4455aeceed
[ Merge of http://go/wvgerrit/153589 ] Some unit tests call InstallTestRSAKey() a few times. In current provision 2 with Keybox, the test RSA DRM key is hard coded. But for provision 4, it will be generated by OEMCrypto. When a test calls multiple times of InstallTestRSAKey(), we don't want the key to be generated during each call, and we want to use the same key in order for the decrytion to work. The fix to cache the drm key once it is created for prov 4 tests. Bug: 180530495 Bug: 236317198 Test: oemcrypto_test Change-Id: I1b2d96a89e0619861492e6d9bc56862e2c440c86
124 lines
4.8 KiB
C++
124 lines
4.8 KiB
C++
#include "oemcrypto_session_tests_helper.h"
|
|
|
|
#include <gtest/gtest.h>
|
|
#include "oec_test_data.h"
|
|
|
|
using namespace std;
|
|
using namespace wvoec;
|
|
|
|
namespace wvoec {
|
|
|
|
// Make this function available when in Fuzz mode because we are not inheriting
|
|
// from OEMCryptoClientTest.
|
|
const uint8_t* find(const vector<uint8_t>& message,
|
|
const vector<uint8_t>& substring) {
|
|
vector<uint8_t>::const_iterator pos = search(
|
|
message.begin(), message.end(), substring.begin(), substring.end());
|
|
if (pos == message.end()) {
|
|
return nullptr;
|
|
}
|
|
return &(*pos);
|
|
}
|
|
|
|
// This creates a wrapped RSA key.
|
|
void SessionUtil::CreateWrappedRSAKey() {
|
|
Session s;
|
|
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
|
|
provisioning_messages.PrepareSession(keybox_);
|
|
ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
|
|
ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
|
|
ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
|
|
ASSERT_EQ(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
|
|
wrapped_rsa_key_ = provisioning_messages.wrapped_rsa_key();
|
|
}
|
|
|
|
void SessionUtil::InstallKeybox(const wvoec::WidevineKeybox& keybox,
|
|
bool good) {
|
|
uint8_t wrapped[sizeof(wvoec::WidevineKeybox)];
|
|
size_t length = sizeof(wvoec::WidevineKeybox);
|
|
keybox_ = keybox;
|
|
ASSERT_EQ(OEMCrypto_SUCCESS,
|
|
OEMCrypto_WrapKeybox(reinterpret_cast<const uint8_t*>(&keybox),
|
|
sizeof(keybox), wrapped, &length, nullptr, 0));
|
|
OEMCryptoResult sts = OEMCrypto_InstallKeybox(wrapped, sizeof(keybox));
|
|
if (good) {
|
|
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
|
|
} else {
|
|
// Can return error now, or return error on IsKeyboxValid.
|
|
}
|
|
}
|
|
|
|
void SessionUtil::EnsureTestKeys() {
|
|
switch (global_features.derive_key_method) {
|
|
case DeviceFeatures::LOAD_TEST_KEYBOX:
|
|
keybox_ = kTestKeybox;
|
|
ASSERT_EQ(
|
|
OEMCrypto_SUCCESS,
|
|
OEMCrypto_LoadTestKeybox(reinterpret_cast<const uint8_t*>(&keybox_),
|
|
sizeof(keybox_)));
|
|
break;
|
|
case DeviceFeatures::LOAD_TEST_RSA_KEY:
|
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_LoadTestRSAKey());
|
|
break;
|
|
case DeviceFeatures::TEST_PROVISION_30:
|
|
// Can use oem certificate to install test rsa key.
|
|
break;
|
|
case wvoec::DeviceFeatures::TEST_PROVISION_40:
|
|
// OEM certificate is retrieved from the server.
|
|
break;
|
|
default:
|
|
FAIL() << "Cannot run test without test keybox or RSA key installed.";
|
|
}
|
|
}
|
|
|
|
// This makes sure that the derived keys (encryption key and two mac keys)
|
|
// are installed in OEMCrypto and in the test session.
|
|
void SessionUtil::InstallTestRSAKey(Session* s) {
|
|
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
|
if (wrapped_rsa_key_.size() == 0) {
|
|
// If we don't have a wrapped key yet, create one.
|
|
// This wrapped key will be shared by all sessions in the test.
|
|
const size_t buffer_size = 5000; // Make sure it is large enough.
|
|
std::vector<uint8_t> public_key(buffer_size);
|
|
size_t public_key_size = buffer_size;
|
|
std::vector<uint8_t> public_key_signature(buffer_size);
|
|
size_t public_key_signature_size = buffer_size;
|
|
std::vector<uint8_t> wrapped_private_key(buffer_size);
|
|
size_t wrapped_private_key_size = buffer_size;
|
|
OEMCrypto_PrivateKeyType key_type;
|
|
// Assume OEM cert has been loaded.
|
|
ASSERT_EQ(OEMCrypto_SUCCESS,
|
|
OEMCrypto_GenerateCertificateKeyPair(
|
|
s->session_id(), public_key.data(), &public_key_size,
|
|
public_key_signature.data(), &public_key_signature_size,
|
|
wrapped_private_key.data(), &wrapped_private_key_size,
|
|
&key_type));
|
|
// Assume the public key has been verified by the server and the DRM cert
|
|
// is returned.
|
|
wrapped_private_key.resize(wrapped_private_key_size);
|
|
public_key.resize(public_key_size);
|
|
wrapped_rsa_key_ = wrapped_private_key;
|
|
drm_public_key_ = public_key;
|
|
key_type_ = key_type;
|
|
}
|
|
ASSERT_NO_FATAL_FAILURE(s->LoadWrappedDrmKey(key_type_, wrapped_rsa_key_));
|
|
ASSERT_NO_FATAL_FAILURE(s->SetPublicKeyFromSubjectPublicKey(
|
|
key_type_, drm_public_key_.data(), drm_public_key_.size()));
|
|
return;
|
|
}
|
|
|
|
if (global_features.loads_certificate) {
|
|
if (wrapped_rsa_key_.size() == 0) {
|
|
// If we don't have a wrapped key yet, create one.
|
|
// This wrapped key will be shared by all sessions in the test.
|
|
ASSERT_NO_FATAL_FAILURE(CreateWrappedRSAKey());
|
|
}
|
|
// Load the wrapped rsa test key.
|
|
ASSERT_NO_FATAL_FAILURE(s->LoadWrappedRsaDrmKey(wrapped_rsa_key_));
|
|
}
|
|
// Test RSA key should be loaded.
|
|
ASSERT_NO_FATAL_FAILURE(s->SetTestRsaPublicKey());
|
|
}
|
|
|
|
} // namespace wvoec
|