widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release v2.2.0-0-903 + third_party libs

Browse Source 
Change-Id: I03f670eaeb052bc741abb347be06f8ddc58418e7
This commit is contained in:
Joey Parrish
2014-12-15 10:35:08 -08:00
parent 5318232d46
commit 1955c9c2c9
85 changed files with 5594 additions and 2830 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
oemcrypto/include/OEMCryptoCENC.h
View File

@@ -562,7 +562,7 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
* as a successful comparison).
*
* 2. The enc_mac_keys pointer must be either null, or point inside the
* message. If the pointer enc_mac_keys is not null, [e]the API shall verify
* message. If the pointer enc_mac_keys is not null, the API shall verify
* that the two pointers enc_mac_keys_iv and enc_mac_keys point to locations in
* the message. I.e. (message <= p && p < message+message_length)for p in
* each of enc_mac_keys_iv, enc_mac_keys. If not, return
@@ -603,8 +603,8 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
* license from being loaded more than once, and will be used for online
* streaming.
*
* - If Replay_Control is 2 = Require existing Session Usage table entry or
* Nonce”, then OEMCrypto will check the Session Usage table for an existing
* - If Replay_Control is 2 = "Require existing Session Usage table entry or
* Nonce", then OEMCrypto will check the Session Usage table for an existing
* entry with the same pst.
*
* --- If the pst is not in the table yet, a new entry will be created in the
@@ -867,8 +867,8 @@ OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
* secure buffer.
*
* If the session has an entry in the Usage Table, then OEMCrypto will update the
* time_of_last_decrypt. If the status of the entry is unused, then change the
* status to active and set the time_of_first_decrypt.[f]
* time_of_last_decrypt. If the status of the entry is "unused", then change the
* status to "active" and set the time_of_first_decrypt.
*
*
* Verification:
@@ -877,7 +877,7 @@ OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
*
* 1. If the current keys control block has a nonzero Duration field, then the
* API shall verify that the duration is greater than the sessions elapsed time
* clock. If not, return OEMCrypto_ERROR_KEY_EXPIRED[g].
* clock. If not, return OEMCrypto_ERROR_KEY_EXPIRED.
*
* 2. If the current keys control block has the Data_Path_Type bit set, then the
* API shall verify that the output buffer is secure or direct. If not, return
@@ -893,8 +893,8 @@ OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
* current version is not at least as high as that in the control block, then
* return OEMCrypto_ERROR_INSUFFICIENT_HDCP.
*
* 1. If the current session has an entry in the Usage Table, and the status of
* that entry is inactive, then return OEMCrypto_ERROR_INVALID_SESSION.[h]
* 5. If the current session has an entry in the Usage Table, and the status of
* that entry is "inactive", then return OEMCrypto_ERROR_INVALID_SESSION.
*
* If the flag is_encrypted is false, then no verification is performed. This
* call shall copy clear data even when there are no keys loaded, or there is no
@@ -1160,11 +1160,11 @@ OEMCryptoResult OEMCrypto_GetRandom(uint8_t* randomData,
* GenerateDerivedKeys.
*
* After decrypting enc_rsa_key, If the first four bytes of the buffer are the
* string SIGN, then the actual RSA key begins on the 9th byte of the buffer.
* The second four bytes of the buffer is the 32 bit field allowed_schemes,
* string "SIGN", then the actual RSA key begins on the 9th byte of the buffer.
* The second four bytes of the buffer is the 32 bit field "allowed_schemes",
* of type RSA_Padding_Scheme, which is used in OEMCrypto_GenerateRSASignature. The
* value of allowed_schemes must also be wrapped with RSA key. We recommend
* storing the magic string SIGN with the key to distinguish keys that have a
* storing the magic string "SIGN" with the key to distinguish keys that have a
* value for allowed_schemes from those that should use the default
* allowed_schemes. Devices that do not support the alternative signing
* algorithms may refuse to load these keys and return an error of
@@ -1173,7 +1173,7 @@ OEMCryptoResult OEMCrypto_GetRandom(uint8_t* randomData,
* authentication when acting as a ChromeCast receiver. This is not needed for
* devices that wish to send data to a ChromeCast.
