Require 20 keys per session and 10 sessions
Merge from widevine repo of http://go/wvgerrit/20981 OMECrypto v12 requires at least 20 keys per session and at least 10 sessions. This CL updates the unit tests to verify this, and updates level 3 and mock code to conform. This CL also updates the level 3 oemcrypto to support 16 sessions and 320 keys total. b/30140448 Minimum 20 keys per OEMCrypto_Session Change-Id: Idd38d8f2cdfd6acde6fa7622b5912372bee9e488
This commit is contained in:
Fred Gylys-Colwell
@@ -75,7 +75,9 @@ Session::Session()
|
|||||||
mac_key_server_(wvcdm::MAC_KEY_SIZE),
|
mac_key_server_(wvcdm::MAC_KEY_SIZE),
|
||||||
mac_key_client_(wvcdm::MAC_KEY_SIZE),
|
mac_key_client_(wvcdm::MAC_KEY_SIZE),
|
||||||
enc_key_(wvcdm::KEY_SIZE),
|
enc_key_(wvcdm::KEY_SIZE),
|
||||||
public_rsa_(0) {}
|
public_rsa_(0),
|
||||||
|
num_keys_(4) {} // Most tests only use 4 keys.
|
||||||
|
// Other tests will explicitly call set_num_keys.
|
||||||
|
|
||||||
Session::~Session() {
|
Session::~Session() {
|
||||||
if (!forced_session_id_ && open_) close();
|
if (!forced_session_id_ && open_) close();
|
||||||
@@ -200,7 +202,7 @@ void Session::LoadTestKeys(const std::string& pst, bool new_mac_keys) {
|
|||||||
session_id(), message_ptr(), sizeof(MessageData),
|
session_id(), message_ptr(), sizeof(MessageData),
|
||||||
&signature_[0], signature_.size(),
|
&signature_[0], signature_.size(),
|
||||||
encrypted_license_.mac_key_iv, encrypted_license_.mac_keys,
|
encrypted_license_.mac_key_iv, encrypted_license_.mac_keys,
|
||||||
kNumKeys, key_array_, pst_ptr, pst.length()));
|
num_keys_, key_array_, pst_ptr, pst.length()));
|
||||||
// Update new generated keys.
|
// Update new generated keys.
|
||||||
memcpy(&mac_key_server_[0], license_.mac_keys, wvcdm::MAC_KEY_SIZE);
|
memcpy(&mac_key_server_[0], license_.mac_keys, wvcdm::MAC_KEY_SIZE);
|
||||||
memcpy(&mac_key_client_[0], license_.mac_keys + wvcdm::MAC_KEY_SIZE,
|
memcpy(&mac_key_client_[0], license_.mac_keys + wvcdm::MAC_KEY_SIZE,
|
||||||
@@ -210,13 +212,13 @@ void Session::LoadTestKeys(const std::string& pst, bool new_mac_keys) {
|
|||||||
OEMCrypto_SUCCESS,
|
OEMCrypto_SUCCESS,
|
||||||
OEMCrypto_LoadKeys(session_id(), message_ptr(), sizeof(MessageData),
|
OEMCrypto_LoadKeys(session_id(), message_ptr(), sizeof(MessageData),
|
||||||
&signature_[0], signature_.size(), NULL, NULL,
|
&signature_[0], signature_.size(), NULL, NULL,
|
||||||
kNumKeys, key_array_, pst_ptr, pst.length()));
|
num_keys_, key_array_, pst_ptr, pst.length()));
|
||||||
}
|
}
|
||||||
VerifyTestKeys();
|
VerifyTestKeys();
|
||||||
}
|
}
|
||||||
|
|
||||||
void Session::VerifyTestKeys() {
|
void Session::VerifyTestKeys() {
|
||||||
for (unsigned int i = 0; i < kNumKeys; i++) {
