widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix OEMCrypto test issues identified by Coverity

Browse Source 
Change-Id: Ic9f4982bf022292d10a0a88f10648a46077ec0cf
This commit is contained in:
Ian Benz
2024-01-19 23:28:28 +00:00
committed by Robert Shih
parent 28c2345413
commit 35cf9c2f99
7 changed files with 38 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
libwvdrmengine/oemcrypto/test/oec_session_util.cpp
View File

@@ -114,7 +114,6 @@ OEMCryptoResult DecryptCTR(const vector<uint8_t>& key_handle,
} // namespace } // namespace
// Encrypt a block of data using CTR mode. // Encrypt a block of data using CTR mode.
void EncryptCTR(const vector<uint8_t>& in_buffer, const uint8_t* key, void EncryptCTR(const vector<uint8_t>& in_buffer, const uint8_t* key,
const uint8_t* starting_iv, vector<uint8_t>* out_buffer) { const uint8_t* starting_iv, vector<uint8_t>* out_buffer) {
@@ -219,9 +218,12 @@ class boringssl_ptr {
Test_PST_Report::Test_PST_Report(const std::string& pst_in, Test_PST_Report::Test_PST_Report(const std::string& pst_in,
OEMCrypto_Usage_Entry_Status status_in) OEMCrypto_Usage_Entry_Status status_in)
: status(status_in), pst(pst_in) { : status(status_in),
time_created = wvutil::Clock().GetCurrentTime(); seconds_since_license_received(0),
} seconds_since_first_decrypt(0),
seconds_since_last_decrypt(0),
pst(pst_in),
time_created(wvutil::Clock().GetCurrentTime()) {}
template <class CoreRequest, PrepAndSignRequest_t PrepAndSignRequest, template <class CoreRequest, PrepAndSignRequest_t PrepAndSignRequest,
class CoreResponse, class ResponseData> class CoreResponse, class ResponseData>
@@ -561,12 +563,12 @@ void Provisioning40RoundTrip::PrepareSession(bool is_oem_key) {
public_key.resize(public_key_size); public_key.resize(public_key_size);
if (is_oem_key) { if (is_oem_key) {
wrapped_oem_key_ = wrapped_private_key; wrapped_oem_key_ = std::move(wrapped_private_key);
oem_public_key_ = public_key; oem_public_key_ = std::move(public_key);
oem_key_type_ = key_type; oem_key_type_ = key_type;
} else { } else {
wrapped_drm_key_ = wrapped_private_key; wrapped_drm_key_ = std::move(wrapped_private_key);
drm_public_key_ = public_key; drm_public_key_ = std::move(public_key);
drm_key_type_ = key_type; drm_key_type_ = key_type;
} }
} }
@@ -622,8 +624,8 @@ void Provisioning40CastRoundTrip::PrepareSession() {
wrapped_private_key.resize(wrapped_private_key_size); wrapped_private_key.resize(wrapped_private_key_size);
public_key.resize(public_key_size); public_key.resize(public_key_size);
wrapped_drm_key_ = wrapped_private_key; wrapped_drm_key_ = std::move(wrapped_private_key);
drm_public_key_ = public_key; drm_public_key_ = std::move(public_key);
drm_key_type_ = key_type; drm_key_type_ = key_type;
} }
@@ -1233,11 +1235,11 @@ void EntitledMessage::MakeOneKey(size_t entitlement_key_index) {
