widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor provisioning unit tests

Browse Source 
There was some confusion about which tests loaded a cert and
which ones just used a cert. This distinction is important
when testing devices with a baked-in-cert.

Merged from https://widevine-internal-review.googlesource.com/183333

Change-Id: I3c2b119c3355b3a9190799637ff0860b6153b35b
This commit is contained in:
Fred Gylys-Colwell
2023-08-21 21:35:05 -07:00
committed by Robert Shih
parent 5b831fc4f1
commit 7bb0b06c03
6 changed files with 151 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp
View File

@@ -22,7 +22,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, DisallowForbiddenPaddingAPI09) {
}
LoadWithAllowedSchemes(kSign_RSASSA_PSS,
true); // Use default padding scheme
DisallowForbiddenPadding(kSign_PKCS1_Block1, 50);
DisallowForbiddenPaddingDRMKey(kSign_PKCS1_Block1, 50);
}
// The alternate padding is only required for cast receivers, but if a device
@@ -46,7 +46,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) {
// for forbidden padding schemes.
if (key_loaded_) {
// The other padding scheme should fail.
DisallowForbiddenPadding(kSign_RSASSA_PSS, 83);
DisallowForbiddenPaddingDRMKey(kSign_RSASSA_PSS, 83);
DisallowDeriveKeys();
if (global_features.cast_receiver) {
// A signature with a valid size should succeed.
@@ -54,7 +54,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) {
TestSignature(kSign_PKCS1_Block1, 50);
}
// A signature with padding that is too big should fail.
DisallowForbiddenPadding(kSign_PKCS1_Block1, 84); // too big.
DisallowForbiddenPaddingDRMKey(kSign_PKCS1_Block1, 84); // too big.
}
}
@@ -986,4 +986,4 @@ TEST_P(OEMCryptoSessionTestLoadCasKeysWithHDCP, CasOnlyLoadCasKeysAPI17) {
}
INSTANTIATE_TEST_SUITE_P(TestHDCP, OEMCryptoSessionTestLoadCasKeysWithHDCP,
Range(1, 6));
} // namespace wvoec
} // namespace wvoec

30
libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.h
View File

@@ -25,36 +25,6 @@ std::string MaybeHex(const std::vector<uint8_t>& data);
// This test attempts to use alternate algorithms for loaded device certs.
class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate {
protected:
void DisallowForbiddenPadding(RSA_Padding_Scheme scheme, size_t size) {
OEMCryptoResult sts;
Session s;
ASSERT_NO_FATAL_FAILURE(s.open());
ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
// Sign a Message
vector<uint8_t> licenseRequest(size);
GetRandBytes(licenseRequest.data(), licenseRequest.size());
size_t signature_length = 256;
vector<uint8_t> signature(signature_length);
sts = OEMCrypto_GenerateRSASignature(
s.session_id(), licenseRequest.data(), licenseRequest.size(),
signature.data(), &signature_length, scheme);
// Allow OEMCrypto to request a full buffer.
if (sts == OEMCrypto_ERROR_SHORT_BUFFER) {
ASSERT_NE(static_cast<size_t>(0), signature_length);
signature.assign(signature_length, 0);
sts = OEMCrypto_GenerateRSASignature(
s.session_id(), licenseRequest.data(), licenseRequest.size(),
signature.data(), &signature_length, scheme);
}
EXPECT_NE(OEMCrypto_SUCCESS, sts)
<< "Signed with forbidden padding scheme=" << (int)scheme
<< ", size=" << (int)size;
const vector<uint8_t> zero(signature.size(), 0);
ASSERT_EQ(zero, signature); // signature should not be computed.
}
void TestSignature(RSA_Padding_Scheme scheme, size_t size) {
Session s;
ASSERT_NO_FATAL_FAILURE(s.open());

9
libwvdrmengine/oemcrypto/test/oemcrypto_license_test.cpp
View File

@@ -84,13 +84,6 @@ void TestMaxKeys(SessionUtil* util, size_t num_keys_per_session) {
}
}
TEST_F(OEMCryptoSessionTestKeyboxTest, TestKeyboxIsValid) {
if (global_features.provisioning_method != OEMCrypto_Keybox) {
GTEST_SKIP() << "Test for Prov 2.0 devices only.";
}
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_IsKeyboxValid());
}
TEST_F(OEMCryptoSessionTests,
OEMCryptoMemoryPrepareLicenseRequestForHugeRequestMessageLength) {
TestPrepareLicenseRequestForHugeBufferLengths(
@@ -970,4 +963,4 @@ INSTANTIATE_TEST_SUITE_P(TestAPI16, OEMCryptoRefreshTestAPI16,
Range<uint32_t>(kCoreMessagesAPI, kCurrentAPI + 1));
/// @}
} // namespace wvoec
} // namespace wvoec