*
* If the first four bytes of the buffer enc_rsa_key are not the string SIGN,
* If the first four bytes of the buffer enc_rsa_key are not the string "SIGN",
* then the default value of allowed_schemes = 1 will be used.
*
* Verification:
@@ -1262,7 +1262,7 @@ OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
* the one verified and wrapped by OEMCrypto_RewrapDeviceRSAKey. The RSA private
* key should be stored in secure memory.
*
* If the bit field allowed_schemes was wrapped with this RSA key, its value
* If the bit field "allowed_schemes" was wrapped with this RSA key, its value
* will be loaded and stored with the RSA key. If there was not bit field
* wrapped with the RSA key, the key will use a default value of 1 = RSASSA-PSS
* with SHA1.
@@ -1550,8 +1550,8 @@ bool OEMCrypto_SupportsUsageTable();
* This function encrypts a generic buffer of data using the current key.
*
* If the session has an entry in the Usage Table, then OEMCrypto will update the
* time_of_last_decrypt. If the status of the entry is unused, then change the
* status to active and set the time_of_first_decrypt.
* time_of_last_decrypt. If the status of the entry is "unused", then change the
* status to "active" and set the time_of_first_decrypt.
*
* Verification:
* The following checks should be performed. If any check fails, an error is
@@ -1562,7 +1562,7 @@ bool OEMCrypto_SupportsUsageTable();
* API shall verify that the duration is greater than the sessions elapsed time
* clock. If not, return OEMCrypto_ERROR_KEY_EXPIRED.
* 3. If the current session has an entry in the Usage Table, and the status of
* that entry is inactive, then return OEMCrypto_ERROR_INVALID_SESSION.
* that entry is "inactive", then return OEMCrypto_ERROR_INVALID_SESSION.
*
* Parameters:
* session (in) - crypto session identifier.
@@ -1602,8 +1602,8 @@ OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session,
* This function decrypts a generic buffer of data using the current key.
*
* If the session has an entry in the Usage Table, then OEMCrypto will update the
* time_of_last_decrypt. If the status of the entry is unused, then change the
* status to active and set the time_of_first_decrypt.
* time_of_last_decrypt. If the status of the entry is "unused", then change the
* status to "active" and set the time_of_first_decrypt.
*
* Verification:
* The following checks should be performed. If any check fails, an error is
@@ -1616,7 +1616,7 @@ OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session,
* API shall verify that the duration is greater than the sessions elapsed time
* clock. If not, return OEMCrypto_ERROR_KEY_EXPIRED.
* 4. If the current session has an entry in the Usage Table, and the status of
* that entry is inactive, then return OEMCrypto_ERROR_INVALID_SESSION.
* that entry is "inactive", then return OEMCrypto_ERROR_INVALID_SESSION.
*
* Parameters:
* session (in) - crypto session identifier.
@@ -1657,8 +1657,8 @@ OEMCryptoResult OEMCrypto_Generic_Decrypt(OEMCrypto_SESSION session,
* This function signs a generic buffer of data using the current key.
*
* If the session has an entry in the Usage Table, then OEMCrypto will update the
* time_of_last_decrypt. If the status of the entry is unused, then change the
* status to active and set the time_of_first_decrypt.
* time_of_last_decrypt. If the status of the entry is "unused", then change the
* status to "active" and set the time_of_first_decrypt.
*
* Verification:
* The following checks should be performed. If any check fails, an error is
@@ -1668,7 +1668,7 @@ OEMCryptoResult OEMCrypto_Generic_Decrypt(OEMCrypto_SESSION session,
* API shall verify that the duration is greater than the sessions elapsed time
* clock. If not, return OEMCrypto_ERROR_KEY_EXPIRED.
* 3. If the current session has an entry in the Usage Table, and the status of
* that entry is inactive, then return OEMCrypto_ERROR_INVALID_SESSION.
* that entry is "inactive", then return OEMCrypto_ERROR_INVALID_SESSION.
