Merge oemcrypto buffer overflow tests from cdm

Widevine CLs: http://go/wvgerrit/112243 http://go/wvgerrit/110563 http://go/wvgerrit/95483 http://go/wvgerrit/107047 http://go/wvgerrit/111123 http://go/wvgerrit/106224 http://go/wvgerrit/106263 http://go/wvgerrit/106223 http://go/wvgerrit/104223 http://go/wvgerrit/108583 http://go/wvgerrit/111403 http://go/wvgerrit/111623 http://go/wvgerrit/106264 http://go/wvgerrit/110483 http://go/wvgerrit/111944 http://go/wvgerrit/108684 http://go/wvgerrit/104183 http://go/wvgerrit/111443 http://go/wvgerrit/111869 http://go/wvgerrit/108843 http://go/wvgerrit/104363 http://go/wvgerrit/104423 http://go/wvgerrit/104263 http://go/wvgerrit/106584 http://go/wvgerrit/105924 http://go/wvgerrit/104524 http://go/wvgerrit/113023 Bug:175401639 Test: We would like to run these tests on pixel devices from master branch using go/wv-and-dash Change-Id: Ic4188504af64de9ce79941f75ac6feaf29189a4d
2020-12-15 12:13:07 -08:00
parent e851d42eb1
commit 6b548748b2
5 changed files with 2391 additions and 139 deletions
--- a/libwvdrmengine/oemcrypto/test/oec_session_util.h
+++ b/libwvdrmengine/oemcrypto/test/oec_session_util.h
@@ -155,12 +155,25 @@ class RoundTrip {
        core_response_(),
        response_data_(),
        encrypted_response_data_(),
-        required_message_size_(0) {}
+        required_message_size_(0),
+        required_core_message_size_(0),
+        required_request_signature_size_(0) {}
  virtual ~RoundTrip() {}

  // Have OEMCrypto sign a request message and then verify the signature and the
  // core message.
-  virtual void SignAndVerifyRequest();
+  virtual void SignAndVerifyRequest() {
+    // Boolean true generates core request and verifies the request.
+    // Custom message sizes are 0 by default, so the behavior of following
+    // functions will be sign and verify request without any custom buffers
+    // sizes.
+    ASSERT_EQ(SignAndCreateRequestWithCustomBufferLengths(true),
+              OEMCrypto_SUCCESS);
+  }
+  // Have OEMCrypto sign and call create request APIs. Buffer parameters in API
+  // can be set to custom values to test with varying lengths of buffers.
+  virtual OEMCryptoResult SignAndCreateRequestWithCustomBufferLengths(
+      bool verify_request = false);
  // Used for OEMCrypto Fuzzing: Function to convert fuzzer data to valid
  // License/Provisioning/Renwal request data that can be serialized.
  virtual void InjectFuzzedRequestData(uint8_t* data, size_t size);
@@ -189,6 +202,16 @@ class RoundTrip {

  // Set the size of the buffer used the encrypted license.
  void set_message_size(size_t size) { required_message_size_ = size; }
+  // Set core message size to test OEMCrypto request APIs for varying core
+  // message lengths.
+  void set_core_message_size(size_t size) {
+    required_core_message_size_ = size;
+  }
+  // Set signature size to test OEMCrypto request APIs for varying signature
+  // lengths.
+  void set_request_signature_size(size_t size) {
+    required_request_signature_size_ = size;
+  }
  std::vector<uint8_t>& response_signature() { return response_signature_; }
  const std::string& serialized_core_message() const {
    return serialized_core_message_;
@@ -217,6 +240,8 @@ class RoundTrip {
  // Message buffers will be at least this big. Tests for loading and signing
  // messages will increase all buffers to this size.
  size_t required_message_size_;
+  size_t required_core_message_size_;
+  size_t required_request_signature_size_;
  std::vector<uint8_t> response_signature_;
  std::string serialized_core_message_;
  std::vector<uint8_t> encrypted_response_;
@@ -239,6 +264,8 @@ class ProvisioningRoundTrip
  virtual void PrepareSession(const wvoec::WidevineKeybox& keybox);
  void CreateDefaultResponse() override;
  void EncryptAndSignResponse() override;
+  void EncryptAndSignResponseWithoutUpdatingEncPrivateKeyLength();
+  void SignResponse();
  OEMCryptoResult LoadResponse() override { return LoadResponse(session_); }
  OEMCryptoResult LoadResponse(Session* session) override;
  void VerifyLoadFailed();
@@ -318,6 +345,7 @@ class LicenseRoundTrip
  void EncryptAndSignResponse() override;
  OEMCryptoResult LoadResponse() override { return LoadResponse(session_); }
  OEMCryptoResult LoadResponse(Session* session) override;
+  OEMCryptoResult LoadResponse(Session* session, bool verify_keys);
  // Reload an offline license into a different session. This derives new mac
  // keys and then calls LoadResponse.
  OEMCryptoResult ReloadResponse(Session* session);
@@ -442,11 +470,19 @@ class EntitledMessage {
  void FillKeyArray();
  void MakeOneKey(size_t entitlement_key_index);
  void LoadKeys(OEMCryptoResult expected_sts);
+  OEMCryptoResult LoadKeys(const vector<uint8_t>& message);
+  OEMCryptoResult LoadKeys();
+  void EncryptContentKey();
  void set_num_keys(uint32_t num_keys) { num_keys_ = num_keys; }
  uint32_t num_keys() const { return num_keys_; }
  void SetEntitlementKeyId(unsigned int index, const std::string& key_id);
  // Verify that key control blocks of the loaded keys.
  void VerifyEntitlementTestKeys();
+  OEMCrypto_EntitledContentKeyObject* entitled_key_array();
+  // Returns entitled_key_data_ which is used as input message buffer to
+  // load entitled content keys API.
+  EntitledContentKeyData* entitled_key_data();
+  size_t entitled_key_data_size();

 private:
  // Find the offset of the give pointer, relative to |entitled_key_data_|.
@@ -631,6 +667,11 @@ bool ConvertByteToValidBoolean(const bool* in);
 template <class CoreRequest>
 void WriteRequestApiCorpus(size_t signature_length, size_t core_message_length,
                           vector<uint8_t>& data);
+template <PrepAndSignRequest_t PrepAndSignRequest>
+void GetDefaultRequestSignatureAndCoreMessageLengths(
+    uint32_t& session_id, size_t& required_message_size,
+    const size_t& small_size, size_t* gen_signature_length,
+    size_t* core_message_length);
 }  // namespace wvoec

 #endif  // CDM_OEC_SESSION_UTIL_H_