4
libwvdrmengine/oemcrypto/test/oemcrypto_license_test.h
View File

@@ -96,8 +96,6 @@ class OEMCryptoSessionTests : public OEMCryptoClientTest {
}
};
class OEMCryptoSessionTestKeyboxTest : public OEMCryptoSessionTests {};
// This class is for testing a single license with the default API version
// of 16.
class OEMCryptoLicenseTestAPI16 : public OEMCryptoSessionTests {
@@ -411,4 +409,4 @@ class OEMCryptoRefreshTestAPI16 : public OEMCryptoRefreshTest {};
} // namespace wvoec
#endif // CDM_OEMCRYPTO_LICENSE_TEST_
#endif // CDM_OEMCRYPTO_LICENSE_TEST_

67
libwvdrmengine/oemcrypto/test/oemcrypto_provisioning_test.cpp
View File

@@ -539,7 +539,7 @@ TEST_F(OEMCryptoProv40Test, InstallOemPrivateKeyCanBeUsed) {
* cert.
*/
TEST_F(OEMCryptoProv40Test, OEMPrivateKeyCannotBeDRMKey) {
// Create an OEM Cert and save it for alter.
// Create an OEM Cert and save it for later.
Session s1;
ASSERT_NO_FATAL_FAILURE(s1.open());
ASSERT_NO_FATAL_FAILURE(CreateProv4OEMKey(&s1));
@@ -657,8 +657,7 @@ INSTANTIATE_TEST_SUITE_P(Prov4CastProvisioningBasic, OEMCryptoProv40CastTest,
TEST_F(OEMCryptoLoadsCertificate, PrepAndSignLicenseRequestCounterAPI18) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
@@ -683,8 +682,7 @@ TEST_F(OEMCryptoLoadsCertificate, PrepAndSignLicenseRequestCounterAPI18) {
TEST_F(OEMCryptoLoadsCertificate, LoadRSASessionKey) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
@@ -696,8 +694,7 @@ TEST_F(OEMCryptoLoadsCertificate, LoadRSASessionKey) {
TEST_F(OEMCryptoLoadsCertificate, SignProvisioningRequest) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -716,8 +713,7 @@ TEST_F(OEMCryptoLoadsCertificate, SignProvisioningRequest) {
TEST_F(OEMCryptoLoadsCertificate, SignLargeProvisioningRequestAPI16) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -740,8 +736,7 @@ TEST_F(OEMCryptoLoadsCertificate, SignLargeProvisioningRequestAPI16) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvision) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -762,8 +757,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvision) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1_API16) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -785,8 +779,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1_API16) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2_API16) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -808,8 +801,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2_API16) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3_API16) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -833,8 +825,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3_API16) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4_API16) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -858,8 +849,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4_API16) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange5Prov30_API16) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
if (global_features.provisioning_method != OEMCrypto_OEMCertificate) {
@@ -890,8 +880,7 @@ TEST_F(OEMCryptoLoadsCertificate,
}
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
if (global_features.provisioning_method != OEMCrypto_Keybox) {
@@ -913,8 +902,7 @@ TEST_F(OEMCryptoLoadsCertificate,
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadNonce_API16) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -933,8 +921,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadNonce_API16) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRSAKey) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -960,8 +947,7 @@ TEST_F(OEMCryptoLoadsCertificate,
}
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -985,8 +971,7 @@ TEST_F(OEMCryptoLoadsCertificate,
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionLargeBuffer) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
Session s;
@@ -1008,8 +993,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionLargeBuffer) {
TEST_F(OEMCryptoLoadsCertificate, LoadWrappedRSAKey) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
@@ -1024,8 +1008,7 @@ class OEMCryptoLoadsCertVariousKeys : public OEMCryptoLoadsCertificate {
OEMCryptoLoadsCertificate::SetUp();
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
}
@@ -1107,8 +1090,7 @@ TEST_F(OEMCryptoLoadsCertVariousKeys, TestEulerZeroNormalDer) {
TEST_F(OEMCryptoLoadsCertificate, TestMultipleRSAKeys) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
@@ -1149,8 +1131,7 @@ TEST_F(OEMCryptoLoadsCertificate, TestMultipleRSAKeys) {
TEST_F(OEMCryptoLoadsCertificate, TestMaxDRMKeys) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
const size_t max_total_keys = GetResourceValue(kMaxTotalDRMPrivateKeys);
@@ -1222,8 +1203,7 @@ TEST_F(OEMCryptoLoadsCertificate, TestMaxDRMKeys) {
TEST_F(OEMCryptoLoadsCertificate, SupportsCertificatesAPI13) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
ASSERT_NE(0u,
@@ -1236,8 +1216,7 @@ TEST_F(OEMCryptoLoadsCertificate, SupportsCertificatesAPI13) {
TEST_F(OEMCryptoLoadsCertificate, RSAPerformance) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
const std::chrono::milliseconds kTestDuration(5000);
@@ -1369,4 +1348,4 @@ TEST_F(OEMCryptoUsesCertificate, GenerateDerivedKeysLargeBuffer) {
enc_context.data(), enc_context.size()));
}
} // namespace wvoec
} // namespace wvoec