*
* Parameters:
* session (in) - crypto session identifier.
@@ -1714,8 +1714,8 @@ OEMCryptoResult OEMCrypto_Generic_Sign(OEMCrypto_SESSION session,
* current key.
*
* If the session has an entry in the Usage Table, then OEMCrypto will update the
* time_of_last_decrypt. If the status of the entry is unused, then change the
* status to active and set the time_of_first_decrypt.
* time_of_last_decrypt. If the status of the entry is "unused", then change the
* status to "active" and set the time_of_first_decrypt.
*
* Verification:
* The following checks should be performed. If any check fails, an error is
@@ -1730,7 +1730,7 @@ OEMCryptoResult OEMCrypto_Generic_Sign(OEMCrypto_SESSION session,
* API shall verify that the duration is greater than the sessions elapsed time
* clock. If not, return OEMCrypto_ERROR_KEY_EXPIRED.
* 5. If the current session has an entry in the Usage Table, and the status of
* that entry is inactive, then return OEMCrypto_ERROR_INVALID_SESSION.
* that entry is "inactive", then return OEMCrypto_ERROR_INVALID_SESSION.
*
* Parameters:
* session (in) - crypto session identifier.
@@ -1797,8 +1797,8 @@ OEMCryptoResult OEMCrypto_UpdateUsageTable();
*
* Description:
* Find the entry in the Usage Table with a matching PST. Mark the status of
* that entry as inactive. If it corresponds to an open session, the status of
* that session will also be marked as inactive. Then OEMCrypto will increment
* that entry as "inactive". If it corresponds to an open session, the status of
* that session will also be marked as "inactive". Then OEMCrypto will increment
* Usage Tables generation number, sign, encrypt, and save the Usage Table.
*
* If no entry in the Usage Table has a matching PST, return the error
@@ -1934,7 +1934,7 @@ OEMCryptoResult OEMCrypto_ReportUsage(OEMCrypto_SESSION session,
* the computed signature matches the signature passed in. The signature will be
* computed using HMAC-SHA256 and the mac_key_server. If they do not match,
* return OEMCrypto_ERROR_SIGNATURE_FAILURE.
* 3. If the session is not associated with an entry in the Usage Table, return
* 3. If the session is not associated with an entry in the Usage Table, return
* OEMCrypto_ERROR_UNKNOWN_FAILURE.
* 4. If the pst passed in as a parameter does not match that in the Usage Table,
* return OEMCrypto_ERROR_UNKNOWN_FAILURE.

162
oemcrypto/test/oemcrypto_test.cpp
View File

@@ -26,6 +26,7 @@
#include "OEMCryptoCENC.h"
#include "oemcrypto_key_mock.h"
#include "log.h"
#include "properties.h"
#include "string_conversions.h"
#include "wv_cdm_constants.h"
@@ -899,6 +900,7 @@ class Session {
public:
Session()
: open_(false),
session_id_(0),
mac_key_server_(wvcdm::MAC_KEY_SIZE),
mac_key_client_(wvcdm::MAC_KEY_SIZE),
enc_key_(wvcdm::KEY_SIZE),
@@ -1546,13 +1548,14 @@ class OEMCryptoClientTest : public ::testing::Test {
protected:
OEMCryptoClientTest() {}
void SetUp() {
virtual void SetUp() {
::testing::Test::SetUp();
wvcdm::Properties::Init();
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_Initialize());
wvcdm::g_cutoff = wvcdm::LOG_INFO;
}
void TearDown() {
virtual void TearDown() {
OEMCrypto_Terminate();
::testing::Test::TearDown();
}
@@ -1766,36 +1769,88 @@ TEST_F(OEMCryptoClientTest, PreventNonceFlood) {
s.open();
int error_counter = 0;
uint32_t nonce;
// More than 20 nonces should generate an error.
time_t test_start = time(NULL);
// More than 20 nonces per second should generate an error.
