diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index d6cc17b6..c00f8065 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -47,6 +47,7 @@ void PrintTo(const vector& value, std::ostream* os) { } } // namespace std +namespace wvoec { namespace { const size_t kNumKeys = 4; #if defined(TEST_SPEED_MULTIPLIER) // Can slow test time limits when @@ -62,8 +63,6 @@ const uint32_t kLongDuration = 5 * kSpeedMultiplier; const int32_t kAlmostRange = 3 * kSpeedMultiplier; } // namespace -namespace wvoec { - typedef struct { uint8_t verification[4]; uint32_t duration; @@ -71,7 +70,11 @@ typedef struct { uint32_t control_bits; } KeyControlBlock; -const size_t kTestKeyIdMaxLength = 48; // pick a length. any length. +// Note: The API does not specify a maximum key id length. We specify a +// maximum just for these tests, so that we have a fixed message size. +const size_t kTestKeyIdMaxLength = 16; +// Most content will use a key id that is 16 bytes long. +const int kDefaultKeyIdLength = 16; typedef struct { uint8_t key_id[kTestKeyIdMaxLength]; size_t key_id_length; @@ -948,7 +951,7 @@ class Session { OEMCrypto_GetRandom(license_.mac_keys, sizeof(license_.mac_keys)); for (unsigned int i = 0; i < kNumKeys; i++) { memset(license_.keys[i].key_id, 0, kTestKeyIdMaxLength); - license_.keys[i].key_id_length = 12; + license_.keys[i].key_id_length = kDefaultKeyIdLength; memset(license_.keys[i].key_id, i, license_.keys[i].key_id_length); OEMCrypto_GetRandom(license_.keys[i].key_data, sizeof(license_.keys[i].key_data)); @@ -2536,8 +2539,8 @@ TEST_F(OEMCryptoSessionTests, DecryptZeroDuration) { class OEMCryptoSessionTestsDecryptEdgeCases : public OEMCryptoSessionTests { public: // Increment counter for AES-CTR. The CENC spec specifies we increment only - // the low 64 bits of the IV counter, and leave the high 64 bits alone. This is - // different from the OpenSSL implementation, so we implement the CTR loop + // the low 64 bits of the IV counter, and leave the high 64 bits alone. This + // is different from the OpenSSL implementation, so we implement the CTR loop // ourselves. void ctr128_inc64(int64_t increaseBy, uint8_t* iv) { uint64_t* counterBuffer = reinterpret_cast(&iv[8]); @@ -2588,9 +2591,9 @@ class OEMCryptoSessionTestsDecryptEdgeCases : public OEMCryptoSessionTests { s.FillSimpleMessage(kDuration, 0, 0); s.EncryptAndSign(); s.LoadTestKeys(); - // Select the key (from FillSimpleMessage) - vector keyId = wvcdm::a2b_hex("000000000000000000000000"); - sts = OEMCrypto_SelectKey(s.session_id(), &keyId[0], keyId.size()); + sts = OEMCrypto_SelectKey(s.session_id(), + s.license().keys[0].key_id, + s.license().keys[0].key_id_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); // We decrypt three subsamples. each with a block offset. @@ -4276,26 +4279,32 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_20) { class GenericCryptoTest : public OEMCryptoSessionTests { protected: - static const size_t kBufferSize = 160; // multiple of encryption block size. - vector clear_buffer_; - vector encrypted_buffer_; - uint8_t iv_[wvcdm::KEY_IV_SIZE]; + virtual void SetUp() { + OEMCryptoSessionTests::SetUp(); + session_.open(); + session_.GenerateTestSessionKeys(); + MakeFourKeys(); + } - void MakeFourKeys(Session* s, uint32_t duration = kDuration, - uint32_t control = 0, uint32_t nonce = 0, - const std::string& pst = "") { - s->FillSimpleMessage(duration, control, nonce, pst); - s->license().keys[0].control.control_bits |= + virtual void TearDown() { + session_.close(); + OEMCryptoSessionTests::TearDown(); + } + + void MakeFourKeys(uint32_t duration = kDuration, uint32_t control = 0, + uint32_t nonce = 0, const std::string& pst = "") { + session_.FillSimpleMessage(duration, control, nonce, pst); + session_.license().keys[0].control.control_bits |= htonl(wvoec_mock::kControlAllowEncrypt); - s->license().keys[1].control.control_bits |= + session_.license().keys[1].control.control_bits |= htonl(wvoec_mock::kControlAllowDecrypt); - s->license().keys[2].control.control_bits |= + session_.license().keys[2].control.control_bits |= htonl(wvoec_mock::kControlAllowSign); - s->license().keys[3].control.control_bits |= + session_.license().keys[3].control.control_bits |= htonl(wvoec_mock::kControlAllowVerify); - s->license().keys[2].key_data_length = wvcdm::MAC_KEY_SIZE; - s->license().keys[3].key_data_length = wvcdm::MAC_KEY_SIZE; + session_.license().keys[2].key_data_length = wvcdm::MAC_KEY_SIZE; + session_.license().keys[3].key_data_length = wvcdm::MAC_KEY_SIZE; clear_buffer_.assign(kBufferSize, 0); for (size_t i = 0; i < clear_buffer_.size(); i++) { @@ -4306,11 +4315,15 @@ class GenericCryptoTest : public OEMCryptoSessionTests { } } - void EncryptBuffer(Session* s, unsigned int key_index, - const vector& in_buffer, + void EncryptAndLoadKeys() { + session_.EncryptAndSign(); + session_.LoadTestKeys(); + } + + void EncryptBuffer(unsigned int key_index, const vector& in_buffer, vector* out_buffer) { AES_KEY