Source release 18.5.0
This commit is contained in:
Matt Feddersen
@@ -11,21 +11,36 @@ using ::testing::Range;
|
||||
|
||||
namespace wvoec {
|
||||
|
||||
// The alternate padding is only required for cast receivers, but all devices
|
||||
// should forbid the alternate padding for regular certificates.
|
||||
TEST_F(OEMCryptoLoadsCertificateAlternates, DisallowForbiddenPaddingAPI09) {
|
||||
LoadWithAllowedSchemes(kSign_RSASSA_PSS,
|
||||
true); // Use default padding scheme
|
||||
DisallowForbiddenPadding(kSign_PKCS1_Block1, 50);
|
||||
}
|
||||
|
||||
// The alternate padding is only required for cast receivers, but if a device
|
||||
// does load an alternate certificate, it should NOT use it for generating
|
||||
// a license request signature.
|
||||
/** If a device can load a private key with the alternate padding schemes, it
|
||||
* should support signing with the alternate scheme. */
|
||||
TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) {
|
||||
// Try to load an RSA key with alternative padding schemes. This signing
|
||||
// scheme is used by cast receivers.
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
|
||||
LoadCastCertificateKey(false);
|
||||
// If the device is a cast receiver, then this scheme is required.
|
||||
if (global_features.cast_receiver) {
|
||||
ASSERT_TRUE(key_loaded_);
|
||||
}
|
||||
// If the key loaded with no error, then we will verify that it is not used
|
||||
// for forbidden padding schemes.
|
||||
if (key_loaded_) {
|
||||
if (global_features.cast_receiver) {
|
||||
// A signature with a valid size should succeed.
|
||||
TestSignature(kSign_PKCS1_Block1, 83);
|
||||
TestSignature(kSign_PKCS1_Block1, 50);
|
||||
}
|
||||
// A signature with padding that is too big should fail.
|
||||
DisallowForbiddenPaddingDRMKey(kSign_PKCS1_Block1, 84); // too big.
|
||||
}
|
||||
}
|
||||
|
||||
/** The alternate padding is only required for cast receivers, but if a device
|
||||
* does load an alternate certificate, it should NOT be used as a DRM cert
|
||||
* key. */
|
||||
TEST_F(OEMCryptoLoadsCertificateAlternates, ForbidUseAsDRMCert) {
|
||||
// Try to load an RSA key with alternative padding schemes. This signing
|
||||
// scheme is used by cast receivers.
|
||||
LoadCastCertificateKey(false);
|
||||
// If the device is a cast receiver, then this scheme is required.
|
||||
if (global_features.cast_receiver) {
|
||||
ASSERT_TRUE(key_loaded_);
|
||||
@@ -34,15 +49,44 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) {
|
||||
// for forbidden padding schemes.
|
||||
if (key_loaded_) {
|
||||
// The other padding scheme should fail.
|
||||
DisallowForbiddenPadding(kSign_RSASSA_PSS, 83);
|
||||
DisallowForbiddenPaddingDRMKey(kSign_RSASSA_PSS, 83);
|
||||
DisallowDeriveKeys();
|
||||
if (global_features.cast_receiver) {
|
||||
// A signature with a valid size should succeed.
|
||||
TestSignature(kSign_PKCS1_Block1, 83);
|
||||
TestSignature(kSign_PKCS1_Block1, 50);
|
||||
}
|
||||
// A signature with padding that is too big should fail.
|
||||
DisallowForbiddenPadding(kSign_PKCS1_Block1, 84); // too big.
|
||||
}
|
||||
}
|
||||
|
||||
/** A Cast receiver certificate private key cannot be used with the function
|
||||
* PrepAndSignLicenseRequest.
|
||||
*/
|
||||
TEST_F(OEMCryptoLoadsCertificateAlternates, ForbidPrepAndSign) {
|
||||
// Try to load an RSA key with alternative padding schemes. This signing
|
||||
// scheme is used by cast receivers.
|
||||
LoadCastCertificateKey(false);
|
||||
// If the device is a cast receiver, then this scheme is required.
|
||||
if (global_features.cast_receiver) {
|
||||
ASSERT_TRUE(key_loaded_);
|
||||
}
|
||||
// If the key loaded with no error, then we will verify that it is not used
|
||||
// for forbidden padding schemes.
|
||||
if (key_loaded_) {
|
||||
Session s;
|
||||
ASSERT_NO_FATAL_FAILURE(s.open());
|
||||
ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
|
||||
s.GenerateNonce();
|
||||
|
||||
size_t core_message_length = 100;
|
||||
std::vector<uint8_t> message(128, 0);
|
||||
std::vector<uint8_t> signature(256, 0);
|
||||
size_t signature_length = signature.size();
|
||||
|
||||
OEMCryptoResult result = OEMCrypto_PrepAndSignLicenseRequest(
|
||||
s.session_id(), message.data(), message.size(), &core_message_length,
|
||||
signature.data(), &signature_length);
|
||||
// TODO: remove OEMCrypto_ERROR_INVALID_RSA_KEY once OEMCrypto v16 is not
|
||||
// supported anymore. This error code has been deprecated since v17.
|
||||
ASSERT_TRUE(result == OEMCrypto_ERROR_INVALID_KEY ||
|
||||
result == OEMCrypto_ERROR_INVALID_RSA_KEY);
|
||||
const vector<uint8_t> zero(signature.size(), 0);
|
||||
ASSERT_EQ(signature, zero); // Signature should not have been computed.
