widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release 17.1.2

Browse Source
This commit is contained in:
John "Juce" Bruce
2023-06-23 15:37:42 -07:00
parent a10f13a2dc
commit 2baa7c6e2b
353 changed files with 12903 additions and 2305 deletions
Download Patch File Download Diff File Expand all files Collapse all files

302
oemcrypto/test/oemcrypto_test.cpp
View File

@@ -228,11 +228,29 @@ class OEMCryptoClientTest : public ::testing::Test, public SessionUtil {
uint8_t subsample_flags) {
if (ShouldGenerateCorpus() && input_buffer != nullptr &&
dest_buffer_descriptor != nullptr) {
OEMCrypto_Copy_Buffer_Fuzz fuzzed_structure;
fuzzed_structure.dest_buffer_desc = *dest_buffer_descriptor;
fuzzed_structure.subsample_flags = subsample_flags;
const std::string file_name =
GetFileName("oemcrypto_copy_buffer_fuzz_seed_corpus");
OEMCrypto_Copy_Buffer_Fuzz fuzzed_structure;
fuzzed_structure.dest_buffer_desc.type = dest_buffer_descriptor->type;
switch (fuzzed_structure.dest_buffer_desc.type) {
case OEMCrypto_BufferType_Clear:
fuzzed_structure.dest_buffer_desc.buffer_config =
dest_buffer_descriptor->buffer.clear.clear_buffer_length;
break;
case OEMCrypto_BufferType_Secure:
fuzzed_structure.dest_buffer_desc.buffer_config =
dest_buffer_descriptor->buffer.secure.secure_buffer_length;
break;
case OEMCrypto_BufferType_Direct:
fuzzed_structure.dest_buffer_desc.buffer_config =
dest_buffer_descriptor->buffer.direct.is_video;
break;
}
fuzzed_structure.subsample_flags = subsample_flags;
// Corpus for copy buffer fuzzer should be in the format:
// (dest_buffer_descriptor | subsample_flags | input_buffer).
AppendToFile(file_name, reinterpret_cast<const char*>(&fuzzed_structure),
@@ -266,7 +284,7 @@ TEST_F(OEMCryptoClientTest, FreeUnallocatedSecureBufferNoFailure) {
*/
TEST_F(OEMCryptoClientTest, VersionNumber) {
const std::string log_message =
"OEMCrypto unit tests for API 17. Tests last updated 2022-04-13";
"OEMCrypto unit tests for API 17.1. Tests last updated 2022-06-17";
cout << " " << log_message << "\n";
cout << " "
<< "These tests are part of Android T."
@@ -275,7 +293,7 @@ TEST_F(OEMCryptoClientTest, VersionNumber) {
// If any of the following fail, then it is time to update the log message
// above.
EXPECT_EQ(ODK_MAJOR_VERSION, 17);
EXPECT_EQ(ODK_MINOR_VERSION, 1);
EXPECT_EQ(ODK_MINOR_VERSION, 2);
EXPECT_EQ(kCurrentAPI, 17u);
OEMCrypto_Security_Level level = OEMCrypto_SecurityLevel();
EXPECT_GT(level, OEMCrypto_Level_Unknown);
@@ -684,6 +702,7 @@ TEST_F(OEMCryptoClientTest, PreventNonceFlood2API16) {
ASSERT_NO_FATAL_FAILURE(s.open());
s.GenerateNonce(&error_counter);
}
wvutil::TestSleep::SyncFakeClock();
const int64_t test_end = wvutil::Clock().GetCurrentTime();
int valid_counter = loop_count - error_counter;
// Either oemcrypto should enforce a delay, or it should return an error from
@@ -721,6 +740,7 @@ TEST_F(OEMCryptoClientTest, PreventNonceFlood3API16) {
s[j].GenerateNonce(&error_counter);
}
}
wvutil::TestSleep::SyncFakeClock();
const int64_t test_end = wvutil::Clock().GetCurrentTime();
int valid_counter = request_counter - error_counter;
// Either oemcrypto should enforce a delay, or it should return an error from
@@ -2070,13 +2090,13 @@ class OEMCryptoEntitlementLicenseTest : public OEMCryptoLicenseTest {
}
};
// This verifies that entitlement keys and entitled content keys can be loaded.
