Source release 18.6.0
This commit is contained in:
Alex Dale
@@ -3,7 +3,7 @@
|
||||
// License Agreement.
|
||||
|
||||
/**
|
||||
* @mainpage OEMCrypto API v18.5
|
||||
* @mainpage OEMCrypto API v18.6
|
||||
*
|
||||
* OEMCrypto is the low level library implemented by the OEM to provide key and
|
||||
* content protection, usually in a separate secure memory or process space. The
|
||||
@@ -719,6 +719,8 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
|
||||
#define OEMCrypto_FactoryInstallBCCSignature _oecc142
|
||||
#define OEMCrypto_GetEmbeddedDrmCertificate _oecc143
|
||||
#define OEMCrypto_UseSecondaryKey _oecc144
|
||||
#define OEMCrypto_MarkOfflineSession _oecc153
|
||||
#define OEMCrypto_WrapClearPrivateKey _oecc154
|
||||
// clang-format on
|
||||
|
||||
/// @addtogroup initcontrol
|
||||
@@ -3140,6 +3142,51 @@ OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void);
|
||||
OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* device_id,
|
||||
size_t* device_id_length);
|
||||
|
||||
/**
|
||||
* Encrypts a clear device RSA/ECC key with an internal key (such as the OEM
|
||||
* key or Widevine Keybox key) and a generated IV using AES-128-CBC with PKCS#5
|
||||
* padding.
|
||||
*
|
||||
* Copies the wrapped key to the buffer specified by |wrapped_private_key| and
|
||||
* sets the size of the wrapped key to |wrapped_private_key_length|.
|
||||
*
|
||||
* The clear private key is encoded in PKCS#8 binary DER format. The OEMCrypto
|
||||
* library shall verify that this RSA key is valid.
|
||||
*
|
||||
* The clear key should be encrypted using the same device specific key used in
|
||||
* OEMCrypto_LoadProvisioning. The wrapped private key will be unwrapped in the
|
||||
* function OEMCrypto_LoadDRMPrivateKey.
|
||||
*
|
||||
* This function should only be implemented for factory builds.
|
||||
*
|
||||
* @param[in] clear_private_key_bytes: pointer to memory containing the
|
||||
* unencrypted private key data.
|
||||
* @param[in] clear_private_key_length: the length of the private key data.
|
||||
* @param[out] wrapped_private_key: pointer to buffer in which the encrypted
|
||||
* private key should be stored. May be null on the first call in order to
|
||||
* find required buffer size.
|
||||
* @param[in,out] wrapped_private_key_length: (in) length of the encrypted
|
||||
* private key, in bytes. (out) actual length of the encrypted private key,
|
||||
* or required length if provided length is too small.
|
||||
*
|
||||
* @retval OEMCrypto_SUCCESS on success
|
||||
* @retval OEMCrypto_ERROR_INVALID_CONTEXT clear_private_key_bytes is NULL, or
|
||||
* clear private key fails to parse as PKCS#8
|
||||
* @retval OEMCrypto_ERROR_SHORT_BUFFER wrapped_private_key_length is too small,
|
||||
* or wrapped_private_key is NULL
|
||||
*
|
||||
* @threading
|
||||
* This is an "Initialization and Termination Function" and will not be
|
||||
* called simultaneously with any other function, as if the CDM holds a write
|
||||
* lock on the OEMCrypto system.
|
||||
*
|
||||
* @version
|
||||
* This method is new in API version 18.6.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_WrapClearPrivateKey(
|
||||
const uint8_t* clear_private_key_bytes, size_t clear_private_key_length,
|
||||
uint8_t* wrapped_private_key, size_t* wrapped_private_key_length);
|
||||
|
||||
/// @}
|
||||
|
||||
/// @addtogroup keybox
|
||||
@@ -5871,11 +5918,28 @@ OEMCryptoResult OEMCrypto_GetEmbeddedDrmCertificate(uint8_t* public_cert,
|
||||
*
|
||||
* @ignore
|
||||
* @retval OEMCrypto_SUCCESS on success
|
||||
* @retval OEMCrypto_ERROR_INVALID_SESSION
|
||||
* @retval OEMCrypto_ERROR_SESSION_STATE_LOST
|
||||
* @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
|
||||
* @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_UseSecondaryKey(OEMCrypto_SESSION session_id,
|
||||
bool dual_key);
|
||||
|
||||
/**
|
||||
* Marks the given session as being used for existing offline licenses.
|
||||
*
|
||||
* @param[in] session: session id for operation.
|
||||
*
|
||||
* @ignore
|
||||
* @retval OEMCrypto_SUCCESS on success
|
||||
* @retval OEMCrypto_ERROR_INVALID_SESSION
|
||||
* @retval OEMCrypto_ERROR_SESSION_STATE_LOST
|
||||
* @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
|
||||
* @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_MarkOfflineSession(OEMCrypto_SESSION session);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -26,9 +26,9 @@ struct CoreMessageFeatures {
|
||||
|
||||
// This is the published version of the ODK Core Message library. The default
|
||||
// behavior is for the server to restrict messages to at most this version
|
||||
// number. The default is 18.5.
|
||||
// number. The default is 18.6.
|
||||
uint32_t maximum_major_version = 18;
|
||||
uint32_t maximum_minor_version = 5;
|
||||
uint32_t maximum_minor_version = 6;
|
||||
|
||||
bool operator==(const CoreMessageFeatures &other) const;
|
||||
bool operator!=(const CoreMessageFeatures &other) const {
|
||||
|
||||
@@ -16,10 +16,10 @@ extern "C" {
|
||||
|
||||
/* The version of this library. */
|
||||
#define ODK_MAJOR_VERSION 18
|
||||
#define ODK_MINOR_VERSION 5
|
||||
#define ODK_MINOR_VERSION 6
|
||||
|
||||
/* ODK Version string. Date changed automatically on each release. */
|
||||
#define ODK_RELEASE_DATE "ODK v18.5 2024-03-21"
|
||||
#define ODK_RELEASE_DATE "ODK v18.6 2024-06-04"
|
||||
|
||||
/* The lowest version number for an ODK message. */
|
||||
#define ODK_FIRST_VERSION 16
|
||||
|
||||
@@ -30,7 +30,7 @@ CoreMessageFeatures CoreMessageFeatures::DefaultFeatures(
|
||||
features.maximum_minor_version = 2; // 17.2
|
||||
break;
|
||||
case 18:
|
||||
features.maximum_minor_version = 5; // 18.5
|
||||
features.maximum_minor_version = 6; // 18.6
|
||||
break;
|
||||
default:
|
||||
features.maximum_minor_version = 0;
|
||||
|
||||
@@ -274,7 +274,7 @@ OEMCryptoResult ODK_InitializeSessionValues(ODK_TimerLimits* timer_limits,
|
||||
nonce_values->api_minor_version = 2;
|
||||
break;
|
||||
case 18:
|
||||
nonce_values->api_minor_version = 5;
|
||||
nonce_values->api_minor_version = 6;
|
||||
break;
|
||||
default:
|
||||
nonce_values->api_minor_version = 0;
|
||||
|
||||
@@ -1216,7 +1216,7 @@ std::vector<VersionParameters> TestCases() {
|
||||
// number.
|
||||
{16, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 16, 5},
|
||||
{17, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 17, 2},
|
||||
{18, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 18, 5},
|
||||
{18, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 18, 6},
|
||||
// Here are some known good versions. Make extra sure they work.
