Move CAS unit tests to the doxygen group cas
This groups the tests together on the devsite. staged at https://developers.devsite.corp.google.com/widevine/drm/client/oemcrypto/v19/oemcrypto-test/group/cas Bug: 298719677 Change-Id: I9d4303ee6397917c0f8ce53c3d591860ac29ad3d
This commit is contained in:
Fred Gylys-Colwell
committed by
Robert Shih
Robert Shih
parent
d4dae79a0e
commit
1dc4377cde
@@ -298,37 +298,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest, LoadEntitlementKeysAPI17) {
|
|||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true));
|
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true));
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST_P(OEMCryptoEntitlementLicenseTest, CasOnlyLoadCasKeysAPI17) {
|
|
||||||
if (wvoec::global_features.api_version < 17) {
|
|
||||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
|
||||||
}
|
|
||||||
if (!global_features.supports_cas) {
|
|
||||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
|
||||||
}
|
|
||||||
LoadEntitlementLicense();
|
|
||||||
uint32_t key_session_id = 0;
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
|
||||||
session_.session_id(), &key_session_id));
|
|
||||||
|
|
||||||
EntitledMessage entitled_message_1(&license_messages_);
|
|
||||||
entitled_message_1.FillKeyArray();
|
|
||||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
|
||||||
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_SUCCESS));
|
|
||||||
EntitledMessage entitled_message_2(&license_messages_);
|
|
||||||
entitled_message_2.FillKeyArray();
|
|
||||||
entitled_message_2.SetEntitledKeySession(key_session_id);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadCasKeys(
|
|
||||||
/*load_even=*/true, /*load_odd=*/false, OEMCrypto_SUCCESS));
|
|
||||||
EntitledMessage entitled_message_3(&license_messages_);
|
|
||||||
entitled_message_3.FillKeyArray();
|
|
||||||
entitled_message_3.SetEntitledKeySession(key_session_id);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys(
|
|
||||||
/*load_even=*/false, /*load_odd=*/true, OEMCrypto_SUCCESS));
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys(
|
|
||||||
/*load_even=*/false, /*load_odd=*/false, OEMCrypto_SUCCESS));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This verifies that entitled content keys cannot be loaded if we have not yet
|
* This verifies that entitled content keys cannot be loaded if we have not yet
|
||||||
* loaded the entitlement keys.
|
* loaded the entitlement keys.
|
||||||
@@ -352,30 +321,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
|
|||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* This verifies that entitled content keys cannot be loaded if we have loaded
|
|
||||||
* the wrong entitlement keys.
|
|
||||||
*/
|
|
||||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
|
||||||
CasOnlyLoadCasKeysNoEntitlementKeysAPI17) {
|
|
||||||
if (!global_features.supports_cas) {
|
|
||||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
|
||||||
}
|
|
||||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
|
||||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
|
||||||
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
|
||||||
uint32_t key_session_id = 0;
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
|
||||||
session_.session_id(), &key_session_id));
|
|
||||||
|
|
||||||
EntitledMessage entitled_message_1(&license_messages_);
|
|
||||||
entitled_message_1.FillKeyArray();
|
|
||||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
|
||||||
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_ERROR_INVALID_CONTEXT));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This verifies that entitled content keys cannot be loaded if we have loaded
|
* This verifies that entitled content keys cannot be loaded if we have loaded
|
||||||
* the wrong entitlement keys.
|
* the wrong entitlement keys.
|
||||||
@@ -398,28 +343,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
|
|||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
|
||||||
CasOnlyLoadCasKeysWrongEntitlementKeysAPI17) {
|
|
||||||
if (wvoec::global_features.api_version < 17) {
|
|
||||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
|
||||||
}
|
|
||||||
if (!global_features.supports_cas) {
|
|
||||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
|
||||||
}
|
|
||||||
LoadEntitlementLicense();
|
|
||||||
uint32_t key_session_id = 0;
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
|
||||||
session_.session_id(), &key_session_id));
|
|
||||||
|
|
||||||
EntitledMessage entitled_message_1(&license_messages_);
|
|
||||||
entitled_message_1.FillKeyArray();
|
|
||||||
const std::string key_id = "no_key";
|
|
||||||
entitled_message_1.SetEntitlementKeyId(0, key_id);
|
|
||||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
|
||||||
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_KEY_NOT_ENTITLED));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This verifies that entitled content keys cannot be loaded if we specify an
|
* This verifies that entitled content keys cannot be loaded if we specify an
|
||||||
* entitled key session that has not been created.