|
for (unsigned int i = 0; i < num_keys_; i++) {
|
||||||
KeyControlBlock block;
|
KeyControlBlock block;
|
||||||
size_t size = sizeof(block);
|
size_t size = sizeof(block);
|
||||||
OEMCryptoResult sts = OEMCrypto_QueryKeyControl(
|
OEMCryptoResult sts = OEMCrypto_QueryKeyControl(
|
||||||
@@ -268,15 +270,14 @@ void Session::SetKeyId(int index, const string& key_id) {
|
|||||||
memcpy(key.key_id, key_id.data(), key.key_id_length);
|
memcpy(key.key_id, key_id.data(), key.key_id_length);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Session::FillSimpleMessage(
|
void Session::FillSimpleMessage(uint32_t duration, uint32_t control,
|
||||||
uint32_t duration, uint32_t control, uint32_t nonce,
|
uint32_t nonce, const std::string& pst) {
|
||||||
const std::string& pst) {
|
|
||||||
EXPECT_EQ(OEMCrypto_SUCCESS,
|
EXPECT_EQ(OEMCrypto_SUCCESS,
|
||||||
OEMCrypto_GetRandom(license_.mac_key_iv,
|
OEMCrypto_GetRandom(license_.mac_key_iv,
|
||||||
sizeof(license_.mac_key_iv)));
|
sizeof(license_.mac_key_iv)));
|
||||||
EXPECT_EQ(OEMCrypto_SUCCESS,
|
EXPECT_EQ(OEMCrypto_SUCCESS,
|
||||||
OEMCrypto_GetRandom(license_.mac_keys, sizeof(license_.mac_keys)));
|
OEMCrypto_GetRandom(license_.mac_keys, sizeof(license_.mac_keys)));
|
||||||
for (unsigned int i = 0; i < kNumKeys; i++) {
|
for (unsigned int i = 0; i < num_keys_; i++) {
|
||||||
memset(license_.keys[i].key_id, 0, kTestKeyIdMaxLength);
|
memset(license_.keys[i].key_id, 0, kTestKeyIdMaxLength);
|
||||||
license_.keys[i].key_id_length = kDefaultKeyIdLength;
|
license_.keys[i].key_id_length = kDefaultKeyIdLength;
|
||||||
memset(license_.keys[i].key_id, i, license_.keys[i].key_id_length);
|
memset(license_.keys[i].key_id, i, license_.keys[i].key_id_length);
|
||||||
@@ -331,7 +332,7 @@ void Session::EncryptAndSign() {
|
|||||||
AES_cbc_encrypt(&license_.mac_keys[0], &encrypted_license_.mac_keys[0],
|
AES_cbc_encrypt(&license_.mac_keys[0], &encrypted_license_.mac_keys[0],
|
||||||
2 * wvcdm::MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT);
|
2 * wvcdm::MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT);
|
||||||
|
|
||||||
for (unsigned int i = 0; i < kNumKeys; i++) {
|
for (unsigned int i = 0; i < num_keys_; i++) {
|
||||||
memcpy(iv_buffer, &license_.keys[i].control_iv[0], wvcdm::KEY_IV_SIZE);
|
memcpy(iv_buffer, &license_.keys[i].control_iv[0], wvcdm::KEY_IV_SIZE);
|
||||||
AES_set_encrypt_key(&license_.keys[i].key_data[0], 128, &aes_key);
|
AES_set_encrypt_key(&license_.keys[i].key_data[0], 128, &aes_key);
|
||||||
AES_cbc_encrypt(
|
AES_cbc_encrypt(
|
||||||
@@ -397,7 +398,7 @@ void Session::ClientSignMessage(const vector<uint8_t>& data,
|
|||||||
|
|
||||||
void Session::FillKeyArray(const MessageData& data,
|