|
||||
{ODK_MAJOR_VERSION, 16, 3, 16, 3},
|
||||
{ODK_MAJOR_VERSION, 16, 4, 16, 4},
|
||||
@@ -1228,6 +1228,7 @@ std::vector<VersionParameters> TestCases() {
|
||||
{ODK_MAJOR_VERSION, 18, 3, 18, 3},
|
||||
{ODK_MAJOR_VERSION, 18, 4, 18, 4},
|
||||
{ODK_MAJOR_VERSION, 18, 5, 18, 5},
|
||||
{ODK_MAJOR_VERSION, 18, 6, 18, 6},
|
||||
{0, 16, 3, 16, 3},
|
||||
{0, 16, 4, 16, 4},
|
||||
{0, 16, 5, 16, 5},
|
||||
@@ -1235,6 +1236,7 @@ std::vector<VersionParameters> TestCases() {
|
||||
{0, 17, 2, 17, 2},
|
||||
{0, 18, 4, 18, 4},
|
||||
{0, 18, 5, 18, 5},
|
||||
{0, 18, 6, 18, 6},
|
||||
};
|
||||
return test_cases;
|
||||
}
|
||||
|
||||
@@ -375,3 +375,12 @@ OEMCryptoResult _oecc143(uint8_t* public_cert, size_t* public_cert_length);
|
||||
|
||||
// OEMCrypto_UseSecondaryKey defined in v18.5
|
||||
OEMCryptoResult _oecc144(OEMCrypto_SESSION session_id, bool dual_key);
|
||||
|
||||
// OEMCrypto_MarkOfflineSession defined in v18.6
|
||||
OEMCryptoResult _oecc153(OEMCrypto_SESSION session);
|
||||
|
||||
// OEMCrypto_WrapClearPrivateKey defined in v18.6
|
||||
OEMCryptoResult _oecc154(const uint8_t* clear_private_key_bytes,
|
||||
size_t clear_private_key_length,
|
||||
uint8_t* wrapped_private_key,
|
||||
size_t* wrapped_private_key_length);
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
// Copyright 2022 Google LLC. All Rights Reserved. This file and proprietary
|
||||
// source code may only be used and distributed under the Widevine
|
||||
// License Agreement.
|
||||
|
||||
#include "FuzzedDataProvider.h"
|
||||
#include "OEMCryptoCENC.h"
|
||||
#include "oemcrypto_fuzz_helper.h"
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
wvoec::RedirectStdoutToFile();
|
||||
|
||||
wvoec::SessionFuzz session_fuzz;
|
||||
session_fuzz.Initialize();
|
||||
|
||||
FuzzedDataProvider fuzzed_data(data, size);
|
||||
|
||||
uint32_t key_session;
|
||||
uint32_t* const key_session_ptr =
|
||||
fuzzed_data.ConsumeBool() ? &key_session : nullptr;
|
||||
|
||||
OEMCrypto_CreateEntitledKeySession(session_fuzz.session().session_id(),
|
||||
key_session_ptr);
|
||||
|
||||
if (key_session_ptr == nullptr || fuzzed_data.ConsumeBool()) {
|
||||
key_session = fuzzed_data.ConsumeIntegral<uint32_t>();
|
||||
}
|
||||
|
||||
OEMCrypto_RemoveEntitledKeySession(key_session);
|
||||
|
||||
session_fuzz.Terminate();
|
||||
return 0;
|
||||
}
|
||||
@@ -122,6 +122,8 @@ class OEMCryptoRenewalAPIFuzz {
|
||||
|
||||
void Initialize() { license_api_fuzz_.Initialize(); }
|
||||
|
||||
void LoadLicense() { license_api_fuzz_.LoadLicense(); }
|
||||
|
||||
void Terminate() { license_api_fuzz_.Terminate(); }
|
||||
|
||||
LicenseRoundTrip& license_messages() {
|
||||
|
||||
@@ -20,6 +20,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
std::vector<uint8_t> input(data, data + size);
|
||||
wvoec::OEMCryptoRenewalAPIFuzz renewal_api_fuzz;
|
||||
renewal_api_fuzz.Initialize();
|
||||
renewal_api_fuzz.LoadLicense();
|
||||
renewal_api_fuzz.renewal_messages().InjectFuzzedRequestData(input.data(),
|
||||
input.size());
|
||||
renewal_api_fuzz.Terminate();
|
||||
|
||||
154
oemcrypto/test/install_prov30_oem_cert_tool.cpp
Normal file
154
oemcrypto/test/install_prov30_oem_cert_tool.cpp
Normal file
@@ -0,0 +1,154 @@
|
||||
// Copyright 2024 Google LLC. All Rights Reserved. This file and proprietary
|
||||
// source code may only be used and distributed under the Widevine
|
||||
// License Agreement.
|
||||
|
||||
#include <algorithm>
|
||||
#include <iostream>
|
||||
#include <vector>
|
||||
|
||||
#include "OEMCryptoCENC.h"
|
||||
#include "oec_test_data.h"
|
||||
#include "platform.h"
|
||||
#include "string_conversions.h"
|
||||
|
||||
namespace {
|
||||
|
||||
constexpr size_t kAesBlockSize = 16;
|
||||
|
||||
/*
|
||||
This function concatenates the test Prov30 OEM certificate chain and key to the
|
||||
format below:
|
||||
|
||||
+-----------------------+----------------------+--------------------------+
|
||||
| Cert Chain Length | Certificate Chain | Key Length |
|
||||
+-----------------------+----------------------+--------------------------+
|
||||
| (4 bytes, big-endian) | (DER-encoded PKCS#7) | (4 bytes, big-endian) |
|
||||
+-----------------------+----------------------+--------------------------+
|
||||
| Private Key |
|
||||
+-----------------------+
|
||||
|
||||
|oem_private_key| should be a RSA key in PKCS#8 PrivateKeyInfo format.
|
||||
|oem_public_cert| should be a DER-encoded PKCS#7 certificate chain.
|
||||
|
||||
The output will be consumed by OEMCrypto Prov30 factory functions:
|
||||
1. It is wrapped by OEMCrypto_WrapKeyboxOrOEMCert(), and
|
||||
2. The wrapped root of trust will be installed by
|
||||
OEMCrypto_InstallKeyboxOrOEMCert(). Therefore, the OEMCrypto implementation of
|
||||
the factory functions and the tool must have an agreement on the format above.
|
||||
*/
|
||||
std::vector<uint8_t> PrepareProv30OEMCertAndKey(
|
||||
const uint8_t* oem_public_cert, const size_t oem_public_cert_size,
|
||||
const uint8_t* oem_private_key, const size_t oem_private_key_size) {
|
||||
std::vector<uint8_t> oem_cert_and_key;
|
||||
// Calculate total size
|
||||
size_t total_size = sizeof(uint32_t) + oem_public_cert_size +
|
||||
sizeof(uint32_t) + oem_private_key_size;
|
||||
oem_cert_and_key.resize(total_size);
|
||||
|
||||
// Offset to track where to write in the output vector
|
||||
size_t offset = 0;
|
||||
// 1. Store public cert size (big-endian)
|
||||
uint32_t networkOrderCertSize = htonl((uint32_t)oem_public_cert_size);
|
||||
std::copy(reinterpret_cast<const uint8_t*>(&networkOrderCertSize),
|
||||
reinterpret_cast<const uint8_t*>(&networkOrderCertSize) +
|
||||
sizeof(uint32_t),
|
||||
oem_cert_and_key.begin());
|
||||
offset += sizeof(uint32_t);
|
||||
|
||||
// 2. Store public cert content
|
||||
std::copy(oem_public_cert, oem_public_cert + oem_public_cert_size,
|
||||
oem_cert_and_key.begin() + offset);
|
||||
offset += oem_public_cert_size;
|
||||
|
||||
// 3. Store private key size (big-endian)
|
||||
uint32_t networkOrderKeySize = htonl((uint32_t)oem_private_key_size);
|
||||
std::copy(
|
||||
reinterpret_cast<const uint8_t*>(&networkOrderKeySize),
|
||||
reinterpret_cast<const uint8_t*>(&networkOrderKeySize) + sizeof(uint32_t),
|
||||
oem_cert_and_key.begin() + offset);
|
||||
offset += sizeof(uint32_t);
|
||||
|
||||
// 4. Store private key content
|
||||
std::copy(oem_private_key, oem_private_key + oem_private_key_size,
|
||||
oem_cert_and_key.begin() + offset);
|
||||
return oem_cert_and_key;
|
||||
}
|
||||
|
||||
OEMCryptoResult InstallTestProv30RootOfTrust(
|
||||
const uint8_t* oem_public_cert, const size_t oem_public_cert_size,
|
||||
const uint8_t* oem_private_key, const size_t oem_private_key_size) {
|
||||
if (oem_public_cert == nullptr || oem_private_key == nullptr ||
|
||||
oem_public_cert_size == 0 || oem_private_key_size == 0) {
|
||||
return OEMCrypto_ERROR_INVALID_CONTEXT;
|
||||
}
|
||||
|
||||
// 1. Prepare OEM cert and key.
|
||||
std::vector<uint8_t> oem_cert_and_key =
|
||||
PrepareProv30OEMCertAndKey(oem_public_cert, oem_public_cert_size,
|
||||
oem_private_key, oem_private_key_size);
|
||||
if (oem_cert_and_key.empty()) {
|
||||
std::cerr << "Failed to prepare OEM cert and key" << std::endl;
|
||||
return OEMCrypto_ERROR_INVALID_CONTEXT;
|
||||
}
|
||||
// Add padding.
