Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 4b4a51928abc461296f08542d46e9eff6a2211be^! / .
commit4b4a51928abc461296f08542d46e9eff6a2211be[log] [tgz]
authorKaruna Wadhera <kwadhera@google.com>Tue Jun 11 19:45:30 2024 +0000
committerKaruna Wadhera <kwadhera@google.com>Wed Jun 26 13:18:14 2024 +0000
treedb0a46ac0393a099224a290f5751e3ff9aed6e2a
parenta7866789f5dee302bec55dbf85877d797a1fe5ef [diff]
Adjust tests to account for new DICE mode check

* rialto/tests/test.rs: The test is augmented to allow any mode for
  non-protected VMs.
* ComposTestCase.java: The test is using a debug mode VM, which
  translates to a debug mode dice chain, so the test is augmented to
  allow any mode.

Bug: 318483637
Test: atest rialto_test && atest ComposHostTestCases
Change-Id: I70ddefddd8cb61eaccb2eae879582c214e95ae03

diff --git a/compos/tests/java/android/compos/test/ComposTestCase.java b/compos/tests/java/android/compos/test/ComposTestCase.java
index b31f4f3..b70e367 100644
--- a/compos/tests/java/android/compos/test/ComposTestCase.java
+++ b/compos/tests/java/android/compos/test/ComposTestCase.java

@@ -197,6 +197,7 @@
                                 10000,
                                 validator.getAbsolutePath(),
                                 "dice-chain",
+                                "--allow-any-mode",
                                 bcc_file.getAbsolutePath());
         assertWithMessage("hwtrust failed").about(command_results()).that(result).isSuccess();
     }

diff --git a/rialto/tests/test.rs b/rialto/tests/test.rs
index 0d57301..c2e45f2 100644
--- a/rialto/tests/test.rs
+++ b/rialto/tests/test.rs

@@ -71,7 +71,7 @@
 
     check_processing_reverse_request(&mut vm)?;
     let key_pair = check_processing_generating_key_pair_request(&mut vm)?;
-    check_processing_generating_certificate_request(&mut vm, &key_pair.maced_public_key)?;
+    check_processing_generating_certificate_request(&mut vm, &key_pair.maced_public_key, vm_type)?;
     check_attestation_request(&mut vm, &key_pair, vm_type)?;
     Ok(())
 }
@@ -111,6 +111,7 @@
 fn check_processing_generating_certificate_request(
     vm: &mut ServiceVm,
     maced_public_key: &[u8],
+    vm_type: VmType,
 ) -> Result<()> {
     let params = GenerateCertificateRequestParams {
         keys_to_sign: vec![maced_public_key.to_vec()],
@@ -122,7 +123,7 @@
     info!("Received response: {response:?}.");
 
     match response {
-        Response::GenerateCertificateRequest(csr) => check_csr(csr),
+        Response::GenerateCertificateRequest(csr) => check_csr(csr, vm_type),
         _ => bail!("Incorrect response type: {response:?}"),
     }
 }
@@ -275,8 +276,14 @@
     Ok(())
 }
 
-fn check_csr(csr: Vec<u8>) -> Result<()> {
-    let _csr = rkp::Csr::from_cbor(&Session::default(), &csr[..]).context("Failed to parse CSR")?;
+fn check_csr(csr: Vec<u8>, vm_type: VmType) -> Result<()> {
+    let mut session = Session::default();
+
+    // Allow any mode for non-protected VMs because they use a fake DICE chain with the mode set to
+    // debug.
+    session.set_allow_any_mode(vm_type == VmType::NonProtectedVm);
+
+    let _csr = rkp::Csr::from_cbor(&session, &csr[..]).context("Failed to parse CSR")?;
     Ok(())
 }