offsets->content_key_data_iv = FindSubstring( offsets->content_key_data_iv = FindSubstring(
key_data->content_key_data_iv, sizeof(key_data->content_key_data_iv)); key_data->content_key_data_iv, sizeof(key_data->content_key_data_iv));
EXPECT_EQ(1, GetRandBytes(key_data->content_iv, EXPECT_EQ(1,
sizeof(key_data->content_iv))); GetRandBytes(key_data->content_iv, sizeof(key_data->content_iv)));
key_data->content_iv_length = sizeof(key_data->content_iv); key_data->content_iv_length = sizeof(key_data->content_iv);
offsets->content_iv = FindSubstring( offsets->content_iv =
key_data->content_iv, key_data->content_iv_length); FindSubstring(key_data->content_iv, key_data->content_iv_length);
} }
OEMCrypto_EntitledContentKeyObject* EntitledMessage::entitled_key_array() { OEMCrypto_EntitledContentKeyObject* EntitledMessage::entitled_key_array() {
@@ -1387,7 +1389,7 @@ void EntitledMessage::LoadCasKeys(bool load_even, bool load_odd,
odd_key.content_key_id = entitled_key_array_[1].content_key_id; odd_key.content_key_id = entitled_key_array_[1].content_key_id;
odd_key.content_key_data_iv = entitled_key_array_[1].content_key_data_iv; odd_key.content_key_data_iv = entitled_key_array_[1].content_key_data_iv;
odd_key.content_key_data = entitled_key_array_[1].content_key_data; odd_key.content_key_data = entitled_key_array_[1].content_key_data;
even_key.content_iv = entitled_key_array_[1].content_iv; odd_key.content_iv = entitled_key_array_[1].content_iv;
} }
OEMCryptoResult sts = OEMCrypto_LoadCasECMKeys( OEMCryptoResult sts = OEMCrypto_LoadCasECMKeys(
@@ -1591,7 +1593,7 @@ OEMCryptoResult RenewalRoundTrip::LoadResponse(Session* session) {
GetFileName("oemcrypto_load_renewal_fuzz_seed_corpus"); GetFileName("oemcrypto_load_renewal_fuzz_seed_corpus");
// Corpus for renewal response fuzzer should be in the format: // Corpus for renewal response fuzzer should be in the format:
// OEMCrypto_Renewal_Response_Fuzz + license_renewal_response. // OEMCrypto_Renewal_Response_Fuzz + license_renewal_response.
OEMCrypto_Renewal_Response_Fuzz renewal_response_fuzz; OEMCrypto_Renewal_Response_Fuzz renewal_response_fuzz = {};
renewal_response_fuzz.core_request = core_request_; renewal_response_fuzz.core_request = core_request_;
renewal_response_fuzz.renewal_duration_seconds = renewal_duration_seconds_; renewal_response_fuzz.renewal_duration_seconds = renewal_duration_seconds_;
AppendToFile(file_name, AppendToFile(file_name,
@@ -1870,7 +1872,6 @@ void Session::LoadOEMCert(bool verify_cert) {
util::RsaPublicKey::FromSslHandle(EVP_PKEY_get0_RSA(pubkey.get())); util::RsaPublicKey::FromSslHandle(EVP_PKEY_get0_RSA(pubkey.get()));
ASSERT_TRUE(public_rsa_) ASSERT_TRUE(public_rsa_)
<< "Failed to extract public RSA key from OEM certificate"; << "Failed to extract public RSA key from OEM certificate";
return;
} }
if (verify_cert) { if (verify_cert) {
vector<char> buffer(80); vector<char> buffer(80);