|
||||
const uint8_t padding =
|
||||
kAesBlockSize - (oem_cert_and_key.size() % kAesBlockSize);
|
||||
for (size_t i = 0; i < padding; i++) {
|
||||
oem_cert_and_key.push_back(padding);
|
||||
}
|
||||
|
||||
// 2: Initialize OEMCrypto.
|
||||
OEMCryptoResult sts = OEMCrypto_Initialize();
|
||||
if (sts != OEMCrypto_SUCCESS) {
|
||||
std::cerr << "Failed to initialize: result = " << sts << std::endl;
|
||||
return sts;
|
||||
}
|
||||
|
||||
// 3: Wrap OEM cert and key before calling install function.
|
||||
const OEMCrypto_ProvisioningMethod method = OEMCrypto_GetProvisioningMethod();
|
||||
if (method != OEMCrypto_OEMCertificate) {
|
||||
std::cerr << "OEMCrypto is not OEMCrypto_OEMCertificate: method = ";
|
||||
std::cerr << method << std::endl;
|
||||
OEMCrypto_Terminate();
|
||||
return OEMCrypto_ERROR_INVALID_CONTEXT;
|
||||
}
|
||||
std::vector<uint8_t> wrapped_oem_cert_and_key;
|
||||
size_t wrapped_oem_cert_and_key_size = 0;
|
||||
sts = OEMCrypto_WrapKeyboxOrOEMCert(
|
||||
oem_cert_and_key.data(), oem_cert_and_key.size(),
|
||||
wrapped_oem_cert_and_key.data(), &wrapped_oem_cert_and_key_size, nullptr,
|
||||
0);
|
||||
if (sts != OEMCrypto_ERROR_SHORT_BUFFER) {
|
||||
OEMCrypto_Terminate();
|
||||
return sts;
|
||||
}
|
||||
wrapped_oem_cert_and_key.resize(wrapped_oem_cert_and_key_size);
|
||||
sts = OEMCrypto_WrapKeyboxOrOEMCert(
|
||||
oem_cert_and_key.data(), oem_cert_and_key.size(),
|
||||
wrapped_oem_cert_and_key.data(), &wrapped_oem_cert_and_key_size, nullptr,
|
||||
0);
|
||||
if (sts != OEMCrypto_SUCCESS) {
|
||||
OEMCrypto_Terminate();
|
||||
return sts;
|
||||
}
|
||||
|
||||
// 4: Install the wrapped OEM cert and key.
|
||||
sts = OEMCrypto_InstallKeyboxOrOEMCert(wrapped_oem_cert_and_key.data(),
|
||||
wrapped_oem_cert_and_key_size);
|
||||
OEMCrypto_Terminate();
|
||||
return sts;
|
||||
}
|
||||
} // namespace
|
||||
|
||||
int main() {
|
||||
const OEMCryptoResult result = InstallTestProv30RootOfTrust(
|
||||
wvoec::kTestOEMPublicCertInfo2, sizeof(wvoec::kTestOEMPublicCertInfo2),
|
||||
wvoec::kTestRSAPKCS8PrivateKeyInfo2_2048,
|
||||
sizeof(wvoec::kTestRSAPKCS8PrivateKeyInfo2_2048));
|
||||
if (result != OEMCrypto_SUCCESS) {
|
||||
std::cerr << "Failed to install OEM cert and key with result: " << result
|
||||
<< std::endl;
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -65,7 +65,8 @@ void DeviceFeatures::Initialize() {
|
||||
// baked in certificate.
|
||||
loads_certificate = provisioning_method == OEMCrypto_Keybox ||
|
||||
provisioning_method == OEMCrypto_OEMCertificate ||
|
||||
provisioning_method == OEMCrypto_BootCertificateChain;
|
||||
provisioning_method == OEMCrypto_BootCertificateChain ||
|
||||
provisioning_method == OEMCrypto_DrmReprovisioning;
|
||||
printf("loads_certificate = %s.\n", loads_certificate ? "true" : "false");
|
||||
generic_crypto =
|
||||
(OEMCrypto_ERROR_NOT_IMPLEMENTED !=
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509_vfy.h>
|
||||
#include <stdint.h>
|
||||
@@ -353,6 +354,11 @@ void ProvisioningRoundTrip::PrepareSession(
|
||||
session_->LoadOEMCert(true);
|
||||
session_->GenerateRsaSessionKey(&message_key_, &encrypted_message_key_);
|
||||
encryptor_.set_enc_key(message_key_);
|
||||
} else if (global_features.provisioning_method ==
|
||||
OEMCrypto_DrmReprovisioning) {
|
||||
session_->SetTestRsaPublicKey();
|
||||
session_->GenerateRsaSessionKey(&message_key_, &encrypted_message_key_);
|
||||
encryptor_.set_enc_key(message_key_);
|
||||
} else {
|
||||
EXPECT_EQ(global_features.provisioning_method, OEMCrypto_OEMCertificate);
|
||||
session_->LoadOEMCert(true);
|
||||
@@ -367,6 +373,15 @@ void ProvisioningRoundTrip::VerifyRequestSignature(
|
||||
if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
|
||||
session()->VerifyRsaSignature(data, generated_signature.data(),
|
||||
generated_signature.size(), kSign_RSASSA_PSS);
|
||||
} else if (global_features.provisioning_method ==
|
||||
OEMCrypto_DrmReprovisioning) {
|
||||
// DRM Reprovisioning uses protocol 2.2 which computes signatures for the
|
||||
// sha512 hash of the message and not the full message.
|
||||
std::vector<uint8_t> signature_source;
|
||||
signature_source.resize(SHA512_DIGEST_LENGTH);
|
||||
SHA512(data.data(), data.size(), signature_source.data());
|
||||
session()->VerifyRsaSignature(signature_source, generated_signature.data(),
|
||||
generated_signature.size(), kSign_RSASSA_PSS);
|
||||
} else {
|
||||
EXPECT_EQ(global_features.provisioning_method, OEMCrypto_Keybox);
|
||||
ASSERT_EQ(HMAC_SHA256_SIGNATURE_SIZE, generated_signature.size());
|
||||
@@ -460,9 +475,6 @@ void ProvisioningRoundTrip::SignResponse() {
|
||||
memcpy(encrypted_response_.data() + serialized_core_message_.size(),
|
||||
reinterpret_cast<const uint8_t*>(&encrypted_response_data_),
|
||||
sizeof(encrypted_response_data_));
|
||||
if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
|
||||
session()->GenerateDerivedKeysFromSessionKey();
|
||||
}
|
||||
session()->key_deriver().ServerSignBuffer(encrypted_response_.data(),
|
||||
encrypted_response_.size(),
|
||||
&response_signature_);
|
||||
|
||||
@@ -8,6 +8,7 @@
|
||||
#define CDM_OEC_TEST_DATA_H_
|
||||
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#include "OEMCryptoCENC.h"
|
||||
#include "oemcrypto_types.h"
|
