Source release 19.1.0
This commit is contained in:
Matt Feddersen
@@ -281,6 +281,9 @@ class OEMCryptoEntitlementLicenseTest : public OEMCryptoLicenseTest {
|
||||
/** This verifies that entitlement keys and entitled content keys can be loaded.
|
||||
*/
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest, LoadEntitlementKeysAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
@@ -295,40 +298,15 @@ TEST_P(OEMCryptoEntitlementLicenseTest, LoadEntitlementKeysAPI17) {
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true));
|
||||
}
|
||||
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest, CasOnlyLoadCasKeysAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_SUCCESS));
|
||||
EntitledMessage entitled_message_2(&license_messages_);
|
||||
entitled_message_2.FillKeyArray();
|
||||
entitled_message_2.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/false, OEMCrypto_SUCCESS));
|
||||
EntitledMessage entitled_message_3(&license_messages_);
|
||||
entitled_message_3.FillKeyArray();
|
||||
entitled_message_3.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys(
|
||||
/*load_even=*/false, /*load_odd=*/true, OEMCrypto_SUCCESS));
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys(
|
||||
/*load_even=*/false, /*load_odd=*/false, OEMCrypto_SUCCESS));
|
||||
}
|
||||
|
||||
/**
|
||||
* This verifies that entitled content keys cannot be loaded if we have not yet
|
||||
* loaded the entitlement keys.
|
||||
*/
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
LoadEntitlementKeysNoEntitlementKeysAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
@@ -343,53 +321,14 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
||||
}
|
||||
|
||||
/**
|
||||
* This verifies that entitled content keys cannot be loaded if we have loaded
|
||||
* the wrong entitlement keys.
|
||||
*/
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
CasOnlyLoadCasKeysNoEntitlementKeysAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_ERROR_INVALID_CONTEXT));
|
||||
}
|
||||
|
||||
/**
|
||||
* This verifies that entitled content keys cannot be loaded if we have loaded
|
||||
* the wrong entitlement keys.
|
||||
*/
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
LoadEntitlementKeysWrongEntitlementKeysAPI17) {
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
const std::string key_id = "no_key";
|
||||
entitled_message_1.SetEntitlementKeyId(0, key_id);
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
||||
}
|
||||
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
CasOnlyLoadCasKeysWrongEntitlementKeysAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
@@ -401,8 +340,7 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
const std::string key_id = "no_key";
|
||||
entitled_message_1.SetEntitlementKeyId(0, key_id);
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_KEY_NOT_ENTITLED));
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -411,22 +349,8 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
*/
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
LoadEntitlementKeysWrongEntitledKeySessionAPI17) {
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0;
|
||||
entitled_message_1.SetEntitledKeySession(wrong_key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
||||
}
|
||||
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
CasOnlyLoadCasKeysWrongEntitledKeySessionAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
@@ -437,54 +361,9 @@ TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
entitled_message_1.FillKeyArray();
|
||||
const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0;
|
||||
entitled_message_1.SetEntitledKeySession(wrong_key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/true,
|
||||
OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
|
||||
}
|
||||
|
||||
/**
|
||||
* This verifies that entitled content keys cannot be loaded if we specify an
|
||||
* entitled key session that is actually an oemcrypto session.
|
||||
*/
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
LoadEntitlementKeysOemcryptoSessionAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
if (session_.session_id() == key_session_id) {
|
||||
GTEST_SKIP()
|
||||
<< "Skipping test because entitled and entitlement sessions are both "
|
||||
<< key_session_id << ".";
|
||||
}
|
||||
entitled_message_1.SetEntitledKeySession(session_.session_id());
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
||||
}
|
||||
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
CasOnlyLoadCasKeysOemcryptoSessionAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
entitled_message_1.SetEntitledKeySession(session_.session_id());
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/true,
|
||||
OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
|
||||
}
|
||||
|
||||
INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoEntitlementLicenseTest,
|
||||
Range<uint32_t>(kCoreMessagesAPI, kCurrentAPI + 1));
|
||||
|
||||
@@ -697,6 +576,9 @@ TEST_F(OEMCryptoMemoryLicenseTest,
|
||||
/// @{
|
||||
|
||||
TEST_P(OEMCryptoLicenseTest, GetKeyHandleEntitledKeyAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
@@ -724,6 +606,9 @@ TEST_P(OEMCryptoLicenseTest, GetKeyHandleEntitledKeyAPI17) {
|
||||
// SelectEntitledKey should fail if we attempt to select a key that has not been
|
||||
// loaded. Also, the error should be NO_CONTENT_KEY.
