widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release 18.5.0

Browse Source
This commit is contained in:
Matt Feddersen
2024-03-28 19:15:22 -07:00
parent b2c35151ad
commit 28ec8548c6
109 changed files with 3623 additions and 1012 deletions
Download Patch File Download Diff File Expand all files Collapse all files

285
oemcrypto/test/oemcrypto_test.cpp
View File

@@ -43,6 +43,11 @@
*
* @defgroup security Security Tests
* Buffer overflow tests, off-by-one tests, and other security tests.
*
* The way the huge buffer tests work is to create a large buffer and then call
* the API. The test then loops and doubles the buffer until the API returns an
* error. An error is considered a passing test. We expect OEMCrypto to fail
* gracefully on a huge buffer rather than crashing.
*/
#include <ctype.h>
@@ -443,6 +448,9 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
*/
TEST_P(OEMCryptoEntitlementLicenseTest,
LoadEntitlementKeysOemcryptoSessionAPI17) {
if (!global_features.supports_cas) {
GTEST_SKIP() << "OEMCrypto does not support CAS";
}
LoadEntitlementLicense();
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
@@ -485,6 +493,7 @@ INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoEntitlementLicenseTest,
/// @addtogroup security
/// @{
/** Test that LoadEntitledContentKeys fails gracefully on huge buffer. */
TEST_F(OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyIdLength) {
TestLoadEntitledKeysForHugeBufferLengths(
@@ -495,6 +504,7 @@ TEST_F(OEMCryptoMemoryLicenseTest,
!kCheckStatus);
}
/** Test that LoadEntitledContentKeys fails gracefully on huge buffer. */
TEST_F(OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyIdOffset) {
TestLoadEntitledKeysForHugeBufferLengths(
@@ -505,6 +515,7 @@ TEST_F(OEMCryptoMemoryLicenseTest,
!kCheckStatus);
}
/** Test that LoadEntitledContentKeys fails gracefully on huge buffer. */
TEST_F(
OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyIdLength) {
@@ -515,6 +526,7 @@ TEST_F(
ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys());
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(
OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyIdOffset) {
@@ -525,6 +537,7 @@ TEST_F(
ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys());
}
/** Test that LoadEntitledContentKeys fails gracefully on huge substring. */
TEST_F(OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForHugeSubstringEntitlementKeyIdLength) {
TestLoadEntitledKeysForHugeBufferLengths(
@@ -535,6 +548,7 @@ TEST_F(OEMCryptoMemoryLicenseTest,
!kCheckStatus);
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForHugeSubstringEntitlementKeyIdOffset) {
TestLoadEntitledKeysForHugeBufferLengths(
@@ -545,6 +559,7 @@ TEST_F(OEMCryptoMemoryLicenseTest,
!kCheckStatus);
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(
OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringEntitlementKeyIdLength) {
@@ -555,6 +570,7 @@ TEST_F(
ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys());
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(
OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringEntitlementKeyIdOffset) {
@@ -565,6 +581,7 @@ TEST_F(
ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys());
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyDataIvLength) {
TestLoadEntitledKeysForHugeBufferLengths(
@@ -575,6 +592,7 @@ TEST_F(OEMCryptoMemoryLicenseTest,
!kCheckStatus);
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyDataIvOffset) {
TestLoadEntitledKeysForHugeBufferLengths(
@@ -585,6 +603,7 @@ TEST_F(OEMCryptoMemoryLicenseTest,
!kCheckStatus);
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(
OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyDataIvLength) {
@@ -595,6 +614,7 @@ TEST_F(
ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys());
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(
OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyDataIvOffset) {
@@ -605,6 +625,7 @@ TEST_F(
ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys());
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyDataLength) {
TestLoadEntitledKeysForHugeBufferLengths(
@@ -615,6 +636,7 @@ TEST_F(OEMCryptoMemoryLicenseTest,
!kCheckStatus);
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyDataOffset) {
TestLoadEntitledKeysForHugeBufferLengths(
@@ -625,6 +647,7 @@ TEST_F(OEMCryptoMemoryLicenseTest,
!kCheckStatus);
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(
OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyDataLength) {
@@ -635,6 +658,7 @@ TEST_F(
ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys());
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(
OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyDataOffset) {
@@ -645,6 +669,7 @@ TEST_F(
ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys());
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForHugeEntitlementKeyIdLength) {
TestLoadEntitledKeysForHugeBufferLengths(
@@ -655,6 +680,7 @@ TEST_F(OEMCryptoMemoryLicenseTest,
!kCheckStatus);
}
/** Test LoadEntitledContentKeys rejects out of range substring. */
TEST_F(OEMCryptoMemoryLicenseTest,
OEMCryptoMemoryLoadEntitledKeysForHugeContentKeyIdLength) {
TestLoadEntitledKeysForHugeBufferLengths(
@@ -724,6 +750,9 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitledKeyNotThereAPI17) {
* id.