// To allow for some slop, we actually test for more than 40.
for (int i = 0; i < 60; i++) {
s.GenerateNonce(&nonce, &error_counter);
}
ASSERT_LE(20, error_counter);
time_t test_end = time(NULL);
// Either there should be a two second delay, or there should have been
// at least 20 errors.
if (20 > error_counter) {
EXPECT_LE(2, test_end - test_start);
} else {
EXPECT_LE(20, error_counter);
}
error_counter = 0;
sleep(2); // After a pause, we should be able to regenerate nonces.
s.GenerateNonce(&nonce, &error_counter);
ASSERT_EQ(0, error_counter);
EXPECT_EQ(0, error_counter);
}
// Prevent a nonce flood even if each nonce is in a different session.
TEST_F(OEMCryptoClientTest, PreventNonceFlood2) {
int error_counter = 0;
uint32_t nonce;
// More than 20 nonces should generate an error.
time_t test_start = time(NULL);
// More than 20 nonces per second should generate an error.
// To allow for some slop, we actually test for more than 40.
for (int i = 0; i < 60; i++) {
Session s;
s.open();
EXPECT_TRUE(s.isOpen());
s.GenerateNonce(&nonce, &error_counter);
}
ASSERT_LE(20, error_counter);
time_t test_end = time(NULL);
// Either there should be a two second delay, or there should have been
// at least 20 errors.
if (20 > error_counter) {
EXPECT_LE(2, test_end - test_start);
} else {
EXPECT_LE(20, error_counter);
}
error_counter = 0;
sleep(2); // After a pause, we should be able to regenerate nonces.
Session s;
s.open();
s.GenerateNonce(&nonce, &error_counter);
ASSERT_EQ(0, error_counter);
EXPECT_EQ(0, error_counter);
}
// Prevent a nonce flood even if some nonces are in a different session. This
// is different from the test above because there are several session open at
// the same time. We want to make sure you can't get a flood of nonces by
// opening a flood of sessions.
TEST_F(OEMCryptoClientTest, PreventNonceFlood3) {
int error_counter = 0;
uint32_t nonce;
time_t test_start = time(NULL);
// More than 20 nonces per second should generate an error.
// To allow for some slop, we actually test for more than 40.
Session s[6];
for (int i = 0; i < 6; i++) {
s[i].open();
EXPECT_TRUE(s[i].isOpen());
for (int j = 0; j < 10; j++) {
s[i].GenerateNonce(&nonce, &error_counter);
}
}
time_t test_end = time(NULL);
// Either there should be a two second delay, or there should have been
// at least 20 errors.
if (20 > error_counter) {
EXPECT_LE(2, test_end - test_start);
} else {
EXPECT_LE(20, error_counter);
}
error_counter = 0;
sleep(2); // After a pause, we should be able to regenerate nonces.
Session s7;
s7.open();
EXPECT_TRUE(s7.isOpen());
s7.GenerateNonce(&nonce, &error_counter);
EXPECT_EQ(0, error_counter);
}
TEST_F(OEMCryptoClientTest, GenerateDerivedKeys) {
@@ -1815,18 +1870,43 @@ TEST_F(OEMCryptoClientTest, GenerateDerivedKeys) {
class DISABLED_TestKeybox : public OEMCryptoClientTest {
protected:
void SetUp() {
virtual void SetUp() {
OEMCryptoClientTest::SetUp();
InstallKeybox(kDefaultKeybox, true);
OEMCrypto_DeleteUsageTable();
}
virtual void TearDown() {
InstallKeybox(kDefaultKeybox, true);
OEMCryptoClientTest::TearDown();
}
bool IsDefaultKeyboxInstalled() {
uint8_t key_data[256];
size_t key_data_len = sizeof(key_data);
OEMCryptoResult sts = OEMCrypto_GetKeyData(key_data, &key_data_len);
uint32_t* data = reinterpret_cast<uint32_t*>(key_data);
uint32_t system_id = htonl(data[1]);
return sts == OEMCrypto_SUCCESS && system_id == 0x1019;
}
void InstallKeybox(const wvoec_mock::WidevineKeybox& keybox, bool good) {
OEMCryptoResult sts;
uint8_t wrapped[sizeof(wvoec_mock::WidevineKeybox)];
size_t length = sizeof(wvoec_mock::WidevineKeybox);
sts = OEMCrypto_WrapKeybox(reinterpret_cast<const uint8_t*>(&keybox),
sizeof(keybox), wrapped, &length, NULL, 0);
if (sts == OEMCrypto_ERROR_NOT_IMPLEMENTED &&
&keybox == &kDefaultKeybox &&
IsDefaultKeyboxInstalled()) {
// Allow implementations which don't support installation to continue
// so long as:
// 1) we wanted to install the default keybox AND
// 2) the default keybox is already installed.