|
* entitled key session that has not been created.
|
||||||
@@ -441,77 +364,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
|
|||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
|
||||||
CasOnlyLoadCasKeysWrongEntitledKeySessionAPI17) {
|
|
||||||
if (wvoec::global_features.api_version < 17) {
|
|
||||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
|
||||||
}
|
|
||||||
if (!global_features.supports_cas) {
|
|
||||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
|
||||||
}
|
|
||||||
LoadEntitlementLicense();
|
|
||||||
uint32_t key_session_id = 0;
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
|
||||||
session_.session_id(), &key_session_id));
|
|
||||||
|
|
||||||
EntitledMessage entitled_message_1(&license_messages_);
|
|
||||||
entitled_message_1.FillKeyArray();
|
|
||||||
const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0;
|
|
||||||
entitled_message_1.SetEntitledKeySession(wrong_key_session_id);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
|
||||||
/*load_even=*/true, /*load_odd=*/true,
|
|
||||||
OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This verifies that entitled content keys cannot be loaded if we specify an
|
|
||||||
* entitled key session that is actually an oemcrypto session.
|
|
||||||
*/
|
|
||||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
|
||||||
LoadEntitlementKeysOemcryptoSessionAPI17) {
|
|
||||||
if (!global_features.supports_cas) {
|
|
||||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
|
||||||
}
|
|
||||||
if (wvoec::global_features.api_version < 17) {
|
|
||||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
|
||||||
}
|
|
||||||
LoadEntitlementLicense();
|
|
||||||
uint32_t key_session_id = 0;
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
|
||||||
session_.session_id(), &key_session_id));
|
|
||||||
|
|
||||||
EntitledMessage entitled_message_1(&license_messages_);
|
|
||||||
entitled_message_1.FillKeyArray();
|
|
||||||
if (session_.session_id() == key_session_id) {
|
|
||||||
GTEST_SKIP()
|
|
||||||
<< "Skipping test because entitled and entitlement sessions are both "
|
|
||||||
<< key_session_id << ".";
|
|
||||||
}
|
|
||||||
entitled_message_1.SetEntitledKeySession(session_.session_id());
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
|
||||||
}
|
|
||||||
|
|
||||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
|
||||||
CasOnlyLoadCasKeysOemcryptoSessionAPI17) {
|
|
||||||
if (wvoec::global_features.api_version < 17) {
|
|
||||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
|
||||||
}
|
|
||||||
if (!global_features.supports_cas) {
|
|
||||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
|
||||||
}
|
|
||||||
LoadEntitlementLicense();
|
|
||||||
uint32_t key_session_id = 0;
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
|
||||||
session_.session_id(), &key_session_id));
|
|
||||||
|
|
||||||
EntitledMessage entitled_message_1(&license_messages_);
|
|
||||||
entitled_message_1.FillKeyArray();
|
|
||||||
entitled_message_1.SetEntitledKeySession(session_.session_id());
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
|
||||||
/*load_even=*/true, /*load_odd=*/true,
|
|
||||||
OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
|
|
||||||
}
|
|
||||||
|
|
||||||
INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoEntitlementLicenseTest,
|
INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoEntitlementLicenseTest,
|
||||||
Range<uint32_t>(kCoreMessagesAPI, kCurrentAPI + 1));
|
Range<uint32_t>(kCoreMessagesAPI, kCurrentAPI + 1));
|
||||||
|
|
||||||
@@ -778,42 +630,6 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitledKeyNotThereAPI17) {
|
|||||||
strlen(content_key_id)));
|
strlen(content_key_id)));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Select key with entitlement license fails if the key id is entitlement key
|
|
||||||
* id.