void Session::FillKeyArray(const MessageData& data,
|
||||||
OEMCrypto_KeyObject* key_array) {
|
OEMCrypto_KeyObject* key_array) {
|
||||||
for (unsigned int i = 0; i < kNumKeys; i++) {
|
for (unsigned int i = 0; i < num_keys_; i++) {
|
||||||
key_array[i].key_id = data.keys[i].key_id;
|
key_array[i].key_id = data.keys[i].key_id;
|
||||||
key_array[i].key_id_length = data.keys[i].key_id_length;
|
key_array[i].key_id_length = data.keys[i].key_id_length;
|
||||||
key_array[i].key_data_iv = data.keys[i].key_iv;
|
key_array[i].key_data_iv = data.keys[i].key_iv;
|
||||||
@@ -451,12 +452,13 @@ void Session::EncryptCTR(
|
|||||||
}
|
}
|
||||||
|
|
||||||
void Session::TestDecryptCTR(bool select_key_first,
|
void Session::TestDecryptCTR(bool select_key_first,
|
||||||
OEMCryptoResult expected_result) {
|
OEMCryptoResult expected_result,
|
||||||
|
int key_index) {
|
||||||
OEMCryptoResult sts;
|
OEMCryptoResult sts;
|
||||||
if (select_key_first) {
|
if (select_key_first) {
|
||||||
// Select the key (from FillSimpleMessage)
|
// Select the key (from FillSimpleMessage)
|
||||||
sts = OEMCrypto_SelectKey(session_id(), license_.keys[0].key_id,
|
sts = OEMCrypto_SelectKey(session_id(), license_.keys[key_index].key_id,
|
||||||
license_.keys[0].key_id_length);
|
license_.keys[key_index].key_id_length);
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
|
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -468,7 +470,7 @@ void Session::TestDecryptCTR(bool select_key_first,
|
|||||||
EXPECT_EQ(OEMCrypto_SUCCESS,
|
EXPECT_EQ(OEMCrypto_SUCCESS,
|
||||||
OEMCrypto_GetRandom(&encryptionIv[0], wvcdm::KEY_IV_SIZE));
|
OEMCrypto_GetRandom(&encryptionIv[0], wvcdm::KEY_IV_SIZE));
|
||||||
vector<uint8_t> encryptedData(unencryptedData.size());
|
vector<uint8_t> encryptedData(unencryptedData.size());
|
||||||
EncryptCTR(unencryptedData, license_.keys[0].key_data, &encryptionIv[0],
|
EncryptCTR(unencryptedData, license_.keys[key_index].key_data, &encryptionIv[0],
|
||||||
&encryptedData);
|
&encryptedData);
|
||||||
|
|
||||||
// Describe the output
|
// Describe the output
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ void PrintTo(const PatternTestVariant& param, ostream* os);
|
|||||||
|
|
||||||
namespace wvoec {
|
namespace wvoec {
|
||||||
|
|
||||||
const size_t kNumKeys = 4;
|
const size_t kMaxNumKeys = 20;
|
||||||
|
|
||||||
namespace {
|
namespace {
|
||||||
#if defined(TEST_SPEED_MULTIPLIER) // Can slow test time limits when
|
#if defined(TEST_SPEED_MULTIPLIER) // Can slow test time limits when
|
||||||
@@ -83,7 +83,7 @@ typedef struct {
|
|||||||
|
|
||||||
// This structure will be signed to simulate a message from the server.
|
// This structure will be signed to simulate a message from the server.
