widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OEMCrypto v16.2

Browse Source 
Merge from Widevine repo of http://go/wvgerrit/93404

This is the unit tests, reference code, and documentation for
OEMCrypto v16.2. Backwards compatibility should work for a v15
OEMCrypto.

Some review comments will be addressed in future CLs.

Bug: 141247171
Test: Unit tests
Test: Media GTS tests on bonito
Change-Id: I9d427c07580e180c0a4cfdc4a68f538d351c0ddd
This commit is contained in:
Fred Gylys-Colwell
2020-01-18 10:18:50 -08:00
parent 7665614b2e
commit db2050dff1
62 changed files with 2947 additions and 2286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libwvdrmengine/oemcrypto/test/common.mk
View File

@@ -5,6 +5,9 @@ ifeq ($(filter mips mips64, $(TARGET_ARCH)),)
LOCAL_LDFLAGS+=-Wl,--hash-style=both
endif
# The unit tests can access v15 functions through the dynamic adapter:
LOCAL_CFLAGS += -DTEST_OEMCRYPTO_V15
LOCAL_SRC_FILES:= \
oec_device_features.cpp \
oec_decrypt_fallback_chain.cpp \
@@ -43,6 +46,7 @@ LOCAL_SHARED_LIBRARIES := \
libdl \
liblog \
libmedia_omx \
libprotobuf-cpp-lite \
libstagefright_foundation \
libutils \
libz \

7
libwvdrmengine/oemcrypto/test/oec_device_features.cpp
View File

@@ -63,7 +63,6 @@ bool CanChangeTime() {
void DeviceFeatures::Initialize() {
if (initialized_) return;
uses_keybox = false;
uses_certificate = false;
loads_certificate = false;
generic_crypto = false;
usage_table = false;
@@ -100,10 +99,6 @@ void DeviceFeatures::Initialize() {
loads_certificate = false;
}
printf("loads_certificate = %s.\n", loads_certificate ? "true" : "false");
uses_certificate = (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
OEMCrypto_GenerateRSASignature(session, buffer, 0, buffer,
&size, kSign_RSASSA_PSS));
printf("uses_certificate = %s.\n", uses_certificate ? "true" : "false");
generic_crypto =
(OEMCrypto_ERROR_NOT_IMPLEMENTED !=
OEMCrypto_Generic_Encrypt(session, buffer, 0, buffer,
@@ -145,7 +140,6 @@ void DeviceFeatures::Initialize() {
printf("NO_METHOD: Cannot derive known session keys.\n");
// Note: cast_receiver left unchanged because set by user on command line.
uses_keybox = false;
uses_certificate = false;
loads_certificate = false;
generic_crypto = false;
usage_table = false;
@@ -174,7 +168,6 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
std::string filter = initial_filter;
// clang-format off
if (!uses_keybox) FilterOut(&filter, "*KeyboxTest*");
if (!uses_certificate) FilterOut(&filter, "OEMCrypto*Cert*");
if (!loads_certificate) FilterOut(&filter, "OEMCryptoLoadsCert*");
if (!generic_crypto) FilterOut(&filter, "*GenericCrypto*");
if (!cast_receiver) FilterOut(&filter, "*CastReceiver*");

1
libwvdrmengine/oemcrypto/test/oec_device_features.h
View File

@@ -38,7 +38,6 @@ class DeviceFeatures {
enum DeriveMethod derive_key_method;
bool uses_keybox; // Device uses a keybox to derive session keys.
bool uses_certificate; // Device uses a certificate to derive session keys.
bool loads_certificate; // Device can load a certificate from the server.
bool generic_crypto; // Device supports generic crypto.
bool cast_receiver; // Device supports alternate rsa signature padding.