*/
TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) {
if (!global_features.supports_cas) {
GTEST_SKIP() << "OEMCrypto does not support CAS";
}
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
@@ -799,6 +828,9 @@ TEST_P(OEMCryptoLicenseTest,
// This verifies that multiple entitled key sessions can be created. They can
// load and select keys independently.
TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
if (!global_features.supports_cas) {
GTEST_SKIP() << "OEMCrypto does not support CAS";
}
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
@@ -826,9 +858,7 @@ TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
session_.session_id(), &key_session_id_2);
// For DRM, but not for CAS, we allow there to be only a single entitled
// session.
if (!global_features.supports_cas &&
(key_session_id_2 == key_session_id_1 ||
status == OEMCrypto_ERROR_TOO_MANY_SESSIONS)) {
if (status == OEMCrypto_ERROR_TOO_MANY_SESSIONS) {
GTEST_SKIP()
<< "Skipping test because multiple entitled sessions not supported.";
}
@@ -1018,6 +1048,7 @@ TEST_P(OEMCryptoEntitlementLicenseTest, ReassociateEntitledKeySessionAPI17) {
/// @addtogroup security
/// @{
/** Test that LoadLicense fails gracefully on huge buffer. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyIdLength) {
TestLoadLicenseForHugeBufferLengths(
@@ -1028,6 +1059,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyIdOffset) {
TestLoadLicenseForHugeBufferLengths(
@@ -1037,6 +1069,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyIdLength) {
TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
@@ -1046,6 +1079,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyIdOffset) {
TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
@@ -1055,6 +1089,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataIvLength) {
TestLoadLicenseForHugeBufferLengths(
@@ -1065,6 +1100,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataIvOffset) {
TestLoadLicenseForHugeBufferLengths(
@@ -1075,6 +1111,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataIvLength) {
@@ -1086,6 +1123,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataIvOffset) {
@@ -1097,6 +1135,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataLength) {
TestLoadLicenseForHugeBufferLengths(
@@ -1107,6 +1146,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataOffset) {
TestLoadLicenseForHugeBufferLengths(
@@ -1116,6 +1156,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataLength) {
@@ -1127,6 +1168,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataOffset) {
@@ -1138,6 +1180,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlIvLength) {
@@ -1149,6 +1192,7 @@ TEST_P(
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlIvOffset) {
@@ -1160,6 +1204,7 @@ TEST_P(
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlIvLengthAPI16) {
@@ -1172,6 +1217,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlIvOffset) {
@@ -1184,6 +1230,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlLength) {
TestLoadLicenseForHugeBufferLengths(
@@ -1194,6 +1241,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlOffset) {
TestLoadLicenseForHugeBufferLengths(
@@ -1204,6 +1252,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlLengthAPI16) {
@@ -1215,6 +1264,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlOffset) {
@@ -1226,6 +1276,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyIvLength) {
TestLoadLicenseForHugeBufferLengths(
@@ -1235,6 +1286,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyIvOffset) {
TestLoadLicenseForHugeBufferLengths(
@@ -1244,6 +1296,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyIvLength) {
@@ -1256,6 +1309,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyIvOffset) {
@@ -1268,6 +1322,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyLength) {
TestLoadLicenseForHugeBufferLengths(
@@ -1277,6 +1332,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyOffset) {
TestLoadLicenseForHugeBufferLengths(
@@ -1286,6 +1342,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyLength) {
@@ -1296,6 +1353,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyOffset) {
@@ -1306,6 +1364,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringPstLength) {
TestLoadLicenseForHugeBufferLengths(