193
libwvdrmengine/oemcrypto/test/oemcrypto_provisioning_test.h
View File

@@ -17,65 +17,84 @@
namespace wvoec {
// Tests using this class are only used for devices with a keybox. They are not
// run for devices with an OEM Certificate.
class OEMCryptoKeyboxTest : public OEMCryptoClientTest {
void SetUp() override {
OEMCryptoClientTest::SetUp();
if (global_features.provisioning_method != OEMCrypto_Keybox) {
GTEST_SKIP() << "Test for Prov 2.0 devices only.";
}
OEMCryptoResult sts = OEMCrypto_IsKeyboxValid();
// If the production keybox is valid, use it for these tests. Most of the
// other tests will use a test keybox anyway, but it's nice to check the
// device ID for the real keybox if we can.
if (sts == OEMCrypto_SUCCESS) return;
printf("Production keybox is NOT valid. All tests use test keybox.\n");
ASSERT_EQ(
OEMCrypto_SUCCESS,
OEMCrypto_LoadTestKeybox(reinterpret_cast<const uint8_t*>(&kTestKeybox),
sizeof(kTestKeybox)));
}
};
// This class is for tests that have an OEM Certificate instead of a keybox.
class OEMCryptoProv30Test : public OEMCryptoClientTest {
void SetUp() override {
OEMCryptoClientTest::SetUp();
if (global_features.provisioning_method != OEMCrypto_OEMCertificate) {
GTEST_SKIP() << "Test for Prov 3.0 devices only.";
}
}
};
// This class is for tests that have boot certificate chain instead of a keybox.
class OEMCryptoProv40Test : public OEMCryptoClientTest {
void SetUp() override {
OEMCryptoClientTest::SetUp();
if (global_features.provisioning_method != OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for Prov 4.0 devices only.";
}
}
};
class OEMCryptoProv40CastTest : public OEMCryptoClientTest,
public testing::WithParamInterface<bool> {
void SetUp() override {
OEMCryptoClientTest::SetUp();
if (!global_features.cast_receiver) {
GTEST_SKIP() << "Test for cast devices only.";
}
if (global_features.provisioning_method != OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for Prov 4.0 devices only.";
}
}
};
//
// Certificate Root of Trust Tests
//
class OEMCryptoLoadsCertificate : public OEMCryptoSessionTestKeyboxTest {
// These tests are run by all L1 devices that load and use certificates. It is
// also run by a few L3 devices that use a baked in certificate, but cannot load
// a certificate.
class OEMCryptoUsesCertificate : public OEMCryptoSessionTests {
protected:
void SetUp() override {
OEMCryptoSessionTests::SetUp();
ASSERT_NO_FATAL_FAILURE(session_.open());
if (global_features.derive_key_method ==
DeviceFeatures::LOAD_TEST_RSA_KEY) {
ASSERT_NO_FATAL_FAILURE(session_.SetRsaPublicKeyFromPrivateKeyInfo(
encoded_rsa_key_.data(), encoded_rsa_key_.size()));
} else {
InstallTestDrmKey(&session_);
}
}
void TearDown() override {
ASSERT_NO_FATAL_FAILURE(session_.close());
OEMCryptoSessionTests::TearDown();
}
Session session_;
};
/** These tests cover all systems that can load a DRM Certificate. That includes
* Provisioning 2, 3 and 4. */
class OEMCryptoLoadsCertificate : public OEMCryptoUsesCertificate {
protected:
void SetUp() override {
OEMCryptoUsesCertificate::SetUp();
if (!global_features.loads_certificate) {
GTEST_SKIP() << "Test for devices that load a DRM certificate only.";
}
}
/** Verify that the specified padding scheme does not work with the DRM
* key and the function OEMCrypto_GenerateRSASignature. */
void DisallowForbiddenPaddingDRMKey(RSA_Padding_Scheme scheme, size_t size) {
Session s;
ASSERT_NO_FATAL_FAILURE(s.open());
ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
DisallowForbiddenPadding(s.session_id(), scheme, size);
}
/** Verify that the specified padding scheme does not work with whichever key
* is currently loaded into the specified session and the function
* OEMCrypto_GenerateRSASignature. */
void DisallowForbiddenPadding(OEMCrypto_SESSION session,
RSA_Padding_Scheme scheme, size_t size) {