|
||||
TEST_P(OEMCryptoLicenseTest, SelectKeyEntitledKeyNotThereAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
@@ -745,41 +630,11 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitledKeyNotThereAPI17) {
|
||||
strlen(content_key_id)));
|
||||
}
|
||||
|
||||
/**
|
||||
* Select key with entitlement license fails if the key id is entitlement key
|
||||
* id.
|
||||
*/
|
||||
TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
|
||||
|
||||
uint32_t key_session_id;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
|
||||
|
||||
if (session_.session_id() == key_session_id) {
|
||||
GTEST_SKIP()
|
||||
<< "Skipping test because entitled and entitlement sessions are both "
|
||||
<< key_session_id << ".";
|
||||
}
|
||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||
OEMCrypto_ERROR_INVALID_CONTEXT, session_.session_id(),
|
||||
session_.license().keys[0].key_id,
|
||||
session_.license().keys[0].key_id_length));
|
||||
}
|
||||
|
||||
// This verifies that entitled key sessions can be created and removed.
|
||||
TEST_P(OEMCryptoLicenseTest, EntitledKeySessionsAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
@@ -806,6 +661,9 @@ TEST_P(OEMCryptoLicenseTest, EntitledKeySessionsAPI17) {
|
||||
|
||||
TEST_P(OEMCryptoLicenseTest,
|
||||
EntitledKeySessionsCloseWithOEMCryptoSessionAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
@@ -825,76 +683,13 @@ TEST_P(OEMCryptoLicenseTest,
|
||||
session_.open();
|
||||
}
|
||||
|
||||
// This verifies that multiple entitled key sessions can be created. They can
|
||||
// load and select keys independently.
|
||||
TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
|
||||
|
||||
uint32_t key_session_id_1;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id_1));
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id_1);
|
||||
const char* content_key_id_1 = "content_key_id_1";
|
||||
entitled_message_1.SetContentKeyId(0, content_key_id_1);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
|
||||
// We can select content key 1 in entitled key session 1.
|
||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||
OEMCrypto_SUCCESS, key_session_id_1,
|
||||
reinterpret_cast<const uint8_t*>(content_key_id_1),
|
||||
strlen(content_key_id_1)));
|
||||
|
||||
// Create another entitled key session.
|
||||
uint32_t key_session_id_2;
|
||||
OEMCryptoResult status = OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id_2);
|
||||
// For DRM, but not for CAS, we allow there to be only a single entitled
|
||||
// session.
|
||||
if (status == OEMCrypto_ERROR_TOO_MANY_SESSIONS) {
|
||||
GTEST_SKIP()
|
||||
<< "Skipping test because multiple entitled sessions not supported.";
|
||||
}
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, status);
|
||||
// Entitled key sessions should have unique ids.
|
||||
ASSERT_NE(key_session_id_1, key_session_id_2);
|
||||
|
||||
EntitledMessage entitled_message_2(&license_messages_);
|
||||
entitled_message_2.FillKeyArray();
|
||||
entitled_message_2.SetEntitledKeySession(key_session_id_2);
|
||||
const char* content_key_id_2 = "content_key_id_2";
|
||||
entitled_message_2.SetContentKeyId(0, content_key_id_2);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true));
|
||||
// We can select content key 2 in entitled key session 2.
|
||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||
OEMCrypto_SUCCESS, key_session_id_2,
|
||||
reinterpret_cast<const uint8_t*>(content_key_id_2),
|
||||
strlen(content_key_id_2)));
|
||||
|
||||
// Content key id 1 is not in entitled key session 2.