||||
@@ -193,6 +194,206 @@ static const uint8_t kTestRSAPKCS8PrivateKeyInfo2_2048[] = {
|
||||
0x72, 0x2c, 0xf7, 0xc1, 0x22, 0x36, 0xd9, 0x18, 0x56, 0xfe, 0x39, 0x28,
|
||||
0x33, 0xe0, 0xdb, 0x03};
|
||||
|
||||
// Counterpart of kTestRSAPKCS8PrivateKeyInfo2_2048[]
|
||||
static const uint8_t kTestOEMPublicCertInfo2[] = {
|
||||
0x30, 0x82, 0x09, 0x2d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
||||
0x01, 0x07, 0x02, 0xa0, 0x82, 0x09, 0x1e, 0x30, 0x82, 0x09, 0x1a, 0x02,
|
||||
0x01, 0x01, 0x31, 0x00, 0x30, 0x0f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
|
||||
0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x02, 0x04, 0x00, 0xa0, 0x82, 0x08,
|
||||
0xfe, 0x30, 0x82, 0x03, 0x71, 0x30, 0x82, 0x02, 0x59, 0xa0, 0x03, 0x02,
|
||||
0x01, 0x02, 0x02, 0x11, 0x00, 0xc2, 0x8d, 0x20, 0x22, 0x82, 0x8b, 0x9e,
|
||||
0x63, 0x9d, 0x15, 0x89, 0x2c, 0xa9, 0x8f, 0xd9, 0x5d, 0x30, 0x0d, 0x06,
|
||||
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
|
||||
0x30, 0x6b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
|
||||
0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08,
|
||||
0x0c, 0x02, 0x57, 0x41, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04,
|
||||
0x07, 0x0c, 0x08, 0x4b, 0x69, 0x72, 0x6b, 0x6c, 0x61, 0x6e, 0x64, 0x31,
|
||||
0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x47, 0x6f,
|
||||
0x6f, 0x67, 0x6c, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04,
|
||||
0x0b, 0x0c, 0x08, 0x57, 0x69, 0x64, 0x65, 0x76, 0x69, 0x6e, 0x65, 0x31,
|
||||
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x73, 0x79,
|
||||
0x73, 0x74, 0x65, 0x6d, 0x20, 0x69, 0x64, 0x3a, 0x20, 0x37, 0x39, 0x31,
|
||||
0x33, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x31, 0x31, 0x31, 0x31,
|
||||
0x33, 0x32, 0x36, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x33, 0x38, 0x30, 0x31,
|
||||
0x30, 0x36, 0x31, 0x33, 0x32, 0x36, 0x32, 0x32, 0x5a, 0x30, 0x65, 0x31,
|
||||
0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x37, 0x39,
|
||||
0x31, 0x33, 0x2d, 0x6c, 0x65, 0x61, 0x66, 0x31, 0x0b, 0x30, 0x09, 0x06,
|
||||
0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09,
|
||||
0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x57, 0x41, 0x31, 0x11, 0x30,
|
||||
0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08, 0x4b, 0x69, 0x72, 0x6b,
|
||||
0x6c, 0x61, 0x6e, 0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04,
|
||||
0x0a, 0x0c, 0x06, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x31, 0x11, 0x30,
|
||||
0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x57, 0x69, 0x64, 0x65,
|
||||
0x76, 0x69, 0x6e, 0x65, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09,
|
||||
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
|
||||
0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
|
||||
0x00, 0xa7, 0x00, 0x36, 0x60, 0x65, 0xdc, 0xbd, 0x54, 0x5a, 0x2a, 0x40,
|
||||
0xb4, 0xe1, 0x15, 0x94, 0x58, 0x11, 0x4f, 0x94, 0x58, 0xdd, 0xde, 0xa7,
|
||||
0x1f, 0x3c, 0x2c, 0xe0, 0x88, 0x09, 0x29, 0x61, 0x57, 0x67, 0x5e, 0x56,
|
||||
0x7e, 0xee, 0x27, 0x8f, 0x59, 0x34, 0x9a, 0x2a, 0xaa, 0x9d, 0xb4, 0x4e,
|
||||
0xfa, 0xa7, 0x6a, 0xd4, 0xc9, 0x7a, 0x53, 0xc1, 0x4e, 0x9f, 0xe3, 0x34,
|
||||
0xf7, 0x3d, 0xb7, 0xc9, 0x10, 0x47, 0x4f, 0x28, 0xda, 0x3f, 0xce, 0x31,
|
||||
0x7b, 0xfd, 0x06, 0x10, 0xeb, 0xf7, 0xbe, 0x92, 0xf9, 0xaf, 0xfb, 0x3e,
|
||||
0x68, 0xda, 0xee, 0x1a, 0x64, 0x4c, 0xf3, 0x29, 0xf2, 0x73, 0x9e, 0x39,
|
||||
0xd8, 0xf6, 0x6f, 0xd8, 0xb2, 0x80, 0x82, 0x71, 0x8e, 0xb5, 0xa4, 0xf2,
|
||||
0xc2, 0x3e, 0xcd, 0x0a, 0xca, 0xb6, 0x04, 0xcd, 0x9a, 0x13, 0x8b, 0x54,
|
||||
0x73, 0x54, 0x25, 0x54, 0x8c, 0xbe, 0x98, 0x7a, 0x67, 0xad, 0xda, 0xb3,
|
||||
0x4e, 0xb3, 0xfa, 0x82, 0xa8, 0x4a, 0x67, 0x98, 0x56, 0x57, 0x54, 0x71,
|
||||
0xcd, 0x12, 0x7f, 0xed, 0xa3, 0x01, 0xc0, 0x6a, 0x8b, 0x24, 0x03, 0x96,
|
||||
0x88, 0xbe, 0x97, 0x66, 0x2a, 0xbc, 0x53, 0xc9, 0x83, 0x06, 0x51, 0x5a,
|
||||
0x88, 0x65, 0x13, 0x18, 0xe4, 0x3a, 0xed, 0x6b, 0xf1, 0x61, 0x5b, 0x4c,
|
||||
0xc8, 0x1e, 0xf4, 0xc2, 0xae, 0x08, 0x5e, 0x2d, 0x5f, 0xf8, 0x12, 0x7f,
|
||||
0xa2, 0xfc, 0xbb, 0x21, 0x18, 0x30, 0xda, 0xfe, 0x40, 0xfb, 0x01, 0xca,
|
||||
0x2e, 0x37, 0x0e, 0xce, 0xdd, 0x76, 0x87, 0x82, 0x46, 0x0b, 0x3a, 0x77,
|
||||
0x8f, 0xc0, 0x72, 0x07, 0x2c, 0x7f, 0x9d, 0x1e, 0x86, 0x5b, 0xed, 0x27,
|
||||
0x29, 0xdf, 0x03, 0x97, 0x62, 0xef, 0x44, 0xd3, 0x5b, 0x3d, 0xdb, 0x9c,
|
||||
0x5e, 0x1b, 0x7b, 0x39, 0xb4, 0x0b, 0x6d, 0x04, 0x6b, 0xbb, 0xbb, 0x2c,
|
||||
0x5f, 0xcf, 0xb3, 0x7a, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x16,
|
||||
0x30, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6,
|
||||
0x79, 0x04, 0x01, 0x01, 0x04, 0x04, 0x02, 0x02, 0x1e, 0xe9, 0x30, 0x0d,
|
||||
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
|
||||
0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x88, 0x95, 0xec, 0xcd, 0x8b, 0xa7,
|
||||
0x51, 0xda, 0x74, 0x81, 0xa5, 0x39, 0x62, 0x1a, 0x0e, 0x2e, 0xde, 0x3c,
|
||||
0x37, 0xea, 0xad, 0x7c, 0xee, 0x9b, 0x26, 0x8e, 0xe2, 0xd6, 0x34, 0xcd,
|
||||
0xb7, 0x70, 0xba, 0xbf, 0xa0, 0xa3, 0xfe, 0xb3, 0x4b, 0xbc, 0xf4, 0x1c,
|
||||
0x72, 0x66, 0x81, 0xd5, 0x09, 0x33, 0x78, 0x0c, 0x61, 0x21, 0xa8, 0xf1,
|
||||
0xe2, 0xc9, 0xe2, 0x83, 0xc2, 0x19, 0x02, 0xf2, 0xe8, 0xab, 0x17, 0x36,
|
||||
0x3a, 0x0b, 0x20, 0xaf, 0x0f, 0xae, 0x2e, 0x73, 0x68, 0xac, 0x15, 0xee,
