The unit test helper function LoadWithAllowedSchemes should
only be used to load a Cast Certificate. So it has been
renamed to make that clear.
The only unit test that used the old function with the
non-cast padding scheme has been removed. A replacement will
be added in the next CL of the chain.
Change-Id: Id4aa2f420435baff664324ee4b3dcb74ab9ffe8a
There was some confusion about which tests loaded a cert and
which ones just used a cert. This distinction is important
when testing devices with a baked-in-cert.
Merged from https://widevine-internal-review.googlesource.com/183333
Change-Id: I3c2b119c3355b3a9190799637ff0860b6153b35b
This adds an install keybox tool to the OEMCrypto unit test
directory. It is built when we build the OPK w/linux IPC.
This CL also adds some scripts to use this tool when running
the OPK Linux TA, and then runs the standard tests.
Bug: 295371549
Change-Id: I11e59faa3b24d906f573bcd3f4855e73a4aa5fdf
Adds a new `cas` directory to the ports/linux project. This contains
an end-to-end demo of OEMCrypto CAS functionality, using the Linux
tee_simulator as a base.
Test: from ports/linux/cas dir: `CDM_DIR=~/work/cdm-dupe ./scripts/build.sh && CDM_DIR=~/work/cdm-dupe ./scripts/run.sh`
Merged from https://widevine-internal-review.googlesource.com/178250
Change-Id: I781b403100ad2e069d99650d9ddae8e7acbc309a
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for tests that require
RSA 3072 support.
Bug: 251240681
Change-Id: I048d31e25316d621771efb5d472f651bff40bf75
Changes the OPK session state machine to allow API_MOVEENTRY in
the same circumstances as API_CREATENEWUSAGEENTRY. Adds a test
to trigger the same situation as the linked bug.
The test cases in the bug fail because OEMCrypto_MoveEntry() is
called immediately after OEMCrypto_CreateNewUsageEntry(), but the
session state machine has different filters for the two calls.
Furthermore, OEMCrypto_CreateNewUsageEntry() doesn't change the
state machine, so we should align the two filters to allow
OEMCrypto_MoveEntry() to be called immediately after
OEMCrypto_CreateNewUsageEntry() in all situations where
OEMCrypto_CreateNewUsageEntry() is allowed.
The existing OEMCrypto defrag tests did not catch this edge case
because the test helper functions always do something to modify the
state machine after calling OEMCrypto_CreateNewUsageEntry().
Test: OEMCryptoUsageTableDefragTest.MakeAndMoveEntry
Bug: 286938572
Merged from https://widevine-internal-review.googlesource.com/178013
(cherry picked from commit a87d66ccb7b2fc5f549142e64a7e45531dd95db6)
Change-Id: I8a8465b2b7479effe4055a014bc94b166178a693
1) Move some provisioning unit tests into
oemcrypto_provisioning_test.cpp
2) Remove some test group comments
Bug: 253779846
Merged from https://widevine-internal-review.googlesource.com/176735
Change-Id: I3d02c23b63eb7949fbc6abf60a7dbe32086ef2c9
Expected flow, which begins with a device that has already been
provisioned with Prov 4 stage 1:
1. OEMCrypto_InstallOEMPrivateKey()
2. OEMCrypto_GenerateCertificateKeyPair() -> wrapped_csr_priv
3. OEMCrypto_LoadDRMPrivateKey(wrapped_csr_priv)
4. OEMCrypto_PrepAndSignProvisioningRequest() to create a Prov 4
provisioning request message type with a CAST request in the
message body
5. Server sends a Prov 2 response. Server side derivation uses CSR keys
to derive session key, mac keys, and encryption keys.
6. OEMCrypto_DeriveKeysFromSessionKey(), same derivation as server side
7. OEMCrypto_LoadProvisioning(), use derived keys to verify + decrypt
The OEMCrypto_LoadDRMPrivateKey() step can happen before or after the
PrepAndSignProvisioningRequest() call.
Test: tests fail
Bug: 259452440
Merged from https://widevine-internal-review.googlesource.com/172310
Change-Id: Id5e6737b187339ec93e3d0d03c28e2b379d60747
OEMCrypto_ReassociateEntitledKeySession() should prevent an entitled key
session from being associated to an arbitrary entitlement session.
Validations added/updated in this CL:
1. at least one entitled key is supposed to have matching entitlement
key in the new session;
2. the key control block in the new entitlement key should remain
unchanged compared to the existing entitlement key.
Updated OPK and ref/testbed implementations.
Test: jenkins/opk_ta, jenkins/run_fake_l1_tests
Bug: 262795590
Merged from https://widevine-internal-review.googlesource.com/171192
Change-Id: I3868aa0d3c5ffb818ed83b9c49313125803939e0
OEMCrypto_ReassociateEntitledKeySession() should prevent an entitled key
session from being associated to an arbitrary entitlement session. The
target entitlement session is supposed to have all the entitlement keys
that the entitled key session uses.
Updated OPK and ref/testbed implementations.
Test: jenkins/opk_ta entitlement tests
Bug: 262795590
Merged from https://widevine-internal-review.googlesource.com/169774
Change-Id: I4322422f01f7094c3862f33ef3199ff3a44995b0
- Add details for triaging crashes and writing fuzz tests.
- Move internal documentation not needed by partners to g3doc.
- Remove infrastructure details covered in the design document.
Change-Id: Ib60b2bea954f4371595b0f891434e2274366fdd2
After the ODK_MAX_NUM_KEYS change, the core response is a pointer to an
array instead of an array. This check should ensure the index of the key
array can always be accessed.
Bug: 286531859
Change-Id: I44604eb977be722ef692de2b61e1f626266a42a7