aes_key; - ASSERT_EQ(0, AES_set_encrypt_key(s->license().keys[key_index].key_data, + ASSERT_EQ(0, AES_set_encrypt_key(session_.license().keys[key_index].key_data, AES_BLOCK_SIZE * 8, &aes_key)); uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; memcpy(iv_buffer, iv_, wvcdm::KEY_IV_SIZE); @@ -4322,12 +4335,12 @@ class GenericCryptoTest : public OEMCryptoSessionTests { } // Sign the buffer with the specified key. - void SignBuffer(Session* s, unsigned int key_index, + void SignBuffer(unsigned int key_index, const vector& in_buffer, vector* signature) { unsigned int md_len = SHA256_DIGEST_LENGTH; signature->resize(SHA256_DIGEST_LENGTH); - HMAC(EVP_sha256(), s->license().keys[key_index].key_data, + HMAC(EVP_sha256(), session_.license().keys[key_index].key_data, wvcdm::MAC_KEY_SIZE, &in_buffer[0], in_buffer.size(), signature->data(), &md_len); } @@ -4335,20 +4348,14 @@ class GenericCryptoTest : public OEMCryptoSessionTests { void BadEncrypt(unsigned int key_index, OEMCrypto_Algorithm algorithm, size_t buffer_length) { OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.EncryptAndSign(); - s.LoadTestKeys(); vector expected_encrypted; - EncryptBuffer(&s, key_index, clear_buffer_, &expected_encrypted); + EncryptBuffer(key_index, clear_buffer_, &expected_encrypted); sts = OEMCrypto_SelectKey( - s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); + session_.session_id(), session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); vector encrypted(buffer_length); - sts = OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], + sts = OEMCrypto_Generic_Encrypt(session_.session_id(), &clear_buffer_[0], buffer_length, iv_, algorithm, &encrypted[0]); ASSERT_NE(OEMCrypto_SUCCESS, sts); expected_encrypted.resize(buffer_length); @@ -4358,43 +4365,32 @@ class GenericCryptoTest : public OEMCryptoSessionTests { void BadDecrypt(unsigned int key_index, OEMCrypto_Algorithm algorithm, size_t buffer_length) { OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.EncryptAndSign(); - s.LoadTestKeys(); vector encrypted; - EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); + EncryptBuffer(key_index, clear_buffer_, &encrypted); sts = OEMCrypto_SelectKey( - s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); + session_.session_id(), session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); vector resultant(encrypted.size()); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], buffer_length, - iv_, algorithm, &resultant[0]); + sts = OEMCrypto_Generic_Decrypt(session_.session_id(), &encrypted[0], + buffer_length, iv_, algorithm, + &resultant[0]); ASSERT_NE(OEMCrypto_SUCCESS, sts); ASSERT_NE(clear_buffer_, resultant); } void BadSign(unsigned int key_index, OEMCrypto_Algorithm algorithm) { OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.EncryptAndSign(); - s.LoadTestKeys(); vector expected_signature; - SignBuffer(&s, key_index, clear_buffer_, &expected_signature); + SignBuffer(key_index, clear_buffer_, &expected_signature); sts = OEMCrypto_SelectKey( - s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); + session_.session_id(), session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); size_t signature_length = (size_t)SHA256_DIGEST_LENGTH; vector signature(SHA256_DIGEST_LENGTH); - sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + sts = OEMCrypto_Generic_Sign(session_.session_id(), &clear_buffer_[0], clear_buffer_.size(), algorithm, &signature[0], &signature_length); ASSERT_NE(OEMCrypto_SUCCESS, sts); @@ -4404,61 +4400,53 @@ class GenericCryptoTest : public OEMCryptoSessionTests { void BadVerify(unsigned int key_index, OEMCrypto_Algorithm algorithm, size_t signature_size, bool alter_data) { OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.EncryptAndSign(); - s.LoadTestKeys(); vector signature; - SignBuffer(&s, key_index, clear_buffer_, &signature); + SignBuffer(key_index, clear_buffer_, &signature); if (alter_data) { signature[0] ^= 42; } sts = OEMCrypto_SelectKey( - s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); + session_.session_id(), session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], + sts = OEMCrypto_Generic_Verify(session_.session_id(), &clear_buffer_[0], clear_buffer_.size(), algorithm, &signature[0], signature_size); ASSERT_NE(OEMCrypto_SUCCESS, sts); } + + static const size_t kBufferSize = 160; // multiple of encryption block size. + vector clear_buffer_; + vector encrypted_buffer_; + uint8_t iv_[wvcdm::KEY_IV_SIZE]; + Session session_; }; TEST_F(GenericCryptoTest, GenericKeyLoad) { - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.EncryptAndSign(); - s.LoadTestKeys(); + EncryptAndLoadKeys(); } TEST_F(GenericCryptoTest, GenericKeyEncrypt) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.EncryptAndSign(); - s.LoadTestKeys(); + EncryptAndLoadKeys(); unsigned int key_index = 0; vector expected_encrypted; - EncryptBuffer(&s, key_index, clear_buffer_, &expected_encrypted); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + EncryptBuffer(key_index, clear_buffer_, &expected_encrypted); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_SelectKey(session_.session_id(), + session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length)); vector encrypted(clear_buffer_.size()); - sts = OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], - clear_buffer_.size(), iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_Generic_Encrypt(session_.session_id(), &clear_buffer_[0], + clear_buffer_.