From 1cc416882f2b200636c1e6bb87b09f00623f8762 Mon Sep 17 00:00:00 2001
From: David Drysdale <drysdale@google.com>
Date: Thu, 5 Aug 2021 07:50:23 +0100
Subject: [PATCH] KeyMint VTS: catch empty cert chains

Explicitly detect empty cert chains returned by GenerateKey rather
than crashing when trying to dereference the first entry.

Bug: 195605180
Test: VtsAidlKeyMintTargetTest
Merged-In: Idad2703b458952ff599c6ccdd04a941aef7aedde
Change-Id: Idad2703b458952ff599c6ccdd04a941aef7aedde
Ignore-AOSP-First: already merged in aosp/master
---
 security/keymint/aidl/vts/functional/AttestKeyTest.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index a3127237ac..26ed34427c 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -312,6 +312,7 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
 
         AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
         AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
+        ASSERT_GT(cert_chain_list[i].size(), 0);
         EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
                                               cert_chain_list[i][0].encodedCertificate));
 
@@ -383,6 +384,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) {
 
         AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
         AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
+        ASSERT_GT(cert_chain_list[i].size(), 0);
         EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
                                               cert_chain_list[i][0].encodedCertificate));
 
@@ -471,6 +473,7 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
 
         AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
         AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
+        ASSERT_GT(cert_chain_list[i].size(), 0);
         EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
                                               cert_chain_list[i][0].encodedCertificate));