@@ -1315,6 +1374,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringPstOffset) {
TestLoadLicenseForHugeBufferLengths(
@@ -1324,6 +1384,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringPstLength) {
TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
@@ -1333,6 +1394,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringPstOffset) {
TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
@@ -1343,6 +1405,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringSrmRestrictionDataLength) {
@@ -1353,6 +1416,7 @@ TEST_P(
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringSrmRestrictionDataOffset) {
@@ -1363,6 +1427,7 @@ TEST_P(
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringSrmRestrictionDataLength) {
@@ -1375,6 +1440,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on out of range substring. */
TEST_P(
OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringSrmRestrictionDataOffset) {
@@ -1387,6 +1453,7 @@ TEST_P(
});
}
/** Test that LoadLicense fails gracefully on huge buffer. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeResponseLength) {
TestLoadLicenseForHugeBufferLengths(
@@ -1396,6 +1463,7 @@ TEST_P(OEMCryptoLicenseOverflowTest,
!kCheckStatus, !kUpdateCoreMessageSubstringValues);
}
/** Test that LoadLicense fails gracefully on huge buffer. */
TEST_P(OEMCryptoLicenseOverflowTest,
OEMCryptoMemoryLoadLicenseForHugeCoreMessageLength) {
TestLoadLicenseForHugeBufferLengths(
@@ -1418,8 +1486,15 @@ INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoLicenseOverflowTest,
/// @addtogroup security
/// @{
/** Test that LoadProvisioning fails gracefully on huge buffer. */
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForHugeResponseLength) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForHugeBufferLengths(
[](size_t message_size, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->set_message_size(message_size);
@@ -1427,8 +1502,15 @@ TEST_F(OEMCryptoLoadsCertificate,
!kCheckStatus, !kUpdateCoreMessageSubstringValues);
}
/** Test that LoadProvisioning fails gracefully on huge buffer. */
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForHugeCoreMessageLength) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForHugeBufferLengths(
[](size_t message_size, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->set_core_message_size(message_size);
@@ -1436,8 +1518,15 @@ TEST_F(OEMCryptoLoadsCertificate,
!kCheckStatus, !kUpdateCoreMessageSubstringValues);
}
/** Test that LoadProvisioning fails gracefully on huge buffer. */
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncPrivateKeyLength) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForHugeBufferLengths(
[](size_t length, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->core_response().enc_private_key.length = length;
@@ -1445,8 +1534,15 @@ TEST_F(OEMCryptoLoadsCertificate,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadProvisioning fails gracefully on huge buffer. */
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncPrivateKeyOffset) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForHugeBufferLengths(
[](size_t offset, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->core_response().enc_private_key.offset = offset;
@@ -1454,9 +1550,16 @@ TEST_F(OEMCryptoLoadsCertificate,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadProvisioning fails gracefully on out of range substring. */
TEST_F(
OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncPrivateKeyLength) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForOutOfRangeSubstringOffsetAndLengths(
[](size_t response_message_length,
ProvisioningRoundTrip* provisioning_messages) {
@@ -1467,9 +1570,16 @@ TEST_F(
});
}
/** Test that LoadProvisioning fails gracefully on out of range substring. */
TEST_F(
OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncPrivateKeyOffset) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForOutOfRangeSubstringOffsetAndLengths(
[](size_t response_message_length,
ProvisioningRoundTrip* provisioning_messages) {
@@ -1480,8 +1590,15 @@ TEST_F(
});
}
/** Test that LoadProvisioning fails gracefully on out of range substring. */
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncPrivateKeyIvLength) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForHugeBufferLengths(
