widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release v3.3.0

Browse Source
This commit is contained in:
Gene Morgan
2017-05-04 14:01:27 -07:00
parent baa7b133d3
commit 8082775924
678 changed files with 51264 additions and 14200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
oemcrypto/test/oec_device_features.cpp
View File

@@ -203,6 +203,7 @@ const char* ProvisioningMethodName(OEMCrypto_ProvisioningMethod method) {
case OEMCrypto_OEMCertificate:
return "OEMCrypto_OEMCertificate";
}
return "";
}
} // namespace wvoec

93
oemcrypto/test/oec_session_util.cpp
View File

@@ -101,7 +101,7 @@ Session::Session()
num_keys_(4) { // Most tests only use 4 keys.
// Other tests will explicitly call set_num_keys.
// Stripe the padded message.
for (int i = 0; i < sizeof(padded_message_.padding); i++) {
for (size_t i = 0; i < sizeof(padded_message_.padding); i++) {
padded_message_.padding[i] = i % 0x100;
}
}
@@ -237,7 +237,7 @@ void Session::LoadTestKeys(const std::string& pst, bool new_mac_keys) {
}
void Session::VerifyTestKeys() {
for (unsigned int i = 0; i < num_keys_; i++) {
for (int i = 0; i < num_keys_; i++) {
KeyControlBlock block;
size_t size = sizeof(block);
OEMCryptoResult sts = OEMCrypto_QueryKeyControl(
@@ -296,7 +296,7 @@ void Session::FillSimpleMessage(uint32_t duration, uint32_t control,
EXPECT_EQ(
1, RAND_pseudo_bytes(license_.mac_key_iv, sizeof(license_.mac_key_iv)));
EXPECT_EQ(1, RAND_pseudo_bytes(license_.mac_keys, sizeof(license_.mac_keys)));
for (unsigned int i = 0; i < num_keys_; i++) {
for (int i = 0; i < num_keys_; i++) {
memset(license_.keys[i].key_id, 0, kTestKeyIdMaxLength);
license_.keys[i].key_id_length = kDefaultKeyIdLength;
memset(license_.keys[i].key_id, i, license_.keys[i].key_id_length);
@@ -360,7 +360,7 @@ void Session::EncryptAndSign() {
AES_cbc_encrypt(&license_.mac_keys[0], &encrypted_license().mac_keys[0],
2 * wvcdm::MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT);
for (unsigned int i = 0; i < num_keys_; i++) {
for (int i = 0; i < num_keys_; i++) {
memcpy(iv_buffer, &license_.keys[i].control_iv[0], wvcdm::KEY_IV_SIZE);
AES_set_encrypt_key(&license_.keys[i].key_data[0], 128, &aes_key);
AES_cbc_encrypt(
@@ -418,7 +418,7 @@ void Session::VerifyClientSignature(size_t data_length) {
// In the real world, a message should be signed by the client and
// verified by the server. This simulates that.
vector<uint8_t> data(data_length);
for (int i = 0; i < data.size(); i++) data[i] = i % 0xFF;
for (size_t i = 0; i < data.size(); i++) data[i] = i % 0xFF;
OEMCryptoResult sts;
size_t gen_signature_length = 0;
sts = OEMCrypto_GenerateSignature(session_id(), &data[0], data.size(), NULL,
@@ -436,7 +436,7 @@ void Session::VerifyClientSignature(size_t data_length) {
void Session::FillKeyArray(const MessageData& data,
OEMCrypto_KeyObject* key_array) {
for (unsigned int i = 0; i < num_keys_; i++) {
for (int i = 0; i < num_keys_; i++) {
key_array[i].key_id = data.keys[i].key_id;
key_array[i].key_id_length = data.keys[i].key_id_length;
key_array[i].key_data_iv = data.keys[i].key_iv;
@@ -549,7 +549,7 @@ void Session::LoadOEMCert(bool verify_cert) {
ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER,
OEMCrypto_GetOEMPublicCertificate(session_id(), NULL,
&public_cert_length));
ASSERT_GT(public_cert_length, 0);
ASSERT_GT((int)public_cert_length, 0);
public_cert.resize(public_cert_length);
ASSERT_EQ(OEMCrypto_SUCCESS,
OEMCrypto_GetOEMPublicCertificate(session_id(), &public_cert[0],
@@ -558,35 +558,45 @@ void Session::LoadOEMCert(bool verify_cert) {
openssl_ptr<BIO, BIO_vfree> bio(
BIO_new_mem_buf(&public_cert[0], public_cert_length));
ASSERT_TRUE(bio.NotNull());
openssl_ptr<X509, X509_free> cert(
PEM_read_bio_X509(bio.get(), NULL, 0, NULL));
openssl_ptr<PKCS7, PKCS7_free> cert(
d2i_PKCS7_bio(bio.get(), NULL));
