diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp index e430061f..7a131d83 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.cpp @@ -11,20 +11,6 @@ using ::testing::Range; namespace wvoec { -// The alternate padding is only required for cast receivers, but all devices -// should forbid the alternate padding for regular certificates. -TEST_F(OEMCryptoLoadsCertificateAlternates, DisallowForbiddenPaddingAPI09) { - // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for - // provisioning 4. Disabled here temporarily. - if (!global_features.loads_certificate || - global_features.provisioning_method == OEMCrypto_BootCertificateChain) { - GTEST_SKIP() << "Test for non Prov 4.0 devices only."; - } - LoadWithAllowedSchemes(kSign_RSASSA_PSS, - true); // Use default padding scheme - DisallowForbiddenPaddingDRMKey(kSign_PKCS1_Block1, 50); -} - // The alternate padding is only required for cast receivers, but if a device // does load an alternate certificate, it should NOT use it for generating // a license request signature. @@ -37,7 +23,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) { } // Try to load an RSA key with alternative padding schemes. This signing // scheme is used by cast receivers. - LoadWithAllowedSchemes(kSign_PKCS1_Block1, false); + LoadCastCertificateKey(false); // If the device is a cast receiver, then this scheme is required. if (global_features.cast_receiver) { ASSERT_TRUE(key_loaded_); @@ -287,7 +273,7 @@ TEST_F(OEMCryptoCastReceiverTest, SupportsCertificatesAPI13) { // # PKCS#1 v1.5 Signature Example 15.1 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_1) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "f45d55f35551e975d6a8dc7ea9f48859" "3940cc75694a278f27e578a163d839b3" @@ -326,7 +312,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_1) { // # PKCS#1 v1.5 Signature Example 15.2 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_2) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "c14b4c6075b2f9aad661def4ecfd3cb9" "33c623f4e63bf53410d2f016d1ab98e2" @@ -361,7 +347,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_2) { // # PKCS#1 v1.5 Signature Example 15.3 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_3) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "d02371ad7ee48bbfdb2763de7a843b94" "08ce5eb5abf847ca3d735986df84e906" @@ -402,7 +388,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_3) { // # PKCS#1 v1.5 Signature Example 15.4 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_4) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "29035584ab7e0226a9ec4b02e8dcf127" "2dc9a41d73e2820007b0f6e21feccd5b" @@ -431,7 +417,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_4) { // # PKCS#1 v1.5 Signature Example 15.5 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_5) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex("bda3a1c79059eae598308d3df609"); vector signature = wvutil::a2b_hex( "a156176cb96777c7fb96105dbd913bc4" @@ -456,7 +442,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_5) { // # PKCS#1 v1.5 Signature Example 15.6 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_6) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "c187915e4e87da81c08ed4356a0cceac" "1c4fb5c046b45281b387ec28f1abfd56" @@ -488,7 +474,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_6) { // # PKCS#1 v1.5 Signature Example 15.7 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_7) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "abfa2ecb7d29bd5bcb9931ce2bad2f74" "383e95683cee11022f08e8e7d0b8fa05" @@ -521,7 +507,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_7) { // # PKCS#1 v1.5 Signature Example 15.8 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_8) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "df4044a89a83e9fcbf1262540ae3038b" "bc90f2b2628bf2a4467ac67722d8546b" @@ -560,7 +546,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_8) { // # PKCS#1 v1.5 Signature Example 15.9 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_9) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "ea941ff06f86c226927fcf0e3b11b087" "2676170c1bfc33bda8e265c77771f9d0" @@ -597,7 +583,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_9) { // # PKCS#1 v1.5 Signature Example 15.10 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_10) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "d8b81645c13cd7ecf5d00ed2c91b9acd" "46c15568e5303c4a9775ede76b48403d" @@ -627,7 +613,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_10) { // # PKCS#1 v1.5 Signature Example 15.11 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_11) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "e5739b6c14c92d510d95b826933337ff" "0d24ef721ac4ef64c2bad264be8b44ef" @@ -661,7 +647,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_11) { // # PKCS#1 v1.5 Signature Example 15.12 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_12) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "7af42835917a88d6b3c6716ba2f5b0d5" "b20bd4e2e6e574e06af1eef7c81131be" @@ -702,7 +688,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_12) { // # PKCS#1 v1.5 Signature Example 15.13 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_13) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "ebaef3f9f23bdfe5fa6b8af4c208c189" "f2251bf32f5f137b9de4406378686b3f" @@ -731,7 +717,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_13) { // # PKCS#1 v1.5 Signature Example 15.14 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_14) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "c5a2711278761dfcdd4f0c99e6f5619d" "6c48b5d4c1a80982faa6b4cf1cf7a60f" @@ -767,7 +753,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_14) { // # PKCS#1 v1.5 Signature Example 15.15 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_15) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "9bf8aa253b872ea77a7e23476be26b23" "29578cf6ac9ea2805b357f6fc3ad130d" @@ -806,7 +792,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_15) { // # PKCS#1 v1.5 Signature Example 15.16 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_16) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "32474830e2203754c8bf0681dc4f842a" "fe360930378616c108e833656e5640c8" @@ -847,7 +833,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_16) { // # PKCS#1 v1.5 Signature Example 15.17 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_17) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "008e59505eafb550aae5e845584cebb0" "0b6de1733e9f95d42c882a5bbeb5ce1c" @@ -876,7 +862,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_17) { // # PKCS#1 v1.5 Signature Example 15.18 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_18) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "6abc54cf8d1dff1f53b17d8160368878" "a8788cc6d22fa5c2258c88e660b09a89" @@ -906,7 +892,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_18) { // # PKCS#1 v1.5 Signature Example 15.19 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_19) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "af2d78152cf10efe01d274f217b177f6" "b01b5e749f1567715da324859cd3dd88" @@ -943,7 +929,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_19) { // # PKCS#1 v1.5 Signature Example 15.20 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_20) { BuildRSAKey(); - LoadWithAllowedSchemes(kSign_PKCS1_Block1, true); + LoadCastCertificateKey(true); vector message = wvutil::a2b_hex( "40ee992458d6f61486d25676a96dd2cb" "93a37f04b178482f2b186cf88215270d" diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.h b/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.h index 9035da57..897148c1 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.h +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_cast_test.h @@ -72,7 +72,9 @@ class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate { } // If force is true, we assert that the key loads successfully. - void LoadWithAllowedSchemes(uint32_t schemes, bool force) { + void LoadCastCertificateKey(bool force) { + // Padding scheme used to sign cast data. + constexpr uint32_t schemes = kSign_PKCS1_Block1; // prov 2 or prov 3 if (global_features.provisioning_method == OEMCrypto_Keybox || global_features.provisioning_method == OEMCrypto_OEMCertificate) { diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_security_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_security_test.cpp index 6fc2cd10..4b34be39 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_security_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_security_test.cpp @@ -796,7 +796,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, GTEST_SKIP() << "Test for non Prov 4.0 devices only."; } OEMCryptoResult sts; - LoadWithAllowedSchemes(kSign_PKCS1_Block1, false); + LoadCastCertificateKey(false); // If the device is a cast receiver, then this scheme is required. if (global_features.cast_receiver) { ASSERT_TRUE(key_loaded_); @@ -835,7 +835,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, global_features.provisioning_method == OEMCrypto_BootCertificateChain) { GTEST_SKIP() << "Test for non Prov 4.0 devices only."; } - LoadWithAllowedSchemes(kSign_PKCS1_Block1, false); + LoadCastCertificateKey(false); // If the device is a cast receiver, then this scheme is required. if (global_features.cast_receiver) { ASSERT_TRUE(key_loaded_);