257
libwvdrmengine/oemcrypto/test/oec_session_util.cpp
View File

@@ -19,6 +19,7 @@
#include <stdint.h>
#include <gtest/gtest.h>
#include <algorithm>
#include <iostream>
#include <memory>
#include <string>
@@ -137,26 +138,6 @@ class boringssl_ptr {
CORE_DISALLOW_COPY_AND_ASSIGN(boringssl_ptr);
};
OEMCrypto_Substring GetSubstring(const std::string& message,
const std::string& field, bool set_zero) {
OEMCrypto_Substring substring;
if (set_zero || field.empty() || message.empty()) {
substring.offset = 0;
substring.length = 0;
} else {
size_t pos = message.find(field);
if (pos == std::string::npos) {
LOGW("GetSubstring : Cannot find offset for %s", field.c_str());
substring.offset = 0;
substring.length = 0;
} else {
substring.offset = pos;
substring.length = field.length();
}
}
return substring;
}
Test_PST_Report::Test_PST_Report(const std::string& pst_in,
OEMCrypto_Usage_Entry_Status status_in)
: status(status_in), pst(pst_in) {
@@ -169,23 +150,29 @@ void RoundTrip<CoreRequest, PrepAndSignRequest, CoreResponse,
ResponseData>::SignAndVerifyRequest() {
// In the real world, a message should be signed by the client and
// verified by the server. This simulates that.
vector<uint8_t> data(message_size_);
for (size_t i = 0; i < data.size(); i++) data[i] = i & 0xFF;
OEMCryptoResult sts;
size_t gen_signature_length = 0;
size_t core_message_length = 0;
sts =
constexpr size_t small_size = 42; // arbitrary.
size_t message_size =
std::max(required_message_size_, core_message_length + small_size);
vector<uint8_t> data(message_size, 0);
for (size_t i = 0; i < data.size(); i++) data[i] = i & 0xFF;
ASSERT_EQ(
PrepAndSignRequest(session()->session_id(), data.data(), data.size(),
&core_message_length, nullptr, &gen_signature_length);
ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts);
// If this fails, either the test needs to be modified, or the core message is
// very very large.
ASSERT_LT(core_message_length, message_size_);
&core_message_length, nullptr, &gen_signature_length),
OEMCrypto_ERROR_SHORT_BUFFER);
// Make the message buffer a little bigger than the core message, or the
// required size, whichever is larger.
message_size =
std::max(required_message_size_, core_message_length + small_size);
data.resize(message_size);
for (size_t i = 0; i < data.size(); i++) data[i] = i & 0xFF;
vector<uint8_t> gen_signature(gen_signature_length);
sts = PrepAndSignRequest(session()->session_id(), data.data(), data.size(),
&core_message_length, gen_signature.data(),
&gen_signature_length);
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
ASSERT_EQ(PrepAndSignRequest(session()->session_id(), data.data(),
data.size(), &core_message_length,
gen_signature.data(), &gen_signature_length),
OEMCrypto_SUCCESS);
if (global_features.api_version >= kCoreMessagesAPI) {
ASSERT_GT(data.size(), core_message_length);
std::string core_message(reinterpret_cast<char*>(data.data()),
@@ -247,7 +234,7 @@ void ProvisioningRoundTrip::FillAndVerifyCoreRequest(
EXPECT_TRUE(
oemcrypto_core_message::deserialize::CoreProvisioningRequestFromMessage(
core_message_string, &core_request_));
EXPECT_EQ(global_features.api_version, core_request_.api_version);
EXPECT_EQ(global_features.api_version, core_request_.api_major_version);
EXPECT_EQ(session()->nonce(), core_request_.nonce);
EXPECT_EQ(session()->session_id(), core_request_.session_id);
size_t device_id_length = core_request_.device_id.size();
@@ -282,7 +269,7 @@ void ProvisioningRoundTrip::CreateDefaultResponse() {
} else {
response_data_.enc_message_key_length = 0;
}
core_response_.key_type = OEMCrypto_Supports_RSA_2048bit;
core_response_.key_type = OEMCrypto_RSA_Private_Key;
core_response_.enc_private_key =
FindSubstring(response_data_.rsa_key, response_data_.rsa_key_length);
core_response_.enc_private_key_iv = FindSubstring(
@@ -296,12 +283,20 @@ void ProvisioningRoundTrip::EncryptAndSignResponse() {
&encrypted_response_data_);
core_response_.enc_private_key.length =
encrypted_response_data_.rsa_key_length;
ASSERT_TRUE(oemcrypto_core_message::serialize::CreateCoreProvisioningResponse(
core_response_, core_request_, &serialized_core_message_));
if (global_features.api_version >= kCoreMessagesAPI) {
ASSERT_TRUE(
oemcrypto_core_message::serialize::CreateCoreProvisioningResponse(
core_response_, core_request_, &serialized_core_message_));
}
// Make the message buffer a just big enough, or the
// required size, whichever is larger.
const size_t message_size =
std::max(required_message_size_, serialized_core_message_.size() +
sizeof(encrypted_response_data_));
// Stripe the encrypted message.
encrypted_response_.resize(message_size_);
encrypted_response_.resize(message_size);
for (size_t i = 0; i < encrypted_response_.size(); i++) {
encrypted_response_[i] = i % 0x100;
encrypted_response_[i] = i & 0xFF;
}
ASSERT_GE(encrypted_response_.size(), serialized_core_message_.size());
memcpy(encrypted_response_.data(), serialized_core_message_.data(),
@@ -322,19 +317,83 @@ void ProvisioningRoundTrip::EncryptAndSignResponse() {
OEMCryptoResult ProvisioningRoundTrip::LoadResponse(Session* session) {
EXPECT_NE(session, nullptr);
size_t wrapped_key_length = 0;
const OEMCryptoResult sts = OEMCrypto_LoadProvisioning(
session->session_id(), encrypted_response_.data(),
encrypted_response_.size(), serialized_core_message_.size(),
response_signature_.data(), response_signature_.size(), nullptr,
&wrapped_key_length);
const OEMCryptoResult sts = LoadResponseNoRetry(session, &wrapped_key_length);
if (sts != OEMCrypto_ERROR_SHORT_BUFFER) return sts;
wrapped_rsa_key_.clear();
wrapped_rsa_key_.assign(wrapped_key_length, 0);
return OEMCrypto_LoadProvisioning(
session->session_id(), encrypted_response_.data(),
encrypted_response_.size(), serialized_core_message_.size(),
response_signature_.data(), response_signature_.size(),
wrapped_rsa_key_.data(), &wrapped_key_length);
return LoadResponseNoRetry(session, &wrapped_key_length);
}
#ifdef TEST_OEMCRYPTO_V15
// If this platform supports v15 functions, then will test with them:
# define OEMCrypto_RewrapDeviceRSAKey_V15 OEMCrypto_RewrapDeviceRSAKey
# define OEMCrypto_RewrapDeviceRSAKey30_V15 OEMCrypto_RewrapDeviceRSAKey30
#else