ASSERT_TRUE(cert.NotNull());
openssl_ptr<EVP_PKEY, EVP_PKEY_free> pubkey(X509_get_pubkey(cert.get()));
ASSERT_TRUE(pubkey.NotNull());
public_rsa_ = EVP_PKEY_get1_RSA(pubkey.get());
if (!public_rsa_) {
cout << "d2i_RSAPrivateKey failed.\n";
dump_openssl_error();
ASSERT_TRUE(NULL != public_rsa_);
}
if (verify_cert) {
vector<char> buffer(80);
X509_NAME* name = X509_get_subject_name(cert.get());
printf(" OEM Certificate Name: %s\n",
X509_NAME_oneline(name, &buffer[0], buffer.size()));
openssl_ptr<X509_STORE, X509_STORE_free> store(X509_STORE_new());
ASSERT_TRUE(store.NotNull());
openssl_ptr<X509_STORE_CTX, X509_STORE_CTX_free> store_ctx(
X509_STORE_CTX_new());
ASSERT_TRUE(store_ctx.NotNull());
X509_STORE_CTX_init(store_ctx.get(), store.get(), cert.get(), NULL);
// TODO(fredgc): Verify cert is signed by Google.
int result = X509_verify_cert(store_ctx.get());
ASSERT_GE(0, result) << " OEM Cert not valid. "
<< X509_verify_cert_error_string(store_ctx->error);
if (result == 0) {
printf("Cert not verified: %s.\n",
X509_verify_cert_error_string(store_ctx->error));
EXPECT_EQ(OBJ_obj2nid(cert->type), NID_pkcs7_signed);
STACK_OF(X509)* certs = cert->d.sign->cert;
for (int i = 0; certs && i < sk_X509_num(certs); i++) {
X509* x509_cert = sk_X509_value(certs, i);
openssl_ptr<EVP_PKEY, EVP_PKEY_free> pubkey(X509_get_pubkey(x509_cert));
ASSERT_TRUE(pubkey.NotNull());
if (i == 0) {
public_rsa_ = EVP_PKEY_get1_RSA(pubkey.get());
if (!public_rsa_) {
cout << "d2i_RSAPrivateKey failed.\n";
dump_openssl_error();
ASSERT_TRUE(NULL != public_rsa_);
}
}
if (verify_cert) {
vector<char> buffer(80);
X509_NAME* name = X509_get_subject_name(x509_cert);
printf(" OEM Certificate Name: %s\n",
X509_NAME_oneline(name, &buffer[0], buffer.size()));
openssl_ptr<X509_STORE, X509_STORE_free> store(X509_STORE_new());
ASSERT_TRUE(store.NotNull());
openssl_ptr<X509_STORE_CTX, X509_STORE_CTX_free> store_ctx(
X509_STORE_CTX_new());
ASSERT_TRUE(store_ctx.NotNull());
X509_STORE_CTX_init(store_ctx.get(), store.get(), x509_cert, NULL);
// TODO(fredgc): Verify cert is signed by Google.
int result = X509_verify_cert(store_ctx.get());
ASSERT_GE(0, result) << " OEM Cert not valid. "
<< X509_verify_cert_error_string(store_ctx->error);
if (result == 0) {
printf("Cert not verified: %s.\n",
X509_verify_cert_error_string(store_ctx->error));
}
}
}
}
@@ -642,10 +652,10 @@ void Session::RewrapRSAKey(const struct RSAPrivateKeyMessage& encrypted,
wrapped_key->clear();
}
}
void Session::RewrapRSAKey30(const struct RSAPrivateKeyMessage& encrypted,
size_t message_size,
const std::vector<uint8_t>& encrypted_message_key,
vector<uint8_t>* wrapped_key, bool force) {
void Session::RewrapRSAKey30(
const struct RSAPrivateKeyMessage& encrypted, size_t,
const std::vector<uint8_t>& encrypted_message_key,
vector<uint8_t>* wrapped_key, bool force) {
size_t wrapped_key_length = 0;
ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER,
OEMCrypto_RewrapDeviceRSAKey30(
@@ -713,7 +723,8 @@ bool Session::VerifyPSSSignature(EVP_PKEY* pkey, const uint8_t* message,
goto err;
}
if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) != 1) {
if (EVP_PKEY_CTX_set_signature_md(pctx,
const_cast<EVP_MD *>(EVP_sha1())) != 1) {
LOGE("EVP_PKEY_CTX_set_signature_md failed in VerifyPSSSignature");
goto err;
}
@@ -756,9 +767,11 @@ void Session::VerifyRSASignature(const vector<uint8_t>& message,
RSA_Padding_Scheme padding_scheme) {
EXPECT_TRUE(NULL != public_rsa_)
<< "No public RSA key loaded in test code.\n";
EXPECT_EQ(static_cast<size_t>(RSA_size(public_rsa_)), signature_length)
<< "Signature size is wrong. " << signature_length << ", should be "
<< RSA_size(public_rsa_) << "\n";
if (padding_scheme == kSign_RSASSA_PSS) {
openssl_ptr<EVP_PKEY, EVP_PKEY_free> pkey(EVP_PKEY_new());
ASSERT_EQ(1, EVP_PKEY_set1_RSA(pkey.get(), public_rsa_));

