Unit tests for forbidden RSA key usage

This CL adds unit tests to verify that the following forbidden uses of an RSA private key do not work: - ForbidPrepAndSign -- A cast cert key cannot sign a license request. - ForbidUseAsDRMCert -- A cast cert cannot be used with the DRM cert's padding scheme and it cannot be used to derive keys from a session key. - *ForbidRSASignatureForDRMKey* -- A DRM cert key cannot be used with GenerateRSASignature. - *OEMCertForbidGenerateRSASignature* -- An OEM cert key cannot be used with GenerateRSASignature. Bug: 251875110 Change-Id: Ic2b23e3fd279e878c190a8294078a8d092126a29
2023-08-20 21:40:02 -07:00
parent 343324e97c
commit 8f3ee84c1b
4 changed files with 124 additions and 41 deletions
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp
@@ -11,16 +11,32 @@ using ::testing::Range;

 namespace wvoec {

-// The alternate padding is only required for cast receivers, but if a device
-// does load an alternate certificate, it should NOT use it for generating
-// a license request signature.
+/** If a device can load a private key with the alternate padding schemes, it
+ * should support signing with the alternate scheme. */
 TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) {
-  // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
-  // provisioning 4. Disabled here temporarily.
-  if (!global_features.loads_certificate ||
-      global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
-    GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
+  // Try to load an RSA key with alternative padding schemes.  This signing
+  // scheme is used by cast receivers.
+  LoadCastCertificateKey(false);
+  // If the device is a cast receiver, then this scheme is required.
+  if (global_features.cast_receiver) {
+    ASSERT_TRUE(key_loaded_);
+    // A signature with a valid size should succeed.
+    TestSignature(kSign_PKCS1_Block1, 83);
+    TestSignature(kSign_PKCS1_Block1, 50);
  }
+  // If the key loaded with no error, then we will verify that it is not used
+  // for forbidden padding schemes. This should be tested for both devices that
+  // are cast receivers and devices that are not.
+  if (key_loaded_) {
+    // A signature with padding that is too big should fail.
+    DisallowForbiddenPaddingDRMKey(kSign_PKCS1_Block1, 84);  // too big.
+  }
+}
+
+/** The alternate padding is only required for cast receivers, but if a device
+ *  does load an alternate certificate, it should NOT be used to as a DRM cert
+ *  key. */
+TEST_F(OEMCryptoLoadsCertificateAlternates, ForbidUseAsDRMCert) {
  // Try to load an RSA key with alternative padding schemes.  This signing
  // scheme is used by cast receivers.
  LoadCastCertificateKey(false);
@@ -34,13 +50,39 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) {
    // The other padding scheme should fail.
    DisallowForbiddenPaddingDRMKey(kSign_RSASSA_PSS, 83);
    DisallowDeriveKeys();
-    if (global_features.cast_receiver) {
-      // A signature with a valid size should succeed.
-      TestSignature(kSign_PKCS1_Block1, 83);
-      TestSignature(kSign_PKCS1_Block1, 50);
-    }
-    // A signature with padding that is too big should fail.
-    DisallowForbiddenPaddingDRMKey(kSign_PKCS1_Block1, 84);  // too big.
+  }
+}
+
+/** A Cast receiver certificate private key cannot be used with the function
+ * PrepAndSignLicenseRequest.
+ */
+TEST_F(OEMCryptoLoadsCertificateAlternates, ForbidPrepAndSign) {
+  // Try to load an RSA key with alternative padding schemes.  This signing
+  // scheme is used by cast receivers.
+  LoadCastCertificateKey(false);
+  // If the device is a cast receiver, then this scheme is required.
+  if (global_features.cast_receiver) {
+    ASSERT_TRUE(key_loaded_);
+  }
+  // If the key loaded with no error, then we will verify that it is not used
+  // for forbidden padding schemes.
+  if (key_loaded_) {
+    Session s;
+    ASSERT_NO_FATAL_FAILURE(s.open());
+    ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
+    s.GenerateNonce();
+
+    size_t core_message_length = 100;
+    std::vector<uint8_t> message(128, 0);
+    std::vector<uint8_t> signature(256, 0);
+    size_t signature_length = signature.size();
+
+    OEMCryptoResult result = OEMCrypto_PrepAndSignLicenseRequest(
+        s.session_id(), message.data(), message.size(), &core_message_length,
+        signature.data(), &signature_length);
+    ASSERT_EQ(OEMCrypto_ERROR_INVALID_KEY, result);
+    const vector<uint8_t> zero(signature.size(), 0);
+    ASSERT_EQ(signature, zero);  // Signature should not have been computed.
  }
 }