// If this platform does not support v15 functions, we just need to stub these
// out so that the tests compile.
OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey30_V15(
OEMCrypto_SESSION session, const uint32_t* unaligned_nonce,
const uint8_t* encrypted_message_key, size_t encrypted_message_key_length,
const uint8_t* enc_rsa_key, size_t enc_rsa_key_length,
const uint8_t* enc_rsa_key_iv, uint8_t* wrapped_rsa_key,
size_t* wrapped_rsa_key_length) {
LOGE("Support for v15 functions not included. Define TEST_OEMCRYPTO_V15.");
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey_V15(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length,
const uint32_t* unaligned_nonce, const uint8_t* enc_rsa_key,
size_t enc_rsa_key_length, const uint8_t* enc_rsa_key_iv,
uint8_t* wrapped_rsa_key, size_t* wrapped_rsa_key_length) {
LOGE("Support for v15 functions not included. Define TEST_OEMCRYPTO_V15.");
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
#endif
template <typename T>
const T* ProvisioningRoundTrip::RemapPointer(const T* response_pointer) const {
const uint8_t* original_pointer =
reinterpret_cast<const uint8_t*>(response_pointer);
size_t delta =
original_pointer - reinterpret_cast<const uint8_t*>(&response_data_);
// Base offset should be 0 if this is a v15 message, which is the only time
// this function is called.
size_t base_offset = serialized_core_message_.size();
const uint8_t* new_pointer = encrypted_response_.data() + delta + base_offset;
return reinterpret_cast<const T*>(new_pointer);
}
OEMCryptoResult ProvisioningRoundTrip::LoadResponseNoRetry(
Session* session, size_t* wrapped_key_length) {
EXPECT_NE(session, nullptr);
if (global_features.api_version >= kCoreMessagesAPI) {
return OEMCrypto_LoadProvisioning(
session->session_id(), encrypted_response_.data(),
encrypted_response_.size(), serialized_core_message_.size(),
response_signature_.data(), response_signature_.size(),
wrapped_rsa_key_.data(), wrapped_key_length);
} else if (global_features.provisioning_method == OEMCrypto_Keybox) {
return OEMCrypto_RewrapDeviceRSAKey_V15(
session->session_id(), encrypted_response_.data(),
encrypted_response_.size(), response_signature_.data(),
response_signature_.size(), RemapPointer(&response_data_.nonce),
RemapPointer(response_data_.rsa_key),
encrypted_response_data_.rsa_key_length,
RemapPointer(response_data_.rsa_key_iv), wrapped_rsa_key_.data(),
wrapped_key_length);
} else {
return OEMCrypto_RewrapDeviceRSAKey30_V15(
session->session_id(), &encrypted_response_data_.nonce,
RemapPointer(response_data_.enc_message_key),
response_data_.enc_message_key_length,
RemapPointer(response_data_.rsa_key),
encrypted_response_data_.rsa_key_length,
RemapPointer(response_data_.rsa_key_iv), wrapped_rsa_key_.data(),
wrapped_key_length);
}
}
void ProvisioningRoundTrip::VerifyLoadFailed() {
@@ -346,10 +405,17 @@ void ProvisioningRoundTrip::VerifyLoadFailed() {
void LicenseRoundTrip::VerifyRequestSignature(
const vector<uint8_t>& data, const vector<uint8_t>& generated_signature,
size_t core_message_length) {
std::vector<uint8_t> subdata(data.begin() + core_message_length, data.end());
const std::vector<uint8_t> subdata(data.begin() + core_message_length,
data.end());
session()->VerifyRSASignature(subdata, generated_signature.data(),
generated_signature.size(), kSign_RSASSA_PSS);
SHA256(data.data(), core_message_length, core_response_.request_hash);
SHA256(data.data(), core_message_length, request_hash_);
// If the api version was not set by the test, then we record the api version
// from the request. Also, if the api was set to be higher than oemcrypto
// supports, then we lower it. This version will be used in the response.
if (api_version_ == 0) api_version_ = core_request_.api_major_version;
if (api_version_ > global_features.api_version)
api_version_ = global_features.api_version;
}
void LicenseRoundTrip::FillAndVerifyCoreRequest(
@@ -357,12 +423,16 @@ void LicenseRoundTrip::FillAndVerifyCoreRequest(
EXPECT_TRUE(
oemcrypto_core_message::deserialize::CoreLicenseRequestFromMessage(
core_message_string, &core_request_));
EXPECT_EQ(global_features.api_version, core_request_.api_version);
EXPECT_EQ(global_features.api_version, core_request_.api_major_version);
// If we are testing the latest OEMCrypto version, make sure it is built with
// the latest ODK version, too:
if (global_features.api_version == ODK_MAJOR_VERSION) {
EXPECT_EQ(ODK_MINOR_VERSION, core_request_.api_minor_version);
}
if (expect_request_has_correct_nonce_) {
EXPECT_EQ(session()->nonce(), core_request_.nonce);
}
EXPECT_EQ(session()->session_id(), core_request_.session_id);
if (api_version_ == 0) api_version_ = core_request_.api_version;
}
void LicenseRoundTrip::CreateDefaultResponse() {
@@ -371,10 +441,12 @@ void LicenseRoundTrip::CreateDefaultResponse() {
memset(response_data_.padding, 0, sizeof(response_data_.padding));
EXPECT_EQ(1, GetRandBytes(response_data_.mac_keys,
sizeof(response_data_.mac_keys)));
// For backwards compatibility, we use the license duration for each key's
// duration.
uint32_t duration = static_cast<uint32_t>(
core_response_.timer_limits.license_duration_seconds);
// For backwards compatibility, we use the largest limit in timer_limits for
// each key's duration.
uint32_t key_duration = static_cast<uint32_t>(
std::max({core_response_.timer_limits.rental_duration_seconds,
core_response_.timer_limits.total_playback_duration_seconds,
core_response_.timer_limits.initial_renewal_duration_seconds}));
// The key data for an entitlement license is an AES-256 key, otherwise the
// default is an AES_128 key.
uint32_t default_key_size =
@@ -393,7 +465,7 @@ void LicenseRoundTrip::CreateDefaultResponse() {
sizeof(response_data_.keys[i].control_iv)));
std::string kcVersion = "kc" + std::to_string(api_version_);
memcpy(response_data_.keys[i].control.verification, kcVersion.c_str(), 4);
response_data_.keys[i].control.duration = htonl(duration);
response_data_.keys[i].control.duration = htonl(key_duration);
response_data_.keys[i].control.nonce = htonl(session_->nonce());
response_data_.keys[i].control.control_bits = htonl(control_);
