F(KeymasterProvisionTest,NoMeidSuccess)156 TEST_F(KeymasterProvisionTest, NoMeidSuccess) {
157 
158   ProvisionDeviceIdsRequest request;
159   ProvisionDeviceIdsResponse response;
160 
161   PopulateDefaultRequest(&request);
162   request.clear_meid();
163 
164   Keymaster service(*client);
165 
166   ASSERT_NO_ERROR(service.ProvisionDeviceIds(request, &response), "");
167   ASSERT_EQ((ErrorCode)response.error_code(), ErrorCode::OK);
168 }
169 
170 }  // namespace
171