4
libwvdrmengine/oemcrypto/test/oemcrypto_basic_test.cpp
View File

@@ -359,7 +359,7 @@ TEST_F(OEMCryptoClientTest, CheckJsonBuildInformationAPI18) {
// check for existence in map // check for existence in map
// check if value matches expectation // check if value matches expectation
// remove from map // remove from map
for (int i = 0; i < jsmn_result; i++) { for (int32_t i = 0; i < jsmn_result; i++) {
jsmntok_t token = tokens[i]; jsmntok_t token = tokens[i];
std::string key = build_info.substr(token.start, token.end - token.start); std::string key = build_info.substr(token.start, token.end - token.start);
if (expected.find(key) != expected.end()) { if (expected.find(key) != expected.end()) {
@@ -372,7 +372,7 @@ TEST_F(OEMCryptoClientTest, CheckJsonBuildInformationAPI18) {
// if map is not empty, return false // if map is not empty, return false
if (expected.size() > 0) { if (expected.size() > 0) {
std::string missing; std::string missing;
for (auto e : expected) { for (const auto& e : expected) {
missing.append(e.first); missing.append(e.first);
missing.append(" "); missing.append(" ");
} }

6
libwvdrmengine/oemcrypto/test/oemcrypto_decrypt_test.cpp
View File

@@ -463,7 +463,7 @@ TEST_P(OEMCryptoSessionTestsDecryptTests, DecryptMaxSampleAPI16) {
subsample_sizes.push_back({clear_size, encrypted_size}); subsample_sizes.push_back({clear_size, encrypted_size});
bytes_remaining -= this_subsample_size; bytes_remaining -= this_subsample_size;
} }
ASSERT_NO_FATAL_FAILURE(SetSubsampleSizes(subsample_sizes)); ASSERT_NO_FATAL_FAILURE(SetSubsampleSizes(std::move(subsample_sizes)));
ASSERT_NO_FATAL_FAILURE(LoadLicense()); ASSERT_NO_FATAL_FAILURE(LoadLicense());
ASSERT_NO_FATAL_FAILURE(MakeBuffers()); ASSERT_NO_FATAL_FAILURE(MakeBuffers());
ASSERT_NO_FATAL_FAILURE(EncryptData()); ASSERT_NO_FATAL_FAILURE(EncryptData());
@@ -477,7 +477,7 @@ TEST_P(OEMCryptoSessionTestsDecryptTests,
while (number_of_subsamples-- > 0) { while (number_of_subsamples-- > 0) {
subsample_sizes.push_back({100, 100}); subsample_sizes.push_back({100, 100});
} }
SetSubsampleSizes(subsample_sizes); SetSubsampleSizes(std::move(subsample_sizes));
LoadLicense(); LoadLicense();
MakeBuffers(); MakeBuffers();
EncryptData(); EncryptData();
@@ -501,7 +501,7 @@ TEST_P(OEMCryptoSessionTestsDecryptTests,
OEMCryptoMemoryCheckDecryptCENCStatusForHugeSubSample) { OEMCryptoMemoryCheckDecryptCENCStatusForHugeSubSample) {
std::vector<SubsampleSize> subsample_sizes; std::vector<SubsampleSize> subsample_sizes;
subsample_sizes.push_back({100000, 100000}); subsample_sizes.push_back({100000, 100000});
SetSubsampleSizes(subsample_sizes); SetSubsampleSizes(std::move(subsample_sizes));
LoadLicense(); LoadLicense();
MakeBuffers(); MakeBuffers();
EncryptData(); EncryptData();

2
libwvdrmengine/oemcrypto/test/oemcrypto_decrypt_test.h
View File

@@ -120,7 +120,7 @@ class OEMCryptoSessionTestsDecryptTests
void SetSubsampleSizes(std::vector<SubsampleSize> subsample_sizes) { void SetSubsampleSizes(std::vector<SubsampleSize> subsample_sizes) {
// This is just sugar for having one sample with the given subsamples in it. // This is just sugar for having one sample with the given subsamples in it.
SetSampleSizes({subsample_sizes}); SetSampleSizes({std::move(subsample_sizes)});
} }
void SetSampleSizes(std::vector<std::vector<SubsampleSize>> sample_sizes) { void SetSampleSizes(std::vector<std::vector<SubsampleSize>> sample_sizes) {

10
libwvdrmengine/oemcrypto/test/oemcrypto_generic_crypto_test.cpp
View File

@@ -122,12 +122,12 @@ TEST_P(OEMCryptoGenericCryptoTest, GenericKeyDecryptSameBufferAPI12) {
session_.license().keys[key_index].key_id, session_.license().keys[key_index].key_id,
session_.license().keys[key_index].key_id_length, session_.license().keys[key_index].key_id_length,
OEMCrypto_CipherMode_CENC, key_handle)); OEMCrypto_CipherMode_CENC, key_handle));
vector<uint8_t> buffer = encrypted; vector<uint8_t> resultant(encrypted.size());
ASSERT_EQ(OEMCrypto_SUCCESS, ASSERT_EQ(OEMCrypto_SUCCESS,
GenericDecrypt(key_handle.data(), key_handle.size(), buffer.data(), GenericDecrypt(key_handle.data(), key_handle.size(),
buffer.size(), iv_, OEMCrypto_AES_CBC_128_NO_PADDING, encrypted.data(), encrypted.size(), iv_,
buffer.data())); OEMCrypto_AES_CBC_128_NO_PADDING, resultant.data()));
ASSERT_EQ(clear_buffer_, buffer); ASSERT_EQ(clear_buffer_, resultant);
} }
// Test that Generic_Decrypt fails to decrypt to an insecure buffer if the key // Test that Generic_Decrypt fails to decrypt to an insecure buffer if the key