|
|
||||||
*/
|
|
||||||
TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) {
|
|
||||||
if (!global_features.supports_cas) {
|
|
||||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
|
||||||
}
|
|
||||||
if (wvoec::global_features.api_version < 17) {
|
|
||||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
|
||||||
}
|
|
||||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
|
||||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
|
||||||
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
|
|
||||||
|
|
||||||
uint32_t key_session_id;
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
|
||||||
session_.session_id(), &key_session_id));
|
|
||||||
EntitledMessage entitled_message_1(&license_messages_);
|
|
||||||
entitled_message_1.FillKeyArray();
|
|
||||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
|
|
||||||
|
|
||||||
if (session_.session_id() == key_session_id) {
|
|
||||||
GTEST_SKIP()
|
|
||||||
<< "Skipping test because entitled and entitlement sessions are both "
|
|
||||||
<< key_session_id << ".";
|
|
||||||
}
|
|
||||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
|
||||||
OEMCrypto_ERROR_INVALID_CONTEXT, session_.session_id(),
|
|
||||||
session_.license().keys[0].key_id,
|
|
||||||
session_.license().keys[0].key_id_length));
|
|
||||||
}
|
|
||||||
|
|
||||||
// This verifies that entitled key sessions can be created and removed.
|
// This verifies that entitled key sessions can be created and removed.
|
||||||
TEST_P(OEMCryptoLicenseTest, EntitledKeySessionsAPI17) {
|
TEST_P(OEMCryptoLicenseTest, EntitledKeySessionsAPI17) {
|
||||||
if (wvoec::global_features.api_version < 17) {
|
if (wvoec::global_features.api_version < 17) {
|
||||||
@@ -867,77 +683,6 @@ TEST_P(OEMCryptoLicenseTest,
|
|||||||
session_.open();
|
session_.open();
|
||||||
}
|
}
|
||||||
|
|
||||||
// This verifies that multiple entitled key sessions can be created. They can
|
|
||||||
// load and select keys independently.
|
|
||||||
TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
|
|
||||||
if (!global_features.supports_cas) {
|
|
||||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
|
||||||
}
|
|
||||||
if (wvoec::global_features.api_version < 17) {
|
|
||||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
|
||||||
}
|
|
||||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
|
||||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
|
||||||
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
|
|
||||||
|
|
||||||
uint32_t key_session_id_1;
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
|
||||||
session_.session_id(), &key_session_id_1));
|
|
||||||
EntitledMessage entitled_message_1(&license_messages_);
|
|
||||||
entitled_message_1.FillKeyArray();
|
|
||||||
entitled_message_1.SetEntitledKeySession(key_session_id_1);
|
|
||||||
const char* content_key_id_1 = "content_key_id_1";
|
|
||||||
entitled_message_1.SetContentKeyId(0, content_key_id_1);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
|
|
||||||
// We can select content key 1 in entitled key session 1.
|
|
||||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
|
||||||
OEMCrypto_SUCCESS, key_session_id_1,
|
|
||||||
reinterpret_cast<const uint8_t*>(content_key_id_1),
|
|
||||||
strlen(content_key_id_1)));
|
|
||||||
|
|
||||||
// Create another entitled key session.
|
|
||||||
uint32_t key_session_id_2;
|
|
||||||
OEMCryptoResult status = OEMCrypto_CreateEntitledKeySession(
|
|
||||||
session_.session_id(), &key_session_id_2);
|
|
||||||
// For DRM, but not for CAS, we allow there to be only a single entitled
|
|
||||||
// session.
|
|
||||||
if (!global_features.supports_cas &&
|
|
||||||
(key_session_id_2 == key_session_id_1 ||
|
|
||||||
status == OEMCrypto_ERROR_TOO_MANY_SESSIONS)) {
|
|
||||||
GTEST_SKIP()
|
|
||||||
<< "Skipping test because multiple entitled sessions not supported.";
|
|
||||||
}
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, status);
|
|
||||||
// Entitled key sessions should have unique ids.
|
|
||||||
ASSERT_NE(key_session_id_1, key_session_id_2);
|
|
||||||
|
|
||||||
EntitledMessage entitled_message_2(&license_messages_);
|
|
||||||
entitled_message_2.FillKeyArray();
|
|
||||||
entitled_message_2.SetEntitledKeySession(key_session_id_2);
|
|
||||||
const char* content_key_id_2 = "content_key_id_2";
|
|
||||||
entitled_message_2.SetContentKeyId(0, content_key_id_2);
|
|
||||||
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true));
|
|
||||||
// We can select content key 2 in entitled key session 2.
