Full decrypt path testing

Merge from master branch of Widevine repo of http://go/wvgerrit/66080 Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64002 This CL updates OEMCrypto reference code and unit tests to support full decrypt path testing. Test: unit tests Test: tested as part of http://go/ag/5501993 Bug: 34078913 Change-Id: Ia67374599d6619698a336f41513068ad04294e7f
2018-11-12 14:21:17 -08:00
parent 4ffacfdcc7
commit 246621c5ce
12 changed files with 287 additions and 5 deletions
--- a/libwvdrmengine/oemcrypto/test/common.mk
+++ b/libwvdrmengine/oemcrypto/test/common.mk
@@ -12,10 +12,11 @@ LOCAL_SRC_FILES:= \
  oemcrypto_test.cpp \
  oemcrypto_test_android.cpp \
  oemcrypto_test_main.cpp \
+  ../ref/src/wvcrc.cpp \

 LOCAL_C_INCLUDES += \
  $(LOCAL_PATH)/../include \
-  $(LOCAL_PATH)/../mock/src \
+  $(LOCAL_PATH)/../ref/src \
  vendor/widevine/libwvdrmengine/cdm/core/include \
  vendor/widevine/libwvdrmengine/cdm/util/include \

--- a/libwvdrmengine/oemcrypto/test/oec_device_features.cpp
+++ b/libwvdrmengine/oemcrypto/test/oec_device_features.cpp
@@ -98,6 +98,16 @@ void DeviceFeatures::Initialize(bool is_cast_receiver,
  resource_rating = OEMCrypto_ResourceRatingTier();
  printf("resource_rating = %d, security leve %s.\n", resource_rating,
         OEMCrypto_SecurityLevel());
+  uint32_t decrypt_hash_type = OEMCrypto_SupportsDecryptHash();
+  supports_crc = (decrypt_hash_type == OEMCrypto_CRC_Clear_Buffer);
+  if (supports_crc) {
+    printf("Decrypt hashes will be tested.\n");
+  } else {
+    printf("Decrypt hashes will not be tested -- %s.\n",
+           decrypt_hash_type == OEMCrypto_Hash_Not_Supported
+               ? "not supported"
+               : "partner defined hash");
+  }
  switch (derive_key_method) {
    case NO_METHOD:
      printf("NO_METHOD: Cannot derive known session keys.\n");
--- a/libwvdrmengine/oemcrypto/test/oec_device_features.h
+++ b/libwvdrmengine/oemcrypto/test/oec_device_features.h
@@ -28,6 +28,7 @@ class DeviceFeatures {
  bool supports_rsa_3072;  // Device supports 3072 bit RSA keys.
  bool supports_level_1;   // Device supports Level 1 security.
  uint32_t resource_rating; // Device's resource rating tier.
+  bool supports_crc;        // Supported decrypt hash type CRC.
  uint32_t api_version;
  OEMCrypto_ProvisioningMethod provisioning_method;

--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -36,6 +36,7 @@
 #include "oemcrypto_session_tests_helper.h"
 #include "oemcrypto_types.h"
 #include "string_conversions.h"
+#include "wvcrc32.h"

 using ::testing::Bool;
 using ::testing::Combine;
@@ -1658,7 +1659,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshWithNoSelectKey) {
  ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(false));
 }

-// Of only one key control block in the refesh, we update all the keys.
+// If only one key control block in the refesh, we update all the keys.
 INSTANTIATE_TEST_CASE_P(TestRefreshAllKeys, SessionTestRefreshKeyTest,
                        Values(std::make_pair(true, 1),
                               std::make_pair(false, 1)));
@@ -1668,6 +1669,25 @@ INSTANTIATE_TEST_CASE_P(TestRefreshEachKeys, SessionTestRefreshKeyTest,
                        Values(std::make_pair(true, 4),
                               std::make_pair(false, 4)));

+// If the license does not allow a hash, then we should not compute one.
+TEST_F(OEMCryptoSessionTests, HashForbiddenAPI15) {
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
+  ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(kDuration, 0, 0));
+  ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
+  ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys());
+  // Either failure, or not supported is allowed.
+  ASSERT_NE(OEMCrypto_SUCCESS, OEMCrypto_InitializeDecryptHash(s.session_id()));
+  ASSERT_EQ(
+      OEMCrypto_SUCCESS,
+      OEMCrypto_SelectKey(s.session_id(), s.license().keys[0].key_id,
+                          s.license().keys[0].key_id_length,
+                          OEMCrypto_CipherMode_CTR));
+  // Still not allowed.
+  ASSERT_NE(OEMCrypto_SUCCESS, OEMCrypto_InitializeDecryptHash(s.session_id()));
+}
+
 //
 // Decrypt Tests
 //
@@ -1868,7 +1888,8 @@ class OEMCryptoSessionTestsDecryptTests
    Session s;
    ASSERT_NO_FATAL_FAILURE(s.open());
    ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
-    ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(kDuration, 0, 0));
+    ASSERT_NO_FATAL_FAILURE(
+        s.FillSimpleMessage(kDuration, kControlAllowHashVerification, 0));
    memcpy(s.license().keys[0].key_data, &key[0], key.size());
    s.license().keys[0].cipher_mode = cipher_mode_;
    ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
@@ -1877,7 +1898,10 @@ class OEMCryptoSessionTestsDecryptTests
                              s.license().keys[0].key_id_length,
                              cipher_mode_);
    ASSERT_EQ(OEMCrypto_SUCCESS, sts);
-
+    if (global_features.supports_crc) {
+      ASSERT_EQ(OEMCrypto_SUCCESS,
+                OEMCrypto_InitializeDecryptHash(s.session_id()));
+    }
    // We decrypt each subsample.
    vector<uint8_t> output_buffer(total_size_ + 16, 0xaa);
    const uint8_t *input_buffer = NULL;
@@ -1946,6 +1970,18 @@ class OEMCryptoSessionTestsDecryptTests
    EXPECT_EQ(0xaa, output_buffer[total_size_]) << "Buffer overrun.";
    output_buffer.resize(total_size_);
    EXPECT_EQ(unencryptedData, output_buffer);
+    if (global_features.supports_crc) {
+      uint32_t hash =
+          wvcrc32(&unencryptedData[0], unencryptedData.size());
+      ASSERT_EQ(OEMCrypto_SUCCESS,
+                OEMCrypto_SetDecryptHash(
+                    s.session_id(), 1, reinterpret_cast<const uint8_t*>(&hash),
+                    sizeof(hash)));
+      uint32_t frame;
+      ASSERT_EQ(OEMCrypto_SUCCESS,
+                OEMCrypto_GetHashErrorCode(s.session_id(), &frame));
+
+    }
  }

  OEMCrypto_CENCEncryptPatternDesc pattern_;