From 75575418d06651fc590560abf2f7383889b3e672 Mon Sep 17 00:00:00 2001 From: Fred Gylys-Colwell Date: Fri, 15 May 2020 14:13:20 -0700 Subject: [PATCH] Update TimeRollbackPrevention unit test Merge from Widevine repo of http://go/wvgerrit/100110 The unit test TimeRollbackPrevention was broken for several reasons. This CL reduces the test to its most basic functionality and updates it to be compatible with a v16 oemcrypto. This CL also adjusts the fake clock used by the buildbot to fake sleeping backwards, so that the TimeRollbackPrevention test can also be run on the buildbot. Bug: 155773482 Bug: 79422351 Test: unit tests on buildbot, and on flame w/v16 modmock Change-Id: I3027018b17b738281989e63ae6b0729757217d05 --- libwvdrmengine/cdm/util/test/test_sleep.cpp | 108 +++++++++- libwvdrmengine/cdm/util/test/test_sleep.h | 32 ++- .../ref/src/oemcrypto_engine_ref.cpp | 46 +--- .../oemcrypto/test/oec_device_features.cpp | 50 +---- .../oemcrypto/test/oec_session_util.cpp | 5 +- .../oemcrypto/test/oemcrypto_test.cpp | 204 ++++++++---------- 6 files changed, 240 insertions(+), 205 deletions(-) diff --git a/libwvdrmengine/cdm/util/test/test_sleep.cpp b/libwvdrmengine/cdm/util/test/test_sleep.cpp index 2140c9ee..1656381a 100644 --- a/libwvdrmengine/cdm/util/test/test_sleep.cpp +++ b/libwvdrmengine/cdm/util/test/test_sleep.cpp @@ -4,16 +4,26 @@ #include "test_sleep.h" +#ifdef _WIN32 +# include +#else +# include +#endif + +#include +#include #include #include #include "clock.h" +#include "log.h" namespace wvcdm { bool TestSleep::real_sleep_ = true; TestSleep::CallBack* TestSleep::callback_ = nullptr; +int TestSleep::total_clock_rollback_ = 0; void TestSleep::Sleep(unsigned int seconds) { int64_t milliseconds = 1000 * seconds; @@ -23,10 +33,10 @@ void TestSleep::Sleep(unsigned int seconds) { // total since the start, and then compare to a running total of sleep // calls. We sleep for approximately x second, and then advance the clock by // the amount of time that has actually passed. - static auto start_real = std::chrono::steady_clock().now(); + static auto start_real = std::chrono::system_clock().now(); static int64_t fake_clock = 0; sleep(seconds); - auto now_real = std::chrono::steady_clock().now(); + auto now_real = std::chrono::system_clock().now(); int64_t total_real = (now_real - start_real) / std::chrono::milliseconds(1); // We want to advance the fake clock by the difference between the real // clock, and the previous value on the fake clock. @@ -41,4 +51,98 @@ void TestSleep::SyncFakeClock() { Sleep(0); } +bool TestSleep::RollbackSystemTime(int seconds) { + if (real_sleep_) { +#ifdef _WIN32 + // See remarks from this for why this series is used. + // https://msdn.microsoft.com/en-us/f77cdf86-0f97-4a89-b565-95b46fa7d65b + SYSTEMTIME time; + GetSystemTime(&time); + FILETIME file_time; + if (!SystemTimeToFileTime(time, &file_time)) return false; + uint64_t long_time = + static_cast(file_time.dwLowDateTime) | + (static_cast(file_time.dwHighDateTime) << 32); + long_time += static_cast(delta_seconds) * + 1e7; // long_time is in 100-nanosecond intervals. + file_time.dwLowDateTime = long_time & ((1ull << 32) - 1); + file_time.dwHighDateTime = long_time >> 32; + if (!FileTimeToSystemTime(&file_time, &time)) return false; + if (!SetSystemTime(&time)) return false; +#else + auto time = std::chrono::system_clock::now(); + auto modified_time = time - std::chrono::seconds(seconds); + ; + timespec time_spec; + time_spec.tv_sec = std::chrono::duration_cast( + modified_time.time_since_epoch()) + .count(); + time_spec.tv_nsec = std::chrono::duration_cast( + modified_time.time_since_epoch()) + .count() % + (1000 * 1000 * 1000); + if (clock_settime(CLOCK_REALTIME, &time_spec)) { + LOGE("Error setting clock: %s", strerror(errno)); + return false; + } +#endif + } // end if(real_sleep_)... + + // For both real and fake sleep we still update the callback and we still keep + // track of the total amount of time slept. + total_clock_rollback_ += seconds; + if (callback_ != nullptr) callback_->ElapseTime(-1000 * seconds); + return true; +} + +bool TestSleep::CanChangeSystemTime() { + // If we are using a fake clock, then we can move the clock backwards by + // just going backwards. + // ElapseTime. + if (!real_sleep_) { + return true; + } +#ifdef _WIN32 + LUID desired_id; + if (!LookupPrivilegeValue(nullptr, SE_SYSTEMTIME_NAME, &desired_id)) { + LOGE("Win32 time rollback: no SYSTEMTIME permission."); + return false; + } + HANDLE token; + if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &token)) { + LOGE("Win32 time rollback: cannot access process token."); + return false; + } + std::unique_ptr safe_token(token, &CloseHandle); + + // This queries all the permissions given to the token to determine if we can + // change the system time. Note this is subtly different from PrivilegeCheck + // as that only checks "enabled" privileges; even with admin rights, the + // privilege is default disabled, even when granted. + + DWORD size = 0; + // Determine how big we need to allocate first. + GetTokenInformation(token, TokenPrivileges, nullptr, 0, &size); + // Since TOKEN_PRIVILEGES uses a variable-length array, we need to use malloc + std::unique_ptr privileges( + (TOKEN_PRIVILEGES*)malloc(size), &free); + if (privileges && GetTokenInformation(token, TokenPrivileges, + privileges.get(), size, &size)) { + for (int i = 0; i < privileges->PrivilegeCount; i++) { + if (privileges->Privileges[i].Luid.HighPart == desired_id.HighPart && + privileges->Privileges[i].Luid.LowPart == desired_id.LowPart) { + return true; + } + } + } + LOGE("Win32 time rollback: cannot set system time."); + return false; +#else + // Otherwise, the test needs to be run as root. + const uid_t uid = getuid(); + if (uid == 0) return true; + LOGE("Unix time rollback: not running as root (uid=%u.", uid); + return false; +#endif +} } // namespace wvcdm diff --git a/libwvdrmengine/cdm/util/test/test_sleep.h b/libwvdrmengine/cdm/util/test/test_sleep.h index 832f1ade..34c4b3f6 100644 --- a/libwvdrmengine/cdm/util/test/test_sleep.h +++ b/libwvdrmengine/cdm/util/test/test_sleep.h @@ -22,8 +22,9 @@ class TestSleep { virtual ~CallBack(){}; }; - // If real_sleep_ is true, then this sleeps for |seconds| of time. - // If the callback exists, this calls the callback. + // If real_sleep_ is true, then this sleeps for |seconds| of time. If + // real_sleep_ is false, then the fake clock is advanced by |seconds|. If the + // callback exists, this calls the callback. static void Sleep(unsigned int seconds); // If we are using a real clock and a fake clock, then the real clock advances @@ -33,8 +34,30 @@ class TestSleep { // failing due to this drift. static void SyncFakeClock(); - static void set_real_sleep(bool real_sleep) { real_sleep_ = real_sleep; } + // Roll the system clock back by |seconds|. Returns true on success. A well + // mannered test will call CanChangeSystemTime before attempting to call this + // function and then assert that this is true. This function should *NOT* roll + // back the clock used by OEMCrypto -- in fact, there are several tests that + // verify this function does not roll back the clock used by OEMCrypto. + static bool RollbackSystemTime(int seconds); + // Roll the system clock forward to undo all previous calls to + // RollBackSystemTime. Returns true on success. + static bool ResetRollback() { + return total_clock_rollback_ == 0 || + RollbackSystemTime(-total_clock_rollback_); + } + + // Returns true if the system time can be rolled back. This is true on some + // devices if the tests are run as root. It is also true when using a fake + // clock with the reference version of OEMCrypto. This function is about the + // system clock, *NOT* the clock used by OEMCrypto. + static bool CanChangeSystemTime(); + + static void set_real_sleep(bool real_sleep) { real_sleep_ = real_sleep; } + static bool real_sleep() { return real_sleep_; } + + // The callback is notified whenever sleep is called. static void set_callback(CallBack* callback) { callback_ = callback; } private: @@ -42,6 +65,9 @@ class TestSleep { static bool real_sleep_; // Called