|
||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_2,
|
||||
reinterpret_cast<const uint8_t*>(content_key_id_1),
|
||||
strlen(content_key_id_1)));
|
||||
|
||||
// Content key id 2 is not in entitled key session 1.
|
||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_1,
|
||||
reinterpret_cast<const uint8_t*>(content_key_id_2),
|
||||
strlen(content_key_id_2)));
|
||||
}
|
||||
|
||||
// This verifies that within an entitled key session, each entitlement key can
|
||||
// corresponds to only one content key at most.
|
||||
TEST_P(OEMCryptoLicenseTest,
|
||||
EntitledKeySessionOneContentKeyPerEntitlementAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
@@ -940,6 +735,9 @@ TEST_P(OEMCryptoLicenseTest,
|
||||
// instead).
|
||||
TEST_P(OEMCryptoLicenseTest,
|
||||
RejectOecSessionDecryptWithEntitlementLicenseAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
@@ -979,6 +777,9 @@ TEST_P(OEMCryptoLicenseTest,
|
||||
// This verifies that an entitled key session can be reassociated to an
|
||||
// OEMCrypto session.
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest, ReassociateEntitledKeySessionAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
@@ -1480,7 +1281,260 @@ INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoLicenseOverflowTest,
|
||||
|
||||
/// @addtogroup cas
|
||||
/// @{
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest, CasOnlyLoadCasKeysAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_SUCCESS));
|
||||
EntitledMessage entitled_message_2(&license_messages_);
|
||||
entitled_message_2.FillKeyArray();
|
||||
entitled_message_2.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/false, OEMCrypto_SUCCESS));
|
||||
EntitledMessage entitled_message_3(&license_messages_);
|
||||
entitled_message_3.FillKeyArray();
|
||||
entitled_message_3.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys(
|
||||
/*load_even=*/false, /*load_odd=*/true, OEMCrypto_SUCCESS));
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys(
|
||||
/*load_even=*/false, /*load_odd=*/false, OEMCrypto_SUCCESS));
|
||||
}
|
||||
|
||||
/**
|
||||
* This verifies that entitled content keys cannot be loaded if we have loaded
|
||||
* the wrong entitlement keys.
|
||||
*/
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
CasOnlyLoadCasKeysNoEntitlementKeysAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_ERROR_INVALID_CONTEXT));
|
||||
}
|
||||
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
CasOnlyLoadCasKeysWrongEntitlementKeysAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
const std::string key_id = "no_key";
|
||||
entitled_message_1.SetEntitlementKeyId(0, key_id);
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/true, OEMCrypto_KEY_NOT_ENTITLED));
|
||||
}
|
||||
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
CasOnlyLoadCasKeysWrongEntitledKeySessionAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0;
|
||||
entitled_message_1.SetEntitledKeySession(wrong_key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/true,
|
||||
OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
|
||||
}
|
||||
|
||||
/**
|
||||
* This verifies that entitled content keys cannot be loaded if we specify an
|
||||
* entitled key session that is actually an oemcrypto session.
|
||||
*/
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
LoadEntitlementKeysOemcryptoSessionAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
if (session_.session_id() == key_session_id) {
|
||||
GTEST_SKIP()
|
||||
<< "Skipping test because entitled and entitlement sessions are both "
|
||||
<< key_session_id << ".";
|
||||
}
|
||||
entitled_message_1.SetEntitledKeySession(session_.session_id());
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false));
|
||||
}
|
||||
|
||||
TEST_P(OEMCryptoEntitlementLicenseTest,
|
||||
CasOnlyLoadCasKeysOemcryptoSessionAPI17) {
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
LoadEntitlementLicense();
|
||||
uint32_t key_session_id = 0;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
entitled_message_1.SetEntitledKeySession(session_.session_id());
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
|
||||
/*load_even=*/true, /*load_odd=*/true,
|
||||
OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
|
||||
}
|
||||
|
||||
/**
|
||||
* Select key with entitlement license fails if the key id is entitlement key
|
||||
* id.