/** This verifies that entitlement keys and entitled content keys can be loaded.
*/
TEST_P(OEMCryptoEntitlementLicenseTest, LoadEntitlementKeysAPI17) {
LoadEntitlementLicense();
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
ASSERT_NE(key_session_id, 0u);
EntitledMessage entitled_message_1(&license_messages_);
entitled_message_1.FillKeyArray();
entitled_message_1.SetEntitledKeySession(key_session_id);
@@ -2092,7 +2112,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest, CasOnlyLoadCasKeysAPI17) {
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
ASSERT_NE(key_session_id, 0u);
EntitledMessage entitled_message_1(&license_messages_);
entitled_message_1.FillKeyArray();
@@ -2113,19 +2132,19 @@ TEST_P(OEMCryptoEntitlementLicenseTest, CasOnlyLoadCasKeysAPI17) {
/*load_even=*/false, /*load_odd=*/false, OEMCrypto_SUCCESS));
}
// This verifies that entitled content keys cannot be loaded if we have not yet
// loaded the entitlement keys.
/**
* This verifies that entitled content keys cannot be loaded if we have not yet
* loaded the entitlement keys.
*/
TEST_P(OEMCryptoEntitlementLicenseTest,
LoadEntitlementKeysNoEntitlementKeysAPI17) {
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
ASSERT_NE(key_session_id, 0u);
EntitledMessage entitled_message_1(&license_messages_);
entitled_message_1.FillKeyArray();
@@ -2133,8 +2152,10 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
}
// This verifies that entitled content keys cannot be loaded if we have loaded
// the wrong entitlement keys.
/**
* This verifies that entitled content keys cannot be loaded if we have loaded
* the wrong entitlement keys.
*/
TEST_P(OEMCryptoEntitlementLicenseTest,
CasOnlyLoadCasKeysNoEntitlementKeysAPI17) {
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
@@ -2144,7 +2165,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
ASSERT_NE(key_session_id, 0u);
EntitledMessage entitled_message_1(&license_messages_);
entitled_message_1.FillKeyArray();
@@ -2153,15 +2173,16 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_ERROR_INVALID_CONTEXT));
}
// This verifies that entitled content keys cannot be loaded if we have loaded
// the wrong entitlement keys.
/**
* This verifies that entitled content keys cannot be loaded if we have loaded
* the wrong entitlement keys.
*/
TEST_P(OEMCryptoEntitlementLicenseTest,
LoadEntitlementKeysWrongEntitlementKeysAPI17) {
LoadEntitlementLicense();
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
ASSERT_NE(key_session_id, 0u);
EntitledMessage entitled_message_1(&license_messages_);
entitled_message_1.FillKeyArray();
@@ -2177,7 +2198,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
ASSERT_NE(key_session_id, 0u);
EntitledMessage entitled_message_1(&license_messages_);
entitled_message_1.FillKeyArray();
@@ -2188,19 +2208,21 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_KEY_NOT_ENTITLED));
}
// This verifies that entitled content keys cannot be loaded if we specify an
// entitled key session that has not been created.
/**
* This verifies that entitled content keys cannot be loaded if we specify an
* entitled key session that has not been created.
*/
TEST_P(OEMCryptoEntitlementLicenseTest,
LoadEntitlementKeysWrongEntitledKeySessionAPI17) {
LoadEntitlementLicense();
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
ASSERT_NE(key_session_id, 0u);
EntitledMessage entitled_message_1(&license_messages_);
entitled_message_1.FillKeyArray();
entitled_message_1.SetEntitledKeySession(0);
const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0;
entitled_message_1.SetEntitledKeySession(wrong_key_session_id);
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
}
@@ -2210,28 +2232,34 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
ASSERT_NE(key_session_id, 0u);
EntitledMessage entitled_message_1(&license_messages_);
entitled_message_1.FillKeyArray();
entitled_message_1.SetEntitledKeySession(0);
const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0;
entitled_message_1.SetEntitledKeySession(wrong_key_session_id);
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
/*load_even=*/true, /*load_odd=*/true,
OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
}
// This verifies that entitled content keys cannot be loaded if we specify an
// entitled key session that is actually an oemcrypto session.