4
oemcrypto/test/oec_session_util.h
View File

@@ -19,11 +19,11 @@ using namespace std;
namespace std {
struct PatternTestVariant {
PatternTestVariant(size_t encrypt, size_t skip, OEMCryptoCipherMode mode) {
PatternTestVariant(size_t encrypt, size_t skip, OEMCryptoCipherMode mode_) {
this->pattern.encrypt = encrypt;
this->pattern.skip = skip;
this->pattern.offset = 0;
this->mode = mode;
this->mode = mode_;
}
OEMCrypto_CENCEncryptPatternDesc pattern;
OEMCryptoCipherMode mode;

49
oemcrypto/test/oemcrypto_test.cpp
View File

@@ -243,7 +243,7 @@ TEST_F(OEMCryptoClientTest, GetRandomLargeBuffer) {
// We don't have enough data to see that the data is really random,
// so we'll just do a spot check that two calls don't return the same values.
int count = 0;
for (int i = 0; i < size; i++) {
for (size_t i = 0; i < size; i++) {
if (data1[i] == data2[i]) count++;
}
ASSERT_LE(count, 3); // P(count > 3) = 1/256^3 = 6e-8.
@@ -471,7 +471,7 @@ TEST_F(OEMCryptoKeyboxTest, GenerateDerivedKeysFromKeyboxLargeBuffer) {
vector<uint8_t> mac_context(kMaxMessageSize);
vector<uint8_t> enc_context(kMaxMessageSize);
// Stripe the data so the two vectors are not identical, and not all zeroes.
for (int i = 0; i < kMaxMessageSize; i++) {
for (size_t i = 0; i < kMaxMessageSize; i++) {
mac_context[i] = i % 0x100;
enc_context[i] = (3 * i) % 0x100;
}
@@ -554,7 +554,6 @@ TEST_F(OEMCryptoProv30Test, OEMCertSignatureLargeBuffer) {
ASSERT_NO_FATAL_FAILURE(s.LoadOEMCert());
OEMCryptoResult sts;
// Sign a Message
static size_t kMaxMessageSize = 8 * 1024;
vector<uint8_t> data(kMaxMessageSize);
RAND_pseudo_bytes(&data[0], data.size());
size_t signature_length = 0;
@@ -889,7 +888,7 @@ TEST_F(OEMCryptoSessionTests, ClientSignatureLargeBuffer) {
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", false));
vector<uint8_t> context(kMaxMessageSize);
for (int i = 0; i < kMaxMessageSize; i++) {
for (size_t i = 0; i < kMaxMessageSize; i++) {
context[i] = i % 0x100;
}
static const uint32_t SignatureBufferMaxLength = 256;
@@ -1117,7 +1116,7 @@ class SessionTestAlternateVerification : public OEMCryptoSessionTests,
target_api_ = GetParam();
}
protected:
int target_api_;
uint32_t target_api_;
};
TEST_P(SessionTestAlternateVerification, LoadKeys) {
@@ -1259,19 +1258,21 @@ TEST_F(OEMCryptoSessionTests, AntiRollbackHardwareRequired) {
TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) {
uint8_t patch_level = OEMCrypto_Security_Patch_Level();
printf(" Current Patch Level: %u.\n", patch_level);
Session s;
ASSERT_NO_FATAL_FAILURE(s.open());
ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(
0, patch_level << wvoec_mock::kControlSecurityPatchLevelShift, 0));
ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
ASSERT_EQ(
OEMCrypto_SUCCESS,
OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), s.message_size(),
&s.signature()[0], s.signature().size(),
