- Initialize allowed_schemes_ since it is used by CreateDefaultResponse.
- Issue was detected by Coverity.
Change-Id: I368c4773f6316b65196aaa39e23e70717299c570
OEMCrypto_ERROR_INVALID_RSA_KEY is deprecated in v17. But
v16 oemcrypto can still return it. Unit test should allow
this error for now.
Test: run_dynamic_oemcrypto_v16.4, run_dynamic_oemcrypto_v16.3
Bug: 307668988
Change-Id: I950b62c8b3e02ea09d4795839a3d69573ab718aa
This CL adds unit tests to verify that the following
forbidden uses of an RSA private key do not work:
- ForbidPrepAndSign -- A cast cert key cannot sign a license
request.
- ForbidUseAsDRMCert -- A cast cert cannot be used with the
DRM cert's padding scheme and it cannot be used to derive
keys from a session key.
- *ForbidRSASignatureForDRMKey* -- A DRM cert key cannot be
used with GenerateRSASignature.
- *OEMCertForbidGenerateRSASignature* -- An OEM cert key
cannot be used with GenerateRSASignature.
Bug: 251875110
Change-Id: Ic2b23e3fd279e878c190a8294078a8d092126a29
This tool will soon be used in LUCI tests. It seemed necessary to
clean it up to make the build cop's job easier if there is a problem.
The following was completed:
* Removed stub for install XML based keyboxes
* This is handled externally
* Improved error checking
* Replace C-style prints with C++ styled prints
* Keybox information is still printed to stdout
* Major erros are printed to stderr
* Updated to follow Google style guide
* Fixed header includes
* Removed unused headers
* Added headers that are used, but were included indirectly
* Ensures OEMCrypto_Terminate() is called
* Particularly if there is an error encountered.
Bug: 299108238
Test: Tested in later CL
Change-Id: Ie6dafc44d050d0c6ae288f88cd5d6f3737d4a88c
The unit test helper function LoadWithAllowedSchemes should
only be used to load a Cast Certificate. So it has been
renamed to make that clear.
The only unit test that used the old function with the
non-cast padding scheme has been removed. A replacement will
be added in the next CL of the chain.
Change-Id: Id4aa2f420435baff664324ee4b3dcb74ab9ffe8a
There was some confusion about which tests loaded a cert and
which ones just used a cert. This distinction is important
when testing devices with a baked-in-cert.
Merged from https://widevine-internal-review.googlesource.com/183333
Change-Id: I3c2b119c3355b3a9190799637ff0860b6153b35b
This adds an install keybox tool to the OEMCrypto unit test
directory. It is built when we build the OPK w/linux IPC.
This CL also adds some scripts to use this tool when running
the OPK Linux TA, and then runs the standard tests.
Bug: 295371549
Change-Id: I11e59faa3b24d906f573bcd3f4855e73a4aa5fdf
Adds a new `cas` directory to the ports/linux project. This contains
an end-to-end demo of OEMCrypto CAS functionality, using the Linux
tee_simulator as a base.
Test: from ports/linux/cas dir: `CDM_DIR=~/work/cdm-dupe ./scripts/build.sh && CDM_DIR=~/work/cdm-dupe ./scripts/run.sh`
Merged from https://widevine-internal-review.googlesource.com/178250
Change-Id: I781b403100ad2e069d99650d9ddae8e7acbc309a
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for tests that require
RSA 3072 support.
Bug: 251240681
Change-Id: I048d31e25316d621771efb5d472f651bff40bf75
Changes the OPK session state machine to allow API_MOVEENTRY in
the same circumstances as API_CREATENEWUSAGEENTRY. Adds a test
to trigger the same situation as the linked bug.
The test cases in the bug fail because OEMCrypto_MoveEntry() is
called immediately after OEMCrypto_CreateNewUsageEntry(), but the
session state machine has different filters for the two calls.
Furthermore, OEMCrypto_CreateNewUsageEntry() doesn't change the
state machine, so we should align the two filters to allow
OEMCrypto_MoveEntry() to be called immediately after
OEMCrypto_CreateNewUsageEntry() in all situations where
OEMCrypto_CreateNewUsageEntry() is allowed.
The existing OEMCrypto defrag tests did not catch this edge case
because the test helper functions always do something to modify the
state machine after calling OEMCrypto_CreateNewUsageEntry().
