Refactor provisioning unit tests
There was some confusion about which tests loaded a cert and which ones just used a cert. This distinction is important when testing devices with a baked-in-cert. Merged from https://widevine-internal-review.googlesource.com/183333 Change-Id: I3c2b119c3355b3a9190799637ff0860b6153b35b
This commit is contained in:
Fred Gylys-Colwell
committed by
Robert Shih
Robert Shih
parent
5b831fc4f1
commit
7bb0b06c03
@@ -22,7 +22,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, DisallowForbiddenPaddingAPI09) {
|
|||||||
}
|
}
|
||||||
LoadWithAllowedSchemes(kSign_RSASSA_PSS,
|
LoadWithAllowedSchemes(kSign_RSASSA_PSS,
|
||||||
true); // Use default padding scheme
|
true); // Use default padding scheme
|
||||||
DisallowForbiddenPadding(kSign_PKCS1_Block1, 50);
|
DisallowForbiddenPaddingDRMKey(kSign_PKCS1_Block1, 50);
|
||||||
}
|
}
|
||||||
|
|
||||||
// The alternate padding is only required for cast receivers, but if a device
|
// The alternate padding is only required for cast receivers, but if a device
|
||||||
@@ -46,7 +46,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) {
|
|||||||
// for forbidden padding schemes.
|
// for forbidden padding schemes.
|
||||||
if (key_loaded_) {
|
if (key_loaded_) {
|
||||||
// The other padding scheme should fail.
|
// The other padding scheme should fail.
|
||||||
DisallowForbiddenPadding(kSign_RSASSA_PSS, 83);
|
DisallowForbiddenPaddingDRMKey(kSign_RSASSA_PSS, 83);
|
||||||
DisallowDeriveKeys();
|
DisallowDeriveKeys();
|
||||||
if (global_features.cast_receiver) {
|
if (global_features.cast_receiver) {
|
||||||
// A signature with a valid size should succeed.
|
// A signature with a valid size should succeed.
|
||||||
@@ -54,7 +54,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) {
|
|||||||
TestSignature(kSign_PKCS1_Block1, 50);
|
TestSignature(kSign_PKCS1_Block1, 50);
|
||||||
}
|
}
|
||||||
// A signature with padding that is too big should fail.
|
// A signature with padding that is too big should fail.
|
||||||
DisallowForbiddenPadding(kSign_PKCS1_Block1, 84); // too big.
|
DisallowForbiddenPaddingDRMKey(kSign_PKCS1_Block1, 84); // too big.
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -25,36 +25,6 @@ std::string MaybeHex(const std::vector<uint8_t>& data);
|
|||||||
// This test attempts to use alternate algorithms for loaded device certs.
|
// This test attempts to use alternate algorithms for loaded device certs.
|
||||||
class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate {
|
class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate {
|
||||||
protected:
|
protected:
|
||||||
void DisallowForbiddenPadding(RSA_Padding_Scheme scheme, size_t size) {
|
|
||||||
OEMCryptoResult sts;
|
|
||||||
Session s;
|
|
||||||
ASSERT_NO_FATAL_FAILURE(s.open());
|
|
||||||
ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
|
|
||||||
|
|
||||||
// Sign a Message
|
|
||||||
vector<uint8_t> licenseRequest(size);
|
|
||||||
GetRandBytes(licenseRequest.data(), licenseRequest.size());
|
|
||||||
size_t signature_length = 256;
|
|
||||||
vector<uint8_t> signature(signature_length);
|
|
||||||
sts = OEMCrypto_GenerateRSASignature(
|
|
||||||
s.session_id(), licenseRequest.data(), licenseRequest.size(),
|
|
||||||
signature.data(), &signature_length, scheme);
|
|
||||||
// Allow OEMCrypto to request a full buffer.