|
||||
}
|
||||
}
|
||||
|
||||
@@ -275,7 +319,7 @@ TEST_F(OEMCryptoCastReceiverTest, SupportsCertificatesAPI13) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.1
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_1) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"f45d55f35551e975d6a8dc7ea9f48859"
|
||||
"3940cc75694a278f27e578a163d839b3"
|
||||
@@ -314,7 +358,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_1) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.2
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_2) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"c14b4c6075b2f9aad661def4ecfd3cb9"
|
||||
"33c623f4e63bf53410d2f016d1ab98e2"
|
||||
@@ -349,7 +393,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_2) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.3
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_3) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"d02371ad7ee48bbfdb2763de7a843b94"
|
||||
"08ce5eb5abf847ca3d735986df84e906"
|
||||
@@ -390,7 +434,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_3) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.4
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_4) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"29035584ab7e0226a9ec4b02e8dcf127"
|
||||
"2dc9a41d73e2820007b0f6e21feccd5b"
|
||||
@@ -419,7 +463,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_4) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.5
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_5) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex("bda3a1c79059eae598308d3df609");
|
||||
vector<uint8_t> signature = wvutil::a2b_hex(
|
||||
"a156176cb96777c7fb96105dbd913bc4"
|
||||
@@ -444,7 +488,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_5) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.6
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_6) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"c187915e4e87da81c08ed4356a0cceac"
|
||||
"1c4fb5c046b45281b387ec28f1abfd56"
|
||||
@@ -476,7 +520,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_6) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.7
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_7) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"abfa2ecb7d29bd5bcb9931ce2bad2f74"
|
||||
"383e95683cee11022f08e8e7d0b8fa05"
|
||||
@@ -509,7 +553,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_7) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.8
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_8) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"df4044a89a83e9fcbf1262540ae3038b"
|
||||
"bc90f2b2628bf2a4467ac67722d8546b"
|
||||
@@ -548,7 +592,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_8) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.9
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_9) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"ea941ff06f86c226927fcf0e3b11b087"
|
||||
"2676170c1bfc33bda8e265c77771f9d0"
|
||||
@@ -585,7 +629,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_9) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.10
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_10) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"d8b81645c13cd7ecf5d00ed2c91b9acd"
|
||||
"46c15568e5303c4a9775ede76b48403d"
|
||||
@@ -615,7 +659,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_10) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.11
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_11) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"e5739b6c14c92d510d95b826933337ff"
|
||||
"0d24ef721ac4ef64c2bad264be8b44ef"
|
||||
@@ -649,7 +693,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_11) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.12
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_12) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"7af42835917a88d6b3c6716ba2f5b0d5"
|
||||
"b20bd4e2e6e574e06af1eef7c81131be"
|
||||
@@ -690,7 +734,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_12) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.13
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_13) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"ebaef3f9f23bdfe5fa6b8af4c208c189"
|
||||
"f2251bf32f5f137b9de4406378686b3f"
|
||||
@@ -719,7 +763,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_13) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.14
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_14) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"c5a2711278761dfcdd4f0c99e6f5619d"
|
||||
"6c48b5d4c1a80982faa6b4cf1cf7a60f"
|
||||
@@ -755,7 +799,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_14) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.15
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_15) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"9bf8aa253b872ea77a7e23476be26b23"
|
||||
"29578cf6ac9ea2805b357f6fc3ad130d"
|
||||
@@ -794,7 +838,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_15) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.16
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_16) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"32474830e2203754c8bf0681dc4f842a"
|
||||
"fe360930378616c108e833656e5640c8"
|
||||
@@ -835,7 +879,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_16) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.17
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_17) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"008e59505eafb550aae5e845584cebb0"
|
||||
"0b6de1733e9f95d42c882a5bbeb5ce1c"
|
||||
@@ -864,7 +908,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_17) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.18
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_18) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"6abc54cf8d1dff1f53b17d8160368878"
|
||||
"a8788cc6d22fa5c2258c88e660b09a89"
|
||||
@@ -894,7 +938,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_18) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.19
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_19) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"af2d78152cf10efe01d274f217b177f6"
|
||||
"b01b5e749f1567715da324859cd3dd88"
|
||||
@@ -931,7 +975,7 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_19) {
|
||||
// # PKCS#1 v1.5 Signature Example 15.20
|
||||
TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_20) {
|
||||
BuildRSAKey();
|
||||
LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
|
||||
LoadCastCertificateKey(true);
|
||||
vector<uint8_t> message = wvutil::a2b_hex(
|
||||
"40ee992458d6f61486d25676a96dd2cb"
|
||||
"93a37f04b178482f2b186cf88215270d"
|
||||
@@ -974,4 +1018,4 @@ TEST_P(OEMCryptoSessionTestLoadCasKeysWithHDCP, CasOnlyLoadCasKeysAPI17) {
|
||||
}
|
||||
INSTANTIATE_TEST_SUITE_P(TestHDCP, OEMCryptoSessionTestLoadCasKeysWithHDCP,
|
||||
Range(1, 6));
|
||||
} // namespace wvoec
|
||||
} // namespace wvoec
|
||||
|
||||
Reference in New Issue
Block a user