|
|
||||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
|
||||||
OEMCrypto_SUCCESS, key_session_id_2,
|
|
||||||
reinterpret_cast<const uint8_t*>(content_key_id_2),
|
|
||||||
strlen(content_key_id_2)));
|
|
||||||
|
|
||||||
// Content key id 1 is not in entitled key session 2.
|
|
||||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
|
||||||
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_2,
|
|
||||||
reinterpret_cast<const uint8_t*>(content_key_id_1),
|
|
||||||
strlen(content_key_id_1)));
|
|
||||||
|
|
||||||
// Content key id 2 is not in entitled key session 1.
|
|
||||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
|
||||||
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_1,
|
|
||||||
reinterpret_cast<const uint8_t*>(content_key_id_2),
|
|
||||||
strlen(content_key_id_2)));
|
|
||||||
}
|
|
||||||
|
|
||||||
// This verifies that within an entitled key session, each entitlement key can
|
// This verifies that within an entitled key session, each entitlement key can
|
||||||
// corresponds to only one content key at most.
|
// corresponds to only one content key at most.
|
||||||
TEST_P(OEMCryptoLicenseTest,
|
TEST_P(OEMCryptoLicenseTest,
|
||||||
@@ -1536,7 +1281,260 @@ INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoLicenseOverflowTest,
|
|||||||
|
|
||||||
/// @addtogroup cas
|
/// @addtogroup cas
|
||||||
/// @{
|
/// @{
|
||||||
|
TEST_P(OEMCryptoEntitlementLicenseTest, CasOnlyLoadCasKeysAPI17) {
|
||||||
|
if (wvoec::global_features.api_version < 17) {
|
||||||
|
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||||
|
}
|
||||||
|
if (!global_features.supports_cas) {
|
||||||
|
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||||
|
}
|
||||||
|
LoadEntitlementLicense();
|
||||||
|
uint32_t key_session_id = 0;
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||||
|
session_.session_id(), &key_session_id));
|
||||||
|
|
||||||
|
EntitledMessage entitled_message_1(&license_messages_);
|
||||||
|
entitled_message_1.FillKeyArray();
|
||||||
|
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||||
|
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_SUCCESS));
|
||||||
|
EntitledMessage entitled_message_2(&license_messages_);
|
||||||
|
entitled_message_2.FillKeyArray();
|
||||||
|
entitled_message_2.SetEntitledKeySession(key_session_id);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadCasKeys(
|
||||||
|
/*load_even=*/true, /*load_odd=*/false, OEMCrypto_SUCCESS));
|
||||||
|
EntitledMessage entitled_message_3(&license_messages_);
|
||||||
|
entitled_message_3.FillKeyArray();
|
||||||
|
entitled_message_3.SetEntitledKeySession(key_session_id);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys(
|
||||||
|
/*load_even=*/false, /*load_odd=*/true, OEMCrypto_SUCCESS));
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys(
|
||||||
|
/*load_even=*/false, /*load_odd=*/false, OEMCrypto_SUCCESS));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This verifies that entitled content keys cannot be loaded if we have loaded
|
||||||
|
* the wrong entitlement keys.