[](size_t length, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->core_response().enc_private_key_iv.length =
@@ -1490,8 +1607,15 @@ TEST_F(OEMCryptoLoadsCertificate,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadProvisioning fails gracefully on out of range substring. */
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncPrivateKeyIvOffset) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForHugeBufferLengths(
[](size_t offset, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->core_response().enc_private_key_iv.offset =
@@ -1500,9 +1624,16 @@ TEST_F(OEMCryptoLoadsCertificate,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadProvisioning fails gracefully on out of range substring. */
TEST_F(
OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncPrivateKeyIvLengthAPI16) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForOutOfRangeSubstringOffsetAndLengths(
[](size_t response_message_length,
ProvisioningRoundTrip* provisioning_messages) {
@@ -1513,9 +1644,16 @@ TEST_F(
});
}
/** Test that LoadProvisioning fails gracefully on out of range substring. */
TEST_F(
OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncPrivateKeyIvOffset) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForOutOfRangeSubstringOffsetAndLengths(
[](size_t response_message_length,
ProvisioningRoundTrip* provisioning_messages) {
@@ -1526,8 +1664,15 @@ TEST_F(
});
}
/** Test that LoadProvisioning fails gracefully on out of range substring. */
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncMessageKeyLength) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForHugeBufferLengths(
[](size_t length, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->core_response().encrypted_message_key.length =
@@ -1536,8 +1681,15 @@ TEST_F(OEMCryptoLoadsCertificate,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadProvisioning fails gracefully on out of range substring. */
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncMessageKeyOffset) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestLoadProvisioningForHugeBufferLengths(
[](size_t offset, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->core_response().encrypted_message_key.offset =
@@ -1546,9 +1698,16 @@ TEST_F(OEMCryptoLoadsCertificate,
!kCheckStatus, kUpdateCoreMessageSubstringValues);
}
/** Test that LoadProvisioning fails gracefully on out of range substring. */
TEST_F(
OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncMessageKeyLengthProv30) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
if (global_features.provisioning_method != OEMCrypto_OEMCertificate) {
GTEST_SKIP() << "Test for Prov 3.0 devices only.";
}
@@ -1562,9 +1721,16 @@ TEST_F(
});
}
/** Test that LoadProvisioning fails gracefully on out of range substring. */
TEST_F(
OEMCryptoLoadsCertificate,
OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncMessageKeyOffsetProv30) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
if (global_features.provisioning_method != OEMCrypto_OEMCertificate) {
GTEST_SKIP() << "Test for Prov 3.0 devices only.";
}
@@ -1583,8 +1749,17 @@ TEST_F(
/// @addtogroup security
/// @{
/** Test that OEMCrypto_PrepAndSignProvisioningRequest fails gracefully on a
* huge buffer.
*/
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryPrepareProvisioningRequestForHugeRequestMessageLength) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestPrepareProvisioningRequestForHugeBufferLengths(
[](size_t message_size, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->set_message_size(message_size);
@@ -1592,8 +1767,17 @@ TEST_F(OEMCryptoLoadsCertificate,
kCheckStatus);
}
/** Test that OEMCrypto_PrepAndSignProvisioningRequest fails gracefully on a
* huge buffer.
*/
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryPrepareProvisioningRequestForHugeSignatureLength) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestPrepareProvisioningRequestForHugeBufferLengths(
[](size_t message_size, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->set_request_signature_size(message_size);
@@ -1601,8 +1785,17 @@ TEST_F(OEMCryptoLoadsCertificate,
!kCheckStatus);
}
/** Test that OEMCrypto_PrepAndSignProvisioningRequest fails gracefully on a
* huge buffer.