|
||||||
struct MessageData {
|
struct MessageData {
|
||||||
MessageKeyData keys[kNumKeys];
|
MessageKeyData keys[kMaxNumKeys];
|
||||||
uint8_t mac_key_iv[wvcdm::KEY_IV_SIZE];
|
uint8_t mac_key_iv[wvcdm::KEY_IV_SIZE];
|
||||||
uint8_t mac_keys[2 * wvcdm::MAC_KEY_SIZE];
|
uint8_t mac_keys[2 * wvcdm::MAC_KEY_SIZE];
|
||||||
uint8_t pst[kTestKeyIdMaxLength];
|
uint8_t pst[kTestKeyIdMaxLength];
|
||||||
@@ -154,7 +154,8 @@ class Session {
|
|||||||
const vector<uint8_t>& in_buffer, const uint8_t *key,
|
const vector<uint8_t>& in_buffer, const uint8_t *key,
|
||||||
const uint8_t* starting_iv, vector<uint8_t>* out_buffer);
|
const uint8_t* starting_iv, vector<uint8_t>* out_buffer);
|
||||||
void TestDecryptCTR(bool select_key_first = true,
|
void TestDecryptCTR(bool select_key_first = true,
|
||||||
OEMCryptoResult expected_result = OEMCrypto_SUCCESS);
|
OEMCryptoResult expected_result = OEMCrypto_SUCCESS,
|
||||||
|
int key_index = 0);
|
||||||
void MakeRSACertificate(
|
void MakeRSACertificate(
|
||||||
struct RSAPrivateKeyMessage* encrypted, std::vector<uint8_t>* signature,
|
struct RSAPrivateKeyMessage* encrypted, std::vector<uint8_t>* signature,
|
||||||
uint32_t allowed_schemes, const vector<uint8_t>& rsa_key);
|
uint32_t allowed_schemes, const vector<uint8_t>& rsa_key);
|
||||||
@@ -186,6 +187,9 @@ class Session {
|
|||||||
OEMCrypto_KeyObject* key_array() { return key_array_; }
|
OEMCrypto_KeyObject* key_array() { return key_array_; }
|
||||||
std::vector<uint8_t>& signature() { return signature_; }
|
std::vector<uint8_t>& signature() { return signature_; }
|
||||||
|
|
||||||
|
void set_num_keys(int num_keys) { num_keys_ = num_keys; }
|
||||||
|
int num_keys() const { return num_keys_; }
|
||||||
|
|
||||||
private:
|
private:
|
||||||
bool open_;
|
bool open_;
|
||||||
bool forced_session_id_;
|
bool forced_session_id_;
|
||||||
@@ -198,8 +202,9 @@ class Session {
|
|||||||
vector<uint8_t> pst_report_buffer_;
|
vector<uint8_t> pst_report_buffer_;
|
||||||
MessageData license_;
|
MessageData license_;
|
||||||
MessageData encrypted_license_;
|
MessageData encrypted_license_;
|
||||||
OEMCrypto_KeyObject key_array_[kNumKeys];
|
OEMCrypto_KeyObject key_array_[kMaxNumKeys];
|
||||||
std::vector<uint8_t> signature_;
|
std::vector<uint8_t> signature_;
|
||||||
|
int num_keys_;
|
||||||
};
|
};
|
||||||
|
|
||||||
} // namespace wvoec
|
} // namespace wvoec
|
||||||
|
|||||||
@@ -211,8 +211,8 @@ TEST_F(OEMCryptoClientTest, MaxSessionsOpenCloseAPI10) {
|
|||||||
ASSERT_EQ(0u, sessions_count);
|
ASSERT_EQ(0u, sessions_count);
|
||||||
size_t max_sessions;
|
size_t max_sessions;
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_GetMaxNumberOfSessions(&max_sessions));
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_GetMaxNumberOfSessions(&max_sessions));
|
||||||
// We expect OEMCrypto implementations support at least 8 sessions.
|
// We expect OEMCrypto implementations support at least 10 sessions.
|
||||||
const size_t kMinimumSupportedMaxNumberOfSessions = 8u;
|
const size_t kMinimumSupportedMaxNumberOfSessions = 10u;
|
||||||
ASSERT_GE(max_sessions, kMinimumSupportedMaxNumberOfSessions);
|
ASSERT_GE(max_sessions, kMinimumSupportedMaxNumberOfSessions);
|
||||||
// We allow GetMaxNumberOfSessions to return an estimate. This tests with a
|
// We allow GetMaxNumberOfSessions to return an estimate. This tests with a
|
||||||
// pad of 5%. Even if it's just an estimate, we still require 8 sessions.
|
// pad of 5%. Even if it's just an estimate, we still require 8 sessions.
|
||||||
@@ -643,7 +643,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange1) {
|
|||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
&mac_keys[0], // Not pointing into buffer.
|
&mac_keys[0], // Not pointing into buffer.
|
||||||
kNumKeys, s.key_array(), NULL, 0);
|
s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -661,7 +661,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange2) {
|
|||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(),
|
s.signature().size(),
|
||||||
&mac_key_iv[0], // bad.
|
&mac_key_iv[0], // bad.