|
||||||
|
*/
|
||||||
|
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||||
|
CasOnlyLoadCasKeysNoEntitlementKeysAPI17) {
|
||||||
|
if (!global_features.supports_cas) {
|
||||||
|
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||||
|
}
|
||||||
|
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
||||||
|
uint32_t key_session_id = 0;
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||||
|
session_.session_id(), &key_session_id));
|
||||||
|
|
||||||
|
EntitledMessage entitled_message_1(&license_messages_);
|
||||||
|
entitled_message_1.FillKeyArray();
|
||||||
|
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||||
|
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_ERROR_INVALID_CONTEXT));
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||||
|
CasOnlyLoadCasKeysWrongEntitlementKeysAPI17) {
|
||||||
|
if (wvoec::global_features.api_version < 17) {
|
||||||
|
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||||
|
}
|
||||||
|
if (!global_features.supports_cas) {
|
||||||
|
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||||
|
}
|
||||||
|
LoadEntitlementLicense();
|
||||||
|
uint32_t key_session_id = 0;
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||||
|
session_.session_id(), &key_session_id));
|
||||||
|
|
||||||
|
EntitledMessage entitled_message_1(&license_messages_);
|
||||||
|
entitled_message_1.FillKeyArray();
|
||||||
|
const std::string key_id = "no_key";
|
||||||
|
entitled_message_1.SetEntitlementKeyId(0, key_id);
|
||||||
|
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||||
|
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_KEY_NOT_ENTITLED));
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||||
|
CasOnlyLoadCasKeysWrongEntitledKeySessionAPI17) {
|
||||||
|
if (wvoec::global_features.api_version < 17) {
|
||||||
|
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||||
|
}
|
||||||
|
if (!global_features.supports_cas) {
|
||||||
|
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||||
|
}
|
||||||
|
LoadEntitlementLicense();
|
||||||
|
uint32_t key_session_id = 0;
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||||
|
session_.session_id(), &key_session_id));
|
||||||
|
|
||||||
|
EntitledMessage entitled_message_1(&license_messages_);
|
||||||
|
entitled_message_1.FillKeyArray();
|
||||||
|
const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0;
|
||||||
|
entitled_message_1.SetEntitledKeySession(wrong_key_session_id);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||||
|
/*load_even=*/true, /*load_odd=*/true,
|
||||||
|
OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This verifies that entitled content keys cannot be loaded if we specify an
|
||||||
|
* entitled key session that is actually an oemcrypto session.
|
||||||
|
*/
|
||||||
|
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||||
|
LoadEntitlementKeysOemcryptoSessionAPI17) {
|
||||||
|
if (!global_features.supports_cas) {
|
||||||
|
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||||
|
}
|
||||||
|
if (wvoec::global_features.api_version < 17) {
|
||||||
|
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||||
|
}
|
||||||
|
LoadEntitlementLicense();
|
||||||
|
uint32_t key_session_id = 0;
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||||
|
session_.session_id(), &key_session_id));
|
||||||
|
|
||||||
|
EntitledMessage entitled_message_1(&license_messages_);
|
||||||
|
entitled_message_1.FillKeyArray();
|
||||||
|
if (session_.session_id() == key_session_id) {
|
||||||
|
GTEST_SKIP()
|
||||||
|
<< "Skipping test because entitled and entitlement sessions are both "
|
||||||
|
<< key_session_id << ".";
|
||||||
|
}
|
||||||
|
entitled_message_1.SetEntitledKeySession(session_.session_id());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||||
|
CasOnlyLoadCasKeysOemcryptoSessionAPI17) {
|
||||||
|
if (wvoec::global_features.api_version < 17) {
|
||||||
|
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||||
|
}
|
||||||
|
if (!global_features.supports_cas) {
|
||||||
|
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||||
|
}
|
||||||
|
LoadEntitlementLicense();
|
||||||
|
uint32_t key_session_id = 0;
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||||
|
session_.session_id(), &key_session_id));
|
||||||
|
|
||||||
|
EntitledMessage entitled_message_1(&license_messages_);
|
||||||
|
entitled_message_1.FillKeyArray();
|
||||||
|
entitled_message_1.SetEntitledKeySession(session_.session_id());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||||
|
/*load_even=*/true, /*load_odd=*/true,
|
||||||
|
OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Select key with entitlement license fails if the key id is entitlement key
|
||||||
|
* id.
|
||||||
|
*/
|
||||||
|
TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) {
|
||||||
|
if (!global_features.supports_cas) {
|
||||||
|
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||||
|
}
|
||||||
|
if (wvoec::global_features.api_version < 17) {
|
||||||
|
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||||
|
}
|
||||||
|
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
|
||||||
|
|
||||||
|
uint32_t key_session_id;
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||||
|
session_.session_id(), &key_session_id));
|
||||||
|
EntitledMessage entitled_message_1(&license_messages_);
|
||||||
|
entitled_message_1.FillKeyArray();
|
||||||
|
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
|
||||||
|
|
||||||
|
if (session_.session_id() == key_session_id) {
|
||||||
|
GTEST_SKIP()
|
||||||
|
<< "Skipping test because entitled and entitlement sessions are both "
|
||||||
|
<< key_session_id << ".";
|
||||||
|
}
|
||||||
|
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||||
|
OEMCrypto_ERROR_INVALID_CONTEXT, session_.session_id(),
|
||||||
|
session_.license().keys[0].key_id,
|
||||||
|
session_.license().keys[0].key_id_length));
|
||||||
|
}
|
||||||
|
|
||||||
|
// This verifies that multiple entitled key sessions can be created. They can
|
||||||
|
// load and select keys independently.
