OEMCrypto Tests Provisioning Method

Merge from widevine repo of http://go/wvgerrit/21682 This CL updates oemcrypto/test/oec_device_features.cpp to figure out the provisioning method and filter out tests that are not relevant to the device's method. This CL also introduces unit tests for GetOEMPublicCertificate. Unit tests for RewrapDeviceRSAKey30 will be in a future CL. Change-Id: Ib7065ce866d1171ca61b9aa08188fa2ac8d90fc2
2016-11-29 15:15:08 -08:00
parent 0fb76d5c1b
commit 053ff5bd3c
6 changed files with 251 additions and 22 deletions
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -90,7 +90,15 @@ TEST_F(OEMCryptoClientTest, VersionNumber) {
    cout << "             OEMCrypto does not support usage tables." << endl;
  }
  ASSERT_GE(version, 8u);
-  ASSERT_LE(version, 11u);
+  ASSERT_LE(version, 12u);
+}
+
+TEST_F(OEMCryptoClientTest, ProvisioningDeclaredAPI12) {
+  OEMCrypto_ProvisioningMethod provisioning_method =
+      OEMCrypto_GetProvisioningMethod();
+  cout << "             Provisioning method = "
+       << ProvisioningMethodName(provisioning_method) << endl;
+  ASSERT_NE(OEMCrypto_ProvisioningError, provisioning_method);
 }

 const char* HDCPCapabilityAsString(OEMCrypto_HDCP_Capability value) {
@@ -473,6 +481,102 @@ TEST_F(OEMCryptoKeyboxTest, GenerateDerivedKeysFromKeyboxLargeBuffer) {
                                          enc_context.size()));
 }

+class OEMCryptoProv30Test : public OEMCryptoClientTest {};
+
+TEST_F(OEMCryptoProv30Test, DeviceClaimsOEMCertificate) {
+  ASSERT_EQ(OEMCrypto_OEMCertificate, OEMCrypto_GetProvisioningMethod());
+}
+
+TEST_F(OEMCryptoProv30Test, OEMCertValid) {
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  bool kVerify = true;
+  ASSERT_NO_FATAL_FAILURE(s.LoadOEMCert(kVerify));  // Load and verify.
+}
+
+TEST_F(OEMCryptoProv30Test, OEMCertSignature) {
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  ASSERT_NO_FATAL_FAILURE(s.LoadOEMCert());
+  OEMCryptoResult sts;
+  // Sign a Message
+  vector<uint8_t> data(500);
+  RAND_pseudo_bytes(&data[0], data.size());
+  size_t signature_length = 0;
+  vector<uint8_t> signature(1);
+
+  sts = OEMCrypto_GenerateRSASignature(s.session_id(), &data[0], data.size(),
+                                       &signature[0], &signature_length,
+                                       kSign_RSASSA_PSS);
+
+  ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts);
+  ASSERT_NE(static_cast<size_t>(0), signature_length);
+  signature.resize(signature_length, 0);
+
+  sts = OEMCrypto_GenerateRSASignature(s.session_id(), &data[0], data.size(),
+                                       &signature[0], &signature_length,
+                                       kSign_RSASSA_PSS);
+
+  ASSERT_EQ(OEMCrypto_SUCCESS, sts);
+  ASSERT_NO_FATAL_FAILURE(s.VerifyRSASignature(
+      data, &signature[0], signature_length, kSign_RSASSA_PSS));
+}
+
+TEST_F(OEMCryptoProv30Test, OEMCertForbiddenPaddingScheme) {
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  ASSERT_NO_FATAL_FAILURE(s.LoadOEMCert());
+  OEMCryptoResult sts;
+  // Sign a Message
+  vector<uint8_t> data(500);
+  RAND_pseudo_bytes(&data[0], data.size());
+  size_t signature_length = 0;
+  vector<uint8_t> signature(1);
+
+  sts = OEMCrypto_GenerateRSASignature(s.session_id(), &data[0], data.size(),
+                                       &signature[0], &signature_length,
+                                       kSign_PKCS1_Block1);
+  if (OEMCrypto_ERROR_SHORT_BUFFER == sts) {
+    signature.resize(signature_length, 0);
+    sts = OEMCrypto_GenerateRSASignature(s.session_id(), &data[0], data.size(),
+                                         &signature[0], &signature_length,
+                                         kSign_PKCS1_Block1);
+  }
+  EXPECT_NE(OEMCrypto_SUCCESS, sts)
+      << "OEM Cert Signed with forbidden kSign_PKCS1_Block1.";
+  vector<uint8_t> zero(signature_length, 0);
+  ASSERT_EQ(zero, signature);  // signature should not be computed.
+}
+
+TEST_F(OEMCryptoProv30Test, OEMCertSignatureLargeBuffer) {
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  ASSERT_NO_FATAL_FAILURE(s.LoadOEMCert());
+  OEMCryptoResult sts;
+  // Sign a Message
+  static size_t kMaxMessageSize = 8 * 1024;
+  vector<uint8_t> data(kMaxMessageSize);
+  RAND_pseudo_bytes(&data[0], data.size());
+  size_t signature_length = 0;
+  vector<uint8_t> signature(1);
+
+  sts = OEMCrypto_GenerateRSASignature(s.session_id(), &data[0], data.size(),
+                                       &signature[0], &signature_length,
+                                       kSign_RSASSA_PSS);
+
+  ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts);
+  ASSERT_NE(static_cast<size_t>(0), signature_length);
+  signature.resize(signature_length);
+
+  sts = OEMCrypto_GenerateRSASignature(s.session_id(), &data[0], data.size(),
+                                       &signature[0], &signature_length,
+                                       kSign_RSASSA_PSS);
+
+  ASSERT_EQ(OEMCrypto_SUCCESS, sts);
+  ASSERT_NO_FATAL_FAILURE(s.VerifyRSASignature(
+      data, &signature[0], signature_length, kSign_RSASSA_PSS));
+}
+
 //
 // AddKey Tests
 //
@@ -968,8 +1072,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithFutureVerification) {
  ASSERT_NO_FATAL_FAILURE(s.open());
  ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
  ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, 0, 0));
-  // OEMCrypto should reject API12 until the spec has been defined.
-  memcpy(s.license().keys[1].control.verification, "kc12", 4);
+  // OEMCrypto should reject API13 until the spec has been defined.
+  memcpy(s.license().keys[1].control.verification, "kc13", 4);
  ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
  OEMCryptoResult sts = OEMCrypto_LoadKeys(
      s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0],