|
|
||||||
if (sts == OEMCrypto_ERROR_SHORT_BUFFER) {
|
|
||||||
ASSERT_NE(static_cast<size_t>(0), signature_length);
|
|
||||||
signature.assign(signature_length, 0);
|
|
||||||
sts = OEMCrypto_GenerateRSASignature(
|
|
||||||
s.session_id(), licenseRequest.data(), licenseRequest.size(),
|
|
||||||
signature.data(), &signature_length, scheme);
|
|
||||||
}
|
|
||||||
|
|
||||||
EXPECT_NE(OEMCrypto_SUCCESS, sts)
|
|
||||||
<< "Signed with forbidden padding scheme=" << (int)scheme
|
|
||||||
<< ", size=" << (int)size;
|
|
||||||
const vector<uint8_t> zero(signature.size(), 0);
|
|
||||||
ASSERT_EQ(zero, signature); // signature should not be computed.
|
|
||||||
}
|
|
||||||
|
|
||||||
void TestSignature(RSA_Padding_Scheme scheme, size_t size) {
|
void TestSignature(RSA_Padding_Scheme scheme, size_t size) {
|
||||||
Session s;
|
Session s;
|
||||||
ASSERT_NO_FATAL_FAILURE(s.open());
|
ASSERT_NO_FATAL_FAILURE(s.open());
|
||||||
|
|||||||
@@ -84,13 +84,6 @@ void TestMaxKeys(SessionUtil* util, size_t num_keys_per_session) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST_F(OEMCryptoSessionTestKeyboxTest, TestKeyboxIsValid) {
|
|
||||||
if (global_features.provisioning_method != OEMCrypto_Keybox) {
|
|
||||||
GTEST_SKIP() << "Test for Prov 2.0 devices only.";
|
|
||||||
}
|
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_IsKeyboxValid());
|
|
||||||
}
|
|
||||||
|
|
||||||
TEST_F(OEMCryptoSessionTests,
|
TEST_F(OEMCryptoSessionTests,
|
||||||
OEMCryptoMemoryPrepareLicenseRequestForHugeRequestMessageLength) {
|
OEMCryptoMemoryPrepareLicenseRequestForHugeRequestMessageLength) {
|
||||||
TestPrepareLicenseRequestForHugeBufferLengths(
|
TestPrepareLicenseRequestForHugeBufferLengths(
|
||||||
|
|||||||
@@ -96,8 +96,6 @@ class OEMCryptoSessionTests : public OEMCryptoClientTest {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
class OEMCryptoSessionTestKeyboxTest : public OEMCryptoSessionTests {};
|
|
||||||
|
|
||||||
// This class is for testing a single license with the default API version
|
// This class is for testing a single license with the default API version
|
||||||
// of 16.
|
// of 16.
|
||||||
class OEMCryptoLicenseTestAPI16 : public OEMCryptoSessionTests {
|
class OEMCryptoLicenseTestAPI16 : public OEMCryptoSessionTests {
|
||||||
|
|||||||
@@ -539,7 +539,7 @@ TEST_F(OEMCryptoProv40Test, InstallOemPrivateKeyCanBeUsed) {
|
|||||||
* cert.
|
* cert.
|
||||||
*/
|
*/
|
||||||
TEST_F(OEMCryptoProv40Test, OEMPrivateKeyCannotBeDRMKey) {
|
TEST_F(OEMCryptoProv40Test, OEMPrivateKeyCannotBeDRMKey) {
|
||||||
// Create an OEM Cert and save it for alter.
|
// Create an OEM Cert and save it for later.