response_data_.keys[i].cipher_mode = OEMCrypto_CipherMode_CTR;
@@ -493,12 +565,20 @@ void LicenseRoundTrip::EncryptAndSignResponse() {
if (api_version_ < kCoreMessagesAPI) {
serialized_core_message_.resize(0);
} else {
std::string request_hash_string(
reinterpret_cast<const char*>(request_hash_), sizeof(request_hash_));
ASSERT_TRUE(oemcrypto_core_message::serialize::CreateCoreLicenseResponse(
core_response_, core_request_, &serialized_core_message_));
core_response_, core_request_, request_hash_string,
&serialized_core_message_));
}
// Make the message buffer a just big enough, or the
// required size, whichever is larger.
const size_t message_size =
std::max(required_message_size_, serialized_core_message_.size() +
sizeof(encrypted_response_data_));
// Stripe the encrypted message.
encrypted_response_.resize(message_size_);
encrypted_response_.resize(message_size);
for (size_t i = 0; i < encrypted_response_.size(); i++) {
encrypted_response_[i] = i % 0x100;
}
@@ -522,15 +602,19 @@ void LicenseRoundTrip::EncryptAndSignResponse() {
OEMCryptoResult LicenseRoundTrip::LoadResponse(Session* session) {
EXPECT_NE(session, nullptr);
// Some tests adjust the offset to be beyond the length of the message. Here,
// we create a duplicate of the message buffer so that these offsets do not
// point to garbage data. The goal is to make sure OEMCrypto is verifying that
// the offset points outside of the message -- we don't want OEMCrypto to look
// at what offset points to and return an error if the data is garbage. Since
// the memory after the message buffer is an exact copy of the message, we can
// increment the offset by the message size and get valid data.
// we create a duplicate of the main message buffer so that these offsets do
// not point to garbage data. The goal is to make sure OEMCrypto is verifying
// that the offset points outside of the message -- we don't want OEMCrypto to
// look at what offset points to and return an error if the data is
// garbage. Since the memory after the message buffer is an exact copy of the
// message, we can increment the offset by the message size and get valid
// data.
std::vector<uint8_t> double_message = encrypted_response_;
double_message.insert(double_message.end(), encrypted_response_.begin(),
encrypted_response_.end());
double_message.insert(
double_message.end(),
reinterpret_cast<const uint8_t*>(&encrypted_response_data_),
reinterpret_cast<const uint8_t*>(&encrypted_response_data_) +
sizeof(encrypted_response_data_));
OEMCryptoResult result;
if (api_version_ < kCoreMessagesAPI) {
result = OEMCrypto_LoadKeys(
@@ -584,11 +668,9 @@ void LicenseRoundTrip::VerifyTestKeys() {
if (sts != OEMCrypto_ERROR_NOT_IMPLEMENTED) {
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
ASSERT_EQ(sizeof(block), size);
// control duration and bits stored in network byte order. For printing
// Note: we do not assume that duration is stored with each key after v16.
// control bits stored in network byte order. For printing
// we change to host byte order.
ASSERT_EQ(htonl_fnc(response_data_.keys[i].control.duration),
htonl_fnc(block.duration))
<< "For key " << i;
ASSERT_EQ(htonl_fnc(response_data_.keys[i].control.control_bits),
htonl_fnc(block.control_bits))
<< "For key " << i;
@@ -758,8 +840,8 @@ void RenewalRoundTrip::FillAndVerifyCoreRequest(
EXPECT_TRUE(
oemcrypto_core_message::deserialize::CoreRenewalRequestFromMessage(
core_message_string, &core_request_));
EXPECT_EQ(license_messages_->core_request().api_version,
core_request_.api_version);
EXPECT_EQ(license_messages_->core_request().api_major_version,
core_request_.api_major_version);
if (!is_release_) {
// For a license release, we do not expect the nonce to be correct. That
// is because a release might be sent without loading the license first.
@@ -786,12 +868,17 @@ void RenewalRoundTrip::CreateDefaultResponse() {
constexpr size_t index = 0;
response_data_.keys[index].key_id_length = 0;
response_data_.keys[index].key_id[0] = '\0';
std::string kcVersion = "kc" + std::to_string(core_request_.api_version);
std::string kcVersion =
"kc" + std::to_string(core_request_.api_major_version);
if (global_features.api_version < kCoreMessagesAPI) {
// For v15 or earlier devices, we use the api of the device.
kcVersion = "kc" + std::to_string(global_features.api_version);
}
memcpy(response_data_.keys[index].control.verification, kcVersion.c_str(),
4);
const uint32_t duration = static_cast<uint32_t>(
license_messages_->core_response()
.timer_limits.renewal_playback_duration_seconds);
.timer_limits.initial_renewal_duration_seconds);
response_data_.keys[index].control.duration = htonl(duration);
response_data_.keys[index].control.nonce = htonl(nonce);
response_data_.keys[index].control.control_bits = htonl(control);
@@ -801,12 +888,6 @@ void RenewalRoundTrip::CreateDefaultResponse() {
void RenewalRoundTrip::EncryptAndSignResponse() {
// Renewal messages are not encrypted.
encrypted_response_data_ = response_data_;
// Stripe the encrypted message.
encrypted_response_.resize(message_size_);
for (size_t i = 0; i < encrypted_response_.size(); i++) {
encrypted_response_[i] = i % 0x100;
}
// Either create a KeyRefreshObject for a call to RefreshKeys or a core
// response for a call to LoadRenewal.
if (license_messages_->api_version() < kCoreMessagesAPI) {
@@ -818,7 +899,17 @@ void RenewalRoundTrip::EncryptAndSignResponse() {
serialized_core_message_.resize(0);
} else {
ASSERT_TRUE(oemcrypto_core_message::serialize::CreateCoreRenewalResponse(
core_request_, &serialized_core_message_));
core_request_, renewal_duration_seconds_, &serialized_core_message_));
}
// Make the message buffer a just big enough, or the
// required size, whichever is larger.
const size_t message_size =
std::max(required_message_size_, serialized_core_message_.size() +
sizeof(encrypted_response_data_));
// Stripe the encrypted message.
encrypted_response_.resize(message_size);
for (size_t i = 0; i < encrypted_response_.size(); i++) {
encrypted_response_[i] = i % 0x100;
}
// Concatenate the core message and the response.
ASSERT_GE(kMaxCoreMessage, serialized_core_message_.size());