return;
}
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
sts = OEMCrypto_InstallKeybox(wrapped, sizeof(keybox));
if (good) {
@@ -1884,7 +1964,6 @@ TEST_F(DISABLED_TestKeybox, BadCRCKeybox) {
InstallKeybox(keybox, false);
sts = OEMCrypto_IsKeyboxValid();
ASSERT_EQ(OEMCrypto_ERROR_BAD_CRC, sts);
InstallKeybox(kDefaultKeybox, true);
}
TEST_F(DISABLED_TestKeybox, BadMagicKeybox) {
@@ -1894,7 +1973,6 @@ TEST_F(DISABLED_TestKeybox, BadMagicKeybox) {
InstallKeybox(keybox, false);
sts = OEMCrypto_IsKeyboxValid();
ASSERT_EQ(OEMCrypto_ERROR_BAD_MAGIC, sts);
InstallKeybox(kDefaultKeybox, true);
}
TEST_F(DISABLED_TestKeybox, BadDataKeybox) {
@@ -1904,11 +1982,9 @@ TEST_F(DISABLED_TestKeybox, BadDataKeybox) {
InstallKeybox(keybox, false);
sts = OEMCrypto_IsKeyboxValid();
ASSERT_EQ(OEMCrypto_ERROR_BAD_CRC, sts);
InstallKeybox(kDefaultKeybox, true);
}
TEST_F(DISABLED_TestKeybox, GenerateSignature) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
@@ -1942,7 +2018,6 @@ TEST_F(DISABLED_TestKeybox, GenerateSignature) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyNoNonce) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -1952,7 +2027,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyNoNonce) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithNonce) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -1962,7 +2036,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithNonce) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithNoMAC) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2000,7 +2073,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithNoMAC) {
of all the pointers. It should reject a message if the pointer does
not point into the message buffer */
TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange1) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2019,7 +2091,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange1) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange2) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2038,7 +2109,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange2) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange3) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2057,7 +2127,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange3) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange4) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2077,7 +2146,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange4) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange5) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2095,7 +2163,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange5) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange6) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
@@ -2116,7 +2183,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange6) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange7) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
@@ -2137,7 +2203,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange7) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithBadNonce) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2152,7 +2217,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadNonce) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithRepeatNonce) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2176,7 +2240,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithRepeatNonce) {
}