s.encrypted_license().mac_key_iv,
s.encrypted_license().mac_keys, s.num_keys(),
s.key_array(), NULL, 0));
{
Session s;
ASSERT_NO_FATAL_FAILURE(s.open());
ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(
0, patch_level << wvoec_mock::kControlSecurityPatchLevelShift, 0));
ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
ASSERT_EQ(
OEMCrypto_SUCCESS,
OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), s.message_size(),
&s.signature()[0], s.signature().size(),
s.encrypted_license().mac_key_iv,
s.encrypted_license().mac_keys, s.num_keys(),
s.key_array(), NULL, 0));
}
if (patch_level < 0x3F) {
Session s;
ASSERT_NO_FATAL_FAILURE(s.open());
@@ -1314,7 +1315,7 @@ TEST_F(OEMCryptoSessionTests, Minimum20Keys) {
ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, 0, 0));
ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys());
for (int key_index = 0; key_index < kMaxNumKeys; key_index++) {
for (size_t key_index = 0; key_index < kMaxNumKeys; key_index++) {
bool kSelectKeyFirst = true;
ASSERT_NO_FATAL_FAILURE(
s.TestDecryptCTR(kSelectKeyFirst, OEMCrypto_SUCCESS, key_index));
@@ -1633,7 +1634,7 @@ class OEMCryptoSessionTestsDecryptTests
// Partial block. Don't increment iv. Compute next block offset.
block_offset = block_offset + size;
} else {
EXPECT_EQ(AES_BLOCK_SIZE, block_offset + size);
EXPECT_EQ((size_t)AES_BLOCK_SIZE, block_offset + size);
// Full block. Increment iv, and set offset to 0 for next block.
ctr128_inc64(1, iv);
block_offset = 0;
@@ -2614,7 +2615,7 @@ TEST_F(OEMCryptoUsesCertificate, GenerateDerivedKeysLargeBuffer) {
vector<uint8_t> mac_context(kMaxMessageSize);
vector<uint8_t> enc_context(kMaxMessageSize);
// Stripe the data so the two vectors are not identical, and not all zeroes.
for (int i = 0; i < kMaxMessageSize; i++) {
for (size_t i = 0; i < kMaxMessageSize; i++) {
mac_context[i] = i % 0x100;
enc_context[i] = (3 * i) % 0x100;
}
@@ -4212,14 +4213,14 @@ class GenericCryptoKeyIdLengthTest : public GenericCryptoTest {
// Make all four keys have the same length.
void SetUniformKeyIdLength(size_t key_id_length) {
for (unsigned int i = 0; i < session_.num_keys(); i++) {
for (int i = 0; i < session_.num_keys(); i++) {
string key_id;
key_id.resize(key_id_length, i + 'a');
session_.SetKeyId(i, key_id);
}
}
void TestWithKey(unsigned int key_index) {
void TestWithKey(int key_index) {
ASSERT_LT(key_index, session_.num_keys());
EncryptAndLoadKeys();
vector<uint8_t> encrypted;
@@ -5486,7 +5487,7 @@ TEST_F(UsageTableTest, LoadSharedLicense) {
ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, true));
ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, 0, 0));
// The second set of keys are not loaded.
for (unsigned int i = 0; i < s.num_keys(); i++) {
for (int i = 0; i < s.num_keys(); i++) {
memset(s.license().keys[i].key_id, 'A' + i,
s.license().keys[i].key_id_length);
}