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, + &encrypted[0])); ASSERT_EQ(encrypted, expected_encrypted); } TEST_F(GenericCryptoTest, GenericKeyBadEncrypt) { + EncryptAndLoadKeys(); BadEncrypt(0, OEMCrypto_HMAC_SHA256, kBufferSize); BadEncrypt(0, OEMCrypto_AES_CBC_128_NO_PADDING, kBufferSize - 10); BadEncrypt(1, OEMCrypto_AES_CBC_128_NO_PADDING, kBufferSize); @@ -4467,52 +4455,45 @@ TEST_F(GenericCryptoTest, GenericKeyBadEncrypt) { } TEST_F(GenericCryptoTest, GenericKeyDecrypt) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.EncryptAndSign(); - s.LoadTestKeys(); + EncryptAndLoadKeys(); unsigned int key_index = 1; vector encrypted; - EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + EncryptBuffer(key_index, clear_buffer_, &encrypted); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_SelectKey(session_.session_id(), + session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length)); vector resultant(encrypted.size()); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], encrypted.size(), - iv_, OEMCrypto_AES_CBC_128_NO_PADDING, - &resultant[0]); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_Generic_Decrypt(session_.session_id(), &encrypted[0], + encrypted.size(), + iv_, OEMCrypto_AES_CBC_128_NO_PADDING, + &resultant[0])); ASSERT_EQ(clear_buffer_, resultant); } TEST_F(GenericCryptoTest, GenericSecureToClear) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.license().keys[1].control.control_bits |= htonl( + session_.license().keys[1].control.control_bits |= htonl( wvoec_mock::kControlObserveDataPath | wvoec_mock::kControlDataPathSecure); - s.EncryptAndSign(); - s.LoadTestKeys(); + EncryptAndLoadKeys(); unsigned int key_index = 1; vector encrypted; - EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + EncryptBuffer(key_index, clear_buffer_, &encrypted); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_SelectKey(session_.session_id(), + session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length)); vector resultant(encrypted.size()); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], encrypted.size(), - iv_, OEMCrypto_AES_CBC_128_NO_PADDING, - &resultant[0]); - ASSERT_NE(OEMCrypto_SUCCESS, sts); + ASSERT_NE(OEMCrypto_SUCCESS, + OEMCrypto_Generic_Decrypt(session_.session_id(), &encrypted[0], + encrypted.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, + &resultant[0])); ASSERT_NE(clear_buffer_, resultant); } TEST_F(GenericCryptoTest, GenericKeyBadDecrypt) { + EncryptAndLoadKeys(); BadDecrypt(1, OEMCrypto_HMAC_SHA256, kBufferSize); BadDecrypt(1, OEMCrypto_AES_CBC_128_NO_PADDING, kBufferSize - 10); BadDecrypt(0, OEMCrypto_AES_CBC_128_NO_PADDING, kBufferSize); @@ -4521,35 +4502,31 @@ TEST_F(GenericCryptoTest, GenericKeyBadDecrypt) { } TEST_F(GenericCryptoTest, GenericKeySign) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.EncryptAndSign(); - s.LoadTestKeys(); + EncryptAndLoadKeys(); unsigned int key_index = 2; vector expected_signature; - SignBuffer(&s, key_index, clear_buffer_, &expected_signature); + SignBuffer(key_index, clear_buffer_, &expected_signature); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_SelectKey(session_.session_id(), + session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length)); size_t gen_signature_length = 0; - sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], - clear_buffer_.size(), OEMCrypto_HMAC_SHA256, - NULL, &gen_signature_length); - ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts); + ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, + OEMCrypto_Generic_Sign(session_.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + NULL, &gen_signature_length)); ASSERT_EQ(static_cast(SHA256_DIGEST_LENGTH), gen_signature_length); vector signature(SHA256_DIGEST_LENGTH); - sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], - clear_buffer_.size(), OEMCrypto_HMAC_SHA256, - &signature[0], &gen_signature_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_Generic_Sign(session_.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], &gen_signature_length)); ASSERT_EQ(signature, expected_signature); } TEST_F(GenericCryptoTest, GenericKeyBadSign) { + EncryptAndLoadKeys(); BadSign(0, OEMCrypto_HMAC_SHA256); // Can't sign with encrypt key. BadSign(1, OEMCrypto_HMAC_SHA256); // Can't sign with decrypt key. BadSign(3, OEMCrypto_HMAC_SHA256); // Can't sign with verify key. @@ -4557,27 +4534,23 @@ TEST_F(GenericCryptoTest, GenericKeyBadSign) { } TEST_F(GenericCryptoTest, GenericKeyVerify) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.EncryptAndSign(); - s.LoadTestKeys(); + EncryptAndLoadKeys(); unsigned int key_index = 3; vector signature; - SignBuffer(&s, key_index, clear_buffer_, &signature); + SignBuffer(key_index, clear_buffer_, &signature); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); - sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], - clear_buffer_.size(), OEMCrypto_HMAC_SHA256, - &signature[0], signature.size()); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_SelectKey(session_.session_id(), + session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length)); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_Generic_Verify(session_.