widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add unit test to verify signature

Browse Source 
Merge from widevine repo of http://go/wvgerrit/21521

On devices that use provisioning 3.0, the function
OEMCrypto_GenerateSignature will only be used for a license renewal.
This CL adds a call to OEMCrypto_GenerateSignature to the refresh key
tests.  Otherwise, there would be no coverage at all for that
function.

Change-Id: Icbd568eea3f9f256cc9b0b441f7907b316bb5b69
This commit is contained in:
Fred Gylys-Colwell
2016-11-28 21:54:03 -08:00
parent 47f454839e
commit a200710d53
3 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
libwvdrmengine/oemcrypto/test/oec_session_util.cpp
View File

@@ -385,6 +385,28 @@ void Session::ClientSignMessage(const vector<uint8_t>& data,
&(data.front()), data.size(), &(signature->front()), &md_len); &(data.front()), data.size(), &(signature->front()), &md_len);
} }
// This verifies the signature computed by OEMCrypto using the client mac keys.
// This is used when a device requests a license renewal. It is also used for
// a license request authenticated by a keybox. The first use case is needed
// for devices with a keybox or without.
void Session::VerifyClientSignature(size_t data_length) {
vector<uint8_t> data(data_length);
for(int i=0; i < data.size(); i++) data[i] = i % 0xFF;
OEMCryptoResult sts;
size_t gen_signature_length = 0;
sts = OEMCrypto_GenerateSignature(session_id(), &data[0], data.size(),
NULL, &gen_signature_length);
ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts);
ASSERT_EQ(static_cast<size_t>(32), gen_signature_length);
vector<uint8_t> gen_signature(gen_signature_length);
sts = OEMCrypto_GenerateSignature(session_id(), &data[0], data.size(),
&gen_signature[0], &gen_signature_length);
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
std::vector<uint8_t> expected_signature;
ClientSignMessage(data, &expected_signature);
ASSERT_EQ(expected_signature, gen_signature);
}
void Session::FillKeyArray(const MessageData& data, void Session::FillKeyArray(const MessageData& data,
OEMCrypto_KeyObject* key_array) { OEMCrypto_KeyObject* key_array) {
for (unsigned int i = 0; i < num_keys_; i++) { for (unsigned int i = 0; i < num_keys_; i++) {

1
libwvdrmengine/oemcrypto/test/oec_session_util.h
View File

@@ -148,6 +148,7 @@ class Session {
std::vector<uint8_t>* signature); std::vector<uint8_t>* signature);
void ClientSignMessage(const vector<uint8_t>& data, void ClientSignMessage(const vector<uint8_t>& data,
std::vector<uint8_t>* signature); std::vector<uint8_t>* signature);
void VerifyClientSignature(size_t data_length = 400);
void FillKeyArray(const MessageData& data, OEMCrypto_KeyObject* key_array); void FillKeyArray(const MessageData& data, OEMCrypto_KeyObject* key_array);
void FillRefreshArray(OEMCrypto_KeyRefreshObject* key_array, void FillRefreshArray(OEMCrypto_KeyRefreshObject* key_array,
size_t key_count); size_t key_count);

5
libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
View File

@@ -1155,6 +1155,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshWithNonce) {
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_));
uint32_t nonce; uint32_t nonce;
s.GenerateNonce(&nonce); s.GenerateNonce(&nonce);
ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature());
ASSERT_NO_FATAL_FAILURE(s.RefreshTestKeys( ASSERT_NO_FATAL_FAILURE(s.RefreshTestKeys(
num_keys_, wvoec_mock::kControlNonceEnabled, nonce, OEMCrypto_SUCCESS)); num_keys_, wvoec_mock::kControlNonceEnabled, nonce, OEMCrypto_SUCCESS));
} }
@@ -1168,6 +1169,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshNoNonce) {
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_));
uint32_t nonce; uint32_t nonce;
s.GenerateNonce(&nonce); s.GenerateNonce(&nonce);
ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature());
ASSERT_NO_FATAL_FAILURE( ASSERT_NO_FATAL_FAILURE(
s.RefreshTestKeys(num_keys_, 0, 0, OEMCrypto_SUCCESS)); s.RefreshTestKeys(num_keys_, 0, 0, OEMCrypto_SUCCESS));
} }
@@ -1181,6 +1183,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshOldNonce) {
ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_));
uint32_t nonce = s.get_nonce(); uint32_t nonce = s.get_nonce();
ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature());
ASSERT_NO_FATAL_FAILURE( ASSERT_NO_FATAL_FAILURE(
s.RefreshTestKeys(num_keys_, wvoec_mock::kControlNonceEnabled, nonce, s.RefreshTestKeys(num_keys_, wvoec_mock::kControlNonceEnabled, nonce,
OEMCrypto_ERROR_INVALID_NONCE)); OEMCrypto_ERROR_INVALID_NONCE));
@@ -1196,6 +1199,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshBadNonce) {
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_));
uint32_t nonce; uint32_t nonce;
s.GenerateNonce(&nonce); s.GenerateNonce(&nonce);
ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature());
nonce ^= 42; nonce ^= 42;
ASSERT_NO_FATAL_FAILURE( ASSERT_NO_FATAL_FAILURE(
s.RefreshTestKeys(num_keys_, wvoec_mock::kControlNonceEnabled, nonce, s.RefreshTestKeys(num_keys_, wvoec_mock::kControlNonceEnabled, nonce,
@@ -1213,6 +1217,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshLargeBuffer) {
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_));
uint32_t nonce; uint32_t nonce;
s.GenerateNonce(&nonce); s.GenerateNonce(&nonce);
ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature(kMaxMessageSize));
ASSERT_NO_FATAL_FAILURE(s.RefreshTestKeys( ASSERT_NO_FATAL_FAILURE(s.RefreshTestKeys(
num_keys_, wvoec_mock::kControlNonceEnabled, nonce, OEMCrypto_SUCCESS)); num_keys_, wvoec_mock::kControlNonceEnabled, nonce, OEMCrypto_SUCCESS));
} }