|
||||
0x9c, 0xc0, 0x92, 0x03, 0x7e, 0x95, 0x63, 0xaa, 0xad, 0x15, 0x96, 0x43,
|
||||
0x20, 0x3b, 0xe5, 0x9b, 0x1f, 0xca, 0x02, 0xba, 0xf0, 0x07, 0x76, 0x80,
|
||||
0xd7, 0xa3, 0x1a, 0xeb, 0xc8, 0xdb, 0x03, 0x7b, 0x43, 0x56, 0xe5, 0x96,
|
||||
0x6b, 0x86, 0xfe, 0x08, 0x58, 0x8a, 0x84, 0xbd, 0xe9, 0x47, 0x18, 0xee,
|
||||
0xb2, 0xa8, 0x05, 0x7b, 0xf0, 0xfd, 0xaa, 0xb9, 0x85, 0xcd, 0x7a, 0x0e,
|
||||
0x6b, 0x6c, 0x9f, 0xc6, 0x75, 0xd2, 0x2a, 0xfe, 0x5b, 0xf3, 0xb7, 0x31,
|
||||
0x6c, 0xac, 0xe3, 0x00, 0x9f, 0xe7, 0xdd, 0xe3, 0x81, 0xc1, 0x36, 0xc3,
|
||||
0x1c, 0x5f, 0xdf, 0xf2, 0xc3, 0x5e, 0xfa, 0x55, 0x32, 0xd8, 0x5c, 0xa8,
|
||||
0xe5, 0xcc, 0xb6, 0x4a, 0xe9, 0xe2, 0xcc, 0x38, 0x44, 0x07, 0x46, 0x59,
|
||||
0x34, 0x84, 0x79, 0xf9, 0xee, 0x3c, 0x4b, 0x48, 0x90, 0xab, 0x73, 0xb0,
|
||||
0xa1, 0x92, 0xc3, 0xd6, 0x83, 0x87, 0x81, 0xca, 0x12, 0x81, 0xd6, 0x5d,
|
||||
0xf7, 0x6f, 0x7a, 0x35, 0x5e, 0x4f, 0x02, 0x66, 0x8a, 0x47, 0x88, 0x82,
|
||||
0xab, 0xf0, 0x12, 0x1d, 0xb9, 0x75, 0x3b, 0x7b, 0xa8, 0x36, 0x15, 0xef,
|
||||
0xa8, 0x12, 0x0e, 0x53, 0xb4, 0x83, 0x78, 0x53, 0xc0, 0x52, 0xae, 0xa6,
|
||||
0x0a, 0xa0, 0x53, 0xdc, 0x1c, 0x15, 0x22, 0xdd, 0x17, 0x98, 0x30, 0x82,
|
||||
0x05, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
|
||||
0x10, 0x03, 0xb1, 0xf7, 0x58, 0xdf, 0x1d, 0xe3, 0x25, 0x00, 0x0b, 0x10,
|
||||
0x3d, 0xd5, 0xe6, 0xe4, 0x64, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
|
||||
0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x7e, 0x31, 0x0b,
|
||||
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
|
||||
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61,
|
||||
0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x11, 0x30, 0x0f,
|
||||
0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08, 0x4b, 0x69, 0x72, 0x6b, 0x6c,
|
||||
0x61, 0x6e, 0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a,
|
||||
0x0c, 0x06, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x31, 0x11, 0x30, 0x0f,
|
||||
0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x57, 0x69, 0x64, 0x65, 0x76,
|
||||
0x69, 0x6e, 0x65, 0x31, 0x23, 0x30, 0x21, 0x06, 0x03, 0x55, 0x04, 0x03,
|
||||
0x0c, 0x1a, 0x77, 0x69, 0x64, 0x65, 0x76, 0x69, 0x6e, 0x65, 0x2e, 0x63,
|
||||
0x6f, 0x6d, 0x2f, 0x6f, 0x65, 0x6d, 0x2d, 0x72, 0x6f, 0x6f, 0x74, 0x2d,
|
||||
0x70, 0x72, 0x6f, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x37, 0x31, 0x31,
|
||||
0x31, 0x38, 0x30, 0x31, 0x31, 0x33, 0x33, 0x35, 0x5a, 0x17, 0x0d, 0x32,
|
||||
0x37, 0x31, 0x31, 0x31, 0x38, 0x30, 0x31, 0x31, 0x33, 0x31, 0x33, 0x5a,
|
||||
0x30, 0x6b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
|
||||
0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08,
|
||||
0x0c, 0x02, 0x57, 0x41, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04,
|
||||
0x07, 0x0c, 0x08, 0x4b, 0x69, 0x72, 0x6b, 0x6c, 0x61, 0x6e, 0x64, 0x31,
|
||||
0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x47, 0x6f,
|
||||
0x6f, 0x67, 0x6c, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04,
|
||||
0x0b, 0x0c, 0x08, 0x57, 0x69, 0x64, 0x65, 0x76, 0x69, 0x6e, 0x65, 0x31,
|
||||
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x73, 0x79,
|
||||
0x73, 0x74, 0x65, 0x6d, 0x20, 0x69, 0x64, 0x3a, 0x20, 0x37, 0x39, 0x31,
|
||||
0x33, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
|
||||
0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
|
||||
0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xae, 0xc8,
|
||||
0x71, 0xae, 0x08, 0x0c, 0x06, 0x06, 0x2d, 0x81, 0x7c, 0xa9, 0x8b, 0xb3,
|
||||
0xd6, 0x66, 0xe4, 0xf6, 0x08, 0x5e, 0x5a, 0x75, 0xe8, 0x74, 0x61, 0x7a,
|
||||
0x88, 0xca, 0x85, 0x14, 0x0d, 0x58, 0xa4, 0x09, 0x19, 0x6c, 0x60, 0xc9,
|
||||
0xad, 0x91, 0x1c, 0xbf, 0x04, 0xb3, 0x47, 0x10, 0x63, 0x7f, 0x02, 0x58,
|
||||
0xc2, 0x1e, 0xbd, 0xcc, 0x07, 0x77, 0xaa, 0x7e, 0x14, 0xa8, 0xc2, 0x01,
|
||||
0xcd, 0xe8, 0x46, 0x60, 0x53, 0x6f, 0x2f, 0xda, 0x17, 0x2d, 0x4d, 0x9d,
|
||||
0x0e, 0x5d, 0xb5, 0x50, 0x95, 0xae, 0xab, 0x6e, 0x43, 0xe3, 0xb0, 0x00,
|
||||
0x12, 0xb4, 0x05, 0x82, 0x4a, 0x2b, 0x14, 0x63, 0x0d, 0x1f, 0x06, 0x12,
|
||||
0xaa, 0xe1, 0x9d, 0xe7, 0xba, 0xda, 0xe3, 0xfc, 0x7c, 0x6c, 0x73, 0xae,
|
||||
0x56, 0xf8, 0xab, 0xf7, 0x51, 0x93, 0x31, 0xef, 0x8f, 0xe4, 0xb6, 0x01,
|
||||
0x2c, 0xeb, 0x7b, 0xe4, 0xd8, 0xb3, 0xea, 0x70, 0x37, 0x89, 0x05, 0xa9,
|
||||
0x51, 0x57, 0x72, 0x98, 0x9e, 0xa8, 0x46, 0xdb, 0xeb, 0x7a, 0x38, 0x2b,
|
||||
0x2f, 0xc0, 0x27, 0xb7, 0xc2, 0xe1, 0x9a, 0x17, 0xdf, 0xf5, 0xd6, 0x9c,
|
||||
0xd5, 0x8c, 0xb8, 0x66, 0x42, 0xd5, 0x04, 0x1e, 0x7c, 0x36, 0x4c, 0x1e,
|
||||
0x3e, 0x45, 0x51, 0x4d, 0x41, 0x72, 0x22, 0x53, 0x3d, 0xf4, 0x57, 0x7c,
|
||||
0x6c, 0x33, 0x34, 0x24, 0x45, 0xdf, 0x84, 0x87, 0x4a, 0xa6, 0xcb, 0x7c,
|
||||
0x03, 0xa3, 0xaa, 0x8e, 0x2d, 0x82, 0x01, 0x27, 0x87, 0x74, 0x82, 0x1a,
|
||||
0xbc, 0x0f, 0x76, 0x69, 0xab, 0xe0, 0x4e, 0x70, 0xbe, 0x37, 0xfc, 0xc8,
|
||||
0x2c, 0x91, 0x17, 0x4f, 0xd5, 0x26, 0x3b, 0x7b, 0x90, 0xb5, 0x2d, 0x64,
|
||||
0xba, 0xf7, 0xd2, 0x8a, 0xb4, 0x8f, 0x38, 0x9d, 0x8e, 0xba, 0xe7, 0x5c,
|
||||
0x52, 0xf1, 0x0a, 0xb8, 0xc0, 0x1b, 0xb6, 0xb1, 0x70, 0x7e, 0x47, 0x59,
|
||||
0x94, 0x59, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x10, 0x30,
|
||||
0x82, 0x01, 0x0c, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01,
|
||||