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], signature.size())); } TEST_F(GenericCryptoTest, GenericKeyBadVerify) { + EncryptAndLoadKeys(); BadVerify(0, OEMCrypto_HMAC_SHA256, SHA256_DIGEST_LENGTH, false); BadVerify(1, OEMCrypto_HMAC_SHA256, SHA256_DIGEST_LENGTH, false); BadVerify(2, OEMCrypto_HMAC_SHA256, SHA256_DIGEST_LENGTH, false); @@ -4588,282 +4561,201 @@ TEST_F(GenericCryptoTest, GenericKeyBadVerify) { } TEST_F(GenericCryptoTest, KeyDurationEncrypt) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s, kDuration); - s.EncryptAndSign(); - s.LoadTestKeys(); - + EncryptAndLoadKeys(); vector expected_encrypted; - EncryptBuffer(&s, 0, clear_buffer_, &expected_encrypted); + EncryptBuffer(0, clear_buffer_, &expected_encrypted); unsigned int key_index = 0; vector encrypted(clear_buffer_.size()); sleep(kShortSleep); // Should still be valid key. - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); - sts = - OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], - clear_buffer_.size(), iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_SelectKey(session_.session_id(), + session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length)); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_Generic_Encrypt(session_.session_id(), &clear_buffer_[0], + clear_buffer_.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0])); ASSERT_EQ(encrypted, expected_encrypted); sleep(kLongSleep); // Should be expired key. encrypted.assign(clear_buffer_.size(), 0); - sts = - OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], - clear_buffer_.size(), iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]); - ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, sts); + ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, + OEMCrypto_Generic_Encrypt(session_.session_id(), &clear_buffer_[0], + clear_buffer_.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0])); ASSERT_NE(encrypted, expected_encrypted); } TEST_F(GenericCryptoTest, KeyDurationDecrypt) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s, kDuration); - s.EncryptAndSign(); - s.LoadTestKeys(); + EncryptAndLoadKeys(); unsigned int key_index = 1; vector encrypted; - EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + EncryptBuffer(key_index, clear_buffer_, &encrypted); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_SelectKey(session_.session_id(), + session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length)); sleep(kShortSleep); // Should still be valid key. vector resultant(encrypted.size()); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], - encrypted.size(), iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, - &resultant[0]); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_Generic_Decrypt(session_.session_id(), &encrypted[0], + encrypted.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, + &resultant[0])); ASSERT_EQ(clear_buffer_, resultant); sleep(kLongSleep); // Should be expired key. resultant.assign(encrypted.size(), 0); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], - encrypted.size(), iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, - &resultant[0]); - ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, sts); + ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, + OEMCrypto_Generic_Decrypt(session_.session_id(), &encrypted[0], + encrypted.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, + &resultant[0])); ASSERT_NE(clear_buffer_, resultant); } TEST_F(GenericCryptoTest, KeyDurationSign) { OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s, kDuration); - s.EncryptAndSign(); - s.LoadTestKeys(); + EncryptAndLoadKeys(); unsigned int key_index = 2; vector expected_signature; vector signature(SHA256_DIGEST_LENGTH); size_t signature_length = signature.size(); - SignBuffer(&s, key_index, clear_buffer_, &expected_signature); + SignBuffer(key_index, clear_buffer_, &expected_signature); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_SelectKey(session_.session_id(), + session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length)); sleep(kShortSleep); // Should still be valid key. - sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], - clear_buffer_.size(), OEMCrypto_HMAC_SHA256, - &signature[0], &signature_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_Generic_Sign(session_.