diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index e8649e2b..0f86912e 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -1082,7 +1082,9 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithBadRange_pst) { // The IV should not be identical to the data right before the encrypted mac // keys. This requirement was added in 15.2, so it frequently fails on // production devices. -TEST_F(OEMCryptoLicenseTestAPI15, LoadKeyWithSuspiciousIV) { +// This test is being restricted to v16 devices on rvc-dev branch because we +// only required v15.1 on Android for Q. +TEST_F(OEMCryptoLicenseTestAPI15, LoadKeyWithSuspiciousIVAPI16) { ASSERT_NO_FATAL_FAILURE(session_.GenerateNonce()); ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); @@ -1318,7 +1320,7 @@ TEST_P(OEMCryptoLicenseTestRangeAPI, LoadKeys) { INSTANTIATE_TEST_CASE_P(TestAll, OEMCryptoLicenseTestRangeAPI, Range(10, kCurrentAPI + 2)); -TEST_P(OEMCryptoLicenseTest, LoadKeysBadSignature) { +TEST_P(OEMCryptoLicenseTest, LoadKeysBadSignatureAPI16) { ASSERT_NO_FATAL_FAILURE(session_.GenerateNonce()); ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); @@ -1359,7 +1361,9 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyNoKeyWithNonce) { // SelectKey should fail if we attempt to select a key that has not been loaded. // Also, the error should be NO_CONTENT_KEY. -TEST_P(OEMCryptoLicenseTest, SelectKeyNotThereAPI15) { +// This test should pass for v15 devices, except that the exact error code was +// not specified until v16. +TEST_P(OEMCryptoLicenseTest, SelectKeyNotThereAPI16) { ASSERT_NO_FATAL_FAILURE(session_.GenerateNonce()); ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); @@ -1683,22 +1687,28 @@ class OEMCryptoSessionTestDecryptWithHDCP : public OEMCryptoSessionTests, ASSERT_NO_FATAL_FAILURE(license_messages.EncryptAndSignResponse()); ASSERT_EQ(OEMCrypto_SUCCESS, license_messages.LoadResponse()); - if (version > maximum) { - ASSERT_NO_FATAL_FAILURE( - s.TestDecryptCTR(true, OEMCrypto_ERROR_INSUFFICIENT_HDCP)); - } else if (version > current) { + if (version > current) { if (global_features.api_version >= 16) { // Can provide either OEMCrypto_WARNING_MIXED_OUTPUT_PROTECTION or // OEMCrypto_ERROR_INSUFFICIENT_HDCP. TestDecryptCTR allows either to be // reported if OEMCrypto_WARNING_MIXED_OUTPUT_PROTECTION is expected. ASSERT_NO_FATAL_FAILURE( - s.TestDecryptCTR(true, OEMCrypto_WARNING_MIXED_OUTPUT_PROTECTION)); + s.TestDecryptCTR(true, OEMCrypto_WARNING_MIXED_OUTPUT_PROTECTION)) + << "Failed when current HDCP = " << HDCPCapabilityAsString(current) + << ", maximum HDCP = " << HDCPCapabilityAsString(maximum) + << ", license HDCP = " << HDCPCapabilityAsString(version); } else { ASSERT_NO_FATAL_FAILURE( - s.TestDecryptCTR(true, OEMCrypto_ERROR_INSUFFICIENT_HDCP)); + s.TestDecryptCTR(true, OEMCrypto_ERROR_INSUFFICIENT_HDCP)) + << "Failed when current HDCP = " << HDCPCapabilityAsString(current) + << ", maximum HDCP = " << HDCPCapabilityAsString(maximum) + << ", license HDCP = " << HDCPCapabilityAsString(version); } } else { - ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(true, OEMCrypto_SUCCESS)); + ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(true, OEMCrypto_SUCCESS)) + << "Failed when current HDCP = " << HDCPCapabilityAsString(current) + << ", maximum HDCP = " << HDCPCapabilityAsString(maximum) + << ", license HDCP = " << HDCPCapabilityAsString(version); } } }; @@ -2634,7 +2644,8 @@ TEST_F(OEMCryptoLoadsCertificate, SignProvisioningRequest) { ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest()); } -TEST_F(OEMCryptoLoadsCertificate, SignLargeProvisioningRequest) { +// This tests a large message size. The size is larger than we required in v15. +TEST_F(OEMCryptoLoadsCertificate, SignLargeProvisioningRequestAPI16) { Session s; ASSERT_NO_FATAL_FAILURE(s.open()); if (global_features.provisioning_method == OEMCrypto_OEMCertificate) { @@ -2750,7 +2761,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange5Prov30_API16) { // Test that RewrapDeviceRSAKey verifies the message signature. // TODO(b/144186970): This test should also run on Prov 3.0 devices. -TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadSignatureKeyboxTest) { +TEST_F(OEMCryptoLoadsCertificate, + CertificateProvisionBadSignatureKeyboxTestAPI16) { Session s; ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_); provisioning_messages.PrepareSession(keybox_); @@ -2792,7 +2804,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRSAKey) { // Test that RewrapDeviceRSAKey verifies the RSA key is valid. // TODO(b/144186970): This test should also run on Prov 3.0 devices. -TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRSAKeyKeyboxTest) { +TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRSAKeyKeyboxTestAPI16) { Session s; ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_); provisioning_messages.PrepareSession(keybox_); @@ -5178,6 +5190,32 @@ TEST_P(OEMCryptoUsageTableTest, CreateAndLoadMultipleEntriesAPI16) { OEMCrypto_CreateNewUsageEntry(s2.session_id(), &usage_entry_number)); } +// An entry can be loaded in only one session at a time. +TEST_P(OEMCryptoUsageTableTest, LoadEntryInMultipleSessions) { + // Entry Count: we start each test with an empty header. + LicenseWithUsageEntry entry; + entry.license_messages().set_api_version(license_api_version_); + Session& s = entry.session(); + // Make first entry 0. + ASSERT_NO_FATAL_FAILURE(entry.MakeOfflineAndClose(this)); + const uint32_t usage_entry_number = s.usage_entry_number(); + EXPECT_EQ(usage_entry_number, 0u); // Should be only entry in this test. + + // Load an entry, then try to create a second. + ASSERT_NO_FATAL_FAILURE(s.open()); + // Reload entry 0. + ASSERT_NO_FATAL_FAILURE(s.ReloadUsageEntry()); + + // Create an entry, then try to load a second. + Session s2; + ASSERT_NO_FATAL_FAILURE(s2.open()); + // Try to load entry 0 into session 2. + ASSERT_EQ(OEMCrypto_ERROR_INVALID_SESSION, + OEMCrypto_LoadUsageEntry(s2.session_id(), usage_entry_number, + s.encrypted_usage_entry().data(), + s.encrypted_usage_entry().size())); +} + // Test generic encrypt when the license uses a PST. TEST_P(OEMCryptoUsageTableTest, GenericCryptoEncrypt) { LicenseWithUsageEntry entry;