39
libwvdrmengine/oemcrypto/test/oec_session_util.h
View File

@@ -133,13 +133,6 @@ uint32_t htonl_fnc(uint32_t x);
// Prints error string from BoringSSL
void dump_boringssl_error();
// Given a message and field, returns an OEMCrypto_Substring with the field's
// offset into the message and its length. If |set_zero| is true, both the
// offset and length will be zero.
OEMCrypto_Substring GetSubstring(const std::string& message = "",
const std::string& field = "",
bool set_zero = false);
class Session;
// The prototype of the OEMCrypto function to prepare and sign a request.
typedef OEMCryptoResult (*PrepAndSignRequest_t)(
@@ -159,7 +152,7 @@ class RoundTrip {
core_response_(),
response_data_(),
encrypted_response_data_(),
message_size_(sizeof(ResponseData) + kMaxCoreMessage){};
required_message_size_(0) {}
virtual ~RoundTrip() {}
// Have OEMCrypto sign a request message and then verify the signature and the
@@ -190,9 +183,7 @@ class RoundTrip {
}
// Set the size of the buffer used the encrypted license.
void set_message_size(size_t size) { message_size_ = size; }
// The size of the encrypted message.
size_t message_size() { return message_size_; }
void set_message_size(size_t size) { required_message_size_ = size; }
std::vector<uint8_t>& response_signature() { return response_signature_; }
const std::string& serialized_core_message() const {
return serialized_core_message_;
@@ -218,7 +209,9 @@ class RoundTrip {
CoreRequest core_request_;
CoreResponse core_response_;
ResponseData response_data_, encrypted_response_data_;
size_t message_size_; // How much of the padded message to use.
// Message buffers will be at least this big. Tests for loading and signing
// messages will increase all buffers to this size.
size_t required_message_size_;
std::vector<uint8_t> response_signature_;
std::string serialized_core_message_;
std::vector<uint8_t> encrypted_response_;
@@ -257,6 +250,15 @@ class ProvisioningRoundTrip
// Verify the values of the core response.
virtual void FillAndVerifyCoreRequest(
const std::string& core_message_string) override;
// Load the response, without the retry. Called by LoadResponse.
OEMCryptoResult LoadResponseNoRetry(Session* session,
size_t* wrapped_key_length);
// This takes a pointer in the response_data_ and remaps it to the same
// pointer within the encrypted message. This is used for backwards
// compatibliity testing, so that a v15 oemcrypto will accept range checks.
template <typename T>
const T* RemapPointer(const T* response_pointer) const;
uint32_t allowed_schemes_;
Encryptor encryptor_;
// The message key used for Prov 3.0.
@@ -317,7 +319,7 @@ class LicenseRoundTrip
}
// Change the hash of the core request. This should cause the response to be
// rejected.
void BreakRequestHash() { core_response_.request_hash[3] ^= 42; }
void BreakRequestHash() { request_hash_[3] ^= 42; }
// Set the API version for the license itself. This will be used in
// CreateDefaultResponse.
void set_api_version(uint32_t api_version) { api_version_ = api_version; }
@@ -363,6 +365,7 @@ class LicenseRoundTrip
// Whether this is a content license or an entitlement license. Used in
// CreateDefaultResponse.
OEMCrypto_LicenseType license_type_;
uint8_t request_hash_[ODK_SHA256_HASH_SIZE];
};
class RenewalRoundTrip
@@ -377,11 +380,20 @@ class RenewalRoundTrip
: RoundTrip(license_messages->session()),
license_messages_(license_messages),
refresh_object_(),
renewal_duration_seconds_(
license_messages->core_response()
.timer_limits.initial_renewal_duration_seconds),
is_release_(false) {}
void CreateDefaultResponse() override;
void EncryptAndSignResponse() override;
OEMCryptoResult LoadResponse() override { return LoadResponse(session_); }
OEMCryptoResult LoadResponse(Session* session) override;
uint64_t renewal_duration_seconds() const {
return renewal_duration_seconds_;
}
void set_renewal_duration_seconds(uint64_t renewal_duration_seconds) {
renewal_duration_seconds_ = renewal_duration_seconds;
}
void set_is_release(bool is_release) { is_release_ = is_release; }
protected:
@@ -393,6 +405,7 @@ class RenewalRoundTrip
const std::string& core_message_string) override;
LicenseRoundTrip* license_messages_;
OEMCrypto_KeyRefreshObject refresh_object_;
uint64_t renewal_duration_seconds_;
bool is_release_; // If this is a license release, and not a real renewal.
};