*/
TEST_F(OEMCryptoLoadsCertificate,
OEMCryptoMemoryPrepareProvisioningRequestForHugeCoreMessageLength) {
// TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for
// provisioning 4. Disabled here temporarily.
if (!global_features.loads_certificate ||
global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
GTEST_SKIP() << "Test for non Prov 4.0 devices only.";
}
TestPrepareProvisioningRequestForHugeBufferLengths(
[](size_t message_size, ProvisioningRoundTrip* provisioning_messages) {
provisioning_messages->set_core_message_size(message_size);
@@ -1616,4 +1809,90 @@ TEST_F(OEMCryptoLoadsCertificate,
/// @{
/// @}
#ifdef CAS_TEST
# include "tuner_hal.h"
class OEMCryptoCasDemoTest : public OEMCryptoEntitlementLicenseTest {};
TEST_P(OEMCryptoCasDemoTest, BasicFlow) {
// License contains entitlement keys, function reused from
// OEMCryptoEntitlementLicenseTest
LoadEntitlementLicense();
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
EntitledMessage entitled_message(&license_messages_);
// Randomly generate entitled content keys
entitled_message.FillKeyArray();
if (session_.session_id() == key_session_id) {
GTEST_SKIP()
<< "Skipping test because entitled and entitlement sessions are both "
<< key_session_id << ".";
}
entitled_message.SetEntitledKeySession(key_session_id);
// Encrypt and load 0th key (even key) into OEMCrypto
ASSERT_NO_FATAL_FAILURE(entitled_message.LoadCasKeys(
/*load_even=*/true, /*load_odd=*/false, OEMCrypto_SUCCESS));
//
// Perform DecryptCTR() but for CAS
//
vector<uint8_t> unencrypted_data(256, 0);
vector<uint8_t> encrypted_data(256, 0);
vector<uint8_t> output_buffer(256, 0);
unencrypted_data.resize(encrypted_data.size());
output_buffer.resize(encrypted_data.size());
OEMCrypto_SampleDescription sample_description;
OEMCrypto_SubSampleDescription subsample_description;
GenerateSimpleSampleDescription(encrypted_data, output_buffer,
&sample_description, &subsample_description);
// Use 0th entitled content key and IV to encrypt test data
EncryptCTR(unencrypted_data,
entitled_message.entitled_key_data()->content_key_data,
entitled_message.entitled_key_data()->content_iv, &encrypted_data);
// Assume 0,0 pattern for CTR example
OEMCrypto_CENCEncryptPatternDesc pattern = {0, 0};
// Demo only -- copy IV into sample description so we can use
// WTPI_DecryptSample() in the Tuner decrypt impl. A real implementation would
// use the IV from the entitled content key, but the demo relies on the
// existing decrypt which uses SampleDescription IV.
memcpy(sample_description.iv,
entitled_message.entitled_key_data()->content_iv, 16);
// Get key token to send to Tuner for decrypt
std::vector<uint8_t> key_token;
size_t key_token_length = key_token.size();
OEMCryptoResult res = OEMCrypto_GetOEMKeyToken(
key_session_id, key_token.data(), &key_token_length);
if (res == OEMCrypto_ERROR_SHORT_BUFFER) {
key_token.resize(key_token_length);
res = OEMCrypto_GetOEMKeyToken(key_session_id, key_token.data(),
&key_token_length);
}
ASSERT_EQ(OEMCrypto_SUCCESS, res);
// Decrypt the data
ASSERT_EQ(TUNER_HAL_SUCCESS,
TunerHal_Decrypt(key_token.data(), key_token_length,
TunerHal_KeyParityType_EvenKey,
&sample_description, // an array of samples.
1, // the number of samples.
&pattern));
ASSERT_EQ(unencrypted_data, output_buffer);
}
INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoCasDemoTest,
Range<uint32_t>(kCoreMessagesAPI, kCurrentAPI + 1));
#endif
} // namespace wvoec