|
||||||
Session s1;
|
Session s1;
|
||||||
ASSERT_NO_FATAL_FAILURE(s1.open());
|
ASSERT_NO_FATAL_FAILURE(s1.open());
|
||||||
ASSERT_NO_FATAL_FAILURE(CreateProv4OEMKey(&s1));
|
ASSERT_NO_FATAL_FAILURE(CreateProv4OEMKey(&s1));
|
||||||
@@ -657,8 +657,7 @@ INSTANTIATE_TEST_SUITE_P(Prov4CastProvisioningBasic, OEMCryptoProv40CastTest,
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, PrepAndSignLicenseRequestCounterAPI18) {
|
TEST_F(OEMCryptoLoadsCertificate, PrepAndSignLicenseRequestCounterAPI18) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
||||||
@@ -683,8 +682,7 @@ TEST_F(OEMCryptoLoadsCertificate, PrepAndSignLicenseRequestCounterAPI18) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, LoadRSASessionKey) {
|
TEST_F(OEMCryptoLoadsCertificate, LoadRSASessionKey) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
||||||
@@ -696,8 +694,7 @@ TEST_F(OEMCryptoLoadsCertificate, LoadRSASessionKey) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, SignProvisioningRequest) {
|
TEST_F(OEMCryptoLoadsCertificate, SignProvisioningRequest) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -716,8 +713,7 @@ TEST_F(OEMCryptoLoadsCertificate, SignProvisioningRequest) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, SignLargeProvisioningRequestAPI16) {
|
TEST_F(OEMCryptoLoadsCertificate, SignLargeProvisioningRequestAPI16) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -740,8 +736,7 @@ TEST_F(OEMCryptoLoadsCertificate, SignLargeProvisioningRequestAPI16) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, CertificateProvision) {
|
TEST_F(OEMCryptoLoadsCertificate, CertificateProvision) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -762,8 +757,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvision) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1_API16) {
|
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1_API16) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -785,8 +779,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1_API16) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2_API16) {
|
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2_API16) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -808,8 +801,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2_API16) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3_API16) {
|
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3_API16) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -833,8 +825,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3_API16) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4_API16) {
|
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4_API16) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -858,8 +849,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4_API16) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange5Prov30_API16) {
|
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange5Prov30_API16) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
if (global_features.provisioning_method != OEMCrypto_OEMCertificate) {
|
if (global_features.provisioning_method != OEMCrypto_OEMCertificate) {
|
||||||
@@ -890,8 +880,7 @@ TEST_F(OEMCryptoLoadsCertificate,
|
|||||||
}
|
}
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
if (global_features.provisioning_method != OEMCrypto_Keybox) {
|
if (global_features.provisioning_method != OEMCrypto_Keybox) {
|
||||||
@@ -913,8 +902,7 @@ TEST_F(OEMCryptoLoadsCertificate,
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadNonce_API16) {
|
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadNonce_API16) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -933,8 +921,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadNonce_API16) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRSAKey) {
|
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRSAKey) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -960,8 +947,7 @@ TEST_F(OEMCryptoLoadsCertificate,
|
|||||||
}
|
}
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -985,8 +971,7 @@ TEST_F(OEMCryptoLoadsCertificate,
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionLargeBuffer) {
|
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionLargeBuffer) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
Session s;
|
Session s;
|
||||||
@@ -1008,8 +993,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionLargeBuffer) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, LoadWrappedRSAKey) {
|
TEST_F(OEMCryptoLoadsCertificate, LoadWrappedRSAKey) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
||||||
@@ -1024,8 +1008,7 @@ class OEMCryptoLoadsCertVariousKeys : public OEMCryptoLoadsCertificate {
|
|||||||
OEMCryptoLoadsCertificate::SetUp();
|
OEMCryptoLoadsCertificate::SetUp();
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1107,8 +1090,7 @@ TEST_F(OEMCryptoLoadsCertVariousKeys, TestEulerZeroNormalDer) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, TestMultipleRSAKeys) {
|
TEST_F(OEMCryptoLoadsCertificate, TestMultipleRSAKeys) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
||||||
@@ -1149,8 +1131,7 @@ TEST_F(OEMCryptoLoadsCertificate, TestMultipleRSAKeys) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, TestMaxDRMKeys) {
|
TEST_F(OEMCryptoLoadsCertificate, TestMaxDRMKeys) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
const size_t max_total_keys = GetResourceValue(kMaxTotalDRMPrivateKeys);
|
const size_t max_total_keys = GetResourceValue(kMaxTotalDRMPrivateKeys);
|
||||||
@@ -1222,8 +1203,7 @@ TEST_F(OEMCryptoLoadsCertificate, TestMaxDRMKeys) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, SupportsCertificatesAPI13) {
|
TEST_F(OEMCryptoLoadsCertificate, SupportsCertificatesAPI13) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
ASSERT_NE(0u,
|
ASSERT_NE(0u,
|
||||||
@@ -1236,8 +1216,7 @@ TEST_F(OEMCryptoLoadsCertificate, SupportsCertificatesAPI13) {
|
|||||||
TEST_F(OEMCryptoLoadsCertificate, RSAPerformance) {
|
TEST_F(OEMCryptoLoadsCertificate, RSAPerformance) {
|
||||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||||
// provisioning 4. Disabled here temporarily.