|
||||||
|
TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
|
||||||
|
if (!global_features.supports_cas) {
|
||||||
|
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||||
|
}
|
||||||
|
if (wvoec::global_features.api_version < 17) {
|
||||||
|
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||||
|
}
|
||||||
|
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
|
||||||
|
|
||||||
|
uint32_t key_session_id_1;
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||||
|
session_.session_id(), &key_session_id_1));
|
||||||
|
EntitledMessage entitled_message_1(&license_messages_);
|
||||||
|
entitled_message_1.FillKeyArray();
|
||||||
|
entitled_message_1.SetEntitledKeySession(key_session_id_1);
|
||||||
|
const char* content_key_id_1 = "content_key_id_1";
|
||||||
|
entitled_message_1.SetContentKeyId(0, content_key_id_1);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
|
||||||
|
// We can select content key 1 in entitled key session 1.
|
||||||
|
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||||
|
OEMCrypto_SUCCESS, key_session_id_1,
|
||||||
|
reinterpret_cast<const uint8_t*>(content_key_id_1),
|
||||||
|
strlen(content_key_id_1)));
|
||||||
|
|
||||||
|
// Create another entitled key session.
|
||||||
|
uint32_t key_session_id_2;
|
||||||
|
OEMCryptoResult status = OEMCrypto_CreateEntitledKeySession(
|
||||||
|
session_.session_id(), &key_session_id_2);
|
||||||
|
// For DRM, but not for CAS, we allow there to be only a single entitled
|
||||||
|
// session.
|
||||||
|
if (!global_features.supports_cas &&
|
||||||
|
(key_session_id_2 == key_session_id_1 ||
|
||||||
|
status == OEMCrypto_ERROR_TOO_MANY_SESSIONS)) {
|
||||||
|
GTEST_SKIP()
|
||||||
|
<< "Skipping test because multiple entitled sessions not supported.";
|
||||||
|
}
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, status);
|
||||||
|
// Entitled key sessions should have unique ids.
|
||||||
|
ASSERT_NE(key_session_id_1, key_session_id_2);
|
||||||
|
|
||||||
|
EntitledMessage entitled_message_2(&license_messages_);
|
||||||
|
entitled_message_2.FillKeyArray();
|
||||||
|
entitled_message_2.SetEntitledKeySession(key_session_id_2);
|
||||||
|
const char* content_key_id_2 = "content_key_id_2";
|
||||||
|
entitled_message_2.SetContentKeyId(0, content_key_id_2);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true));
|
||||||
|
// We can select content key 2 in entitled key session 2.
|
||||||
|
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||||
|
OEMCrypto_SUCCESS, key_session_id_2,
|
||||||
|
reinterpret_cast<const uint8_t*>(content_key_id_2),
|
||||||
|
strlen(content_key_id_2)));
|
||||||
|
|
||||||
|
// Content key id 1 is not in entitled key session 2.
|
||||||
|
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||||
|
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_2,
|
||||||
|
reinterpret_cast<const uint8_t*>(content_key_id_1),
|
||||||
|
strlen(content_key_id_1)));
|
||||||
|
|
||||||
|
// Content key id 2 is not in entitled key session 1.
|
||||||
|
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||||
|
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_1,
|
||||||
|
reinterpret_cast<const uint8_t*>(content_key_id_2),
|
||||||
|
strlen(content_key_id_2)));
|
||||||
|
}
|
||||||
/// @}
|
/// @}
|
||||||
|
|
||||||
/// @addtogroup security
|
/// @addtogroup security
|
||||||
|
|||||||
Reference in New Issue
Block a user