TEST_F(DISABLED_TestKeybox, LoadKeyWithBadVerification) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
@@ -2193,7 +2256,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadVerification) {
}
TEST_F(DISABLED_TestKeybox, LoadKeysBadSignature) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2208,7 +2270,6 @@ TEST_F(DISABLED_TestKeybox, LoadKeysBadSignature) {
}
TEST_F(DISABLED_TestKeybox, LoadKeysWithNoDerivedKeys) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
// s.GenerateDerivedKeys();
@@ -2226,7 +2287,6 @@ class DISABLED_DecryptWithHDCP : public DISABLED_TestKeybox,
public:
void DecryptWithHDCP(OEMCrypto_HDCP_Capability version) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
OEMCrypto_HDCP_Capability current, maximum;
sts = OEMCrypto_GetHDCPCapability(&current, &maximum);
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
@@ -2286,7 +2346,7 @@ TEST_P(DISABLED_RefreshKeyTest, RefreshWithNonce) {
s.RefreshTestKeys(num_keys_, wvoec_mock::kControlNonceEnabled, nonce, true);
}
TEST_P(DISABLED_RefreshKeyTest, RefresNoNonce) {
TEST_P(DISABLED_RefreshKeyTest, RefreshNoNonce) {
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2339,7 +2399,6 @@ INSTANTIATE_TEST_CASE_P(TestRefreshEachKeys, DISABLED_RefreshKeyTest,
//
TEST_F(DISABLED_TestKeybox, Decrypt) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
@@ -2352,7 +2411,6 @@ TEST_F(DISABLED_TestKeybox, Decrypt) {
TEST_F(DISABLED_TestKeybox, DecryptZeroDuration) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
@@ -2365,7 +2423,6 @@ TEST_F(DISABLED_TestKeybox, DecryptZeroDuration) {
TEST_F(DISABLED_TestKeybox, DecryptWithOffset) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
@@ -2460,7 +2517,6 @@ vector<uint8_t> EncryptCTR(const vector<uint8_t>& key,
TEST_F(DISABLED_TestKeybox, DecryptWithNearWrap) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
@@ -2511,7 +2567,6 @@ TEST_F(DISABLED_TestKeybox, DecryptWithNearWrap) {
TEST_F(DISABLED_TestKeybox, DecryptUnencrypted) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
@@ -2558,7 +2613,6 @@ TEST_F(DISABLED_TestKeybox, DecryptUnencrypted) {
TEST_F(DISABLED_TestKeybox, DecryptUnencryptedNoKey) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
@@ -2597,7 +2651,6 @@ TEST_F(DISABLED_TestKeybox, DecryptUnencryptedNoKey) {
TEST_F(DISABLED_TestKeybox, DecryptSecureToClear) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2611,7 +2664,6 @@ TEST_F(DISABLED_TestKeybox, DecryptSecureToClear) {
TEST_F(DISABLED_TestKeybox, KeyDuration) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2657,7 +2709,6 @@ TEST_F(DISABLED_TestKeybox, ValidateRSATestKeys) {
}
TEST_F(DISABLED_TestKeybox, CertificateProvision) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2674,7 +2725,6 @@ TEST_F(DISABLED_TestKeybox, CertificateProvision) {
}
TEST_F(DISABLED_TestKeybox, CertificateProvisionBadRange1) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2702,7 +2752,6 @@ TEST_F(DISABLED_TestKeybox, CertificateProvisionBadRange1) {
}
TEST_F(DISABLED_TestKeybox, CertificateProvisionBadRange2) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2732,7 +2781,6 @@ TEST_F(DISABLED_TestKeybox, CertificateProvisionBadRange2) {
}
TEST_F(DISABLED_TestKeybox, CertificateProvisionBadRange3) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2763,7 +2811,6 @@ TEST_F(DISABLED_TestKeybox, CertificateProvisionBadRange3) {
}