0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30,
|
||||
0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
|
||||
0x02, 0x02, 0x04, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
|
||||
0x04, 0x14, 0x4b, 0xcb, 0xdf, 0xaa, 0x02, 0xde, 0x8d, 0xc3, 0xe7, 0xe5,
|
||||
0x85, 0xdb, 0x2e, 0x8a, 0xbe, 0x75, 0x6b, 0x8a, 0x67, 0x58, 0x30, 0x81,
|
||||
0xb2, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xaa, 0x30, 0x81, 0xa7,
|
||||
0x80, 0x14, 0x04, 0x94, 0x66, 0xaa, 0xf9, 0x61, 0x89, 0xb6, 0xdb, 0xb5,
|
||||
0xf7, 0x13, 0x38, 0x3d, 0x62, 0x84, 0xb8, 0x18, 0x0a, 0x8f, 0xa1, 0x81,
|
||||
0x83, 0xa4, 0x81, 0x80, 0x30, 0x7e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
|
||||
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
|
||||
0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e,
|
||||
0x67, 0x74, 0x6f, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04,
|
||||
0x07, 0x0c, 0x08, 0x4b, 0x69, 0x72, 0x6b, 0x6c, 0x61, 0x6e, 0x64, 0x31,
|
||||
0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x47, 0x6f,
|
||||
0x6f, 0x67, 0x6c, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04,
|
||||
0x0b, 0x0c, 0x08, 0x57, 0x69, 0x64, 0x65, 0x76, 0x69, 0x6e, 0x65, 0x31,
|
||||
0x23, 0x30, 0x21, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1a, 0x77, 0x69,
|
||||
0x64, 0x65, 0x76, 0x69, 0x6e, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f,
|
||||
0x65, 0x6d, 0x2d, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x72, 0x6f, 0x64,
|
||||
0x82, 0x09, 0x00, 0xdf, 0x86, 0x05, 0x31, 0x01, 0xbe, 0x9a, 0x9a, 0x30,
|
||||
0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x04, 0x01,
|
||||
0x01, 0x04, 0x04, 0x02, 0x02, 0x1e, 0xe9, 0x30, 0x0d, 0x06, 0x09, 0x2a,
|
||||
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
|
||||
0x02, 0x01, 0x00, 0x61, 0x3f, 0x2f, 0x43, 0xe4, 0xbe, 0x66, 0x34, 0xef,
|
||||
0x92, 0x06, 0xe9, 0x88, 0xba, 0x6a, 0x1d, 0x4f, 0x54, 0x5a, 0x97, 0xb1,
|
||||
0x75, 0xd7, 0x93, 0xf8, 0x45, 0xc6, 0x83, 0x92, 0x36, 0xfd, 0x55, 0xa9,
|
||||
0x21, 0x0b, 0xdc, 0xf6, 0xae, 0x11, 0xdc, 0x62, 0x21, 0x44, 0xbd, 0x04,
|
||||
0x1d, 0x58, 0x2c, 0x03, 0xf8, 0xe4, 0xe2, 0x1e, 0xba, 0xe6, 0xdd, 0x19,
|
||||
0xdd, 0x56, 0xfd, 0xce, 0x06, 0x73, 0x5f, 0x94, 0x1e, 0xb6, 0x03, 0xdb,
|
||||
0x3d, 0x7b, 0xab, 0xab, 0x72, 0x64, 0x7b, 0xde, 0x7d, 0x4d, 0xcf, 0x7e,
|
||||
0xf0, 0x91, 0x29, 0xc1, 0x77, 0x13, 0xc2, 0x6f, 0x80, 0xab, 0x7a, 0xa8,
|
||||
0xce, 0xb0, 0x1c, 0x2a, 0xc5, 0x9c, 0xfb, 0x0b, 0xe5, 0x9f, 0x9c, 0x1b,
|
||||
0xc9, 0x4b, 0x58, 0xdf, 0x96, 0x18, 0xf7, 0x67, 0x67, 0x89, 0xa4, 0xe9,
|
||||
0x14, 0x48, 0xac, 0xfa, 0x9d, 0x86, 0x2a, 0xeb, 0x75, 0x2c, 0x2b, 0xbf,
|
||||
0x63, 0x7d, 0xc7, 0x4e, 0x7e, 0xad, 0x39, 0x2d, 0xb4, 0x7c, 0x07, 0xa5,
|
||||
0x5a, 0xe8, 0x3a, 0xd4, 0xf5, 0x0c, 0x4f, 0xf3, 0xa2, 0x9c, 0x3c, 0x32,
|
||||
0xed, 0x9d, 0x4b, 0x49, 0x05, 0xbc, 0x1f, 0xa0, 0x13, 0xe6, 0xdd, 0x82,
|
||||
0x79, 0x06, 0x31, 0x3b, 0xc6, 0x97, 0xec, 0x8d, 0xaa, 0x4f, 0xef, 0x14,
|
||||
0x3c, 0x21, 0xf6, 0x72, 0xb2, 0x09, 0x42, 0xc7, 0x74, 0xfe, 0xef, 0x70,
|
||||
0xbd, 0xe9, 0x85, 0x41, 0x30, 0x0b, 0xb3, 0x6b, 0x59, 0x0c, 0x0f, 0x11,
|
||||
0x75, 0xd4, 0xbb, 0xb1, 0xdf, 0xb1, 0xdf, 0xb3, 0xfa, 0xb3, 0x3a, 0x43,
|
||||
0x17, 0x7d, 0x8a, 0x82, 0xae, 0xa2, 0x07, 0xf8, 0x83, 0x51, 0xfb, 0x16,
|
||||
0xfb, 0x64, 0xb6, 0x46, 0xda, 0xbe, 0x32, 0x2b, 0xc0, 0xee, 0x78, 0x2a,
|
||||
0x84, 0xa9, 0x54, 0x0a, 0xf9, 0x2d, 0x61, 0x65, 0xde, 0xa5, 0x97, 0x66,
|
||||
0x79, 0x02, 0xf8, 0x97, 0x17, 0xe2, 0xd4, 0x9f, 0x9e, 0xac, 0xcc, 0xae,
|
||||
0x99, 0x9a, 0x03, 0x04, 0xbb, 0x45, 0xfe, 0xb2, 0xf5, 0x80, 0xba, 0xbf,
|
||||
0xdd, 0x24, 0xe5, 0xe6, 0x1e, 0x5d, 0x36, 0xa5, 0x87, 0x0c, 0xdf, 0x60,
|
||||
0x81, 0x6f, 0xb7, 0x5f, 0xb9, 0x1f, 0xca, 0x75, 0x3c, 0x1a, 0x63, 0xb0,
|
||||
0xeb, 0xe6, 0x95, 0x86, 0x0d, 0xae, 0xa6, 0xc9, 0x2a, 0x94, 0xf1, 0xd0,
|
||||
0xbe, 0x75, 0xc8, 0xf8, 0x07, 0xd7, 0x88, 0xff, 0xec, 0xf9, 0xcd, 0x49,
|
||||
0xc6, 0xfe, 0x4d, 0x7f, 0x44, 0x1e, 0xd8, 0xaf, 0xa9, 0x72, 0x27, 0x98,
|
||||
0xe2, 0x5a, 0x08, 0xea, 0x55, 0xd3, 0xb3, 0xea, 0xdc, 0x76, 0x69, 0x51,
|
||||
0x10, 0x01, 0x46, 0x7d, 0x33, 0x94, 0x9c, 0x94, 0xef, 0xfe, 0x76, 0x1c,
|
||||
0xc6, 0xd7, 0x15, 0x53, 0x3e, 0x8d, 0x3d, 0x29, 0x9a, 0x58, 0x6a, 0xf1,
|
||||
0x75, 0x9e, 0xea, 0x1b, 0x4c, 0xf0, 0x47, 0x76, 0xac, 0xc6, 0xa2, 0x32,
|
||||
0x44, 0x40, 0xdf, 0xfe, 0xff, 0x9d, 0xf4, 0xe2, 0xc2, 0xfa, 0xa1, 0x5f,
|
||||
0x2e, 0x66, 0xe9, 0x97, 0xcb, 0x27, 0x26, 0x6e, 0x53, 0xe4, 0xe8, 0x86,
|
||||
0x2c, 0xea, 0xd3, 0x69, 0x6c, 0x61, 0x4f, 0xfe, 0xc1, 0xc9, 0x8b, 0x05,
|
||||
0x92, 0x6f, 0x47, 0x96, 0xce, 0xf0, 0x33, 0xfa, 0x7c, 0x78, 0x24, 0x9b,
|
||||
0xd7, 0x8d, 0x36, 0x56, 0x37, 0x86, 0xbc, 0x72, 0x5a, 0xf9, 0xb9, 0xb0,
|
||||
0x93, 0xf0, 0x81, 0x78, 0x10, 0xf2, 0xb0, 0xc2, 0x79, 0x91, 0x5e, 0xcf,
|
||||
0xbc, 0x8c, 0xf2, 0x32, 0x0f, 0xf7, 0x2d, 0x30, 0xd8, 0x13, 0x77, 0x4f,
|
||||
0x78, 0x9e, 0x40, 0x8d, 0xe6, 0x3a, 0x98, 0xb2, 0xaa, 0x13, 0x4d, 0x25,
|
||||
0x49, 0x34, 0x6c, 0x80, 0x9e, 0x19, 0x03, 0xdb, 0xcd, 0xf5, 0xb1, 0x54,
|
||||
0x74, 0x1b, 0x67, 0x3c, 0x46, 0xac, 0x3e, 0x5d, 0xa2, 0xd9, 0x13, 0x83,
|
||||
0x30, 0xeb, 0x82, 0x3b, 0x06, 0xab, 0x3c, 0x39, 0x7d, 0xd0, 0x68, 0x31,
|
||||
0x00};
|
||||
|
||||
// A 3072 bit RSA key in PKCS#8 PrivateKeyInfo format
|
||||
// Used to verify the functions that manipulate RSA keys.