Test: OEMCryptoUsageTableDefragTest.MakeAndMoveEntry
Bug: 286938572
Merged from https://widevine-internal-review.googlesource.com/178013
(cherry picked from commit a87d66ccb7b2fc5f549142e64a7e45531dd95db6)
Change-Id: I8a8465b2b7479effe4055a014bc94b166178a693
1) Move some provisioning unit tests into
oemcrypto_provisioning_test.cpp
2) Remove some test group comments
Bug: 253779846
Merged from https://widevine-internal-review.googlesource.com/176735
Change-Id: I3d02c23b63eb7949fbc6abf60a7dbe32086ef2c9
Expected flow, which begins with a device that has already been
provisioned with Prov 4 stage 1:
1. OEMCrypto_InstallOEMPrivateKey()
2. OEMCrypto_GenerateCertificateKeyPair() -> wrapped_csr_priv
3. OEMCrypto_LoadDRMPrivateKey(wrapped_csr_priv)
4. OEMCrypto_PrepAndSignProvisioningRequest() to create a Prov 4
provisioning request message type with a CAST request in the
message body
5. Server sends a Prov 2 response. Server side derivation uses CSR keys
to derive session key, mac keys, and encryption keys.
6. OEMCrypto_DeriveKeysFromSessionKey(), same derivation as server side
7. OEMCrypto_LoadProvisioning(), use derived keys to verify + decrypt
The OEMCrypto_LoadDRMPrivateKey() step can happen before or after the
PrepAndSignProvisioningRequest() call.
Test: tests fail
Bug: 259452440
Merged from https://widevine-internal-review.googlesource.com/172310
Change-Id: Id5e6737b187339ec93e3d0d03c28e2b379d60747
OEMCrypto_ReassociateEntitledKeySession() should prevent an entitled key
session from being associated to an arbitrary entitlement session.
Validations added/updated in this CL:
1. at least one entitled key is supposed to have matching entitlement
key in the new session;
2. the key control block in the new entitlement key should remain
unchanged compared to the existing entitlement key.
Updated OPK and ref/testbed implementations.
Test: jenkins/opk_ta, jenkins/run_fake_l1_tests
Bug: 262795590
Merged from https://widevine-internal-review.googlesource.com/171192
Change-Id: I3868aa0d3c5ffb818ed83b9c49313125803939e0
OEMCrypto_ReassociateEntitledKeySession() should prevent an entitled key
session from being associated to an arbitrary entitlement session. The
target entitlement session is supposed to have all the entitlement keys
that the entitled key session uses.
Updated OPK and ref/testbed implementations.
Test: jenkins/opk_ta entitlement tests
Bug: 262795590
Merged from https://widevine-internal-review.googlesource.com/169774
Change-Id: I4322422f01f7094c3862f33ef3199ff3a44995b0
Flags are to be used in new tests when creating tests that potentially
take a long time to run. Certain test suites are intended to be quick
and may skip certain long running tests.
New slow tests should check these flags and skip using GTEST_SKIP().
Bug: 311273599
Test: ./build.py x86-64 --debug
Change-Id: I4fc5a026f23f489bf2ad8b8a11dc467f550f0c5e
"client_version" is an optional, information field in the protocol for
license requests. It was requested that the CE CDM includes this
information in the license request. It does not hurt to include this
information in the Android license requests too.
If, for some reason, the client cannot provide this information, the
request is still sent out as normal. No reason to prevent an otherwise
valid license request due to a missing optional field.
Note: This field is directly in the LicenseRequest message and not the
ClientIdentification message.
Bug: 253013596
Test: license_unittest
Change-Id: I9dc342301fffdc174122088af39406150b34562e
Devices may be revoked by the provisioning server resulting in an
error message contained within the provisioning response. The CDM
core currently returns an error, but the CE CDM would map this to
an kUnexpectedError, which does not provide the information to the
CE client to react. This situation is not immediately recoverable,
but may provide certain apps to use a different DRM plugin if they
support such a thing.
Documentation and tests are needed.
Bug: 179650038
Test: None
Change-Id: I892a23839758264ddd7b29fb739cb00d41d953f8
Clearify usage and paremeters of OEMCrypto_GetDeviceSignedCsrPayload()
and OEMCrypto_GetDeviceInformation().
Bug: 291625901
Merged from https://widevine-internal-review.googlesource.com/179470
Change-Id: I0c69bd6fadded6d749fd6f33553bb4a51d69e719