1
libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp
View File

@@ -71,7 +71,6 @@ void SessionUtil::EnsureTestKeys() {
// This makes sure that the derived keys (encryption key and two mac keys)
// are installed in OEMCrypto and in the test session.
void SessionUtil::InstallTestRSAKey(Session* s) {
ASSERT_TRUE(global_features.uses_certificate);
if (global_features.loads_certificate) {
if (wrapped_rsa_key_.size() == 0) {
// If we don't have a wrapped key yet, create one.

113
libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
View File

@@ -875,7 +875,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithNonce) {
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
}
// Verify that a second license may be not be loaded in a session.
// Verify that a second license may not be loaded in a session.
TEST_P(OEMCryptoLicenseTest, LoadKeyNoNonceTwiceAPI16) {
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
license_messages_.set_control(0);
@@ -886,8 +886,8 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyNoNonceTwiceAPI16) {
ASSERT_EQ(OEMCrypto_ERROR_LICENSE_RELOAD, license_messages_.LoadResponse());
}
// Verify that a second license may be not be loaded in a session.
TEST_P(OEMCryptoLicenseTest, LoadKeyWithNonceTwice) {
// Verify that a second license may not be loaded in a session.
TEST_P(OEMCryptoLicenseTest, LoadKeyWithNonceTwiceAPI16) {
ASSERT_NO_FATAL_FAILURE(session_.GenerateNonce());
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
@@ -985,7 +985,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithBadRange_enc_mac_keys) {
// See the comment in LicenseRoundTrip::LoadResponse for why we increment by
// the message size.
license_messages_.core_response().enc_mac_keys.offset +=
license_messages_.message_size();
sizeof(license_messages_.response_data());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
}
@@ -997,7 +997,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithBadRange_enc_mac_keys_iv) {
// See the comment in LicenseRoundTrip::LoadResponse for why we increment by
// the message size.
license_messages_.core_response().enc_mac_keys_iv.offset +=
license_messages_.message_size();
sizeof(license_messages_.response_data());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
}
@@ -1009,7 +1009,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithBadRange_key_id) {
// See the comment in LicenseRoundTrip::LoadResponse for why we increment by
// the message size.
license_messages_.core_response().key_array[0].key_id.offset +=
license_messages_.message_size();
sizeof(license_messages_.response_data());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
}
@@ -1021,7 +1021,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithBadRange_key_data) {
// See the comment in LicenseRoundTrip::LoadResponse for why we increment by
// the message size.
license_messages_.core_response().key_array[1].key_data.offset +=
license_messages_.message_size();
sizeof(license_messages_.response_data());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
}
@@ -1033,7 +1033,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithBadRange_key_data_iv) {
// See the comment in LicenseRoundTrip::LoadResponse for why we increment by
// the message size.
license_messages_.core_response().key_array[1].key_data_iv.offset +=
license_messages_.message_size();
sizeof(license_messages_.response_data());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
}
@@ -1045,7 +1045,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithBadRange_key_control) {
// See the comment in LicenseRoundTrip::LoadResponse for why we increment by
// the message size.
license_messages_.core_response().key_array[2].key_control.offset +=
license_messages_.message_size();
sizeof(license_messages_.response_data());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
}
@@ -1057,7 +1057,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithBadRange_key_control_iv) {
// See the comment in LicenseRoundTrip::LoadResponse for why we increment by
// the message size.
license_messages_.core_response().key_array[2].key_control_iv.offset +=
license_messages_.message_size();
sizeof(license_messages_.response_data());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
}
@@ -1071,7 +1071,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithBadRange_pst) {
// See the comment in LicenseRoundTrip::LoadResponse for why we increment by
// the message size.
license_messages_.core_response().pst.offset +=
license_messages_.message_size();
sizeof(license_messages_.response_data());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
// If we have a pst, then we need a usage entry.
ASSERT_NO_FATAL_FAILURE(session_.CreateNewUsageEntry());
@@ -1081,7 +1081,8 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithBadRange_pst) {
//---------------------------------------------------------------------------//
// The IV should not be identical to the data right before the encrypted mac
// keys.
// keys. This requirement was added in 15.2, so it frequently fails on
// production devices.
TEST_F(OEMCryptoLicenseTestAPI15, LoadKeyWithSuspiciousIV) {
ASSERT_NO_FATAL_FAILURE(session_.GenerateNonce());
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
@@ -1272,7 +1273,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyUnalignedMessageAPI16) {
ASSERT_EQ(OEMCrypto_SUCCESS,
OEMCrypto_LoadLicense(
session_.session_id(), unaligned_message,
license_messages_.message_size(),
license_messages_.encrypted_response_buffer().size(),
license_messages_.serialized_core_message().size(),
license_messages_.response_signature().data(),
license_messages_.response_signature().size()));
@@ -1293,6 +1294,10 @@ TEST_P(OEMCryptoLicenseTest, LoadLicenseAgainFailureAPI16) {
TEST_P(OEMCryptoLicenseTestRangeAPI, LoadKeys) {
ASSERT_NO_FATAL_FAILURE(session_.GenerateNonce());
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
// Re-set the API version. The function VerifyRequestSignature sets the api to