|
||||
*/
|
||||
TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
|
||||
|
||||
uint32_t key_session_id;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id));
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
|
||||
|
||||
if (session_.session_id() == key_session_id) {
|
||||
GTEST_SKIP()
|
||||
<< "Skipping test because entitled and entitlement sessions are both "
|
||||
<< key_session_id << ".";
|
||||
}
|
||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||
OEMCrypto_ERROR_INVALID_CONTEXT, session_.session_id(),
|
||||
session_.license().keys[0].key_id,
|
||||
session_.license().keys[0].key_id_length));
|
||||
}
|
||||
|
||||
// This verifies that multiple entitled key sessions can be created. They can
|
||||
// load and select keys independently.
|
||||
TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
|
||||
if (!global_features.supports_cas) {
|
||||
GTEST_SKIP() << "OEMCrypto does not support CAS";
|
||||
}
|
||||
if (wvoec::global_features.api_version < 17) {
|
||||
GTEST_SKIP() << "Test for versions 17 and up only.";
|
||||
}
|
||||
license_messages_.set_license_type(OEMCrypto_EntitlementLicense);
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
|
||||
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
|
||||
|
||||
uint32_t key_session_id_1;
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id_1));
|
||||
EntitledMessage entitled_message_1(&license_messages_);
|
||||
entitled_message_1.FillKeyArray();
|
||||
entitled_message_1.SetEntitledKeySession(key_session_id_1);
|
||||
const char* content_key_id_1 = "content_key_id_1";
|
||||
entitled_message_1.SetContentKeyId(0, content_key_id_1);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true));
|
||||
// We can select content key 1 in entitled key session 1.
|
||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||
OEMCrypto_SUCCESS, key_session_id_1,
|
||||
reinterpret_cast<const uint8_t*>(content_key_id_1),
|
||||
strlen(content_key_id_1)));
|
||||
|
||||
// Create another entitled key session.
|
||||
uint32_t key_session_id_2;
|
||||
OEMCryptoResult status = OEMCrypto_CreateEntitledKeySession(
|
||||
session_.session_id(), &key_session_id_2);
|
||||
// For DRM, but not for CAS, we allow there to be only a single entitled
|
||||
// session.
|
||||
if (!global_features.supports_cas &&
|
||||
(key_session_id_2 == key_session_id_1 ||
|
||||
status == OEMCrypto_ERROR_TOO_MANY_SESSIONS)) {
|
||||
GTEST_SKIP()
|
||||
<< "Skipping test because multiple entitled sessions not supported.";
|
||||
}
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, status);
|
||||
// Entitled key sessions should have unique ids.
|
||||
ASSERT_NE(key_session_id_1, key_session_id_2);
|
||||
|
||||
EntitledMessage entitled_message_2(&license_messages_);
|
||||
entitled_message_2.FillKeyArray();
|
||||
entitled_message_2.SetEntitledKeySession(key_session_id_2);
|
||||
const char* content_key_id_2 = "content_key_id_2";
|
||||
entitled_message_2.SetContentKeyId(0, content_key_id_2);
|
||||
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true));
|
||||
// We can select content key 2 in entitled key session 2.
|
||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||
OEMCrypto_SUCCESS, key_session_id_2,
|
||||
reinterpret_cast<const uint8_t*>(content_key_id_2),
|
||||
strlen(content_key_id_2)));
|
||||
|
||||
// Content key id 1 is not in entitled key session 2.
|
||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_2,
|
||||
reinterpret_cast<const uint8_t*>(content_key_id_1),
|
||||
strlen(content_key_id_1)));
|
||||
|
||||
// Content key id 2 is not in entitled key session 1.
|
||||
ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
|
||||
OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_1,
|
||||
reinterpret_cast<const uint8_t*>(content_key_id_2),
|
||||
strlen(content_key_id_2)));
|
||||
}
|
||||
/// @}
|
||||
|
||||
/// @addtogroup security
|
||||
|
||||
Reference in New Issue
Block a user