TEST_F(DISABLED_TestKeybox, CertificateProvisionBadSignature) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2792,7 +2839,6 @@ TEST_F(DISABLED_TestKeybox, CertificateProvisionBadSignature) {
}
TEST_F(DISABLED_TestKeybox, CertificateProvisionBadNonce) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2821,7 +2867,6 @@ TEST_F(DISABLED_TestKeybox, CertificateProvisionBadNonce) {
}
TEST_F(DISABLED_TestKeybox, CertificateProvisionBadRSAKey) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -2851,7 +2896,6 @@ TEST_F(DISABLED_TestKeybox, CertificateProvisionBadRSAKey) {
TEST_F(DISABLED_TestKeybox, LoadWrappedRSAKey) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
std::vector<uint8_t> wrapped_rsa_key;
CreateWrappedRSAKey(&wrapped_rsa_key, kSign_RSASSA_PSS, true);
@@ -2864,7 +2908,6 @@ TEST_F(DISABLED_TestKeybox, LoadWrappedRSAKey) {
TEST_F(DISABLED_TestKeybox, RSASignature) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
std::vector<uint8_t> wrapped_rsa_key;
CreateWrappedRSAKey(&wrapped_rsa_key, kSign_RSASSA_PSS, true);
@@ -2902,7 +2945,6 @@ TEST_F(DISABLED_TestKeybox, RSASignature) {
}
TEST_F(DISABLED_TestKeybox, LoadRSASessionKey) {
InstallKeybox(kDefaultKeybox, true);
std::vector<uint8_t> wrapped_rsa_key;
CreateWrappedRSAKey(&wrapped_rsa_key, kSign_RSASSA_PSS, true);
Session s;
@@ -2912,7 +2954,6 @@ TEST_F(DISABLED_TestKeybox, LoadRSASessionKey) {
TEST_F(DISABLED_TestKeybox, CertificateDecrypt) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
std::vector<uint8_t> wrapped_rsa_key;
CreateWrappedRSAKey(&wrapped_rsa_key, kSign_RSASSA_PSS, true);
Session s;
@@ -3006,7 +3047,6 @@ class DISABLED_AlternateRSAAlgorithms : public DISABLED_TestKeybox {
}
void LoadWithAllowedSchemes(uint32_t schemes, bool force) {
InstallKeybox(kDefaultKeybox, true);
CreateWrappedRSAKey(&wrapped_rsa_key_, schemes, force);
key_loaded_ = (wrapped_rsa_key_.size() > 0);
}
@@ -3080,6 +3120,7 @@ class DISABLED_AlternateRSAKey : public DISABLED_TestKeybox {
void BuildRSAKey() {
vector<uint8_t> field_n =
encode(0x02, wvcdm::a2b_hex(
"00"
"df271fd25f8644496b0c81be4bd50297"
"ef099b002a6fd67727eb449cea566ed6"
"a3981a71312a141cabc9815c1209e320"
@@ -3099,6 +3140,7 @@ class DISABLED_AlternateRSAKey : public DISABLED_TestKeybox {
vector<uint8_t> field_e = encode(0x02, wvcdm::a2b_hex("010001"));
vector<uint8_t> field_d =
encode(0x02, wvcdm::a2b_hex(
"00"
"5bd910257830dce17520b03441a51a8c"
"ab94020ac6ecc252c808f3743c95b7c8"
"3b8c8af1a5014346ebc4242cdfb5d718"
@@ -3117,6 +3159,7 @@ class DISABLED_AlternateRSAKey : public DISABLED_TestKeybox {
"d4c6591c807defd71ab06866bb5e7745"));
vector<uint8_t> field_p =
encode(0x02, wvcdm::a2b_hex(
"00"
"f44f5e4246391f482b2f5296e3602eb3"
"4aa136427710f7c0416d403fd69d4b29"
"130cfebef34e885abdb1a8a0a5f0e9b5"
@@ -3127,6 +3170,7 @@ class DISABLED_AlternateRSAKey : public DISABLED_TestKeybox {
"bd9efc123d9c54b6705590d006cfcf3f"));
vector<uint8_t> field_q =
encode(0x02, wvcdm::a2b_hex(
"00"
"e9d49841e0e0a6ad0d517857133e36dc"
"72c1bdd90f9174b52e26570f373640f1"
"c185e7ea8e2ed7f1e4ebb951f70a5802"
@@ -3137,6 +3181,7 @@ class DISABLED_AlternateRSAKey : public DISABLED_TestKeybox {
"9eec1cf85e80aba079b2e6106b97bced"));
vector<uint8_t> field_exp1 =
encode(0x02, wvcdm::a2b_hex(
"00"
"ed102acdb26871534d1c414ecad9a4d7"
"32fe95b10eea370da62f05de2c393b1a"
"633303ea741b6b3269c97f704b352702"
@@ -3147,6 +3192,7 @@ class DISABLED_AlternateRSAKey : public DISABLED_TestKeybox {
"0dcbbc9b528f64a01706e05b0b91106f"));
vector<uint8_t> field_exp2 =
encode(0x02, wvcdm::a2b_hex(
"00"