/**
* This verifies that entitled content keys cannot be loaded if we specify an
* entitled key session that is actually an oemcrypto session.
*/
TEST_P(OEMCryptoEntitlementLicenseTest,
LoadEntitlementKeysOemcryptoSessionAPI17) {
LoadEntitlementLicense();
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
ASSERT_NE(key_session_id, 0u);
EntitledMessage entitled_message_1(&license_messages_);
entitled_message_1.FillKeyArray();
if (session_.session_id() == key_session_id) {
GTEST_SKIP()
<< "Skipping test because entitled and entitlement sessions are both "
<< key_session_id << ".";
}
entitled_message_1.SetEntitledKeySession(session_.session_id());
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
}
@@ -2242,7 +2270,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
uint32_t key_session_id = 0;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id));
ASSERT_NE(key_session_id, 0u);
EntitledMessage entitled_message_1(&license_messages_);
entitled_message_1.FillKeyArray();
@@ -3069,15 +3096,16 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitledKeyNotThereAPI17) {
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
const char* content_key_id = "no_key";
ASSERT_EQ(
OEMCrypto_ERROR_NO_CONTENT_KEY,
OEMCrypto_SelectKey(key_session_id,
reinterpret_cast<const uint8_t*>(content_key_id),
strlen(content_key_id), OEMCrypto_CipherMode_CENC));
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_ERROR_INVALID_CONTEXT, key_session_id,
reinterpret_cast<const uint8_t*>(content_key_id),
strlen(content_key_id)));
}
// Select key with entitlement license fails if the key id is entitlement key
// id.
/**
* Select key with entitlement license fails if the key id is entitlement key
* id.
*/
TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) {
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
@@ -3093,11 +3121,15 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) {
entitled_message_1.SetEntitledKeySession(key_session_id);
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
OEMCryptoResult res = OEMCrypto_SelectKey(
session_.session_id(), session_.license().keys[0].key_id,
session_.license().keys[0].key_id_length, OEMCrypto_CipherMode_CENC);
EXPECT_TRUE(res == OEMCrypto_ERROR_INVALID_CONTEXT ||
res == OEMCrypto_ERROR_NO_CONTENT_KEY);
if (session_.session_id() == key_session_id) {
GTEST_SKIP()
<< "Skipping test because entitled and entitlement sessions are both "
<< key_session_id << ".";
}
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_ERROR_INVALID_CONTEXT, session_.session_id(),
session_.license().keys[0].key_id,
session_.license().keys[0].key_id_length));
}
// This verifies that entitled key sessions can be created and removed.
@@ -3126,6 +3158,28 @@ TEST_P(OEMCryptoLicenseTest, EntitledKeySessionsAPI17) {
OEMCrypto_RemoveEntitledKeySession(key_session_id_2));
}
TEST_P(OEMCryptoLicenseTest,
EntitledKeySessionsCloseWithOEMCryptoSessionAPI17) {
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
uint32_t key_session_id_1;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id_1));
// Close the OEMCrypto session.
session_.close();
// All entitled key sessions associated with the OEMCrypto session should
// already be been destroyed,
OEMCryptoResult sts = OEMCrypto_RemoveEntitledKeySession(key_session_id_1);
EXPECT_TRUE(sts == OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION ||
sts == OEMCrypto_ERROR_INVALID_SESSION);
// Open a new session just for OEMCryptoLicenseTest TearDown.
session_.open();
}
// This verifies that multiple entitled key sessions can be created. They can
// load and select keys independently.
TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
@@ -3145,15 +3199,24 @@ TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
entitled_message_1.SetContentKeyId(0, content_key_id_1);
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
// We can select content key 1 in entitled key session 1.