// be a sane value. But in this test, we want to verify an unsupported version
// is rejected.
license_messages_.set_api_version(license_api_version_);
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
@@ -1626,6 +1631,7 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) {
ASSERT_NO_FATAL_FAILURE(license_messages.SignAndVerifyRequest());
ASSERT_NO_FATAL_FAILURE(license_messages.CreateDefaultResponse());
ASSERT_NO_FATAL_FAILURE(license_messages.EncryptAndSignResponse());
EXPECT_EQ(global_features.api_version, license_messages.api_version());
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages.LoadResponse());
}
// Reject any future patch levels.
@@ -1716,22 +1722,16 @@ class OEMCryptoRefreshTest : public OEMCryptoLicenseTest {
// playback right away. All times are in seconds since the license was
// signed.
// Soft expiry false means timers are strictly enforce.
timer_limits_.soft_expiry = false;
timer_limits_.soft_enforce_rental_duration = true;
timer_limits_.soft_enforce_playback_duration = false;
// Playback may begin immediately.
timer_limits_.earliest_playback_start_seconds = 0;
// First playback may be within the first two seconds.
timer_limits_.latest_playback_start_seconds = kDuration;
timer_limits_.rental_duration_seconds = kDuration;
// Once started, playback may last two seconds without a renewal.
timer_limits_.initial_playback_duration_seconds = kDuration;
// Playback may continue for four seconds after a renewal is loaded.
timer_limits_.renewal_playback_duration_seconds = 2 * kDuration;
if (license_api_version_ < kCoreMessagesAPI) {
// For legacy licenses, only license duration is enforced.
timer_limits_.license_duration_seconds = kDuration;
} else {
// Total playback is not limited.
timer_limits_.license_duration_seconds = 0;
}
timer_limits_.initial_renewal_duration_seconds = kDuration;
// Total playback is not limited.
timer_limits_.total_playback_duration_seconds = 0;
}
void LoadLicense() {
@@ -1902,8 +1902,8 @@ TEST_P(OEMCryptoLicenseTest, HashForbiddenAPI15) {
TEST_P(OEMCryptoLicenseTest, Decrypt) {
ASSERT_NO_FATAL_FAILURE(session_.GenerateNonce());
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
license_messages_.core_response().timer_limits.license_duration_seconds =
kDuration;
license_messages_.core_response()
.timer_limits.total_playback_duration_seconds = kDuration;
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
@@ -1914,7 +1914,8 @@ TEST_P(OEMCryptoLicenseTest, Decrypt) {
TEST_P(OEMCryptoLicenseTest, DecryptZeroDuration) {
ASSERT_NO_FATAL_FAILURE(session_.GenerateNonce());
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
license_messages_.core_response().timer_limits.license_duration_seconds = 0;
license_messages_.core_response()
.timer_limits.total_playback_duration_seconds = 0;
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
@@ -2179,8 +2180,8 @@ class OEMCryptoSessionTestsDecryptTests
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
license_messages_.core_response().timer_limits.license_duration_seconds =
kDuration;
license_messages_.core_response()
.timer_limits.initial_renewal_duration_seconds = kDuration;
memcpy(license_messages_.response_data().keys[0].key_data, key_,
sizeof(key_));
license_messages_.response_data().keys[0].cipher_mode = cipher_mode_;
@@ -2424,7 +2425,7 @@ TEST_P(OEMCryptoSessionTestsDecryptTests, PartialBlock) {
//
// 1) The maximum total sample size
// 2) The maximum number of subsamples multiplied by the maximum subsample size
TEST_P(OEMCryptoSessionTestsDecryptTests, DecryptMaxSample) {
TEST_P(OEMCryptoSessionTestsDecryptTests, DecryptMaxSampleAPI16) {
const size_t max_sample_size = GetResourceValue(kMaxSampleSize);
const size_t max_subsample_size = GetResourceValue(kMaxSubsampleSize);
const size_t max_num_subsamples = GetResourceValue(kMaxNumberSubsamples);
@@ -2589,8 +2590,8 @@ TEST_P(OEMCryptoLicenseTest, DecryptNoAnalogToClearAPI13) {
TEST_P(OEMCryptoLicenseTest, KeyDuration) {
ASSERT_NO_FATAL_FAILURE(session_.GenerateNonce());
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
license_messages_.core_response().timer_limits.license_duration_seconds =
kDuration;
license_messages_.core_response()
.timer_limits.total_playback_duration_seconds = kDuration;
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
@@ -2669,14 +2670,14 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvision) {
// Verify that RewrapDeviceRSAKey checks pointers are within the provisioning
// message.
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1_API16) {
Session s;
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
provisioning_messages.PrepareSession(keybox_);
ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
provisioning_messages.core_response().enc_private_key.offset =
provisioning_messages.message_size() + 1;
provisioning_messages.encrypted_response_buffer().size() + 1;
ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
provisioning_messages.VerifyLoadFailed();
@@ -2684,14 +2685,14 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1) {
// Verify that RewrapDeviceRSAKey checks pointers are within the provisioning
// message.
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2_API16) {
Session s;
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
provisioning_messages.PrepareSession(keybox_);
ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
provisioning_messages.core_response().enc_private_key_iv.offset =
provisioning_messages.message_size() + 1;
provisioning_messages.encrypted_response_buffer().size() + 1;
ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
provisioning_messages.VerifyLoadFailed();
@@ -2699,7 +2700,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2) {
// Verify that RewrapDeviceRSAKey checks pointers are within the provisioning
// message.
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3_API16) {
Session s;
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
provisioning_messages.PrepareSession(keybox_);