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], &signature_length)); ASSERT_EQ(signature, expected_signature); sleep(kLongSleep); // Should be expired key. signature.assign(SHA256_DIGEST_LENGTH, 0); - sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], - clear_buffer_.size(), OEMCrypto_HMAC_SHA256, - &signature[0], &signature_length); - ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, sts); + ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, + OEMCrypto_Generic_Sign(session_.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], &signature_length)); ASSERT_NE(signature, expected_signature); } TEST_F(GenericCryptoTest, KeyDurationVerify) { OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s, kDuration); - s.EncryptAndSign(); - s.LoadTestKeys(); + EncryptAndLoadKeys(); unsigned int key_index = 3; vector signature; - SignBuffer(&s, key_index, clear_buffer_, &signature); + SignBuffer(key_index, clear_buffer_, &signature); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_SelectKey(session_.session_id(), + session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length)); sleep(kShortSleep); // Should still be valid key. - sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], - clear_buffer_.size(), OEMCrypto_HMAC_SHA256, - &signature[0], signature.size()); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_Generic_Verify(session_.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], signature.size())); sleep(kLongSleep); // Should be expired key. - sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], - clear_buffer_.size(), OEMCrypto_HMAC_SHA256, - &signature[0], signature.size()); - ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, sts); + ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, + OEMCrypto_Generic_Verify(session_.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], signature.size())); } -TEST_F(GenericCryptoTest, UniformShortKeyId) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - s.SetKeyId(0, "123456789012"); // 12 bytes. - s.SetKeyId(1, "aaaaaaaaaaaa"); - s.SetKeyId(2, "bbbbbbbbbbbb"); - s.SetKeyId(3, "cccccccccccc"); - s.EncryptAndSign(); - s.LoadTestKeys(); - unsigned int key_index = 1; - vector encrypted; +const unsigned int kLongKeyId = 2; - // To make sure OEMCrypto is not expecting the key_id to be zero padded, we - // will create a buffer that is padded with 'Z'. - vector key_id_buffer(s.license().keys[key_index].key_id_length + 5, - 'Z'); // Fill a bigger buffer with letter 'Z'. - memcpy(key_id_buffer.data(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); - sts = OEMCrypto_SelectKey(s.session_id(), key_id_buffer.data(), - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); - vector resultant(encrypted.size()); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], encrypted.size(), - iv_, OEMCrypto_AES_CBC_128_NO_PADDING, - &resultant[0]); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(clear_buffer_, resultant); +class GenericCryptoKeyIdLengthTest : public GenericCryptoTest { + protected: + virtual void SetUp() { + GenericCryptoTest::SetUp(); + const uint32_t kNoNonce = 0; + session_.FillSimpleMessage(kDuration, wvoec_mock::kControlAllowDecrypt, + kNoNonce); + // We are testing that the key ids do not have to have the same length. + session_.SetKeyId(0, "123456789012"); // 12 bytes (common key id length). + session_.SetKeyId(1, "12345"); // short key id. + session_.SetKeyId(2, "1234567890123456"); // 16 byte key id. (default) + session_.SetKeyId(3, "12345678901234"); // 14 byte. (uncommon) + ASSERT_EQ(2u, kLongKeyId); + } + + // Make all four keys have the same length. + void SetUniformKeyIdLength(size_t key_id_length) { + for(unsigned int i = 0; i < 4; i++) { + string key_id; + key_id.resize(key_id_length, i + 'a'); + session_.SetKeyId(i, key_id); + } + } + + void TestWithKey(unsigned int key_index) { + ASSERT_LE(key_index, kNumKeys); + EncryptAndLoadKeys(); + vector encrypted; + // To make sure OEMCrypto is not expecting the key_id to be zero padded, we + // will create a buffer that is padded with 'Z'. + // Then, we use fill the buffer with the longer of the three keys. If + // OEMCrypto is paying attention to the key id length, it should pick out + // the correct key. + vector key_id_buffer( + session_.license().keys[kLongKeyId].key_id_length + 5, + 'Z'); // Fill a bigger buffer with letter 'Z'. + memcpy(key_id_buffer.data(), session_.license().keys[kLongKeyId].key_id, + session_.license().keys[kLongKeyId].key_id_length); + EncryptBuffer(key_index, clear_buffer_, &encrypted); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_SelectKey(session_.session_id(), key_id_buffer.data(), + session_.license().keys[key_index].key_id_length)); + vector resultant(encrypted.size()); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_Generic_Decrypt(session_.session_id(), &encrypted[0], + encrypted.