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -679,7 +679,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange3) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -698,7 +698,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange4) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -715,7 +715,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange5) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -735,7 +735,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange6) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -755,7 +755,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange7) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -770,7 +770,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadNonce) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
|
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
@@ -795,7 +795,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithRepeatNonce) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
|
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
@@ -811,7 +811,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadVerification) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
|
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
@@ -828,7 +828,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithFutureVerification) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -842,7 +842,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeysBadSignature) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -855,7 +855,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeysWithNoDerivedKeys) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -927,7 +927,7 @@ TEST_F(OEMCryptoSessionTests, AntiRollbackHardwareRequired) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
if (OEMCrypto_IsAntiRollbackHwPresent()) {
|
if (OEMCrypto_IsAntiRollbackHwPresent()) {
|
||||||
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
|
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
|
||||||
} else {
|
} else {
|
||||||
@@ -949,7 +949,7 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) {
|
|||||||
OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), sizeof(MessageData),
|
OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), sizeof(MessageData),
|
||||||
&s.signature()[0], s.signature().size(),
|
&s.signature()[0], s.signature().size(),
|
||||||
s.encrypted_license().mac_key_iv,
|
s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys,
|
s.encrypted_license().mac_keys, s.num_keys(),
|
||||||
s.key_array(), NULL, 0));
|
s.key_array(), NULL, 0));
|
||||||
if (patch_level < 0x3F) {
|
if (patch_level < 0x3F) {
|
||||||
Session s;
|
Session s;
|
||||||
@@ -964,7 +964,7 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) {
|
|||||||
OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), sizeof(MessageData),
|
OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), sizeof(MessageData),
|
||||||
&s.signature()[0], s.signature().size(),
|
&s.signature()[0], s.signature().size(),
|
||||||
s.encrypted_license().mac_key_iv,
|
s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys,
|
s.encrypted_license().mac_keys, s.num_keys(),
|
||||||
s.key_array(), NULL, 0));
|
s.key_array(), NULL, 0));
|
||||||
}
|
}
|
||||||
if (patch_level > 0) {
|
if (patch_level > 0) {
|
||||||
@@ -980,11 +980,26 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) {
|
|||||||
OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), sizeof(MessageData),
|
OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), sizeof(MessageData),
|
||||||
&s.signature()[0], s.signature().size(),
|
&s.signature()[0], s.signature().size(),
|
||||||
s.encrypted_license().mac_key_iv,
|
s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys,
|
s.encrypted_license().mac_keys, s.num_keys(),
|
||||||
s.key_array(), NULL, 0));
|
s.key_array(), NULL, 0));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TEST_F(OEMCryptoSessionTests, Minimum20Keys) {
|
||||||
|
Session s;
|
||||||
|
ASSERT_NO_FATAL_FAILURE(s.open());
|
||||||
|
s.set_num_keys(kMaxNumKeys);
|
||||||
|
ASSERT_NO_FATAL_FAILURE(s.GenerateTestSessionKeys());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, 0, 0));
|
||||||
|
ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
|
||||||
|
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys());
|
||||||
|
for (int key_index=0; key_index < kMaxNumKeys; key_index++) {
|
||||||
|
bool kSelectKeyFirst = true;
|
||||||
|
ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(kSelectKeyFirst, OEMCrypto_SUCCESS,
|
||||||
|
key_index));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
class SessionTestDecryptWithHDCP : public OEMCryptoSessionTests,
|
class SessionTestDecryptWithHDCP : public OEMCryptoSessionTests,
|
||||||
public WithParamInterface<int> {
|
public WithParamInterface<int> {
|
||||||
public:
|
public:
|
||||||
@@ -1035,7 +1050,7 @@ class SessionTestRefreshKeyTest
|
|||||||
|
|
||||||
protected:
|
protected:
|
||||||
bool new_mac_keys_;
|
bool new_mac_keys_;
|
||||||
size_t num_keys_;
|
size_t num_keys_; // Number of keys to refresh.