@@ -2708,7 +2709,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3) {
// If the offset is before the end, but the offset+length is bigger, then
// the message should be rejected.
provisioning_messages.core_response().enc_private_key.offset =
provisioning_messages.message_size() - 5;
provisioning_messages.encrypted_response_buffer().size() - 5;
ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
provisioning_messages.VerifyLoadFailed();
@@ -2716,7 +2717,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3) {
// Verify that RewrapDeviceRSAKey checks pointers are within the provisioning
// message.
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4_API16) {
Session s;
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
provisioning_messages.PrepareSession(keybox_);
@@ -2725,7 +2726,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4) {
// If the offset is before the end, but the offset+length is bigger, then
// the message should be rejected.
provisioning_messages.core_response().enc_private_key_iv.offset =
provisioning_messages.message_size() - 5;
provisioning_messages.encrypted_response_buffer().size() - 5;
ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
provisioning_messages.VerifyLoadFailed();
@@ -2733,7 +2734,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4) {
// Verify that RewrapDeviceRSAKey checks pointers are within the provisioning
// message.
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange5Prov30) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange5Prov30_API16) {
Session s;
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
provisioning_messages.PrepareSession(keybox_);
@@ -2742,7 +2743,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange5Prov30) {
// If the offset is before the end, but the offset+length is bigger, then
// the message should be rejected.
provisioning_messages.core_response().encrypted_message_key.offset =
provisioning_messages.message_size() + 1;
provisioning_messages.encrypted_response_buffer().size() + 1;
ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
provisioning_messages.VerifyLoadFailed();
@@ -2764,7 +2765,7 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadSignatureKeyboxTest) {
}
// Test that RewrapDeviceRSAKey verifies the nonce is current.
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadNonce) {
TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadNonce_API16) {
Session s;
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
provisioning_messages.PrepareSession(keybox_);
@@ -3199,7 +3200,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, DisallowForbiddenPaddingAPI09) {
// The alternate padding is only required for cast receivers, but if a device
// does load an alternate certificate, it should NOT use it for generating
// a license request signature.
TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) {
TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1_API16) {
// Try to load an RSA key with alternative padding schemes. This signing
// scheme is used by cast receivers.
LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
@@ -4587,8 +4588,8 @@ TEST_P(OEMCryptoGenericCryptoTest, GenericKeyVerifyLargeBuffer) {
// Test Generic_Encrypt when the key duration has expired.
TEST_P(OEMCryptoGenericCryptoTest, KeyDurationEncrypt) {
license_messages_.core_response().timer_limits.license_duration_seconds =
kDuration;
license_messages_.core_response()
.timer_limits.total_playback_duration_seconds = kDuration;
license_messages_.CreateResponseWithGenericCryptoKeys();
EncryptAndLoadKeys();
vector<uint8_t> expected_encrypted;
@@ -4622,8 +4623,8 @@ TEST_P(OEMCryptoGenericCryptoTest, KeyDurationEncrypt) {
// Test Generic_Decrypt when the key duration has expired.
TEST_P(OEMCryptoGenericCryptoTest, KeyDurationDecrypt) {
license_messages_.core_response().timer_limits.license_duration_seconds =
kDuration;
license_messages_.core_response()
.timer_limits.total_playback_duration_seconds = kDuration;
license_messages_.CreateResponseWithGenericCryptoKeys();
EncryptAndLoadKeys();
@@ -4656,8 +4657,8 @@ TEST_P(OEMCryptoGenericCryptoTest, KeyDurationDecrypt) {
// Test Generic_Sign when the key duration has expired.
TEST_P(OEMCryptoGenericCryptoTest, KeyDurationSign) {
license_messages_.core_response().timer_limits.license_duration_seconds =
kDuration;
license_messages_.core_response()
.timer_limits.total_playback_duration_seconds = kDuration;
license_messages_.CreateResponseWithGenericCryptoKeys();
EncryptAndLoadKeys();
@@ -4692,8 +4693,8 @@ TEST_P(OEMCryptoGenericCryptoTest, KeyDurationSign) {
// Test Generic_Verify when the key duration has expired.
TEST_P(OEMCryptoGenericCryptoTest, KeyDurationVerify) {
license_messages_.core_response().timer_limits.license_duration_seconds =
kDuration;
license_messages_.core_response()
.timer_limits.total_playback_duration_seconds = kDuration;
license_messages_.CreateResponseWithGenericCryptoKeys();
EncryptAndLoadKeys();
@@ -4732,8 +4733,8 @@ class OEMCryptoGenericCryptoKeyIdLengthTest
OEMCryptoGenericCryptoTest::SetUp();
license_messages_.set_num_keys(5);
license_messages_.set_control(wvoec::kControlAllowDecrypt);
license_messages_.core_response().timer_limits.license_duration_seconds =
kDuration;
license_messages_.core_response()
.timer_limits.total_playback_duration_seconds = kDuration;
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
SetUniformKeyIdLength(16); // Start with all key ids being 16 bytes.
// But, we are testing that the key ids do not have to have the same length.
@@ -5127,7 +5128,7 @@ TEST_P(OEMCryptoUsageTableTest, OnlineMissingEntry) {
// Sessions should have at most one entry at a time. This tests different
// orderings of CreateNewUsageEntry and LoadUsageEntry calls.
TEST_P(OEMCryptoUsageTableTest, CreateAndLoadMultipleEntries) {
TEST_P(OEMCryptoUsageTableTest, CreateAndLoadMultipleEntriesAPI16) {
// Entry Count: we start each test with an empty header.
uint32_t usage_entry_number;
LicenseWithUsageEntry entry;