widevine-partner/oemcrypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update OEMCrypto test comments and logs

Browse Source 
This CL merges some changes from branch rvc-dev to sc-dev that
prepared it for merge.

One change is that the unit tests now say they are part of Android S
instead of R.

Bug: 180546871
This commit is contained in:
Fred Gylys-Colwell
2021-08-04 22:00:23 +00:00
parent 1dc1ff7e7c
commit d0445f09e1
2 changed files with 66 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
oemcrypto/test/README.md
View File

@@ -1,6 +1,40 @@
# OEMCrypto Memory Unit Tests # OEMCrypto Unit Tests
## Objective ## Basic Functionality Tests
Most unit tests in this category verify that the basic functionality of opening
sessions, initializing and terminating the system, and reporting status work
correctly.
## Decrypt Tests
The decrypt tests verify that encrypted data is correctly decrypted with the
desired key. These tests cover a large variety of patterns, sample sizes, and
subsample sizes.
## Secure Buffers
If OEMCrypto implements the function `OEMCrypto_AllocateSecureBuffer`, then all
of the decrypt tests will also run with the output buffer being a secure
buffer. If the function `OEMCrypto_SupportsDecryptHash` returns
`OEMCrypto_CRC_Clear_Buffer`, then the secure buffer decryption will be verified
with the CRC32 hash of the input data.
## Usage Table Tests
Usage table tests verify that the usage table is correctly procesed. The usage
table is used to control reloading keys for offline playback, and for reporting
secure stops for online playback.
## Duration Tests
Duration tests verify that license durations are enforced correctly. Most of
this functionality can be met by keeping an accurate system time, and calling
the ODK functions as described in the document "License Duration and Renewal".
## OEMCrypto Memory Unit Tests
### Objective
* Add OEMCrypto buffer overflow unit tests (indirect way of fuzzing) to verify * Add OEMCrypto buffer overflow unit tests (indirect way of fuzzing) to verify
OEMCrypto API behavior when the parameters passed to the API are out of OEMCrypto API behavior when the parameters passed to the API are out of
@@ -28,7 +62,7 @@
overflows if the length and offset fields are not validated against the overflows if the length and offset fields are not validated against the
input buffer. input buffer.
## Background ### Background
* Security is the top priority for Widevine. We came up with a simple approach * Security is the top priority for Widevine. We came up with a simple approach
to catch most common issues with widevine's implementations. A simplest to catch most common issues with widevine's implementations. A simplest
@@ -45,13 +79,13 @@
earlier in the process when they run OEMCrypto unit tests. All the unit earlier in the process when they run OEMCrypto unit tests. All the unit
tests with prefix `OEMCryptoMemory` are added to test the above scenario. tests with prefix `OEMCryptoMemory` are added to test the above scenario.
## What to expect from these tests ### What to expect from these tests
* `OEMCryptoMemory*` tests are designed to fail if API doesn't have enough * `OEMCryptoMemory*` tests are designed to fail if the API doesn't have
validations around input buffer lengths, parameters or OEMCryptoSubstring enough validations around input buffer lengths, parameters or the
struct. If the API doesn't have validations which might lead to a crash, the OEMCryptoSubstring struct. If the API doesn't have validations which might
test fails with a segfault or an appropriate crash message based on the API lead to a crash, the test fails with a segfault or an appropriate crash
implementation. message based on the API implementation.
* Find out for what buffer length, the API is crashing and then debugging the * Find out for what buffer length, the API is crashing and then debugging the
test against the OEMCrypto implementation should be able to provide test against the OEMCrypto implementation should be able to provide
@@ -70,4 +104,22 @@
call install keybox API with varying buffer lengths. This test by default call install keybox API with varying buffer lengths. This test by default
is not compiled as it overwrites the keybox on the device. Uncomment, is not compiled as it overwrites the keybox on the device. Uncomment,
compile and run the tests only if you have ability to recover the keybox compile and run the tests only if you have ability to recover the keybox
on device where the test is ran. on device where the test is ran.
## Filtering out tests
The source code will check for functionality of OEMCrypto and filter out tests
that are not required. For example, if a device uses a keybox, then Provisioning
3.0 tests are skipped, and vice versa.
If you wish to skip slow tests because you only want to verify basic
functionality, then you can set the environment variable `GTEST_FILTER`,
as documented
[here](https://github.com/google/googletest/blob/master/docs/advanced.md#running-a-subset-of-the-tests).
For example, to skip the duration tests, buffer overflow tests and long running
stress tests, you would set
```
GTEST_FILTER="*-*Duration*:*TimingTest*:*Memory*:*Huge*:*NonceFlood*:*ManyUsageEntries*:*Defrag*"
```

5
oemcrypto/test/oemcrypto_test.cpp
View File

@@ -239,8 +239,11 @@ TEST_F(OEMCryptoClientTest, FreeUnallocatedSecureBufferNoFailure) {
*/ */
TEST_F(OEMCryptoClientTest, VersionNumber) { TEST_F(OEMCryptoClientTest, VersionNumber) {
const std::string log_message = const std::string log_message =
"OEMCrypto unit tests for API 16.4. Tests last updated 2021-01-25"; "OEMCrypto unit tests for API 16.3 or 4. Tests last updated 2021-02-22";
cout << " " << log_message << "\n"; cout << " " << log_message << "\n";
cout << " "
<< "These tests are part of Android S."
<< "\n";
LOGI("%s", log_message.c_str()); LOGI("%s", log_message.c_str());
// If any of the following fail, then it is time to update the log message // If any of the following fail, then it is time to update the log message
// above. // above.