ASSERT_EQ(
OEMCrypto_SUCCESS,
OEMCrypto_SelectKey(key_session_id_1,
reinterpret_cast<const uint8_t*>(content_key_id_1),
strlen(content_key_id_1), OEMCrypto_CipherMode_CENC));
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SUCCESS, key_session_id_1,
reinterpret_cast<const uint8_t*>(content_key_id_1),
strlen(content_key_id_1)));
// Create another entitled key session.
uint32_t key_session_id_2;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id_2));
OEMCryptoResult status = OEMCrypto_CreateEntitledKeySession(
session_.session_id(), &key_session_id_2);
// For DRM, but not for CAS, we allow there to be only a single entitled
// session.
if (!global_features.supports_cas &&
(key_session_id_2 == key_session_id_1 ||
status == OEMCrypto_ERROR_TOO_MANY_SESSIONS)) {
GTEST_SKIP()
<< "Skipping test because multiple entitled sessions not supported.";
}
ASSERT_EQ(OEMCrypto_SUCCESS, status);
// Entitled key sessions should have unique ids.
ASSERT_NE(key_session_id_1, key_session_id_2);
@@ -3164,23 +3227,22 @@ TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
entitled_message_2.SetContentKeyId(0, content_key_id_2);
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true));
// We can select content key 2 in entitled key session 2.
ASSERT_EQ(
OEMCrypto_SUCCESS,
OEMCrypto_SelectKey(key_session_id_2,
reinterpret_cast<const uint8_t*>(content_key_id_2),
strlen(content_key_id_2), OEMCrypto_CipherMode_CENC));
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SUCCESS, key_session_id_2,
reinterpret_cast<const uint8_t*>(content_key_id_2),
strlen(content_key_id_2)));
// Content key id 1 is not in entitled key session 2.
ASSERT_EQ(
OEMCrypto_ERROR_NO_CONTENT_KEY,
OEMCrypto_SelectKey(key_session_id_2,
reinterpret_cast<const uint8_t*>(content_key_id_1),
strlen(content_key_id_1), OEMCrypto_CipherMode_CENC));
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_2,
reinterpret_cast<const uint8_t*>(content_key_id_1),
strlen(content_key_id_1)));
// Content key id 2 is not in entitled key session 1.
ASSERT_EQ(
OEMCrypto_ERROR_NO_CONTENT_KEY,
OEMCrypto_SelectKey(key_session_id_1,
reinterpret_cast<const uint8_t*>(content_key_id_2),
strlen(content_key_id_2), OEMCrypto_CipherMode_CENC));
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_1,
reinterpret_cast<const uint8_t*>(content_key_id_2),
strlen(content_key_id_2)));
}
// This verifies that within an entitled key session, each entitlement key can
@@ -3204,28 +3266,27 @@ TEST_P(OEMCryptoLicenseTest,
entitled_message_1.SetContentKeyId(0, content_key_id_1);
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
// We can select content key 1 in entitled key session.
ASSERT_EQ(
OEMCrypto_SUCCESS,
OEMCrypto_SelectKey(key_session_id,
reinterpret_cast<const uint8_t*>(content_key_id_1),
strlen(content_key_id_1), OEMCrypto_CipherMode_CENC));
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SUCCESS, key_session_id,
reinterpret_cast<const uint8_t*>(content_key_id_1),
strlen(content_key_id_1)));
// Load content key with new content id.
const char* content_key_id_2 = "content_key_id_2";
entitled_message_1.SetContentKeyId(0, content_key_id_2);
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
// We can select content key 2 in entitled key session.
ASSERT_EQ(
OEMCrypto_SUCCESS,
OEMCrypto_SelectKey(key_session_id,
reinterpret_cast<const uint8_t*>(content_key_id_2),
strlen(content_key_id_2), OEMCrypto_CipherMode_CENC));
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SUCCESS, key_session_id,
reinterpret_cast<const uint8_t*>(content_key_id_2),
strlen(content_key_id_2)));
// Content key one is no longer in the entitled key session as they use the
// same entitlement key.