|
||||||
};
|
};
|
||||||
|
|
||||||
TEST_P(SessionTestRefreshKeyTest, RefreshWithNonce) {
|
TEST_P(SessionTestRefreshKeyTest, RefreshWithNonce) {
|
||||||
@@ -1102,8 +1117,8 @@ INSTANTIATE_TEST_CASE_P(TestRefreshAllKeys, SessionTestRefreshKeyTest,
|
|||||||
|
|
||||||
// If multiple key control blocks, we update each key separately.
|
// If multiple key control blocks, we update each key separately.
|
||||||
INSTANTIATE_TEST_CASE_P(TestRefreshEachKeys, SessionTestRefreshKeyTest,
|
INSTANTIATE_TEST_CASE_P(TestRefreshEachKeys, SessionTestRefreshKeyTest,
|
||||||
Values(std::make_pair(true, kNumKeys),
|
Values(std::make_pair(true, 4),
|
||||||
std::make_pair(false, kNumKeys)));
|
std::make_pair(false, 4)));
|
||||||
|
|
||||||
//
|
//
|
||||||
// Decrypt Tests
|
// Decrypt Tests
|
||||||
@@ -3695,19 +3710,22 @@ class GenericCryptoKeyIdLengthTest : public GenericCryptoTest {
|
|||||||
virtual void SetUp() {
|
virtual void SetUp() {
|
||||||
GenericCryptoTest::SetUp();
|
GenericCryptoTest::SetUp();
|
||||||
const uint32_t kNoNonce = 0;
|
const uint32_t kNoNonce = 0;
|
||||||
|
session_.set_num_keys(5);
|
||||||
ASSERT_NO_FATAL_FAILURE(session_.FillSimpleMessage(
|
ASSERT_NO_FATAL_FAILURE(session_.FillSimpleMessage(
|
||||||
kDuration, wvoec_mock::kControlAllowDecrypt, kNoNonce));
|
kDuration, wvoec_mock::kControlAllowDecrypt, kNoNonce));
|
||||||
// We are testing that the key ids do not have to have the same length.
|
SetUniformKeyIdLength(16); // Start with all key ids being 16 bytes.
|
||||||
|
// But, we are testing that the key ids do not have to have the same length.
|
||||||
session_.SetKeyId(0, "123456789012"); // 12 bytes (common key id length).
|
session_.SetKeyId(0, "123456789012"); // 12 bytes (common key id length).
|
||||||
session_.SetKeyId(1, "12345"); // short key id.
|
session_.SetKeyId(1, "12345"); // short key id.
|
||||||
session_.SetKeyId(2, "1234567890123456"); // 16 byte key id. (default)
|
session_.SetKeyId(2, "1234567890123456"); // 16 byte key id. (default)
|
||||||
session_.SetKeyId(3, "12345678901234"); // 14 byte. (uncommon)
|
session_.SetKeyId(3, "12345678901234"); // 14 byte. (uncommon)
|
||||||
|
session_.SetKeyId(4, "1"); // very short key id.
|
||||||
ASSERT_EQ(2u, kLongKeyId);
|
ASSERT_EQ(2u, kLongKeyId);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Make all four keys have the same length.
|
// Make all four keys have the same length.
