From a798692e4ec1ef383a32c93449710dfc962a3535 Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Wed, 20 Mar 2024 23:49:49 -0700 Subject: [PATCH] Unit tests for forbidden RSA key usage [ Partial merge of http://go/wvgerrit/188279 ] This CL adds unit tests to verify that the following forbidden uses of an RSA private key do not work: - ForbidPrepAndSign -- A cast cert key cannot sign a license request. - ForbidUseAsDRMCert -- A cast cert cannot be used with the DRM cert's padding scheme and it cannot be used to derive keys from a session key. - *ForbidRSASignatureForDRMKey* -- A DRM cert key cannot be used with GenerateRSASignature. - *OEMCertForbidGenerateRSASignature* -- An OEM cert key cannot be used with GenerateRSASignature. Bug: 251875110 Test: WVTS Change-Id: I55b1eb04465023352edea55ba4ef532d1cd07231 --- libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp index 34c39319..2a6e0197 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp @@ -11,7 +11,7 @@ using ::testing::Range; namespace wvoec { -/// @addtogroup generic +/// @addtogroup cast /// @{ /** If a device can load a private key with the alternate padding schemes, it @@ -82,10 +82,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, ForbidPrepAndSign) { OEMCryptoResult result = OEMCrypto_PrepAndSignLicenseRequest( s.session_id(), message.data(), message.size(), &core_message_length, signature.data(), &signature_length); - // TODO: remove OEMCrypto_ERROR_INVALID_RSA_KEY once OEMCrypto v16 is not - // supported anymore. This error code has been deprecated since v17. - ASSERT_TRUE(result == OEMCrypto_ERROR_INVALID_KEY || - result == OEMCrypto_ERROR_INVALID_RSA_KEY); + ASSERT_EQ(OEMCrypto_ERROR_INVALID_KEY, result); const vector zero(signature.size(), 0); ASSERT_EQ(signature, zero); // Signature should not have been computed. }