when the clock should advance. static CallBack* callback_; + // The sum of all calls to RollBackSystemTime. Kept so we can undo all changes + // at the end of a test. + static int total_clock_rollback_; }; } // namespace wvcdm diff --git a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_engine_ref.cpp b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_engine_ref.cpp index 72dfc857..f689739f 100644 --- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_engine_ref.cpp +++ b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_engine_ref.cpp @@ -102,6 +102,7 @@ int64_t CryptoEngine::MonotonicTime() { wvcdm::Clock().GetCurrentTime() + offline_time_info_.rollback_offset; static int64_t then = now; if (now < then) { + LOGW("Clock rollback detected: %lld seconds", then - now); offline_time_info_.rollback_offset += then - now; now = then; } @@ -138,31 +139,16 @@ bool CryptoEngine::LoadOfflineTimeInfo(const std::string& file_path) { memset(&offline_time_info_, 0, sizeof(TimeInfo)); wvcdm::FileSystem* file_system = file_system_.get(); if (file_system->Exists(file_path)) { - std::vector encrypted_buffer(sizeof(TimeInfo)); - std::vector clear_buffer(sizeof(TimeInfo)); - - KeyboxError error_code = ValidateKeybox(); - if (error_code != NO_ERROR) { - LOGE("Keybox is invalid: %d", error_code); - return false; - } - // Use the device key for encrypt/decrypt. - const std::vector& key = DeviceRootKey(); std::unique_ptr file = file_system->Open(file_path, wvcdm::FileSystem::kReadOnly); if (!file) { - LOGE("File open failed: %s", file_path.c_str()); + // This error is expected at first initialization. + LOGE("File open failed (this is expected on first initialization): %s", + file_path.c_str()); return false; } // Load time info from previous call. - file->Read(reinterpret_cast(&encrypted_buffer[0]), sizeof(TimeInfo)); - // Decrypt the encrypted TimeInfo buffer. - AES_KEY aes_key; - AES_set_decrypt_key(&key[0], 128, &aes_key); - std::vector iv(wvoec::KEY_IV_SIZE, 0); - AES_cbc_encrypt(&encrypted_buffer[0], &clear_buffer[0], sizeof(TimeInfo), - &aes_key, iv.data(), AES_DECRYPT); - memcpy(&offline_time_info_, &clear_buffer[0], sizeof(TimeInfo)); + file->Read(reinterpret_cast(&offline_time_info_), sizeof(TimeInfo)); // Detect offline time rollback after loading from disk. // Add any time offsets in the past to the current time. @@ -191,34 +177,16 @@ bool CryptoEngine::SaveOfflineTimeInfo(const std::string& file_path) { if (current_time > offline_time_info_.previous_time) offline_time_info_.previous_time = current_time; - KeyboxError error_code = ValidateKeybox(); - if (error_code != NO_ERROR) { - LOGE("Keybox is invalid: %d", error_code); - return false; - } - // Use the device key for encrypt/decrypt. - const std::vector& key = DeviceRootKey(); - std::vector encrypted_buffer(sizeof(TimeInfo)); - std::vector clear_buffer(sizeof(TimeInfo)); - - // Copy updated data and encrypt the buffer. - memcpy(&clear_buffer[0], &offline_time_info_, sizeof(TimeInfo)); - AES_KEY aes_key; - AES_set_encrypt_key(&key[0], 128, &aes_key); - std::vector iv(wvoec::KEY_IV_SIZE, 0); - AES_cbc_encrypt(&clear_buffer[0], &encrypted_buffer[0], sizeof(TimeInfo), - &aes_key, iv.data(), AES_ENCRYPT); - std::unique_ptr file; wvcdm::FileSystem* file_system = file_system_.get(); - // Write the encrypted buffer to disk. + // Write the current time and offset to disk. file = file_system->Open( file_path, wvcdm::FileSystem::kCreate | wvcdm::FileSystem::kTruncate); if (!file) { LOGE("File open failed: %s", file_path.c_str()); return false; } - file->Write(reinterpret_cast(&encrypted_buffer[0]), sizeof(TimeInfo)); + file->Write(reinterpret_cast(&offline_time_info_), sizeof(TimeInfo)); return true; } diff --git a/libwvdrmengine/oemcrypto/test/oec_device_features.cpp b/libwvdrmengine/oemcrypto/test/oec_device_features.cpp index bf9d61a8..de1fcf43 100644 --- a/libwvdrmengine/oemcrypto/test/oec_device_features.cpp +++ b/libwvdrmengine/oemcrypto/test/oec_device_features.cpp @@ -8,58 +8,15 @@ #include -#ifdef _WIN32 -# include -#else -# include -# include -#endif - #include #include "oec_test_data.h" +#include "test_sleep.h" namespace wvoec { DeviceFeatures global_features; -bool CanChangeTime() { -#ifdef _WIN32 - LUID desired_id; - if (!LookupPrivilegeValue(nullptr, SE_SYSTEMTIME_NAME, &desired_id)) - return false; - HANDLE token; - if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &token)) - return false; - std::unique_ptr safe_token(token, &CloseHandle); - - // This queries all the permissions given to the token to determine if we can - // change the system time. Note this is subtly different from PrivilegeCheck - // as that only checks "enabled" privileges; even with admin rights, the - // privilege is default disabled, even when granted. - - DWORD size = 0; - // Determine how big we need to allocate first. - GetTokenInformation(token, TokenPrivileges, nullptr, 0, &size); - // Since TOKEN_PRIVILEGES uses a variable-length array, we need to use malloc - std::unique_ptr privileges( - (TOKEN_PRIVILEGES*)malloc(size), &free); - if (privileges && GetTokenInformation(token, TokenPrivileges, - privileges.get(), size, &size)) { - for (int i = 0; i < privileges->PrivilegeCount; i++) { - if (privileges->Privileges[i].Luid.HighPart == desired_id.HighPart && - privileges->Privileges[i].Luid.LowPart == desired_id.LowPart) { - return true; - } - } - } - - return false; -#else - return getuid() == 0; -#endif -} - void DeviceFeatures::Initialize() { if (initialized_) return; uses_keybox = false; @@ -187,8 +144,11 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) { // clang-format on // Some tests may require root access. If user is not root, filter these tests // out. - if (!CanChangeTime()) { + if (!wvcdm::TestSleep::CanChangeSystemTime()) { + printf("Filtering out TimeRollbackPrevention.\n"); FilterOut(&filter, "*TimeRollbackPrevention*"); + } else { + printf("Can change time. I will run TimeRollbackPrevention.\n"); } // Performance tests take a long time. Filter them out if they are not // specifically requested. diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp index 662063f3..c64f979b 100644 --- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp +++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp @@ -1477,7 +1477,10 @@ void Session::VerifyReport(Test_PST_Report expected, int64_t time_first_decrypt, int64_t time_last_decrypt) { const int64_t now = wvcdm::Clock().GetCurrentTime(); - expected.seconds_since_license_received = now - time_license_received; + expected.seconds_since_license_received = + (time_license_received > 0 && time_license_received < now) + ? now - time_license_received + : 0; expected.seconds_since_first_decrypt = (time_first_decrypt > 0 && time_first_decrypt < now) ? now - time_first_decrypt diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index 3d343c82..3526d57f 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -14,12 +14,6 @@ #include #include -#ifdef _WIN32 -# include -#else -# include -#endif - #include #include #include @@ -122,37 +116,6 @@ const size_t kLargeMessageSize[] = { 8*KiB, 8*KiB, 16*KiB, 32*KiB}; // const size_t kAV1NumberSubsamples[] = { 72, 144, 288, 576}; // clang-format on -/** @return The Unix time of the given time point. */ -template -uint64_t UnixTime( - const std::chrono::time_point& point) { - return point.time_since_epoch() / std::chrono::seconds(1); -} - -#ifdef _WIN32 -using NativeTime = SYSTEMTIME; -#else -using NativeTime = timeval; -#endif - -void AddNativeTime(int64_t delta_seconds, NativeTime* time) { -#ifdef _WIN32 - // See remarks from this for why this series is used. - // https://msdn.microsoft.com/en-us/f77cdf86-0f97-4a89-b565-95b46fa7d65b - FILETIME file_time; - ASSERT_TRUE(SystemTimeToFileTime(time, &file_time)); - uint64_t long_time = static_cast(file_time.dwLowDateTime) | - (static_cast(file_time.dwHighDateTime) << 32); - long_time += - delta_seconds * 1e7; // long_time is in 100-nanosecond intervals. - file_time.dwLowDateTime = long_time & ((1ull << 32) - 1); - file_time.dwHighDateTime = long_time >> 32; - ASSERT_TRUE(FileTimeToSystemTime(&file_time, time)); -#else - time->tv_sec += delta_seconds; -#endif -} - } // namespace class OEMCryptoClientTest : public ::testing::Test, public SessionUtil { @@ -6215,44 +6178,12 @@ class OEMCryptoUsageTableTestWallClock : public OEMCryptoUsageTableTest { public: void SetUp() override { OEMCryptoUsageTableTest::SetUp(); - did_change_system_time_ = false; - test_start_steady_ = steady_clock_.now(); -#ifdef _WIN32 - GetSystemTime(&test_start_wall_); -#else - ASSERT_EQ(0, gettimeofday(&test_start_wall_, nullptr)); -#endif } void TearDown() override { - if (did_change_system_time_) { - const auto delta = steady_clock_.now() - test_start_steady_; - const int64_t delta_sec = delta / std::chrono::seconds(1); - ASSERT_NO_FATAL_FAILURE(SetWallTimeDelta(delta_sec)); - } + wvcdm::TestSleep::ResetRollback(); OEMCryptoUsageTableTest::TearDown(); } - - protected: - /** - * Sets the current wall-clock time to a delta based on the start of the - * test. - */ - void SetWallTimeDelta(int64_t delta_seconds) { - did_change_system_time_ = true; - NativeTime time = test_start_wall_; - ASSERT_NO_FATAL_FAILURE(AddNativeTime(delta_seconds, &time)); -#ifdef _WIN32 - ASSERT_TRUE(SetSystemTime(&time)); -#else - ASSERT_EQ(0, settimeofday(&time, nullptr)); -#endif - } - - std::chrono::steady_clock steady_clock_; - bool did_change_system_time_; - NativeTime test_start_wall_; - std::chrono::time_point test_start_steady_; }; // NOTE: This test needs root access since clock_settime messes with the system @@ -6261,61 +6192,104 @@ class OEMCryptoUsageTableTestWallClock : public OEMCryptoUsageTableTest { // We don't test roll-forward protection or instances where the user rolls back // the time to the last decrypt call since this requires hardware-secure clocks // to guarantee. +// +// This test overlaps two tests in parallel because they each have several +// seconds of sleeping, then we roll the system clock back, and then we sleep +// some more. +// For the first test, we use entry1. The playback duration is 6 short +// intervals. We play for 3, roll the clock back 2, and then play for 3 more. +// We then sleep until after the allowed playback duration and try to play. If +// OEMCrypto allows the rollback, then there is only 5 intervals, which is +// legal. But if OEMCrypto forbids the rollback, then there is 8 intervals of +// playback, which is not legal. +// +// For the second test, we use entry2. The rental duration is 6 short +// intervals. The times are the same as for entry1, except we do not start +// playback for entry2 until the end. + +// clang-format off +// [--][--][--][--][--][--][--] -- playback or rental limit. +// +// Here's what the system clock sees with rollback: +// [--][--][--] 3 short intervals of playback or sleep +// <------> Rollback 2 short intervals. +// [--][--][--] 3 short intervals of playback or sleep +// [--] 1 short intervals of sleep. +// +// Here's what the system clock sees without rollback: +// [--][--][--] 3 short intervals of playback or sleep +// [--][--][--] 3 short intervals of playback or sleep +// [--][--]X 2 short intervals of sleep. +// +// |<---------------------------->| 8 short intervals from license received +// until pst reports generated. +// clang-format on + TEST_P(OEMCryptoUsageTableTestWallClock, TimeRollbackPrevention) { cout << "This test temporarily rolls back the system time in order to verify " - << "that the usage report accounts for the change. It then rolls " - << "the time back forward to the absolute time." << endl; - LicenseWithUsageEntry entry; - entry.MakeOfflineAndClose(this); - Session& s = entry.session(); - std::chrono::system_clock wall_clock; - std::chrono::steady_clock monotonic_clock; - const auto loaded = wall_clock.now(); + << "that the usage report accounts for the change. After the test, it " + << "rolls the clock back forward." << endl; + constexpr int kRollBackTime = kShortSleep * 2; + constexpr int kPlaybackCount = 3; + constexpr int kTotalTime = kShortSleep * 8; - ASSERT_NO_FATAL_FAILURE(entry.OpenAndReload(this)); - const auto first_decrypt = wall_clock.now(); - // Monotonic clock can't be changed. We use this since system clock will be - // unreliable. - const auto first_decrypt_monotonic = monotonic_clock.now(); - ASSERT_NO_FATAL_FAILURE(entry.TestDecryptCTR()); - ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); - ASSERT_NO_FATAL_FAILURE(s.close()); + LicenseWithUsageEntry entry1; + entry1.license_messages() + .core_response() + .timer_limits.total_playback_duration_seconds = 7 * kShortSleep; + entry1.MakeOfflineAndClose(this); + Session& s1 = entry1.session(); + ASSERT_NO_FATAL_FAILURE(entry1.OpenAndReload(this)); - // Imitate playback. - wvcdm::TestSleep::Sleep(kLongDuration * 2); + LicenseWithUsageEntry entry2; + entry2.license_messages() + .core_response() + .timer_limits.rental_duration_seconds = 7 * kShortSleep; + entry2.MakeOfflineAndClose(this); + Session& s2 = entry2.session(); + ASSERT_NO_FATAL_FAILURE(entry2.OpenAndReload(this)); - ASSERT_NO_FATAL_FAILURE(entry.OpenAndReload(this)); - ASSERT_NO_FATAL_FAILURE(entry.TestDecryptCTR()); - ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); - ASSERT_NO_FATAL_FAILURE(s.close()); + // Start with three short intervals of playback for entry1. + for (int i = 0; i < kPlaybackCount; i++) { + ASSERT_NO_FATAL_FAILURE(entry1.TestDecryptCTR()); + wvcdm::TestSleep::Sleep(kShortSleep); + ASSERT_NO_FATAL_FAILURE(entry1.TestDecryptCTR()); + } - // Rollback the wall clock time. cout << "Rolling the system time back..." << endl; + ASSERT_TRUE(wvcdm::TestSleep::RollbackSystemTime(kRollBackTime)); + + // Three more short intervals of playback after the rollback. + for (int i = 0; i < kPlaybackCount; i++) { + ASSERT_NO_FATAL_FAILURE(entry1.TestDecryptCTR()); + wvcdm::TestSleep::Sleep(kShortSleep); + ASSERT_NO_FATAL_FAILURE(entry1.TestDecryptCTR()); + } + + // One short interval of sleep to push us past the 6 interval duration. + wvcdm::TestSleep::Sleep(2 * kShortSleep); + + // Should not be able to continue playback in entry1. ASSERT_NO_FATAL_FAILURE( - SetWallTimeDelta(-static_cast(kLongDuration) * 10)); - - // Try to playback again. - ASSERT_NO_FATAL_FAILURE(entry.OpenAndReload(this)); - const auto third_decrypt_monotonic = monotonic_clock.now(); - ASSERT_NO_FATAL_FAILURE(entry.TestDecryptCTR()); - ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); - ASSERT_NO_FATAL_FAILURE(s.close()); - Test_PST_Report expected(entry.pst(), kActive); - - // Restore wall clock to its original position to verify that OEMCrypto does - // not report negative times. - const auto test_duration = third_decrypt_monotonic - first_decrypt_monotonic; - cout << "Rolling the system time forward to the absolute time..." << endl; + entry1.TestDecryptCTR(false, OEMCrypto_ERROR_KEY_EXPIRED)); + // Should not be able to start playback in entry2. ASSERT_NO_FATAL_FAILURE( - SetWallTimeDelta(test_duration / std::chrono::seconds(1))); - // Need to update time created since the verification checks the time of PST - // report creation. - expected.time_created = UnixTime(wall_clock.now()); + entry2.TestDecryptCTR(true, OEMCrypto_ERROR_KEY_EXPIRED)); - const auto end_time = first_decrypt + test_duration; - ASSERT_NO_FATAL_FAILURE(s.VerifyReport( - expected, UnixTime(loaded), UnixTime(first_decrypt), UnixTime(end_time))); - ASSERT_NO_FATAL_FAILURE(s.close()); + // Now we look at the usage reports: + ASSERT_NO_FATAL_FAILURE(s1.UpdateUsageEntry(&encrypted_usage_header_)); + ASSERT_NO_FATAL_FAILURE(s2.UpdateUsageEntry(&encrypted_usage_header_)); + + ASSERT_NO_FATAL_FAILURE(s1.GenerateReport(entry1.pst())); + wvcdm::Unpacked_PST_Report report1 = s1.pst_report(); + EXPECT_EQ(report1.status(), kActive); + EXPECT_GE(report1.seconds_since_license_received(), kTotalTime); + EXPECT_GE(report1.seconds_since_first_decrypt(), kTotalTime); + + ASSERT_NO_FATAL_FAILURE(s2.GenerateReport(entry2.pst())); + wvcdm::Unpacked_PST_Report report2 = s2.pst_report(); + EXPECT_EQ(report2.status(), kUnused); + EXPECT_GE(report2.seconds_since_license_received(), kTotalTime); } // Verify that a large PST can be used with usage table entries.