ASSERT_EQ(
OEMCrypto_ERROR_NO_CONTENT_KEY,
OEMCrypto_SelectKey(key_session_id,
reinterpret_cast<const uint8_t*>(content_key_id_1),
strlen(content_key_id_1), OEMCrypto_CipherMode_CENC));
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id,
reinterpret_cast<const uint8_t*>(content_key_id_1),
strlen(content_key_id_1)));
}
// Decrypt should fail if the license is entitlement license, and the decrypt
@@ -3249,11 +3310,10 @@ TEST_P(OEMCryptoLicenseTest,
const char* content_key_id = "content_key_id";
entitled_message.SetContentKeyId(0, content_key_id);
ASSERT_NO_FATAL_FAILURE(entitled_message.LoadKeys(true));
ASSERT_EQ(
OEMCrypto_SUCCESS,
OEMCrypto_SelectKey(key_session_id,
reinterpret_cast<const uint8_t*>(content_key_id),
strlen(content_key_id), OEMCrypto_CipherMode_CENC));
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SUCCESS, key_session_id,
reinterpret_cast<const uint8_t*>(content_key_id),
strlen(content_key_id)));
vector<uint8_t> in_buffer(256);
vector<uint8_t> out_buffer(in_buffer.size());
@@ -3262,11 +3322,12 @@ TEST_P(OEMCryptoLicenseTest,
ASSERT_NO_FATAL_FAILURE(GenerateSimpleSampleDescription(
in_buffer, out_buffer, &sample_description, &subsample_description));
OEMCrypto_CENCEncryptPatternDesc pattern = {0, 0};
// Try to decrypt the data with oemcrypto session id.
EXPECT_EQ(OEMCrypto_DecryptCENC(session_.session_id(), &sample_description, 1,
&pattern),
OEMCrypto_ERROR_INVALID_CONTEXT);
if (global_features.supports_cas || session_.session_id() != key_session_id) {
// Try to decrypt the data with oemcrypto session id.
EXPECT_EQ(OEMCrypto_DecryptCENC(session_.session_id(), &sample_description,
1, &pattern),
OEMCrypto_ERROR_INVALID_CONTEXT);
}
// Decrypt the data with entitled key session id succeed.
EXPECT_EQ(
OEMCrypto_DecryptCENC(key_session_id, &sample_description, 1, &pattern),
@@ -3297,8 +3358,14 @@ TEST_P(OEMCryptoEntitlementLicenseTest, ReassociateEntitledKeySessionAPI17) {
ASSERT_NO_FATAL_FAILURE(entitled_message.LoadKeys(true));
// Now reassociate the entitled key session to the second OEMCrypto session.
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_ReassociateEntitledKeySession(
key_session_id, session2.session_id()));
OEMCryptoResult status = OEMCrypto_ReassociateEntitledKeySession(
key_session_id, session2.session_id());
if (status == OEMCrypto_ERROR_NOT_IMPLEMENTED &&
!global_features.supports_cas) {
GTEST_SKIP() << "Skipping test because "
"OEMCrypto_ReassociateEntitledKeySession not implemented.";
}
ASSERT_EQ(OEMCrypto_SUCCESS, status);
// session2 does not have entitlement keys.
ASSERT_NO_FATAL_FAILURE(entitled_message.LoadKeys(false));
@@ -3467,7 +3534,7 @@ TEST_P(OEMCryptoLicenseTest, QueryKeyControl) {
// clear key control block (KCB) in the license response. An OEMCrypto v17.1+
// implementation should be able to handle the clear KCB in the 16.4.x response
// and load the license correctly.
TEST_F(OEMCryptoSessionTests, ClearKcbAPI16_4) {
TEST_F(OEMCryptoSessionTests, ClearKcbAPI17) {
Session s;
ASSERT_NO_FATAL_FAILURE(s.open());
ASSERT_NO_FATAL_FAILURE(InstallTestRSAKey(&s));
@@ -3838,7 +3905,8 @@ TEST_P(OEMCryptoLicenseOverflowTest,
TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
[](size_t response_message_length, LicenseRoundTrip* license_messages) {
auto& pst = license_messages->core_response().pst;
pst.offset = response_message_length - pst.length + 1;
pst.offset = response_message_length;
if (pst.length == 0) pst.length = 1;
});
}
@@ -3881,8 +3949,8 @@ TEST_P(
[](size_t response_message_length, LicenseRoundTrip* license_messages) {
auto& srm_restriction_data =
license_messages->core_response().srm_restriction_data;
srm_restriction_data.offset =
response_message_length - srm_restriction_data.length + 1;
srm_restriction_data.offset = response_message_length;
if (srm_restriction_data.length == 0) srm_restriction_data.length = 1;
});
}
@@ -5045,6 +5113,7 @@ TEST_P(OEMCryptoSessionTestsDecryptTests,
MakeBuffers();
EncryptData();
OEMCryptoResult result = DecryptCENC();
FreeSecureBuffers();
// Closing the session and opening it for next iteration.