|
// provisioning 4. Disabled here temporarily.
|
||||||
if (!global_features.loads_certificate ||
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||||
}
|
}
|
||||||
const std::chrono::milliseconds kTestDuration(5000);
|
const std::chrono::milliseconds kTestDuration(5000);
|
||||||
|
|||||||
@@ -17,65 +17,84 @@
|
|||||||
|
|
||||||
namespace wvoec {
|
namespace wvoec {
|
||||||
|
|
||||||
// Tests using this class are only used for devices with a keybox. They are not
|
|
||||||
// run for devices with an OEM Certificate.
|
|
||||||
class OEMCryptoKeyboxTest : public OEMCryptoClientTest {
|
|
||||||
void SetUp() override {
|
|
||||||
OEMCryptoClientTest::SetUp();
|
|
||||||
if (global_features.provisioning_method != OEMCrypto_Keybox) {
|
|
||||||
GTEST_SKIP() << "Test for Prov 2.0 devices only.";
|
|
||||||
}
|
|
||||||
OEMCryptoResult sts = OEMCrypto_IsKeyboxValid();
|
|
||||||
// If the production keybox is valid, use it for these tests. Most of the
|
|
||||||
// other tests will use a test keybox anyway, but it's nice to check the
|
|
||||||
// device ID for the real keybox if we can.
|
|
||||||
if (sts == OEMCrypto_SUCCESS) return;
|
|
||||||
printf("Production keybox is NOT valid. All tests use test keybox.\n");
|
|
||||||
ASSERT_EQ(
|
|
||||||
OEMCrypto_SUCCESS,
|
|
||||||
OEMCrypto_LoadTestKeybox(reinterpret_cast<const uint8_t*>(&kTestKeybox),
|
|
||||||
sizeof(kTestKeybox)));
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
// This class is for tests that have an OEM Certificate instead of a keybox.
|
|
||||||
class OEMCryptoProv30Test : public OEMCryptoClientTest {
|
|
||||||
void SetUp() override {
|
|
||||||
OEMCryptoClientTest::SetUp();
|
|
||||||
if (global_features.provisioning_method != OEMCrypto_OEMCertificate) {
|
|
||||||
GTEST_SKIP() << "Test for Prov 3.0 devices only.";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
// This class is for tests that have boot certificate chain instead of a keybox.
|
|
||||||
class OEMCryptoProv40Test : public OEMCryptoClientTest {
|
|
||||||
void SetUp() override {
|
|
||||||
OEMCryptoClientTest::SetUp();
|
|
||||||
if (global_features.provisioning_method != OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for Prov 4.0 devices only.";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
class OEMCryptoProv40CastTest : public OEMCryptoClientTest,
|
|
||||||
public testing::WithParamInterface<bool> {
|
|
||||||
void SetUp() override {
|
|
||||||
OEMCryptoClientTest::SetUp();
|
|
||||||
if (!global_features.cast_receiver) {
|
|
||||||
GTEST_SKIP() << "Test for cast devices only.";
|
|
||||||
}
|
|
||||||
if (global_features.provisioning_method != OEMCrypto_BootCertificateChain) {
|
|
||||||
GTEST_SKIP() << "Test for Prov 4.0 devices only.";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// Certificate Root of Trust Tests
|
// Certificate Root of Trust Tests
|
||||||
//
|
//
|
||||||
class OEMCryptoLoadsCertificate : public OEMCryptoSessionTestKeyboxTest {
|
// These tests are run by all L1 devices that load and use certificates. It is
|
||||||
|
// also run by a few L3 devices that use a baked in certificate, but cannot load
|
||||||
|
// a certificate.
