enclave: allow passing source of randomness to DummyProvider

patrislav · patrislav · commit 91cb62502720 · 2025-09-15T18:47:38.000+02:00
diff --git a/enclave/attestation_test.go b/enclave/attestation_test.go
@@ -80,7 +80,7 @@ func TestNitroAttestation_Decrypt(t *testing.T) {
 		},
 	}
 
-	e, err := enclave.New(context.Background(), enclave.DummyProvider, kmsMock, privKey)
+	e, err := enclave.New(context.Background(), enclave.DummyProvider(nil), kmsMock, privKey)
 	require.NoError(t, err)
 
 	var wg sync.WaitGroup
@@ -126,7 +126,7 @@ func TestAttestation_GenerateDataKey(t *testing.T) {
 		},
 	}
 
-	e, err := enclave.New(context.Background(), enclave.DummyProvider, kmsMock, privKey)
+	e, err := enclave.New(context.Background(), enclave.DummyProvider(nil), kmsMock, privKey)
 	require.NoError(t, err)
 
 	var wg sync.WaitGroup
diff --git a/enclave/provider_dummy.go b/enclave/provider_dummy.go
@@ -70,28 +70,34 @@ vMVH5ygi1fMeQPNg8oWDD+3gP1GmLGMP14kHT/aPyDAHHUMrq7nSgA8SXTC9fihO
 sygULgtpiSjKgeg9cTvK9yhz7T0c2CxFgyhUnz4v6uZtQTJK2Q==
 -----END CERTIFICATE-----`
 
-func DummyProvider() (Session, error) {
-	block, _ := pem.Decode([]byte(dummyPrivKey))
-	if block == nil || block.Type != "RSA PRIVATE KEY" {
-		return nil, fmt.Errorf("invalid PEM block")
+func DummyProvider(random io.Reader) func() (Session, error) {
+	return func() (Session, error) {
+		block, _ := pem.Decode([]byte(dummyPrivKey))
+		if block == nil || block.Type != "RSA PRIVATE KEY" {
+			return nil, fmt.Errorf("invalid PEM block")
+		}
+		key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse dummy private key: %v", err)
+		}
+
+		certBlock, _ := pem.Decode([]byte(dummyCert))
+		caCert, err := x509.ParseCertificate(certBlock.Bytes)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse CA certificate: %v", err)
+		}
+
+		if random == nil {
+			random = rand.Reader
+		}
+
+		return &dummySession{
+			random:     random,
+			privateKey: key,
+			caCert:     caCert,
+			caCertDER:  certBlock.Bytes,
+		}, nil
 	}
-	key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse dummy private key: %v", err)
-	}
-
-	certBlock, _ := pem.Decode([]byte(dummyCert))
-	caCert, err := x509.ParseCertificate(certBlock.Bytes)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse CA certificate: %v", err)
-	}
-
-	return &dummySession{
-		random:     rand.Reader,
-		privateKey: key,
-		caCert:     caCert,
-		caCertDER:  certBlock.Bytes,
-	}, nil
 }
 
 type dummySession struct {

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ func TestNitroAttestation_Decrypt(t *testing.T) {`
`80`	`80`	`},`
`81`	`81`	`}`
`82`	`82`
`83`		`- e, err := enclave.New(context.Background(), enclave.DummyProvider, kmsMock, privKey)`
	`83`	`+ e, err := enclave.New(context.Background(), enclave.DummyProvider(nil), kmsMock, privKey)`
`84`	`84`	`require.NoError(t, err)`
`85`	`85`
`86`	`86`	`var wg sync.WaitGroup`
`@@ -126,7 +126,7 @@ func TestAttestation_GenerateDataKey(t *testing.T) {`
`126`	`126`	`},`
`127`	`127`	`}`
`128`	`128`
`129`		`- e, err := enclave.New(context.Background(), enclave.DummyProvider, kmsMock, privKey)`
	`129`	`+ e, err := enclave.New(context.Background(), enclave.DummyProvider(nil), kmsMock, privKey)`
`130`	`130`	`require.NoError(t, err)`
`131`	`131`
`132`	`132`	`var wg sync.WaitGroup`