// If it is last iteration, session will be closed in teardown method of
// class.
@@ -5054,6 +5123,9 @@ TEST_P(OEMCryptoSessionTestsDecryptTests,
return result;
};
TestHugeLengthDoesNotCrashAPI(oemcrypto_function, 1, 2 * MiB, kCheckStatus);
// Avoid double free when test teardown calls FreeSecureBuffers()
MakeBuffers();
}
TEST_P(OEMCryptoSessionTestsDecryptTests,
@@ -5119,6 +5191,7 @@ TEST_P(OEMCryptoSessionTestsDecryptTests,
MakeBuffers();
EncryptData();
OEMCryptoResult result = DecryptCENC();
FreeSecureBuffers();
// Closing the session and opening it for next iteration.
// If it is last iteration, session will be closed in teardown method of
// class.
@@ -5128,6 +5201,9 @@ TEST_P(OEMCryptoSessionTestsDecryptTests,
return result;
};
TestHugeLengthDoesNotCrashAPI(oemcrypto_function, 1, 2 * MiB, kCheckStatus);
// Avoid double free when test teardown calls FreeSecureBuffers()
MakeBuffers();
}
// Based on the resource rating, OEMCrypto should be able to handle the maximum
@@ -5239,6 +5315,7 @@ TEST_P(OEMCryptoSessionTestsDecryptTests, ContinueDecryptionAfterIdleAndWake) {
ASSERT_NO_FATAL_FAILURE(MakeBuffers());
ASSERT_NO_FATAL_FAILURE(EncryptData());
ASSERT_NO_FATAL_FAILURE(TestDecryptCENC());
FreeSecureBuffers();
// Set state to idle then wake again and try to reencrypt/decrypt
ASSERT_NO_FATAL_FAILURE(
OEMCrypto_Idle(OEMCrypto_IdleState::OEMCrypto_CpuSuspend, 0));
@@ -6363,7 +6440,9 @@ class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate {
OEMCryptoResult sts = provisioning_messages.LoadResponse();
key_loaded_ = (OEMCrypto_SUCCESS == sts);
if (key_loaded_) {
encoded_rsa_key_ = provisioning_messages.encoded_rsa_key();
uint8_t* ptr = provisioning_messages.response_data().rsa_key;
size_t len = provisioning_messages.response_data().rsa_key_length;
encoded_rsa_key_ = std::vector<uint8_t>(ptr, ptr + len);
wrapped_rsa_key_ = provisioning_messages.wrapped_rsa_key();
EXPECT_GT(wrapped_rsa_key_.size(), 0u);
EXPECT_EQ(nullptr, find(wrapped_rsa_key_, encoded_rsa_key_));
@@ -7511,15 +7590,17 @@ class OEMCryptoGenericCryptoTest : public OEMCryptoRefreshTest {
if (ShouldGenerateCorpus()) {
const std::string file_name =
GetFileName("oemcrypto_generic_verify_fuzz_seed_corpus");
OEMCrypto_Generic_Verify_Fuzz fuzzed_structure;
OEMCrypto_Generic_Api_Fuzz fuzzed_structure;
fuzzed_structure.cipher_mode = OEMCrypto_CipherMode_CENC;
fuzzed_structure.algorithm = algorithm;
fuzzed_structure.signature_length = signature_length;
// Cipher mode and algorithm.