2
libwvdrmengine/oemcrypto/test/oemcrypto_license_test.h
View File

@@ -329,7 +329,7 @@ class LicenseWithUsageEntry {
ASSERT_NO_FATAL_FAILURE(session_.GenerateReport(pst())); ASSERT_NO_FATAL_FAILURE(session_.GenerateReport(pst()));
Test_PST_Report expected(pst(), status); Test_PST_Report expected(pst(), status);
ASSERT_NO_FATAL_FAILURE( ASSERT_NO_FATAL_FAILURE(
session_.VerifyReport(expected, time_license_received_, session_.VerifyReport(std::move(expected), time_license_received_,
time_first_decrypt_, time_last_decrypt_)); time_first_decrypt_, time_last_decrypt_));
// The PST report was signed above. Below we verify that the entire message // The PST report was signed above. Below we verify that the entire message
// that is sent to the server will be signed by the right mac keys. // that is sent to the server will be signed by the right mac keys.

15
libwvdrmengine/oemcrypto/test/oemcrypto_provisioning_test.cpp
View File

@@ -1269,13 +1269,13 @@ TEST_F(OEMCryptoLoadsCertificate, RSAPerformance) {
} }
auto delta_time = clock.now() - start_time; auto delta_time = clock.now() - start_time;
const double provision_time = const double provision_time =
delta_time / std::chrono::milliseconds(1) / count; delta_time / std::chrono::milliseconds(1) / static_cast<double>(count);
Session session; Session session;
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey()); ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
start_time = clock.now(); start_time = clock.now();
count = 0; count = 0;
while (clock.now() - start_time < kTestDuration) { do {
Session s; Session s;
ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(s.open());
ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_)); ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
@@ -1309,10 +1309,10 @@ TEST_F(OEMCryptoLoadsCertificate, RSAPerformance) {
signature.data(), &signature_length, kSign_RSASSA_PSS); signature.data(), &signature_length, kSign_RSASSA_PSS);
ASSERT_EQ(OEMCrypto_SUCCESS, sts); ASSERT_EQ(OEMCrypto_SUCCESS, sts);
count++; count++;
} } while (clock.now() - start_time < kTestDuration);
delta_time = clock.now() - start_time; delta_time = clock.now() - start_time;
const double license_request_time = const double license_request_time =
delta_time / std::chrono::milliseconds(1) / count; delta_time / std::chrono::milliseconds(1) / static_cast<double>(count);
Session s; Session s;
ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(s.open());
@@ -1345,17 +1345,18 @@ TEST_F(OEMCryptoLoadsCertificate, RSAPerformance) {
"b9f58fc1dacbf74b59d354a1e62cfa0e" "b9f58fc1dacbf74b59d354a1e62cfa0e"
"bf"); "bf");
start_time = clock.now(); start_time = clock.now();
while (clock.now() - start_time < kTestDuration) { count = 0;
do {
ASSERT_EQ(OEMCrypto_SUCCESS, ASSERT_EQ(OEMCrypto_SUCCESS,
OEMCrypto_DeriveKeysFromSessionKey( OEMCrypto_DeriveKeysFromSessionKey(
s.session_id(), enc_session_key.data(), s.session_id(), enc_session_key.data(),
enc_session_key.size(), mac_context.data(), enc_session_key.size(), mac_context.data(),
mac_context.size(), enc_context.data(), enc_context.size())); mac_context.size(), enc_context.data(), enc_context.size()));
count++; count++;
} } while (clock.now() - start_time < kTestDuration);
delta_time = clock.now() - start_time; delta_time = clock.now() - start_time;
const double derive_keys_time = const double derive_keys_time =
delta_time / std::chrono::milliseconds(1) / count; delta_time / std::chrono::milliseconds(1) / static_cast<double>(count);
OEMCrypto_Security_Level level = OEMCrypto_SecurityLevel(); OEMCrypto_Security_Level level = OEMCrypto_SecurityLevel();
printf( printf(