|
|
|
|
@@ -58,15 +58,33 @@ void PrintTo(const tuple<OEMCrypto_CENCEncryptPatternDesc, OEMCryptoCipherMode,
|
|
|
|
|
}
|
|
|
|
|
} // namespace std
|
|
|
|
|
|
|
|
|
|
namespace wvoec {
|
|
|
|
|
namespace {
|
|
|
|
|
// Resource tiers:
|
|
|
|
|
const size_t KiB = 1024;
|
|
|
|
|
const size_t MiB = 1024 * 1024;
|
|
|
|
|
template<typename T, size_t N>
|
|
|
|
|
T GetResourceValue(T (&resource_values)[N]) {
|
|
|
|
|
if (global_features.resource_rating < 1) return resource_values[0];
|
|
|
|
|
if (global_features.resource_rating > N) return resource_values[N-1];
|
|
|
|
|
return resource_values[global_features.resource_rating-1];
|
|
|
|
|
}
|
|
|
|
|
const size_t kMaxSampleSize[] = { 1000*KiB, 2*MiB, 4*MiB};
|
|
|
|
|
const size_t kMaxNumberSubsamples[] = { 10, 16, 32};
|
|
|
|
|
const size_t kMaxSubsampleSize[] = { 100*KiB, 500*KiB, 1*MiB};
|
|
|
|
|
const size_t kMaxGenericBuffer[] = { 10*KiB, 100*KiB, 500*KiB};
|
|
|
|
|
const size_t kMaxConcurrentSession[] = { 10, 20, 20};
|
|
|
|
|
const size_t kMaxKeysPerSession [] = { 4, 20, 20};
|
|
|
|
|
// Note: Frame rate and simultaneous playback are specified by resource rating,
|
|
|
|
|
// but are tested at the system level, so there are no unit tests for frame
|
|
|
|
|
// rate.
|
|
|
|
|
|
|
|
|
|
int GetRandBytes(unsigned char* buf, int num) {
|
|
|
|
|
// returns 1 on success, -1 if not supported, or 0 if other failure.
|
|
|
|
|
return RAND_bytes(buf, num);
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
|
|
namespace wvoec {
|
|
|
|
|
|
|
|
|
|
class OEMCryptoClientTest : public ::testing::Test, public SessionUtil {
|
|
|
|
|
protected:
|
|
|
|
|
OEMCryptoClientTest() {}
|
|
|
|
|
@@ -123,6 +141,11 @@ TEST_F(OEMCryptoClientTest, VersionNumber) {
|
|
|
|
|
ASSERT_LE(version, 15u);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(OEMCryptoClientTest, ResourceRatingAPI15) {
|
|
|
|
|
ASSERT_GE(OEMCrypto_ResourceRatingTier(), 1u);
|
|
|
|
|
ASSERT_LE(OEMCrypto_ResourceRatingTier(), 3u);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(OEMCryptoClientTest, ProvisioningDeclaredAPI12) {
|
|
|
|
|
OEMCrypto_ProvisioningMethod provisioning_method =
|
|
|
|
|
OEMCrypto_GetProvisioningMethod();
|
|
|
|
|
@@ -192,6 +215,8 @@ TEST_F(OEMCryptoClientTest, CheckMaxNumberOfSessionsAPI10) {
|
|
|
|
|
OEMCryptoResult sts = OEMCrypto_GetMaxNumberOfSessions(&maximum);
|
|
|
|
|
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
|
|
|
|
|
printf(" Max Number of Sessions: %zu.\n", maximum);
|
|
|
|
|
size_t required_max = GetResourceValue(kMaxConcurrentSession);
|
|
|
|
|
ASSERT_GE(maximum, required_max);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
@@ -240,13 +265,13 @@ TEST_F(OEMCryptoClientTest, MaxSessionsOpenCloseAPI10) {
|
|
|
|
|
ASSERT_EQ(0u, sessions_count);
|
|
|
|
|
size_t max_sessions;
|
|
|
|
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_GetMaxNumberOfSessions(&max_sessions));
|
|
|
|
|
// We expect OEMCrypto implementations support at least 10 sessions.
|
|
|
|
|
const size_t kMinimumSupportedMaxNumberOfSessions = 10u;
|
|
|
|
|
ASSERT_GE(max_sessions, kMinimumSupportedMaxNumberOfSessions);
|
|
|
|
|
// We expect OEMCrypto implementations support at least this many sessions.
|
|
|
|
|
size_t required_number = GetResourceValue(kMaxConcurrentSession);
|
|
|
|
|
ASSERT_GE(max_sessions, required_number);
|
|
|
|
|
// We allow GetMaxNumberOfSessions to return an estimate. This tests with a
|
|
|
|
|
// pad of 5%. Even if it's just an estimate, we still require 8 sessions.