AppendToFile(file_name, reinterpret_cast<const char*>(&fuzzed_structure),
sizeof(fuzzed_structure));
AppendToFile(file_name, reinterpret_cast<const char*>(clear_buffer),
clear_buffer_length);
AppendSeparator(file_name);
AppendToFile(file_name, reinterpret_cast<const char*>(signature),
signature_length);
}
return OEMCrypto_Generic_Verify(session, clear_buffer, clear_buffer_length,
algorithm, signature, signature_length);
@@ -8487,6 +8568,9 @@ class OEMCryptoUsageTableTest : public OEMCryptoGenericCryptoTest {
TEST_P(OEMCryptoUsageTableTest,
OEMCryptoMemoryUpdateUsageEntryForHugeHeaderBuffer) {
if (!wvoec::global_features.usage_table) {
GTEST_SKIP() << "Usage tables are not supported.";
}
auto oemcrypto_function = [&](size_t buffer_length) {
if (buffer_length < encrypted_usage_header_.size()) {
return OEMCrypto_ERROR_SHORT_BUFFER;
@@ -8514,6 +8598,9 @@ TEST_P(OEMCryptoUsageTableTest,
TEST_P(OEMCryptoUsageTableTest,
OEMCryptoMemoryUpdateUsageEntryForHugeUsageEntryBuffer) {
if (!wvoec::global_features.usage_table) {
GTEST_SKIP() << "Usage tables are not supported.";
}
auto oemcrypto_function = [&](size_t buffer_length) {
LicenseWithUsageEntry entry;
entry.license_messages().set_api_version(license_api_version_);
@@ -8538,6 +8625,9 @@ TEST_P(OEMCryptoUsageTableTest,
TEST_P(OEMCryptoUsageTableTest,
OEMCryptoMemoryDeactivateUsageEntryForHugePstBuffer) {
if (!wvoec::global_features.usage_table) {
GTEST_SKIP() << "Usage tables are not supported.";
}
auto oemcrypto_function = [&](size_t buffer_length) {
LicenseWithUsageEntry entry;
std::string pst("pst");
@@ -8557,6 +8647,9 @@ TEST_P(OEMCryptoUsageTableTest,
TEST_P(OEMCryptoUsageTableTest,
OEMCryptoMemoryLoadUsageTableHeaderForHugeHeader) {
if (!wvoec::global_features.usage_table) {
GTEST_SKIP() << "Usage tables are not supported.";
}
auto oemcrypto_function = [&](size_t buffer_length) {
if (buffer_length < encrypted_usage_header_.size()) {
return OEMCrypto_ERROR_SHORT_BUFFER;
@@ -8581,6 +8674,9 @@ TEST_P(OEMCryptoUsageTableTest,
TEST_P(
OEMCryptoUsageTableTest,
OEMCryptoMemoryLoadUsageTableHeaderForHugeHeaderStartingHeaderLengthFrom1) {
if (!wvoec::global_features.usage_table) {
GTEST_SKIP() << "Usage tables are not supported.";
}
auto oemcrypto_function = [&](size_t buffer_length) {
LicenseWithUsageEntry entry;
entry.license_messages().set_api_version(license_api_version_);
@@ -8597,6 +8693,9 @@ TEST_P(
TEST_P(OEMCryptoUsageTableTest,
OEMCryptoMemoryLoadUsageEntryForHugeUsageEntryBuffer) {
if (!wvoec::global_features.usage_table) {
GTEST_SKIP() << "Usage tables are not supported.";
}
auto oemcrypto_function = [&](size_t buffer_length) {
LicenseWithUsageEntry entry;
entry.license_messages().set_api_version(license_api_version_);
@@ -8639,6 +8738,9 @@ TEST_P(OEMCryptoUsageTableTest,
}
TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugeReportBuffer) {
if (!wvoec::global_features.usage_table) {
GTEST_SKIP() << "Usage tables are not supported.";
}
auto oemcrypto_function = [&](size_t buffer_length) {
LicenseWithUsageEntry entry;
entry.license_messages().set_api_version(license_api_version_);
@@ -8665,6 +8767,9 @@ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugeReportBuffer) {
}
TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugePstBuffer) {
if (!wvoec::global_features.usage_table) {
GTEST_SKIP() << "Usage tables are not supported.";
}
auto oemcrypto_function = [&](size_t buffer_length) {
LicenseWithUsageEntry entry;
entry.license_messages().set_api_version(license_api_version_);
@@ -8685,6 +8790,9 @@ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugePstBuffer) {
TEST_P(OEMCryptoUsageTableTest,
OEMCryptoMemoryShrinkUsageTableHeaderForHugeHeaderBufferLength) {
if (!wvoec::global_features.usage_table) {
GTEST_SKIP() << "Usage tables are not supported.";
}
LicenseWithUsageEntry entry0;
entry0.set_pst("pst 0");
entry0.MakeOfflineAndClose(this);