From a0c1f218c5fa91ddaf46338dd68aaf947862b67c Mon Sep 17 00:00:00 2001 From: Fred Gylys-Colwell Date: Fri, 20 Jan 2017 16:40:23 -0800 Subject: [PATCH] Test OEMCrypto with backwards compatible verification Merge from Widevine repo of http://go/wvgerrit/22571 This adds unit tests to verify that OEMCrypto accepts all key control block verification strings kctl, kc09, kc10, .... This is needed now that the unit tests use the current API for all other unit tests. b/33253872 Change-Id: Ie6b556fc91cd6cb6e07141bd50da3dbfa1681fec --- .../oemcrypto/test/oemcrypto_test.cpp | 38 +++++++++++++++++-- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index 73eb96a7..60f61e6f 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -1108,21 +1108,51 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadVerification) { ASSERT_NE(OEMCrypto_SUCCESS, sts); } -TEST_F(OEMCryptoSessionTests, LoadKeyWithFutureVerification) { +// This tests each key control block verification string in the range kc09-kc1?. +class SessionTestAlternateVerification : public OEMCryptoSessionTests, + public WithParamInterface { + public: + virtual void SetUp() { + OEMCryptoSessionTests::SetUp(); + target_api_ = GetParam(); + } + protected: + int target_api_; +}; + +TEST_P(SessionTestAlternateVerification, LoadKeys) { Session s; ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, 0, 0)); - // OEMCrypto should reject API13 until the spec has been defined. - memcpy(s.license().keys[1].control.verification, "kc13", 4); + char buffer[5] = "kctl"; // This is the default verification string, required + // for all API versions. + if (target_api_ > 8 && target_api_ < 100) { + snprintf(buffer, 5, "kc%02d", target_api_); + } + for(int i=0; i < s.num_keys(); i++) { + memcpy(s.license().keys[i].control.verification, buffer, 4); + } ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); - ASSERT_NE(OEMCrypto_SUCCESS, sts); + // If this is a future API, then LoadKeys should fail. + if (global_features.api_version < target_api_) { + ASSERT_NE(OEMCrypto_SUCCESS, sts); + } else { + // Otherwise, LoadKeys should succeed. + ASSERT_EQ(OEMCrypto_SUCCESS, sts); + } } +// Range of API versions to test. This should start at 8, and go to +// the current API + 2. We use +2 because we want to test at least 1 +// future API, and the ::testing::Range is not inclusive. +INSTANTIATE_TEST_CASE_P(TestAll, SessionTestAlternateVerification, + Range(8, 12 + 2)); + TEST_F(OEMCryptoSessionTests, LoadKeysBadSignature) { Session s; ASSERT_NO_FATAL_FAILURE(s.open());