|
||||||
void SetUniformKeyIdLength(size_t key_id_length) {
|
void SetUniformKeyIdLength(size_t key_id_length) {
|
||||||
for (unsigned int i = 0; i < 4; i++) {
|
for (unsigned int i = 0; i < session_.num_keys(); i++) {
|
||||||
string key_id;
|
string key_id;
|
||||||
key_id.resize(key_id_length, i + 'a');
|
key_id.resize(key_id_length, i + 'a');
|
||||||
session_.SetKeyId(i, key_id);
|
session_.SetKeyId(i, key_id);
|
||||||
@@ -3715,7 +3733,7 @@ class GenericCryptoKeyIdLengthTest : public GenericCryptoTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void TestWithKey(unsigned int key_index) {
|
void TestWithKey(unsigned int key_index) {
|
||||||
ASSERT_LE(key_index, kNumKeys);
|
ASSERT_LT(key_index, session_.num_keys());
|
||||||
EncryptAndLoadKeys();
|
EncryptAndLoadKeys();
|
||||||
vector<uint8_t> encrypted;
|
vector<uint8_t> encrypted;
|
||||||
// To make sure OEMCrypto is not expecting the key_id to be zero padded, we
|
// To make sure OEMCrypto is not expecting the key_id to be zero padded, we
|
||||||
@@ -3748,6 +3766,10 @@ TEST_F(GenericCryptoKeyIdLengthTest, ShortKeyId) { TestWithKey(1); }
|
|||||||
|
|
||||||
TEST_F(GenericCryptoKeyIdLengthTest, LongKeyId) { TestWithKey(2); }
|
TEST_F(GenericCryptoKeyIdLengthTest, LongKeyId) { TestWithKey(2); }
|
||||||
|
|
||||||
|
TEST_F(GenericCryptoKeyIdLengthTest, FourteenByteKeyId) { TestWithKey(3); }
|
||||||
|
|
||||||
|
TEST_F(GenericCryptoKeyIdLengthTest, VeryShortKeyId) { TestWithKey(4); }
|
||||||
|
|
||||||
TEST_F(GenericCryptoKeyIdLengthTest, UniformShortKeyId) {
|
TEST_F(GenericCryptoKeyIdLengthTest, UniformShortKeyId) {
|
||||||
SetUniformKeyIdLength(5);
|
SetUniformKeyIdLength(5);
|
||||||
TestWithKey(2);
|
TestWithKey(2);
|
||||||
@@ -3910,7 +3932,7 @@ TEST_F(UsageTableTest, RepeatOnlineLicense) {
|
|||||||
OEMCrypto_LoadKeys(s2.session_id(), s.message_ptr(), sizeof(MessageData),
|
OEMCrypto_LoadKeys(s2.session_id(), s.message_ptr(), sizeof(MessageData),
|
||||||
&s.signature()[0], s.signature().size(),
|
&s.signature()[0], s.signature().size(),
|
||||||
s.encrypted_license().mac_key_iv,
|
s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys,
|
s.encrypted_license().mac_keys, s.num_keys(),
|
||||||
s.key_array(), pst_ptr, pst.length()));
|
s.key_array(), pst_ptr, pst.length()));
|
||||||
ASSERT_NO_FATAL_FAILURE(s2.close());
|
ASSERT_NO_FATAL_FAILURE(s2.close());
|
||||||
}
|
}
|
||||||
@@ -3928,7 +3950,7 @@ TEST_F(UsageTableTest, OnlineEmptyPST) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
ASSERT_NO_FATAL_FAILURE(s.close());
|
ASSERT_NO_FATAL_FAILURE(s.close());
|
||||||
}
|
}
|
||||||
@@ -4523,7 +4545,7 @@ TEST_P(UsageTableTestWithMAC, BadReloadOfflineLicense) {
|
|||||||
OEMCrypto_LoadKeys(s2.session_id(), s2.message_ptr(), sizeof(MessageData),
|
OEMCrypto_LoadKeys(s2.session_id(), s2.message_ptr(), sizeof(MessageData),
|
||||||
&s2.signature()[0], s2.signature().size(),
|
&s2.signature()[0], s2.signature().size(),
|
||||||
s2.encrypted_license().mac_key_iv,
|
s2.encrypted_license().mac_key_iv,
|
||||||
s2.encrypted_license().mac_keys, kNumKeys,
|
s2.encrypted_license().mac_keys, s.num_keys(),
|
||||||