|
||||
static const uint8_t kTestRSAPKCS8PrivateKeyInfo3_3072[] = {
|
||||
|
||||
@@ -156,7 +156,7 @@ TEST_F(OEMCryptoClientTest, FreeUnallocatedSecureBufferNoFailure) {
|
||||
*/
|
||||
TEST_F(OEMCryptoClientTest, VersionNumber) {
|
||||
const std::string log_message =
|
||||
"OEMCrypto unit tests for API 18.5. Tests last updated 2024-03-21";
|
||||
"OEMCrypto unit tests for API 18.6. Tests last updated 2024-06-04";
|
||||
cout << " " << log_message << "\n";
|
||||
cout << " "
|
||||
<< "These tests are part of Android U."
|
||||
@@ -165,7 +165,7 @@ TEST_F(OEMCryptoClientTest, VersionNumber) {
|
||||
// If any of the following fail, then it is time to update the log message
|
||||
// above.
|
||||
EXPECT_EQ(ODK_MAJOR_VERSION, 18);
|
||||
EXPECT_EQ(ODK_MINOR_VERSION, 5);
|
||||
EXPECT_EQ(ODK_MINOR_VERSION, 6);
|
||||
EXPECT_EQ(kCurrentAPI, static_cast<unsigned>(ODK_MAJOR_VERSION));
|
||||
OEMCrypto_Security_Level level = OEMCrypto_SecurityLevel();
|
||||
EXPECT_GT(level, OEMCrypto_Level_Unknown);
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
#include "oemcrypto_provisioning_test.h"
|
||||
|
||||
#include "log.h"
|
||||
#include "oec_device_features.h"
|
||||
#include "platform.h"
|
||||
#include "test_sleep.h"
|
||||
|
||||
@@ -161,10 +162,6 @@ TEST_F(OEMCryptoProv30Test, GetCertOnlyAPI16) {
|
||||
public_cert.resize(public_cert_length);
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_GetOEMPublicCertificate(
|
||||
public_cert.data(), &public_cert_length));
|
||||
// Derive keys from the session key -- this should use the DRM Cert's key.
|
||||
// It should NOT use the OEM Private key because that key should not have
|
||||
// been loaded.
|
||||
ASSERT_NO_FATAL_FAILURE(s.GenerateDerivedKeysFromSessionKey());
|
||||
// Now fill a message and try to load it.
|
||||
LicenseRoundTrip license_messages(&s);
|
||||
license_messages.set_control(0);
|
||||
@@ -739,6 +736,9 @@ TEST_F(OEMCryptoLoadsCertificate, SignProvisioningRequest) {
|
||||
ASSERT_NO_FATAL_FAILURE(s.open());
|
||||
if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
|
||||
s.LoadOEMCert(true);
|
||||
} else if (global_features.provisioning_method ==
|
||||
OEMCrypto_DrmReprovisioning) {
|
||||
s.SetTestRsaPublicKey();
|
||||
} else {
|
||||
EXPECT_EQ(global_features.provisioning_method, OEMCrypto_Keybox);
|
||||
s.GenerateDerivedKeysFromKeybox(keybox_);
|
||||
@@ -758,6 +758,9 @@ TEST_F(OEMCryptoLoadsCertificate, SignLargeProvisioningRequestAPI16) {
|
||||
ASSERT_NO_FATAL_FAILURE(s.open());
|
||||
if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
|
||||
s.LoadOEMCert(true);
|
||||
} else if (global_features.provisioning_method ==
|
||||
OEMCrypto_DrmReprovisioning) {
|
||||
s.SetTestRsaPublicKey();
|
||||
} else {
|
||||
EXPECT_EQ(global_features.provisioning_method, OEMCrypto_Keybox);
|
||||
s.GenerateDerivedKeysFromKeybox(keybox_);
|
||||
@@ -798,6 +801,12 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1_API16) {
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||
}
|
||||
// DRM Reprovisioning CDMs have embedded certificates and do not support
|
||||
// key rewrapping.
|
||||
if (global_features.provisioning_method == OEMCrypto_DrmReprovisioning) {
|
||||
GTEST_SKIP() << "Test for non DRM Reprovisioning devices.";
|
||||
}
|
||||
|
||||
Session s;
|
||||
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
|
||||
provisioning_messages.PrepareSession(keybox_);
|
||||
@@ -820,6 +829,11 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2_API16) {
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||
}
|
||||
// DRM Reprovisioning CDMs have embedded certificates and do not support
|
||||
// key rewrapping.
|
||||
if (global_features.provisioning_method == OEMCrypto_DrmReprovisioning) {
|
||||
GTEST_SKIP() << "Test for non DRM Reprovisioning devices.";
|
||||
}
|
||||
Session s;
|
||||
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
|
||||
provisioning_messages.PrepareSession(keybox_);
|
||||
@@ -842,6 +856,11 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3_API16) {
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||
}
|
||||
// DRM Reprovisioning CDMs have embedded certificates and do not support
|
||||
// key rewrapping.
|
||||
if (global_features.provisioning_method == OEMCrypto_DrmReprovisioning) {
|
||||
GTEST_SKIP() << "Test for non DRM Reprovisioning devices.";
|
||||
}
|
||||
Session s;
|
||||
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
|
||||
provisioning_messages.PrepareSession(keybox_);
|
||||
@@ -866,6 +885,11 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4_API16) {
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||
}
|
||||
// DRM Reprovisioning CDMs have embedded certificates and do not support
|
||||
// key rewrapping.
|
||||
if (global_features.provisioning_method == OEMCrypto_DrmReprovisioning) {
|
||||
GTEST_SKIP() << "Test for non DRM Reprovisioning devices.";
|
||||
}
|
||||
Session s;
|
||||
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
|
||||
provisioning_messages.PrepareSession(keybox_);
|
||||
@@ -893,6 +917,11 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange5Prov30_API16) {
|
||||
if (global_features.provisioning_method != OEMCrypto_OEMCertificate) {
|
||||
GTEST_SKIP() << "Test for Prov 3.0 devices only.";
|
||||
}
|
||||
// DRM Reprovisioning CDMs have embedded certificates and do not support
|
||||
// key rewrapping.
|
||||
if (global_features.provisioning_method == OEMCrypto_DrmReprovisioning) {
|
||||
GTEST_SKIP() << "Test for non DRM Reprovisioning devices.";
|
||||
}
|
||||
Session s;
|
||||
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
|
||||
provisioning_messages.PrepareSession(keybox_);
|
||||
@@ -940,6 +969,11 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadNonce_API16) {
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||
}
|
||||
// DRM Reprovisioning CDMs have embedded certificates and do not support
|
||||
// key rewrapping.
|
||||
if (global_features.provisioning_method == OEMCrypto_DrmReprovisioning) {
|
||||
GTEST_SKIP() << "Test for non DRM Reprovisioning devices.";
|
||||
}
|
||||
Session s;
|
||||
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
|
||||
provisioning_messages.PrepareSession(keybox_);
|
||||
@@ -959,6 +993,11 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRSAKey) {
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||
}
|
||||
// DRM Reprovisioning CDMs have embedded certificates and do not support
|
||||
// key rewrapping.
|
||||
if (global_features.provisioning_method == OEMCrypto_DrmReprovisioning) {
|
||||
GTEST_SKIP() << "Test for non DRM Reprovisioning devices.";
|
||||
}
|
||||
Session s;
|
||||
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
|
||||
provisioning_messages.PrepareSession(keybox_);
|
||||
@@ -1125,6 +1164,10 @@ TEST_F(OEMCryptoLoadsCertificate, TestMultipleRSAKeys) {
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||
}
|
||||
// DRM Reprovisioning CDMs have embedded certificates.