|
|
|
|
|
size_t max_sessions_with_pad =
|
|
|
|
|
max(max_sessions * 19 / 20, kMinimumSupportedMaxNumberOfSessions);
|
|
|
|
|
max(max_sessions * 19 / 20, required_number);
|
|
|
|
|
vector<OEMCrypto_SESSION> sessions;
|
|
|
|
|
// Limit the number of sessions for testing.
|
|
|
|
|
const size_t kMaxNumberOfSessionsForTesting = 0x100u;
|
|
|
|
|
@@ -439,12 +464,13 @@ TEST_F(OEMCryptoClientTest, ClearCopyTestAPI10) {
|
|
|
|
|
OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(OEMCryptoClientTest, ClearCopyTestLargeBufferAPI10) {
|
|
|
|
|
TEST_F(OEMCryptoClientTest, ClearCopyTestLargeSubsample) {
|
|
|
|
|
Session s;
|
|
|
|
|
ASSERT_NO_FATAL_FAILURE(s.open());
|
|
|
|
|
vector<uint8_t> input_buffer(kMaxDecryptSize);
|
|
|
|
|
size_t max_size = GetResourceValue(kMaxSubsampleSize);
|
|
|
|
|
vector<uint8_t> input_buffer(max_size);
|
|
|
|
|
GetRandBytes(&input_buffer[0], input_buffer.size());
|
|
|
|
|
vector<uint8_t> output_buffer(kMaxDecryptSize);
|
|
|
|
|
vector<uint8_t> output_buffer(max_size);
|
|
|
|
|
OEMCrypto_DestBufferDesc dest_buffer;
|
|
|
|
|
dest_buffer.type = OEMCrypto_BufferType_Clear;
|
|
|
|
|
dest_buffer.buffer.clear.address = &output_buffer[0];
|
|
|
|
|
@@ -1409,15 +1435,17 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(OEMCryptoSessionTests, Minimum20KeysAPI12) {
|
|
|
|
|
TEST_F(OEMCryptoSessionTests, MinimumKeysAPI12) {
|
|
|
|
|
Session s;
|
|
|
|
|
ASSERT_NO_FATAL_FAILURE(s.open());
|
|
|
|
|
ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
|
|
|
|
|
s.set_num_keys(kMaxNumKeys);
|
|
|
|
|
size_t num_keys = GetResourceValue(kMaxKeysPerSession);
|
|
|
|
|
ASSERT_LE(num_keys, kMaxNumKeys) << "Test constants need updating.";
|
|
|
|
|
s.set_num_keys(num_keys);
|
|
|
|
|
ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, 0, 0));
|
|
|
|
|
ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
|
|
|
|
|
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys());
|
|
|
|
|
for (size_t key_index = 0; key_index < kMaxNumKeys; key_index++) {
|
|
|
|
|
for (size_t key_index = 0; key_index < num_keys; key_index++) {
|
|
|
|
|
bool kSelectKeyFirst = true;
|
|
|
|
|
ASSERT_NO_FATAL_FAILURE(
|
|
|
|
|
s.TestDecryptCTR(kSelectKeyFirst, OEMCrypto_SUCCESS, key_index));
|
|
|
|
|
@@ -2065,15 +2093,35 @@ TEST_P(OEMCryptoSessionTestsPartialBlockTests, PartialBlock) {
|
|
|
|
|
TestDecryptCENC(key, encryptionIv, encryptedData, unencryptedData);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_P(OEMCryptoSessionTestsDecryptTests, DecryptLargeBuffer) {
|
|
|
|
|
subsample_size_.push_back(SampleSize(kMaxDecryptSize, 0));
|
|
|
|
|
subsample_size_.push_back(SampleSize(kMaxDecryptSize, 0));
|
|
|
|
|
subsample_size_.push_back(SampleSize(0, kMaxDecryptSize));
|
|
|
|
|
subsample_size_.push_back(SampleSize(0, kMaxDecryptSize));
|
|
|
|
|
subsample_size_.push_back(SampleSize(kMaxDecryptSize, 0));
|
|
|
|
|
subsample_size_.push_back(SampleSize(kMaxDecryptSize, 0));
|
|
|
|
|
subsample_size_.push_back(SampleSize(0, kMaxDecryptSize));
|
|
|
|
|
subsample_size_.push_back(SampleSize(0, kMaxDecryptSize));
|
|
|
|
|
// Based on the resource rating, oemcrypto should handle at least
|
|
|
|
|
// kMaxNumberSubsamples na kMaxSampleSize
|
|
|
|
|
TEST_P(OEMCryptoSessionTestsDecryptTests, DecryptMaxSample) {
|
|
|
|
|