OEMCryptoResult sts;
// Sign a Message
vector<uint8_t> message(size);
GetRandBytes(message.data(), message.size());
size_t signature_length = 256;
vector<uint8_t> signature(signature_length);
sts = OEMCrypto_GenerateRSASignature(session, message.data(),
message.size(), signature.data(),
&signature_length, scheme);
// Allow OEMCrypto to request a full buffer.
if (sts == OEMCrypto_ERROR_SHORT_BUFFER) {
ASSERT_NE(static_cast<size_t>(0), signature_length);
signature.assign(signature_length, 0);
sts = OEMCrypto_GenerateRSASignature(session, message.data(),
message.size(), signature.data(),
&signature_length, scheme);
}
EXPECT_NE(OEMCrypto_SUCCESS, sts)
<< "Signed with forbidden padding scheme=" << (int)scheme
<< ", size=" << (int)size;
const vector<uint8_t> zero(signature.size(), 0);
ASSERT_EQ(zero, signature); // signature should not be computed.
}
void TestPrepareProvisioningRequestForHugeBufferLengths(
const std::function<void(size_t, ProvisioningRoundTrip*)> f,
bool check_status) {
@@ -142,31 +161,63 @@ class OEMCryptoLoadsCertificate : public OEMCryptoSessionTestKeyboxTest {
}
};
// These tests are run by all L1 devices that load and use certificates. It is
// also run by a few L3 devices that use a baked in certificate, but cannot load
// a certificate.
class OEMCryptoUsesCertificate : public OEMCryptoLoadsCertificate {
// Tests using this class are only used for devices with a keybox. They are not
// run for devices with an OEM Certificate.
class OEMCryptoKeyboxTest : public OEMCryptoLoadsCertificate {
protected:
void SetUp() override {
OEMCryptoLoadsCertificate::SetUp();
ASSERT_NO_FATAL_FAILURE(session_.open());
if (global_features.derive_key_method ==
DeviceFeatures::LOAD_TEST_RSA_KEY) {
ASSERT_NO_FATAL_FAILURE(session_.SetRsaPublicKeyFromPrivateKeyInfo(
encoded_rsa_key_.data(), encoded_rsa_key_.size()));
} else {
InstallTestDrmKey(&session_);
if (global_features.provisioning_method != OEMCrypto_Keybox) {
GTEST_SKIP() << "Test for Prov 2.0 devices only.";
}
OEMCryptoResult sts = OEMCrypto_IsKeyboxValid();
// If the production keybox is valid, use it for these tests. Most of the
// other tests will use a test keybox anyway, but it's nice to check the
// device ID for the real keybox if we can.
if (sts == OEMCrypto_SUCCESS) return;
printf("Production keybox is NOT valid. All tests use test keybox.\n");
ASSERT_EQ(
OEMCrypto_SUCCESS,
OEMCrypto_LoadTestKeybox(reinterpret_cast<const uint8_t*>(&kTestKeybox),
sizeof(kTestKeybox)));
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_IsKeyboxValid())
<< "After loading Test keybox, the keybox was still not valid.";
}
};
// This class is for tests that have an OEM Certificate instead of a keybox.
class OEMCryptoProv30Test : public OEMCryptoLoadsCertificate {
protected:
void SetUp() override {
OEMCryptoLoadsCertificate::SetUp();
if (global_features.provisioning_method != OEMCrypto_OEMCertificate) {
GTEST_SKIP() << "Test for Prov 3.0 devices only.";
}
}
};
void TearDown() override {
ASSERT_NO_FATAL_FAILURE(session_.close());
OEMCryptoLoadsCertificate::TearDown();
// This class is for tests that have boot certificate chain instead of a keybox.
class OEMCryptoProv40Test : public OEMCryptoLoadsCertificate {
protected:
void SetUp() override {
OEMCryptoLoadsCertificate::SetUp();
if (global_features.provisioning_method != OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for Prov 4.0 devices only.";
}
}
};
Session session_;
class OEMCryptoProv40CastTest : public OEMCryptoProv40Test,
public testing::WithParamInterface<bool> {
protected:
void SetUp() override {
OEMCryptoProv40Test::SetUp();
if (!global_features.cast_receiver) {
GTEST_SKIP() << "Test for cast devices only.";
}
}
};
} // namespace wvoec
#endif // CDM_OEMCRYPTO_PROVISIONING_TEST_
#endif // CDM_OEMCRYPTO_PROVISIONING_TEST_