|
||||
if (global_features.provisioning_method == OEMCrypto_DrmReprovisioning) {
|
||||
GTEST_SKIP() << "Test for non DRM Reprovisioning devices.";
|
||||
}
|
||||
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
||||
Session s1; // Session s1 loads the default rsa key, but doesn't use it
|
||||
// until after s2 uses its key.
|
||||
@@ -1166,6 +1209,10 @@ TEST_F(OEMCryptoLoadsCertificate, TestMaxDRMKeys) {
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||
}
|
||||
// DRM Reprovisioning CDMs have embedded certificates.
|
||||
if (global_features.provisioning_method == OEMCrypto_DrmReprovisioning) {
|
||||
GTEST_SKIP() << "Test for non DRM Reprovisioning devices.";
|
||||
}
|
||||
const size_t max_total_keys = GetResourceValue(kMaxTotalDRMPrivateKeys);
|
||||
std::vector<std::unique_ptr<Session>> sessions;
|
||||
std::vector<std::unique_ptr<LicenseRoundTrip>> licenses;
|
||||
@@ -1243,123 +1290,6 @@ TEST_F(OEMCryptoLoadsCertificate, SupportsCertificatesAPI13) {
|
||||
<< "Supported certificates is only " << OEMCrypto_SupportedCertificates();
|
||||
}
|
||||
|
||||
// This test is not run by default, because it takes a long time and
|
||||
// is used to measure RSA performance, not test functionality.
|
||||
TEST_F(OEMCryptoLoadsCertificate, RSAPerformance) {
|
||||
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
|
||||
// provisioning 4. Disabled here temporarily.
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
|
||||
}
|
||||
const std::chrono::milliseconds kTestDuration(5000);
|
||||
OEMCryptoResult sts;
|
||||
std::chrono::steady_clock clock;
|
||||
wvutil::TestSleep::Sleep(kShortSleep); // Make sure we are not nonce limited.
|
||||
|
||||
auto start_time = clock.now();
|
||||
int count = 15;
|
||||
for (int i = 0; i < count; i++) { // Only 20 nonce available.
|
||||
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
||||
}
|
||||
auto delta_time = clock.now() - start_time;
|
||||
const double provision_time =
|
||||
delta_time / std::chrono::milliseconds(1) / count;
|
||||
|
||||
Session session;
|
||||
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
||||
start_time = clock.now();
|
||||
count = 0;
|
||||
while (clock.now() - start_time < kTestDuration) {
|
||||
Session s;
|
||||
ASSERT_NO_FATAL_FAILURE(s.open());
|
||||
ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
|
||||
const size_t size = 50;
|
||||
vector<uint8_t> licenseRequest(size);
|
||||
GetRandBytes(licenseRequest.data(), licenseRequest.size());
|
||||
size_t signature_length = 0;
|
||||
sts = OEMCrypto_GenerateRSASignature(s.session_id(), licenseRequest.data(),
|
||||
licenseRequest.size(), nullptr,
|
||||
&signature_length, kSign_RSASSA_PSS);
|
||||
ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts);
|
||||
ASSERT_NE(static_cast<size_t>(0), signature_length);
|
||||
|
||||
if (ShouldGenerateCorpus()) {
|
||||
const std::string file_name =
|
||||
GetFileName("oemcrypto_generate_rsa_signature_fuzz_seed_corpus");
|
||||
OEMCrypto_Generate_RSA_Signature_Fuzz fuzzed_structure;
|
||||
fuzzed_structure.padding_scheme = kSign_RSASSA_PSS;
|
||||
fuzzed_structure.signature_length = signature_length;
|
||||
// Cipher mode and algorithm.
|
||||
AppendToFile(file_name, reinterpret_cast<const char*>(&fuzzed_structure),
|
||||
sizeof(fuzzed_structure));
|
||||
AppendToFile(file_name,
|
||||
reinterpret_cast<const char*>(licenseRequest.data()),
|
||||
licenseRequest.size());
|
||||
}
|
||||
|
||||
std::vector<uint8_t> signature(signature_length, 0);
|
||||
sts = OEMCrypto_GenerateRSASignature(
|
||||
s.session_id(), licenseRequest.data(), licenseRequest.size(),
|
||||
signature.data(), &signature_length, kSign_RSASSA_PSS);
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
|
||||
count++;
|
||||
}
|
||||
delta_time = clock.now() - start_time;
|
||||
const double license_request_time =
|
||||
delta_time / std::chrono::milliseconds(1) / count;
|
||||
|
||||
Session s;
|
||||
ASSERT_NO_FATAL_FAILURE(s.open());
|
||||
ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
|
||||
vector<uint8_t> session_key;
|
||||
vector<uint8_t> enc_session_key;
|
||||
ASSERT_NO_FATAL_FAILURE(s.SetRsaPublicKeyFromPrivateKeyInfo(
|
||||
encoded_rsa_key_.data(), encoded_rsa_key_.size()));
|
||||
ASSERT_TRUE(s.GenerateRsaSessionKey(&session_key, &enc_session_key));
|
||||
vector<uint8_t> mac_context;
|
||||
vector<uint8_t> enc_context;
|
||||
s.FillDefaultContext(&mac_context, &enc_context);
|
||||
|
||||
enc_session_key = wvutil::a2b_hex(
|
||||
"7789c619aa3b9fa3c0a53f57a4abc6"
|
||||
"02157c8aa57e3c6fb450b0bea22667fb"
|
||||
"0c3200f9d9d618e397837c720dc2dadf"
|
||||
"486f33590744b2a4e54ca134ae7dbf74"
|
||||
"434c2fcf6b525f3e132262f05ea3b3c1"
|
||||
"198595c0e52b573335b2e8a3debd0d0d"
|
||||
"d0306f8fcdde4e76476be71342957251"
|
||||
"e1688c9ca6c1c34ed056d3b989394160"
|
||||
"cf6937e5ce4d39cc73d11a2e93da21a2"
|
||||
"fa019d246c852fe960095b32f120c3c2"
|
||||
"7085f7b64aac344a68d607c0768676ce"
|
||||
"d4c5b2d057f7601921b453a451e1dea0"
|
||||
"843ebfef628d9af2784d68e86b730476"
|
||||
"e136dfe19989de4be30a4e7878efcde5"
|
||||
"ad2b1254f80c0c5dd3cf111b56572217"
|
||||
"b9f58fc1dacbf74b59d354a1e62cfa0e"
|
||||
"bf");
|
||||
start_time = clock.now();
|
||||
while (clock.now() - start_time < kTestDuration) {
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS,
|
||||
OEMCrypto_DeriveKeysFromSessionKey(
|
||||
s.session_id(), enc_session_key.data(),
|
||||
enc_session_key.size(), mac_context.data(),
|
||||
mac_context.size(), enc_context.data(), enc_context.size()));
|
||||
count++;
|
||||
}
|
||||
delta_time = clock.now() - start_time;
|
||||
const double derive_keys_time =
|
||||
delta_time / std::chrono::milliseconds(1) / count;
|
||||
|
||||
OEMCrypto_Security_Level level = OEMCrypto_SecurityLevel();
|
||||
printf(
|
||||
"PERF:head, security, provision (ms), lic req(ms), derive "
|
||||
"keys(ms)\n");
|
||||
printf("PERF:stat, %u, %8.3f, %8.3f, %8.3f\n",
|
||||
static_cast<unsigned int>(level), provision_time, license_request_time,
|
||||
derive_keys_time);
|
||||
}
|
||||
|
||||
// Test DeriveKeysFromSessionKey using the maximum size for the HMAC context.
|
||||
TEST_F(OEMCryptoUsesCertificate, GenerateDerivedKeysLargeBuffer) {
|
||||
vector<uint8_t> session_key;
|
||||
|
||||
@@ -44,7 +44,7 @@ class SessionUtil {
|
||||
// Create a new DRM Cert. Only for provisioning 4.0
|
||||
void CreateProv4DRMKey();
|
||||
|
||||
void CreateProv4CastKey(Session *s, bool load_drm_before_prov_req);
|
||||
void CreateProv4CastKey(Session* s, bool load_drm_before_prov_req);
|
||||
|
||||
// Used by prov2.0, prov3.0, and prov 4.0
|
||||
std::vector<uint8_t> encoded_rsa_key_;
|
||||
|
||||
@@ -780,6 +780,9 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) {
|
||||
|
||||
// This verifies that entitled key sessions can be created and removed.
|
||||
TEST_P(OEMCryptoLicenseTest, EntitledKeySessionsAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
|
||||
Reference in New Issue
Block a user