size_t max_size = GetResourceValue(kMaxSampleSize);
|
|
|
|
|
size_t max_subsample_size = GetResourceValue(kMaxSubsampleSize);
|
|
|
|
|
size_t num_subsamples = GetResourceValue(kMaxNumberSubsamples);
|
|
|
|
|
if (num_subsamples * max_subsample_size > max_size) {
|
|
|
|
|
max_subsample_size = max_size / num_subsamples;
|
|
|
|
|
}
|
|
|
|
|
for(size_t i = 0; i < num_subsamples/2; i += 2) {
|
|
|
|
|
subsample_size_.push_back(SampleSize(max_subsample_size, 0));
|
|
|
|
|
subsample_size_.push_back(SampleSize(0, max_subsample_size));
|
|
|
|
|
}
|
|
|
|
|
FindTotalSize();
|
|
|
|
|
vector<uint8_t> unencryptedData(total_size_);
|
|
|
|
|
vector<uint8_t> encryptedData(total_size_);
|
|
|
|
|
vector<uint8_t> encryptionIv(AES_BLOCK_SIZE);
|
|
|
|
|
vector<uint8_t> key(AES_BLOCK_SIZE);
|
|
|
|
|
EXPECT_EQ(1, GetRandBytes(&encryptionIv[0], AES_BLOCK_SIZE));
|
|
|
|
|
EXPECT_EQ(1, GetRandBytes(&key[0], AES_BLOCK_SIZE));
|
|
|
|
|
for (size_t i = 0; i < total_size_; i++) unencryptedData[i] = i % 256;
|
|
|
|
|
EncryptData(key, encryptionIv, unencryptedData, &encryptedData);
|
|
|
|
|
TestDecryptCENC(key, encryptionIv, encryptedData, unencryptedData);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_P(OEMCryptoSessionTestsDecryptTests, DecryptMaxSubsample) {
|
|
|
|
|
size_t max_subsample_size = GetResourceValue(kMaxSubsampleSize);
|
|
|
|
|
subsample_size_.push_back(SampleSize(max_subsample_size, 0));
|
|
|
|
|
subsample_size_.push_back(SampleSize(0, max_subsample_size));
|
|
|
|
|
FindTotalSize();
|
|
|
|
|
vector<uint8_t> unencryptedData(total_size_);
|
|
|
|
|
vector<uint8_t> encryptedData(total_size_);
|
|
|
|
|
@@ -4243,7 +4291,7 @@ TEST_F(GenericCryptoTest, GenericKeyBadVerify) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(GenericCryptoTest, GenericKeyEncryptLargeBuffer) {
|
|
|
|
|
buffer_size_ = kMaxDecryptSize;
|
|
|
|
|
buffer_size_ = GetResourceValue(kMaxGenericBuffer);
|
|
|
|
|
EncryptAndLoadKeys();
|
|
|
|
|
unsigned int key_index = 0;
|
|
|
|
|
vector<uint8_t> expected_encrypted;
|
|
|
|
|
@@ -4264,7 +4312,7 @@ TEST_F(GenericCryptoTest, GenericKeyEncryptLargeBuffer) {
|
|
|
|
|
|
|
|
|
|
TEST_F(GenericCryptoTest, GenericKeyDecryptLargeBuffer) {
|
|
|
|
|
// Some applications are known to pass in a block that is almost 400k.
|
|
|
|
|
buffer_size_ = kMaxDecryptSize;
|
|
|
|
|
buffer_size_ = GetResourceValue(kMaxGenericBuffer);
|
|
|
|
|
EncryptAndLoadKeys();
|
|
|
|
|
unsigned int key_index = 1;
|
|
|
|
|
vector<uint8_t> encrypted;
|
|
|
|
|
@@ -4284,7 +4332,7 @@ TEST_F(GenericCryptoTest, GenericKeyDecryptLargeBuffer) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(GenericCryptoTest, GenericKeySignLargeBuffer) {
|
|
|
|
|
buffer_size_ = kMaxDecryptSize;
|
|
|
|
|
buffer_size_ = GetResourceValue(kMaxGenericBuffer);
|
|
|
|
|
EncryptAndLoadKeys();
|
|
|
|
|
unsigned int key_index = 2;
|
|
|
|
|
vector<uint8_t> expected_signature;
|
|
|
|
|
@@ -4311,7 +4359,7 @@ TEST_F(GenericCryptoTest, GenericKeySignLargeBuffer) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(GenericCryptoTest, GenericKeyVerifyLargeBuffer) {
|
|
|
|
|
buffer_size_ = kMaxDecryptSize;
|
|
|
|
|
buffer_size_ = GetResourceValue(kMaxGenericBuffer);
|
|
|
|
|
EncryptAndLoadKeys();
|
|
|
|
|
unsigned int key_index = 3;
|
|
|
|
|
vector<uint8_t> signature;
|
|
|
|
|
|
Fred Gylys-Colwell