s2.key_array(), pst_ptr, pst.length()));
|
s2.key_array(), pst_ptr, pst.length()));
|
||||||
ASSERT_NO_FATAL_FAILURE(s2.close());
|
ASSERT_NO_FATAL_FAILURE(s2.close());
|
||||||
|
|
||||||
@@ -4549,7 +4571,7 @@ TEST_P(UsageTableTestWithMAC, OfflineBadNonce) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), pst_ptr,
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), pst_ptr,
|
||||||
pst.length());
|
pst.length());
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
ASSERT_NO_FATAL_FAILURE(s.close());
|
ASSERT_NO_FATAL_FAILURE(s.close());
|
||||||
@@ -4567,7 +4589,7 @@ TEST_P(UsageTableTestWithMAC, OfflineEmptyPST) {
|
|||||||
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
s.signature().size(), s.encrypted_license().mac_key_iv,
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0);
|
||||||
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
ASSERT_NE(OEMCrypto_SUCCESS, sts);
|
||||||
ASSERT_NO_FATAL_FAILURE(s.close());
|
ASSERT_NO_FATAL_FAILURE(s.close());
|
||||||
}
|
}
|
||||||
@@ -4604,7 +4626,7 @@ TEST_P(UsageTableTestWithMAC, DeactivateOfflineLicense) {
|
|||||||
OEMCrypto_LoadKeys(s2.session_id(), s.message_ptr(), sizeof(MessageData),
|
OEMCrypto_LoadKeys(s2.session_id(), s.message_ptr(), sizeof(MessageData),
|
||||||
&s.signature()[0], s.signature().size(),
|
&s.signature()[0], s.signature().size(),
|
||||||
s.encrypted_license().mac_key_iv,
|
s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys,
|
s.encrypted_license().mac_keys, s.num_keys(),
|
||||||
s.key_array(), pst_ptr, pst.length()));
|
s.key_array(), pst_ptr, pst.length()));
|
||||||
// But we can still generate a report.
|
// But we can still generate a report.
|
||||||
Session s3;
|
Session s3;
|
||||||
@@ -4628,7 +4650,7 @@ TEST_P(UsageTableTestWithMAC, BadRange) {
|
|||||||
OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), sizeof(MessageData),
|
OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), sizeof(MessageData),
|
||||||
&s.signature()[0], s.signature().size(),
|
&s.signature()[0], s.signature().size(),
|
||||||
s.encrypted_license().mac_key_iv,
|
s.encrypted_license().mac_key_iv,
|
||||||
s.encrypted_license().mac_keys, kNumKeys,
|
s.encrypted_license().mac_keys, s.num_keys(),
|
||||||
s.key_array(), pst_ptr, pst.length()));
|
s.key_array(), pst_ptr, pst.length()));
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4848,7 +4870,7 @@ TEST_F(UsageTableTest, LoadSharedLicense) {
|
|||||||
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, true));
|
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, true));
|
||||||
ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, 0, 0));
|
ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, 0, 0));
|
||||||
// The second set of keys are not loaded.
|
// The second set of keys are not loaded.
|
||||||
for (unsigned int i = 0; i < kNumKeys; i++) {
|
for (unsigned int i = 0; i < s.num_keys(); i++) {
|
||||||
memset(s.license().keys[i].key_id, 'A' + i,
|
memset(s.license().keys[i].key_id, 'A' + i,
|
||||||
s.license().keys[i].key_id_length);
|
s.license().keys[i].key_id_length);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user