Unit tests for forbidden RSA key usage

This CL adds unit tests to verify that the following forbidden uses of an RSA private key do not work: - ForbidPrepAndSign -- A cast cert key cannot sign a license request. - ForbidUseAsDRMCert -- A cast cert cannot be used with the DRM cert's padding scheme and it cannot be used to derive keys from a session key. - *ForbidRSASignatureForDRMKey* -- A DRM cert key cannot be used with GenerateRSASignature. - *OEMCertForbidGenerateRSASignature* -- An OEM cert key cannot be used with GenerateRSASignature. Bug: 251875110 Change-Id: Ic2b23e3fd279e878c190a8294078a8d092126a29
2023-08-20 21:40:02 -07:00
parent 343324e97c
commit 8f3ee84c1b
4 changed files with 124 additions and 41 deletions
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_provisioning_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_provisioning_test.cpp
@@ -119,36 +119,24 @@ TEST_F(OEMCryptoProv30Test, OEMCertValid) {
  ASSERT_NO_FATAL_FAILURE(s.LoadOEMCert(kVerify));  // Load and verify.
 }

-// This verifies that the OEM Certificate cannot be used for other RSA padding
-// schemes. Those schemes should only be used by cast receiver certificates.
-TEST_F(OEMCryptoProv30Test, OEMCertForbiddenPaddingScheme) {
+/** This verifies that the OEM Certificate cannot be used with
+ * GenerateRSASignature.
+ */
+TEST_F(OEMCryptoProv30Test, OEMCertForbidGenerateRSASignature1) {
  Session s;
  ASSERT_NO_FATAL_FAILURE(s.open());
  ASSERT_NO_FATAL_FAILURE(s.LoadOEMCert());
-  OEMCryptoResult sts;
-  // Sign a Message
-  vector<uint8_t> data(500);
-  GetRandBytes(data.data(), data.size());
-  size_t signature_length = 0;
-  // We need a size one vector to pass as a pointer.
-  vector<uint8_t> signature(1, 0);
-  vector<uint8_t> zero(1, 0);
+  DisallowForbiddenPadding(s.session_id(), kSign_PKCS1_Block1, 80);
+}

-  sts = OEMCrypto_GenerateRSASignature(s.session_id(), data.data(), data.size(),
-                                       signature.data(), &signature_length,
-                                       kSign_PKCS1_Block1);
-  if (OEMCrypto_ERROR_SHORT_BUFFER == sts) {
-    // The OEMCrypto could complain about buffer length first, so let's
-    // resize and check if it's writing to the signature again.
-    signature.resize(signature_length, 0);
-    zero.resize(signature_length, 0);
-    sts = OEMCrypto_GenerateRSASignature(s.session_id(), data.data(),
-                                         data.size(), signature.data(),
-                                         &signature_length, kSign_PKCS1_Block1);
-  }
-  EXPECT_NE(OEMCrypto_SUCCESS, sts)
-      << "OEM Cert Signed with forbidden kSign_PKCS1_Block1.";
-  ASSERT_EQ(zero, signature);  // signature should not be computed.
+/** This verifies that the OEM Certificate cannot be used with
+ * GenerateRSASignature.
+ */
+TEST_F(OEMCryptoProv30Test, OEMCertForbidGenerateRSASignature2) {
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  ASSERT_NO_FATAL_FAILURE(s.LoadOEMCert());
+  DisallowForbiddenPadding(s.session_id(), kSign_RSASSA_PSS, 80);
 }

 // Calling OEMCrypto_GetOEMPublicCertificate should not change the session's
@@ -186,6 +174,46 @@ TEST_F(OEMCryptoProv30Test, GetCertOnlyAPI16) {
  ASSERT_EQ(OEMCrypto_SUCCESS, license_messages.LoadResponse());
 }

+/** This verifies that the OEM Certificate cannot be used with
+ * GenerateRSASignature.
+ */
+TEST_F(OEMCryptoProv40Test, OEMCertForbidGenerateRSASignature1) {
+  // Create an OEM Cert and save it for later.
+  Session s1;
+  ASSERT_NO_FATAL_FAILURE(s1.open());
+  ASSERT_NO_FATAL_FAILURE(CreateProv4OEMKey(&s1));
+  ASSERT_EQ(s1.IsPublicKeySet(), true);
+  s1.close();
+  Session s2;
+  ASSERT_NO_FATAL_FAILURE(s2.open());
+  ASSERT_EQ(OEMCrypto_SUCCESS,
+            OEMCrypto_InstallOemPrivateKey(
+                s2.session_id(), oem_key_type_,
+                reinterpret_cast<const uint8_t*>(wrapped_oem_key_.data()),
+                wrapped_oem_key_.size()));
+  DisallowForbiddenPadding(s2.session_id(), kSign_PKCS1_Block1, 80);
+}
+
+/** This verifies that the OEM Certificate cannot be used with
+ * GenerateRSASignature.
+ */
+TEST_F(OEMCryptoProv40Test, OEMCertForbidGenerateRSASignature2) {
+  // Create an OEM Cert and save it for later.
+  Session s1;
+  ASSERT_NO_FATAL_FAILURE(s1.open());
+  ASSERT_NO_FATAL_FAILURE(CreateProv4OEMKey(&s1));
+  ASSERT_EQ(s1.IsPublicKeySet(), true);
+  s1.close();
+  Session s2;
+  ASSERT_NO_FATAL_FAILURE(s2.open());
+  ASSERT_EQ(OEMCrypto_SUCCESS,
+            OEMCrypto_InstallOemPrivateKey(
+                s2.session_id(), oem_key_type_,
+                reinterpret_cast<const uint8_t*>(wrapped_oem_key_.data()),
+                wrapped_oem_key_.size()));
+  DisallowForbiddenPadding(s2.session_id(), kSign_RSASSA_PSS, 80);
+}
+
 // This verifies that the device really does claim to have BCC.
 // It should be filtered out for devices that have a keybox or factory OEM
 // cert.
@@ -654,6 +682,16 @@ TEST_P(OEMCryptoProv40CastTest, ProvisionCastWorks) {
 INSTANTIATE_TEST_SUITE_P(Prov4CastProvisioningBasic, OEMCryptoProv40CastTest,
                         testing::Values(true, false));

+// Verify that you cannot use GenerateRSASignature with a normal DRM Cert.
+// that function needs a cast cert.
+TEST_F(OEMCryptoLoadsCertificate, ForbidRSASignatureForDRMKey1) {
+  DisallowForbiddenPadding(session_.session_id(), kSign_RSASSA_PSS, 80);
+}
+
+TEST_F(OEMCryptoLoadsCertificate, ForbidRSASignatureForDRMKey2) {
+  DisallowForbiddenPadding(session_.session_id(), kSign_PKCS1_Block1, 80);
+}
+
 TEST_F(OEMCryptoLoadsCertificate, PrepAndSignLicenseRequestCounterAPI18) {
  // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
  // provisioning 4. Disabled here temporarily.