"6827924a85e88b55ba00f8219128bd37"
"24c6b7d1dfe5629ef197925fecaff5ed"
"b9cdf3a7befd8ea2e8dd3707138b3ff8"
@@ -3157,6 +3203,7 @@ class DISABLED_AlternateRSAKey : public DISABLED_TestKeybox {
"eec82d7f5458ec19e71b90eeef7dff61"));
vector<uint8_t> field_invq =
encode(0x02, wvcdm::a2b_hex(
"00"
"57b73888d183a99a6307422277551a3d"
"9e18adf06a91e8b55ceffef9077c8496"
"948ecb3b16b78155cb2a3a57c119d379"
@@ -3295,7 +3342,6 @@ class DISABLED_AlternateRSAKey : public DISABLED_TestKeybox {
void LoadWithAllowedSchemes(uint32_t schemes, bool force) {
BuildRSAKey();
InstallKeybox(kDefaultKeybox, true);
CreateWrappedRSAKey(&wrapped_rsa_key_, schemes, force, &encoded_key_[0],
encoded_key_.size());
key_loaded_ = (wrapped_rsa_key_.size() > 0);
@@ -4072,7 +4118,6 @@ class DISABLED_GenericDRMTest : public DISABLED_TestKeybox {
void BadEncrypt(unsigned int key_index, OEMCrypto_Algorithm algorithm,
size_t buffer_length) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4094,7 +4139,6 @@ class DISABLED_GenericDRMTest : public DISABLED_TestKeybox {
void BadDecrypt(unsigned int key_index, OEMCrypto_Algorithm algorithm,
size_t buffer_length) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4115,7 +4159,6 @@ class DISABLED_GenericDRMTest : public DISABLED_TestKeybox {
void BadSign(unsigned int key_index, OEMCrypto_Algorithm algorithm) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4139,7 +4182,6 @@ class DISABLED_GenericDRMTest : public DISABLED_TestKeybox {
void BadVerify(unsigned int key_index, OEMCrypto_Algorithm algorithm,
size_t signature_size, bool alter_data) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4162,7 +4204,6 @@ class DISABLED_GenericDRMTest : public DISABLED_TestKeybox {
};
TEST_F(DISABLED_GenericDRMTest, GenericKeyLoad) {
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4173,7 +4214,6 @@ TEST_F(DISABLED_GenericDRMTest, GenericKeyLoad) {
TEST_F(DISABLED_GenericDRMTest, GenericKeyEncrypt) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4204,7 +4244,6 @@ TEST_F(DISABLED_GenericDRMTest, GenericKeyBadEncrypt) {
TEST_F(DISABLED_GenericDRMTest, GenericKeyDecrypt) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4226,7 +4265,6 @@ TEST_F(DISABLED_GenericDRMTest, GenericKeyDecrypt) {
TEST_F(DISABLED_GenericDRMTest, GenericSecureToClear) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4258,7 +4296,6 @@ TEST_F(DISABLED_GenericDRMTest, GenericKeyBadDecrypt) {
TEST_F(DISABLED_GenericDRMTest, GenericKeySign) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4295,7 +4332,6 @@ TEST_F(DISABLED_GenericDRMTest, GenericKeyBadSign) {
TEST_F(DISABLED_GenericDRMTest, GenericKeyVerify) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4327,7 +4363,6 @@ TEST_F(DISABLED_GenericDRMTest, GenericKeyBadVerify) {
TEST_F(DISABLED_GenericDRMTest, KeyDurationEncrypt) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4364,7 +4399,6 @@ TEST_F(DISABLED_GenericDRMTest, KeyDurationEncrypt) {
TEST_F(DISABLED_GenericDRMTest, KeyDurationDecrypt) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4399,7 +4433,6 @@ TEST_F(DISABLED_GenericDRMTest, KeyDurationDecrypt) {
TEST_F(DISABLED_GenericDRMTest, KeyDurationSign) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();
@@ -4438,7 +4471,6 @@ TEST_F(DISABLED_GenericDRMTest, KeyDurationSign) {
TEST_F(DISABLED_GenericDRMTest, KeyDurationVerify) {
OEMCryptoResult sts;
InstallKeybox(kDefaultKeybox, true);
Session s;
s.open();
s.GenerateDerivedKeys();