|
||||||
|
class OEMCryptoUsesCertificate : public OEMCryptoSessionTests {
|
||||||
protected:
|
protected:
|
||||||
|
void SetUp() override {
|
||||||
|
OEMCryptoSessionTests::SetUp();
|
||||||
|
ASSERT_NO_FATAL_FAILURE(session_.open());
|
||||||
|
if (global_features.derive_key_method ==
|
||||||
|
DeviceFeatures::LOAD_TEST_RSA_KEY) {
|
||||||
|
ASSERT_NO_FATAL_FAILURE(session_.SetRsaPublicKeyFromPrivateKeyInfo(
|
||||||
|
encoded_rsa_key_.data(), encoded_rsa_key_.size()));
|
||||||
|
} else {
|
||||||
|
InstallTestDrmKey(&session_);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void TearDown() override {
|
||||||
|
ASSERT_NO_FATAL_FAILURE(session_.close());
|
||||||
|
OEMCryptoSessionTests::TearDown();
|
||||||
|
}
|
||||||
|
|
||||||
|
Session session_;
|
||||||
|
};
|
||||||
|
|
||||||
|
/** These tests cover all systems that can load a DRM Certificate. That includes
|
||||||
|
* Provisioning 2, 3 and 4. */
|
||||||
|
class OEMCryptoLoadsCertificate : public OEMCryptoUsesCertificate {
|
||||||
|
protected:
|
||||||
|
void SetUp() override {
|
||||||
|
OEMCryptoUsesCertificate::SetUp();
|
||||||
|
if (!global_features.loads_certificate) {
|
||||||
|
GTEST_SKIP() << "Test for devices that load a DRM certificate only.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Verify that the specified padding scheme does not work with the DRM
|
||||||
|
* key and the function OEMCrypto_GenerateRSASignature. */
|
||||||
|
void DisallowForbiddenPaddingDRMKey(RSA_Padding_Scheme scheme, size_t size) {
|
||||||
|
Session s;
|
||||||
|
ASSERT_NO_FATAL_FAILURE(s.open());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
|
||||||
|
DisallowForbiddenPadding(s.session_id(), scheme, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Verify that the specified padding scheme does not work with whichever key
|
||||||
|
* is currently loaded into the specified session and the function
|
||||||
|
* OEMCrypto_GenerateRSASignature. */
|
||||||
|
void DisallowForbiddenPadding(OEMCrypto_SESSION session,
|
||||||
|
RSA_Padding_Scheme scheme, size_t size) {
|
||||||
|
OEMCryptoResult sts;
|
||||||
|
// Sign a Message
|
||||||
|
vector<uint8_t> message(size);
|
||||||
|
GetRandBytes(message.data(), message.size());
|
||||||
|
size_t signature_length = 256;
|
||||||
|
vector<uint8_t> signature(signature_length);
|
||||||
|
sts = OEMCrypto_GenerateRSASignature(session, message.data(),
|
||||||
|
message.size(), signature.data(),
|
||||||
|
&signature_length, scheme);
|
||||||
|
// Allow OEMCrypto to request a full buffer.
|
||||||
|
if (sts == OEMCrypto_ERROR_SHORT_BUFFER) {
|
||||||
|
ASSERT_NE(static_cast<size_t>(0), signature_length);
|
||||||
|
signature.assign(signature_length, 0);
|
||||||
|
sts = OEMCrypto_GenerateRSASignature(session, message.data(),
|
||||||
|
message.size(), signature.data(),
|
||||||
|
&signature_length, scheme);
|
||||||
|
}
|
||||||
|
|
||||||
|
EXPECT_NE(OEMCrypto_SUCCESS, sts)
|
||||||
|
<< "Signed with forbidden padding scheme=" << (int)scheme
|
||||||
|
<< ", size=" << (int)size;
|
||||||
|
const vector<uint8_t> zero(signature.size(), 0);
|
||||||
|
ASSERT_EQ(zero, signature); // signature should not be computed.
|
||||||
|
}
|
||||||
|
|
||||||
void TestPrepareProvisioningRequestForHugeBufferLengths(
|
void TestPrepareProvisioningRequestForHugeBufferLengths(
|
||||||
const std::function<void(size_t, ProvisioningRoundTrip*)> f,
|
const std::function<void(size_t, ProvisioningRoundTrip*)> f,
|
||||||
bool check_status) {
|
bool check_status) {
|
||||||
@@ -142,29 +161,61 @@ class OEMCryptoLoadsCertificate : public OEMCryptoSessionTestKeyboxTest {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
// These tests are run by all L1 devices that load and use certificates. It is
|
// Tests using this class are only used for devices with a keybox. They are not
|
||||||
// also run by a few L3 devices that use a baked in certificate, but cannot load
|
// run for devices with an OEM Certificate.