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, + &resultant[0])); + ASSERT_EQ(clear_buffer_, resultant); + } +}; + +TEST_F(GenericCryptoKeyIdLengthTest, MediumKeyId) { + TestWithKey(0); } -TEST_F(GenericCryptoTest, DISABLED_ShortKeyId) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - // We are testing that the key ids do not have to have the same length. - s.SetKeyId(0, "123456789012"); // 12 bytes. - s.SetKeyId(1, "12345"); // short key id. - s.SetKeyId(2, "123456789012-very-long-key-id"); - s.EncryptAndSign(); - s.LoadTestKeys(); - unsigned int key_index = 1; - vector encrypted; - - // To make sure OEMCrypto is not expecting the key_id to be zero padded, we - // will create a buffer that is padded with 'Z'. - vector key_id_buffer(s.license().keys[key_index].key_id_length + 5, - 'Z'); // Fill a bigger buffer with letter 'Z'. - memcpy(key_id_buffer.data(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); - sts = OEMCrypto_SelectKey(s.session_id(), key_id_buffer.data(), - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); - vector resultant(encrypted.size()); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], encrypted.size(), - iv_, OEMCrypto_AES_CBC_128_NO_PADDING, - &resultant[0]); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(clear_buffer_, resultant); +TEST_F(GenericCryptoKeyIdLengthTest, ShortKeyId) { + TestWithKey(1); } -TEST_F(GenericCryptoTest, DISABLED_LongKeyId) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - // We are testing that the key ids do not have to have the same length. - s.SetKeyId(0, "123456789012"); // 12 bytes. - s.SetKeyId(1, "123456789012-very-long-key-id"); // long key id. - s.SetKeyId(2, "12345"); - s.EncryptAndSign(); - s.LoadTestKeys(); - unsigned int key_index = 1; - vector encrypted; - - // To make sure OEMCrypto is not expecting the key_id to be zero padded, we - // will create a buffer that is padded with 'Z'. - vector key_id_buffer(s.license().keys[key_index].key_id_length + 5, - 'Z'); // Fill a bigger buffer with letter 'Z'. - memcpy(key_id_buffer.data(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); - EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); - sts = OEMCrypto_SelectKey(s.session_id(), key_id_buffer.data(), - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); - vector resultant(encrypted.size()); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], encrypted.size(), - iv_, OEMCrypto_AES_CBC_128_NO_PADDING, - &resultant[0]); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(clear_buffer_, resultant); +TEST_F(GenericCryptoKeyIdLengthTest, LongKeyId) { + TestWithKey(2); } -TEST_F(GenericCryptoTest, DISABLED_CommonPrefixKeyId) { - OEMCryptoResult sts; - Session s; - s.open(); - s.GenerateTestSessionKeys(); - MakeFourKeys(&s); - // We are testing that the key ids do not have to have the same length. - // Worse, they may have a common prefix. - // This test is more diabolical. We put the long key id in the buffer, but - // the length is for the shorter key. If OEMCrypto is paying attention to the - // key id length, it should see key 1. If it looks beyond the whole buffer, - // it will see key 0. - s.SetKeyId(0, "123456789012"); // 12 bytes. - s.SetKeyId(1, "12345"); // short key id, with common prefix with key 0. - s.SetKeyId(2, "123456789012-very-long-key-id"); - s.EncryptAndSign(); - s.LoadTestKeys(); - unsigned int key_index = 1; - unsigned int other_key_index = 0; // Key with shared prefix. - vector encrypted; +TEST_F(GenericCryptoKeyIdLengthTest, UniformShortKeyId) { + SetUniformKeyIdLength(5); + TestWithKey(2); +} - EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); - // Note: we pass in a buffer pointer to key id 0, because it starts off the - // same as key id 1. Since the length is for key id 1, oemcrypto should - // select key 1. - sts = OEMCrypto_SelectKey(s.session_id(), - s.license().keys[other_key_index].key_id, - s.license().keys[key_index].key_id_length); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); - vector resultant(encrypted.size()); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], encrypted.size(), - iv_, OEMCrypto_AES_CBC_128_NO_PADDING, - &resultant[0]); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(clear_buffer_, resultant); +TEST_F(GenericCryptoKeyIdLengthTest, UniformLongKeyId) { + SetUniformKeyIdLength(kTestKeyIdMaxLength); + TestWithKey(2); } TEST_F(OEMCryptoClientTest, UpdateUsageTableTest) { @@ -4878,9 +4770,9 @@ class UsageTableTest : public GenericCryptoTest { } void DeactivatePST(const std::string& pst) { - OEMCryptoResult sts = OEMCrypto_DeactivateUsageEntry( - reinterpret_cast(pst.c_str()), pst.length()); - ASSERT_EQ(OEMCrypto_SUCCESS, sts); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_DeactivateUsageEntry( + reinterpret_cast(pst.c_str()), pst.length())); } void LoadOfflineLicense(Session& s, const std::string& pst) { @@ -5369,43 +5261,40 @@ TEST_P(UsageTableTestWithMAC, DeactivateBadPST) { TEST_P(UsageTableTestWithMAC, GenericCryptoEncrypt) { std::string pst = "A PST"; ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable()); - Session s; - s.open(); - s.GenerateTestSessionKeys(); - uint32_t nonce = s.get_nonce(); - MakeFourKeys(&s, 0, wvoec_mock::kControlNonceEnabled | + uint32_t nonce = session_.get_nonce(); + MakeFourKeys(0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, nonce, pst); - s.EncryptAndSign(); - s.LoadTestKeys(pst, new_mac_keys_); + session_.EncryptAndSign(); + session_.LoadTestKeys(pst, new_mac_keys_); OEMCryptoResult sts; unsigned int key_index = 0; vector expected_encrypted; - EncryptBuffer(&s, key_index, clear_buffer_, &expected_encrypted); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); + EncryptBuffer(key_index, clear_buffer_, &expected_encrypted); + sts = OEMCrypto_SelectKey(session_.session_id(), session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); vector encrypted(clear_buffer_.size()); - sts = OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], + sts = OEMCrypto_Generic_Encrypt(session_.session_id(), &clear_buffer_[0], clear_buffer_.size(), iv_, OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]); ASSERT_EQ(OEMCrypto_SUCCESS, sts); EXPECT_EQ(encrypted, expected_encrypted); - s.GenerateReport(pst); - EXPECT_EQ(kActive, s.pst_report()->status); + session_.GenerateReport(pst); + EXPECT_EQ(kActive, session_.pst_report()->status); EXPECT_ALMOST( - 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); + 0, wvcdm::htonll64(session_.pst_report()->seconds_since_license_received)); EXPECT_ALMOST(0, - wvcdm::htonll64(s.pst_report()->seconds_since_first_decrypt)); + wvcdm::htonll64(session_.pst_report()->seconds_since_first_decrypt)); EXPECT_ALMOST(0, - wvcdm::htonll64(s.pst_report()->seconds_since_last_decrypt)); + wvcdm::htonll64(session_.pst_report()->seconds_since_last_decrypt)); DeactivatePST(pst); - s.GenerateReport(pst); - EXPECT_EQ(kInactive, s.pst_report()->status); + session_.GenerateReport(pst); + EXPECT_EQ(kInactive, session_.pst_report()->status); EXPECT_ALMOST( - 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); + 0, wvcdm::htonll64(session_.pst_report()->seconds_since_license_received)); encrypted.assign(clear_buffer_.size(), 0); - sts = OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], + sts = OEMCrypto_Generic_Encrypt(session_.session_id(), &clear_buffer_[0], clear_buffer_.size(), iv_, OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]); ASSERT_NE(OEMCrypto_SUCCESS, sts); @@ -5415,43 +5304,40 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoEncrypt) { TEST_P(UsageTableTestWithMAC, GenericCryptoDecrypt) { std::string pst = "my_pst"; ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable()); - Session s; - s.open(); - s.GenerateTestSessionKeys(); - uint32_t nonce = s.get_nonce(); - MakeFourKeys(&s, 0, wvoec_mock::kControlNonceEnabled | + uint32_t nonce = session_.get_nonce(); + MakeFourKeys(0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, nonce, pst); - s.EncryptAndSign(); - s.LoadTestKeys(pst, new_mac_keys_); + session_.EncryptAndSign(); + session_.LoadTestKeys(pst, new_mac_keys_); OEMCryptoResult sts; unsigned int key_index = 1; vector encrypted; - EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); + EncryptBuffer(key_index, clear_buffer_, &encrypted); + sts = OEMCrypto_SelectKey(session_.session_id(), session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); vector resultant(encrypted.size()); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], + sts = OEMCrypto_Generic_Decrypt(session_.session_id(), &encrypted[0], encrypted.size(), iv_, OEMCrypto_AES_CBC_128_NO_PADDING, &resultant[0]); ASSERT_EQ(OEMCrypto_SUCCESS, sts); EXPECT_EQ(clear_buffer_, resultant); - s.GenerateReport(pst); - EXPECT_EQ(kActive, s.pst_report()->status); + session_.GenerateReport(pst); + EXPECT_EQ(kActive, session_.pst_report()->status); EXPECT_ALMOST( - 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); + 0, wvcdm::htonll64(session_.pst_report()->seconds_since_license_received)); EXPECT_ALMOST(0, - wvcdm::htonll64(s.pst_report()->seconds_since_first_decrypt)); + wvcdm::htonll64(session_.pst_report()->seconds_since_first_decrypt)); EXPECT_ALMOST(0, - wvcdm::htonll64(s.pst_report()->seconds_since_last_decrypt)); + wvcdm::htonll64(session_.pst_report()->seconds_since_last_decrypt)); DeactivatePST(pst); - s.GenerateReport(pst); - EXPECT_EQ(kInactive, s.pst_report()->status); + session_.GenerateReport(pst); + EXPECT_EQ(kInactive, session_.pst_report()->status); EXPECT_ALMOST( - 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); + 0, wvcdm::htonll64(session_.pst_report()->seconds_since_license_received)); resultant.assign(encrypted.size(), 0); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], + sts = OEMCrypto_Generic_Decrypt(session_.session_id(), &encrypted[0], encrypted.size(), iv_, OEMCrypto_AES_CBC_128_NO_PADDING, &resultant[0]); ASSERT_NE(OEMCrypto_SUCCESS, sts); @@ -5461,54 +5347,51 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoDecrypt) { TEST_P(UsageTableTestWithMAC, GenericCryptoSign) { std::string pst = "my_pst"; ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable()); - Session s; - s.open(); - s.GenerateTestSessionKeys(); - uint32_t nonce = s.get_nonce(); - MakeFourKeys(&s, 0, wvoec_mock::kControlNonceEnabled | + uint32_t nonce = session_.get_nonce(); + MakeFourKeys(0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, nonce, pst); - s.EncryptAndSign(); - s.LoadTestKeys(pst, new_mac_keys_); + session_.EncryptAndSign(); + session_.LoadTestKeys(pst, new_mac_keys_); OEMCryptoResult sts; unsigned int key_index = 2; vector expected_signature; - SignBuffer(&s, key_index, clear_buffer_, &expected_signature); + SignBuffer(key_index, clear_buffer_, &expected_signature); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); + sts = OEMCrypto_SelectKey(session_.session_id(), session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); size_t gen_signature_length = 0; - sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + sts = OEMCrypto_Generic_Sign(session_.session_id(), &clear_buffer_[0], clear_buffer_.size(), OEMCrypto_HMAC_SHA256, NULL, &gen_signature_length); ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts); ASSERT_EQ(static_cast(SHA256_DIGEST_LENGTH), gen_signature_length); vector signature(SHA256_DIGEST_LENGTH); - sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + sts = OEMCrypto_Generic_Sign(session_.session_id(), &clear_buffer_[0], clear_buffer_.size(), OEMCrypto_HMAC_SHA256, &signature[0], &gen_signature_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); ASSERT_EQ(signature, expected_signature); - s.GenerateReport(pst); - EXPECT_EQ(kActive, s.pst_report()->status); + session_.GenerateReport(pst); + EXPECT_EQ(kActive, session_.pst_report()->status); EXPECT_ALMOST( - 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); + 0, wvcdm::htonll64(session_.pst_report()->seconds_since_license_received)); EXPECT_ALMOST(0, - wvcdm::htonll64(s.pst_report()->seconds_since_first_decrypt)); + wvcdm::htonll64(session_.pst_report()->seconds_since_first_decrypt)); EXPECT_ALMOST(0, - wvcdm::htonll64(s.pst_report()->seconds_since_last_decrypt)); + wvcdm::htonll64(session_.pst_report()->seconds_since_last_decrypt)); DeactivatePST(pst); - s.GenerateReport(pst); - EXPECT_EQ(kInactive, s.pst_report()->status); + session_.GenerateReport(pst); + EXPECT_EQ(kInactive, session_.pst_report()->status); EXPECT_ALMOST( - 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); + 0, wvcdm::htonll64(session_.pst_report()->seconds_since_license_received)); signature.assign(SHA256_DIGEST_LENGTH, 0); gen_signature_length = SHA256_DIGEST_LENGTH; - sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + sts = OEMCrypto_Generic_Sign(session_.session_id(), &clear_buffer_[0], clear_buffer_.size(), OEMCrypto_HMAC_SHA256, &signature[0], &gen_signature_length); ASSERT_NE(OEMCrypto_SUCCESS, sts); @@ -5518,44 +5401,41 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoSign) { TEST_P(UsageTableTestWithMAC, GenericCryptoVerify) { std::string pst = "my_pst"; ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable()); - Session s; - s.open(); - s.GenerateTestSessionKeys(); - uint32_t nonce = s.get_nonce(); - MakeFourKeys(&s, 0, wvoec_mock::kControlNonceEnabled | + uint32_t nonce = session_.get_nonce(); + MakeFourKeys(0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, nonce, pst); - s.EncryptAndSign(); - s.LoadTestKeys(pst, new_mac_keys_); + session_.EncryptAndSign(); + session_.LoadTestKeys(pst, new_mac_keys_); OEMCryptoResult sts; unsigned int key_index = 3; vector signature; - SignBuffer(&s, key_index, clear_buffer_, &signature); + SignBuffer(key_index, clear_buffer_, &signature); - sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, - s.license().keys[key_index].key_id_length); + sts = OEMCrypto_SelectKey(session_.session_id(), session_.license().keys[key_index].key_id, + session_.license().keys[key_index].key_id_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], + sts = OEMCrypto_Generic_Verify(session_.session_id(), &clear_buffer_[0], clear_buffer_.size(), OEMCrypto_HMAC_SHA256, &signature[0], signature.size()); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - s.GenerateReport(pst); - EXPECT_EQ(kActive, s.pst_report()->status); + session_.GenerateReport(pst); + EXPECT_EQ(kActive, session_.pst_report()->status); EXPECT_ALMOST( - 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); + 0, wvcdm::htonll64(session_.pst_report()->seconds_since_license_received)); EXPECT_ALMOST(0, - wvcdm::htonll64(s.pst_report()->seconds_since_first_decrypt)); + wvcdm::htonll64(session_.pst_report()->seconds_since_first_decrypt)); EXPECT_ALMOST(0, - wvcdm::htonll64(s.pst_report()->seconds_since_last_decrypt)); + wvcdm::htonll64(session_.pst_report()->seconds_since_last_decrypt)); DeactivatePST(pst); - s.GenerateReport(pst); - EXPECT_EQ(kInactive, s.pst_report()->status); + session_.GenerateReport(pst); + EXPECT_EQ(kInactive, session_.pst_report()->status); EXPECT_ALMOST( - 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); + 0, wvcdm::htonll64(session_.pst_report()->seconds_since_license_received)); - sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], + sts = OEMCrypto_Generic_Verify(session_.session_id(), &clear_buffer_[0], clear_buffer_.size(), OEMCrypto_HMAC_SHA256, &signature[0], signature.size()); ASSERT_NE(OEMCrypto_SUCCESS, sts);