|
||||||
// a certificate.
|
class OEMCryptoKeyboxTest : public OEMCryptoLoadsCertificate {
|
||||||
class OEMCryptoUsesCertificate : public OEMCryptoLoadsCertificate {
|
|
||||||
protected:
|
protected:
|
||||||
void SetUp() override {
|
void SetUp() override {
|
||||||
OEMCryptoLoadsCertificate::SetUp();
|
OEMCryptoLoadsCertificate::SetUp();
|
||||||
ASSERT_NO_FATAL_FAILURE(session_.open());
|
if (global_features.provisioning_method != OEMCrypto_Keybox) {
|
||||||
if (global_features.derive_key_method ==
|
GTEST_SKIP() << "Test for Prov 2.0 devices only.";
|
||||||
DeviceFeatures::LOAD_TEST_RSA_KEY) {
|
|
||||||
ASSERT_NO_FATAL_FAILURE(session_.SetRsaPublicKeyFromPrivateKeyInfo(
|
|
||||||
encoded_rsa_key_.data(), encoded_rsa_key_.size()));
|
|
||||||
} else {
|
|
||||||
InstallTestDrmKey(&session_);
|
|
||||||
}
|
}
|
||||||
|
OEMCryptoResult sts = OEMCrypto_IsKeyboxValid();
|
||||||
|
// If the production keybox is valid, use it for these tests. Most of the
|
||||||
|
// other tests will use a test keybox anyway, but it's nice to check the
|
||||||
|
// device ID for the real keybox if we can.
|
||||||
|
if (sts == OEMCrypto_SUCCESS) return;
|
||||||
|
printf("Production keybox is NOT valid. All tests use test keybox.\n");
|
||||||
|
ASSERT_EQ(
|
||||||
|
OEMCrypto_SUCCESS,
|
||||||
|
OEMCrypto_LoadTestKeybox(reinterpret_cast<const uint8_t*>(&kTestKeybox),
|
||||||
|
sizeof(kTestKeybox)));
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_IsKeyboxValid())
|
||||||
|
<< "After loading Test keybox, the keybox was still not valid.";
|
||||||
}
|
}
|
||||||
|
};
|
||||||
|
|
||||||
void TearDown() override {
|
// This class is for tests that have an OEM Certificate instead of a keybox.
|
||||||
ASSERT_NO_FATAL_FAILURE(session_.close());
|
class OEMCryptoProv30Test : public OEMCryptoLoadsCertificate {
|
||||||
OEMCryptoLoadsCertificate::TearDown();
|
protected:
|
||||||
|
void SetUp() override {
|
||||||
|
OEMCryptoLoadsCertificate::SetUp();
|
||||||
|
if (global_features.provisioning_method != OEMCrypto_OEMCertificate) {
|
||||||
|
GTEST_SKIP() << "Test for Prov 3.0 devices only.";
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
Session session_;
|
// This class is for tests that have boot certificate chain instead of a keybox.
|
||||||
|
class OEMCryptoProv40Test : public OEMCryptoLoadsCertificate {
|
||||||
|
protected:
|
||||||
|
void SetUp() override {
|
||||||
|
OEMCryptoLoadsCertificate::SetUp();
|
||||||
|
if (global_features.provisioning_method != OEMCrypto_BootCertificateChain) {
|
||||||
|
GTEST_SKIP() << "Test for Prov 4.0 devices only.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
class OEMCryptoProv40CastTest : public OEMCryptoProv40Test,
|
||||||
|
public testing::WithParamInterface<bool> {
|
||||||
|
protected:
|
||||||
|
void SetUp() override {
|
||||||
|
OEMCryptoProv40Test::SetUp();
|
||||||
|
if (!global_features.cast_receiver) {
|
||||||
|
GTEST_SKIP() << "Test for cast devices only.";
|
||||||
|
}
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
} // namespace wvoec
|
} // namespace wvoec
|
||||||
|
|||||||
Reference in New Issue
Block a user